Wednesday, July 1, 2026 · Edition 6
In This Edition
On June 23, Treasury did not issue one action against Cambodia’s Prince Group. It issued three, on the same day. OFAC designated 9 individuals and 26 entities under Executive Order 13581, naming second-in-command Hu Xiaowei and reaching front companies in Hong Kong, Singapore, the British Virgin Islands, the United Kingdom, and Thailand. In parallel, FinCEN proposed a special measure to sever H-Pay Service PLC, a renamed successor to the Huione Group, from the US financial system, closing the escape hatch that Huione used after its October 2025 designation. The Department of Justice then seized the cloud computing infrastructure behind Huione Guarantee, the Telegram-based marketplace that served as an escrow hub for laundering scam proceeds and trading stolen financial data.
This is the pattern to internalize. A single OFAC listing can be evaded by renaming an entity and moving the accounts. Pairing the listing with a FinCEN special measure cuts correspondent access even where a blocking action does not reach, and the criminal seizure removes the operational infrastructure. Screening against the SDN List alone would have missed two thirds of this action.
The money in scam-compound cases does not sit on a blockchain. It moves through ordinary shell companies in major financial centers, then into correspondent banking. A designation is only as useful as the entity resolution behind it. If your screening cannot connect a newly listed individual to the front companies he controls across five jurisdictions, the name on the list does not protect you.
Three steps this week:
At its plenary on June 17 to 19, FATF added Bosnia and Herzegovina and Iraq to the list of jurisdictions under increased monitoring, citing Iraq’s cash-intensive economy and weak money laundering prosecutions. It removed Algeria and Namibia, crediting improved risk-based supervision. That leaves 22 jurisdictions on the grey list. The black list is unchanged: North Korea, Iran, and Myanmar.
FATF also amended Recommendation 6 to ensure targeted financial sanctions do not block funds, goods, and services needed for humanitarian assistance, and it opened a consultation on payment transparency. The United Kingdom assumes the FATF presidency from July. Separately, OFAC added Sudan-related designations on June 26 and removed several Russia-related names from the SDN List on June 11. Delistings deserve the same operational attention as additions; a stale block on a cleared party is a commercial and legal risk, not a safe default.
Grey-list changes flow directly into your country risk model. Adding Bosnia and Herzegovina and Iraq raises residual risk on any relationship, correspondent line, or trade corridor touching those markets, and examiners will expect your enhanced due diligence to reflect the change within the current cycle, not at your next annual review.
Two moves this week:
AML program reform. FinCEN’s proposal to, in its own framing, fundamentally reform AML and CFT programs closed its comment period on June 9. The rule would require institutions to establish and document a formal, board-informed risk assessment as the foundation of the program, with a proposed 12-month implementation window once finalized. A mandatory risk assessment process changes examination expectations for every institution, not only the largest.
GENIUS Act stablecoins. The clock here is real. Six federal agencies, the OCC, FDIC, NCUA, Treasury, FinCEN, and OFAC, must publish final stablecoin rules by July 18, one year after the GENIUS Act became law. On June 22, FinCEN proposed customer identification program requirements for permitted payment stablecoin issuers, treating them as financial institutions under the Bank Secrecy Act, alongside a joint FinCEN and OFAC proposal on AML and sanctions duties.
Beneficial ownership. FinCEN’s interim final rule exempts US-formed companies and US persons from beneficial ownership reporting, limiting the requirement to foreign entities registered to do business in the United States. The Eleventh Circuit upheld the statute’s constitutionality in December 2025, and a final rule is expected this year. Separately, FinCEN eased beneficial ownership verification requirements for financial institutions in February. The reporting regime and your customer due diligence obligations are now on different tracks, and conflating them is a common error.
These three rules touch different parts of the program but share one theme: regulators are pushing accountability and documentation onto the institution. The AML reform makes your risk assessment examinable, the GENIUS package extends BSA duties to a new class of issuer, and the beneficial ownership shift puts the verification burden on you rather than on a federal registry.
A practical July playbook:
United Kingdom. The FCA fined Nationwide Building Society 44 million pounds for weaknesses in its AML controls. On the sanctions side, OFSI completed its most significant enforcement overhaul since 2017: it doubled the maximum penalty to the greater of 2 million pounds or the value of the breach, introduced a settlement option carrying a 20 percent discount, offers up to a 30 percent discount for prompt and full cooperation, and set fixed penalties of 5,000 or 10,000 pounds for reporting and licensing offences.
European Union. AMLA has begun selecting the roughly 40 high-risk institutions it will directly supervise from 2028. National supervisors must submit eligibility data by August 15, with a provisional list expected by the end of September; selection turns on factors including cross-border activity in at least six member states. AMLA’s first tranche of Level 2 and Level 3 measures, including a common SAR template, is due around July 10.
Australia. AUSTRAC’s Tranche 2 obligations commence today, July 1, bringing lawyers, accountants, real estate professionals, and dealers in precious metals and stones into the AML and CFT regime for the first time. Firms that treated this as a 2027 problem will spend July explaining gaps.
Two concrete steps this week:
The enforcement response to Southeast Asian scam compounds moved from advisory to arrest. A coordinated operation involving the DOJ, FBI, Dubai Police, and China’s Ministry of Public Security produced at least 276 arrests across nine scam compounds earlier this year, and the FBI’s Operation Level Up has notified roughly 8,935 cryptocurrency-fraud victims and saved an estimated 562 million dollars, with 77 percent of those victims unaware they were being scammed when contacted.
For compliance teams, the signal is that pig-butchering and investment-fraud proceeds move through mainstream rails, not just crypto exchanges. The same front-company and mule-account structures seen in the Prince Group case appear across these schemes. Refresh analyst training on the behavioral indicators, sudden high-value transfers to newly onboarded beneficiaries, layered payments through payment processors, and victims who resist intervention, and confirm your elder-exploitation escalation path is current given the scale of losses in that segment.
| Date | Event or deadline |
|---|---|
| July 1, 2026 | AUSTRAC Tranche 2 obligations commence for legal, accounting, real estate, and precious metals sectors. |
| July 1, 2026 | MiCA transitional grandfathering period ends for EU crypto asset service providers. |
| July 10, 2026 | AMLA publishes its first tranche of Level 2 and 3 measures, including a common SAR template; EU Commission delegated acts on sanctions screening expected. |
| July 18, 2026 | Statutory deadline for six US agencies to finalize GENIUS Act stablecoin rules. |
| Aug 15, 2026 | National supervisors submit AMLA direct-supervision eligibility data (just beyond the window, worth diarizing now). |
Next Wednesday: July 18 is the GENIUS Act final-rule deadline. We will break down what the six agencies actually published and which stablecoin obligations take effect immediately versus phase in.