GFN logoGFNGlobal FinCrime Network
Subscribe
This Week in Global Compliance

This Week in Global Compliance — Enforcement Steps Up Across Sectors

November 21, 20256 min read
North AmericaEuropeAPACGlobalEnforcementRegulationSanctionsCrypto/DeFi crimeFraud/Scams

This Week in Global Compliance — Enforcement Steps Up Across Sectors

November 21, 2025 — Week of 15–21 November

Executive Summary

This week marked a noticeable tightening of enforcement momentum across major jurisdictions. U.S. authorities escalated both crypto-related actions and traditional financial-crime cases, targeting mixers, insider-trading rings and cross-border laundering networks. Europe pushed forward with supervisory reforms while issuing new guidance targeting high-risk payment flows and weak governance in non-bank sectors. APAC regulators warned of accelerating AI-enabled fraud and risks arising from instant-payment ecosystems. Sanctions bodies in the U.S., UK and Australia coordinated actions against cyber-infrastructure and illicit financial networks, signaling that cross-border enforcement is accelerating.

For compliance teams, three priorities stand out: documenting end-to-end governance (AI, data, sanctions), strengthening cross-border monitoring for alternative rails, and preparing for shorter response windows from supervisors. The regulatory posture is moving firmly from “encourage remediation” to “prove your controls or face consequences.”

Top Signals

  1. Coordinated sanctions target Russian cyber-infrastructure
    The U.S. Treasury (OFAC), the UK’s FCDO and Australia’s DFAT jointly sanctioned a Russia-based hosting provider and affiliated operators that facilitated ransomware and cyber-crime networks.

Why it matters:
Sanctions enforcement is shifting from individual entities to entire infrastructure ecosystems, which means compliance needs visibility into service providers, vendors, and IT dependencies — not only counterparties.

  1. U.S. DOJ intensifies action against crypto laundering and mixers
    Multiple DOJ announcements this week highlighted sentencing, indictments and asset seizures targeting mixers, OTC brokers and exchanges linked to darknet and sanctioned jurisdictions.

Why it matters:
Crypto-enabled laundering is being treated with the same severity as traditional financial crime. Banks and fintechs must strengthen VASP due diligence, travel-rule controls, and monitoring of indirect exposure through clients.

  1. UK regulator widens AML scrutiny to asset managers and non-bank firms
    The Financial Conduct Authority expanded its information-gathering to cover governance, sanctions controls, crypto exposures and beneficial ownership validation across investment firms.

Why it matters:
Supervisory focus is moving beyond banks. Asset managers, brokers, PSPs and alternative investment firms must prepare for deeper reviews and governance documentation.

  1. APAC regulators warn of AI-enabled scams and instant-payment laundering
    Authorities across APAC reported rising cases of impersonation scams using deepfake voice/video and misuse of instant-payment rails to fragment laundering flows.

Why it matters:
AI-driven fraud has crossed from “emerging trend” to active systemic risk. Firms must update fraud and AML typologies and build joint playbooks that span cyber, fraud and compliance functions.

  1. Traditional financial-crime schemes remain active despite tech focus
    A U.S. indictment revealed an insider-trading network that laundered proceeds through multiple jurisdictions and financial structures.

Why it matters:
Focusing too heavily on crypto or AI scams risks missing classic typologies — insider trading, TBML, corporate fraud — that still generate major losses and regulatory attention.

Deep Dives

1. Enforcement — A coordinated global posture emerges

Authorities across the U.S., UK, EU and APAC are increasingly synchronizing enforcement. This week’s actions reflect:

  • Simultaneous announcements (e.g., sanctions and cyber-actions) across several regulators.
  • Faster escalation timelines from investigation to penalty.
  • Intensified scrutiny of non-bank intermediaries, such as OTC brokers, payment processors and logistics providers.
  • Growing emphasis on cyber-crime as a financial-crime vector, not a parallel issue.

Practical impact:

  • Firms must be prepared for multi-agency inquiries.
  • Monitoring must include counterparties’ infrastructure and ecosystem dependencies.
  • Expect more subpoenas, data requests and sanctions-related questionnaires with short deadlines.

2. Regulation & Supervisory Expectations — From principles to proof

Regulators across Europe and APAC emphasised that firms must demonstrate not only policy coverage but operational proof of risk management. Key focus areas include:

  • AI explainability, model inventories and data lineage.
  • Beneficial-ownership validation, especially for cross-border entities.
  • Documentation of sanctions screening logic and escalation pathways.
  • Evidence that governance frameworks actually operate in practice.

Practical impact:

  • Compliance teams must shift from “we have policies” to “we can prove how they’re applied.”
  • Internal audit and second line must strengthen challenge functions.
  • Vendors must provide richer documentation and transparency into data sources.

3. Technology, Crypto & Typologies — Criminal innovation outpaces controls

Typologies reported this week highlight:

  • Mixers and privacy tools increasingly used to break transaction chains before re-entry into regulated systems.
  • Ransomware-linked crypto flows routed via offshore providers and unregistered brokers.
  • Deepfake-enabled impersonation in payment fraud, executive scams and high-value transfers.
  • Layering via instant-payment fragmentation, making detection harder for outdated models.

Practical impact:

  • Transaction-monitoring models must incorporate new rails (instant payments, token transfers).
  • Firms need proactive fraud-AML convergence.
  • Screening must expand to wallet clusters, infrastructure providers and ecosystems, not just exchanges.

Data Points

  • Over US$237 million processed through a single crypto mixer targeted by U.S. authorities.
  • Sub-15% compliance with the UK’s new director-ID verification regime (contextual carry-over from ongoing reporting).
  • 0–72 hours — new effective response windows emerging for sanctions-related inquiries.
  • Hundreds of millions USD lost to AI-enabled scams in APAC markets according to recent FIU updates.

Watchlist

  • Upcoming EU AMLA supervisory guidance, expected to clarify the division of responsibilities with national regulators.
  • Next wave of OFAC and allied sanctions actions, likely to target logistics, fintech infrastructure and cyber-support firms.
  • AI governance frameworks from APAC supervisors, which may introduce minimum documentation requirements.
  • Further DOJ activity around global fraud and laundering networks.

Sources

This briefing consolidates publicly available information from financial regulators, sanctions authorities, FIUs, law-enforcement agencies, policy forums, and trusted global media covering the week of 15–21 November 2025.

Continue the conversation with GFN

Subscribe to briefSuggest source or correction

No spam. No ads. We never sell emails.