Treasury’s Newest Risk Assessments, Cyber Strategy Updates, and Global AML Developments

In this week’s episode of This Week in AML, Elliot Berman and John Byrne break down a wide-ranging set of developments shaping the financial crime landscape. They begin with the U.S. Treasury’s three newly released national risk assessments—money laundering, terrorist financing, and proliferation financing—highlighting key findings on fraud trends, shell companies, NPO vulnerabilities, and geopolitical threats.

Elliot and John also discuss emerging insights from the IRS on the value of CTRs, the White House’s new cybersecurity strategy, upcoming AMLA public hearings in the EU, and AUSTRAC’s expanded compulsory examination powers. Additional topics include recent enforcement actions targeting illicit Iranian oil networks, covert Russian vessel-protection teams, and FATF’s updated consolidated assessment ratings.

A must‑listen for compliance professionals looking to stay current in a rapidly shifting environment.

Treasury’s Newest Risk Assessments, Cyber Strategy Updates, and Global AML Developments

Elliot Berman: Hi John. How are you today?

John Byrne: Good. Elliot, we are still at war since last week, so that continues. Let's hope there's some, resolution. We'll see what happens. But other than that, we'll talk about this a little bit. We have our Forum next week, so everything's looking all set up for that.

So we're both excited about having that come off again. This will be the fourth year. As you hear this on Friday, you can still sign up if you're either in the DC area or planning to be there next week, I think it'd be a valuable opportunity. So we'll talk about that toward the end.

But a lot of stuff going on. What do you wanna focus on?

Elliot Berman: Why don't we talk about the bundle of things that came out of Treasury first?

John Byrne: So they did three risk assessments, right?

Elliot Berman: Yes. Let's see, they did the National Money Laundering Assessment, the National Proliferation Financing Risk Assessment, and the National Terrorist Financing Risk Assessment.

John Byrne: So we start with money laundering. It's an 80 page document. The categories of fraud, drug trafficking, cyber crime, human trafficking human smuggling a bunch of others. I just wanna mention a couple things. I know you probably have a couple things you wanna mention as well.

There's a section in here on the art market, something that we've talked about before. Downplaying the art market as a money laundering opportunity. They don't say it doesn't exist, but they do say it's fairly rare and they think it's fairly rare because of I guess what they characterize as the smallness of the market. That the market's not that big, but, you should take a look at it.

That's something we've talked about before, there's been some push to get art covered under the money laundering laws, which has not happened, but I thought that was interesting. It's in the sort of broad based umbrella, the last section of high value goods and properties. So they talk about precious metals, art, like I mentioned, luxury goods and then real estate. So I thought those were interesting things. What jumped out at you?

Elliot Berman: In the frauds area they noted that digital asset investment scams, which is how they, identified what they then called as a defined term pig butchering, and we've talked about that in the past. Had losses in 2024 of about estimated $5.8 billion, and these are the ones that are largely run by transnational criminal organizations.

But what caught my eye was that investment fraud in that same period, 2024 was $6.5 billion. And you'll recall that the investment advisor rule was deferred. It's interesting if that's a risk that touches a number that large. It's interesting that the regulatory response to that has been deferred. I'm continually looking for consistent through lines and it's getting harder and harder to find them.

John Byrne: Speaking of that, there's a section in the report on legal entities and arrangements, and it starts off by saying the following, illicit actors frequently misuse legal entities and arrangements to launder illicit proceeds. Though the sophistication of individual schemes varies widely depending on the predicate crime, the location of perpetrators, the location of the legal entity or arrangement, and the degree to which the perpetrators seek to disguise their entities.

And of course, what we're talking about are shell companies, right? And that they talk about those being opportunistic and difficult to discern. That part's obviously true. But the reference to what's occurred in the past couple of years especially in 2025, was interesting. They talk about the CDD rule that took effect in 2018 and what that does. And then it says the following enacted as part of the Anti-Money Laundering Act of 2020 the Corporate Transparency Act specified, quote, reporting companies unquote, to provide beneficial ownership information to FinCEN, including at the point of creation or registration. Then it goes on to talk about what occurred in March of last year, when the interim final rule that sort of redefined what the reporting companies are.

But it ends by saying, regulating legal entities to combat money loaning requires a balance between protecting the financial system from a list activity, right? And avoiding an undue burden on legitimate businesses, especially small businesses. Again, trying to find some consistency in a section that talks very clearly about what occurs with shell companies, but yet defends the process of a change last year because it was in response to burdens apparently caused by small business.

Elliot Berman: Yes. So what are your thoughts on the national terrorist financing risk assessment?

John Byrne: Actually a a little more optimistic and complimentary. In the section on NPOs I think is they certainly do talk about NPOs being misused inadvertently by certain groups that they do talk about that. But they go on to say you need oversight of large and diverse charitable sector or terrorist financing risks. But they do say that for the most part it's fairly limiting what happens.

They do see some cases of NPOs being created or abused for terrorist financing purpose, and they've utilized their sanction authority to protect the system. But they also point out it's so important that these that these charities, but to charities in general get financial access. And so they say they recognize the importance of encouraging NPOs to conduct transactions via regulated financial and payment channels where feasible. And they've undertaken substantial efforts to reduce the incentives of NPOs to use cash and to increase their incentives to keep transactions within the regulated financial sector.

And again, throughout this, they also talk about the fact that there's certainly less evidence of the misuse of the charities. It does occur, but they do say charities are valuable. And I think our friends in that world would find some solace in how they described it. 'cause it wasn't always discussed in the same vein that it is in this document, in, in my opinion.

Elliot Berman: They also identify a number of recurring vulnerabilities and money service businesses, makes the top of the list along with online fundraising platforms, peer-to-peer payment systems, cash and digital assets. And the report does note that MSBs continue to account for roughly half of all US terrorist financing suspicious activity reports. People are finding things that feel suspicious and reporting it. That doesn't necessarily mean that half of all terrorist financing that flows through the US system is, flowing through MSBs. Those are not an equivalency.

John Byrne: Bottom line is that these two documents, and then you're gonna mention the proliferation one in a minute, but these two documents should be used for internal training purposes if for no other reason than to list the priorities of the current administration. It's not just policy priorities. The methodology of these documents is supposed to be, and they do suggest that it is it's from suspicious activity reports. It's from in-depth conversation with law enforcement. So it's a broad based, resourced list of concerns or challenges or what have you.

So I think if you're an AML officer in any size institution, you should be doing your own summary of what's in here. Sort of map out what they talk about compared to your institution's, products and services, and then also do board presentations to explain these items as well.

Elliot Berman: Yes, and as you mentioned, the third one is the National Proliferation Financing Risk Assessment. I don't know that this was radically different from prior years. But they talk about threats from both state and non-state actors who are seeking to, accumulate and use funds to acquire various weapons of mass destruction, biological, chemical, nuclear radiological. And they also talk about the continuing threats coming from North Korea, Iran, and Russia. Those names pop up on a regular basis with concerns about money laundering and fraud and of course proliferation.

And then they talk about the fact that there are persistent national and sector level vulnerabilities. The vulnerability of the US financial system is not because it's particularly vulnerable, but it's a big target because it's such a large and expansive system.

They talk about the importance of using a whole of government approach, which again maybe that phrase hasn't necessarily appeared that way in the past, but it's we have a problem. We need to be vigilant. Everybody needs to help. That's the risk assessment.

Although it's interesting, in the previous assessments that you talked about sourcing and referring to things. As it relates to SARs and other reporting to the government as information sources, we both saw something interesting from the IRS. Do you want to talk about that document they put out related to CTRs?

John Byrne: Yeah. I don't have it up in front of me, but it's another good response to the concern about either reducing CTR volumes because the threshold increases or answering the age old question of whether or not CTRs have value. Now, we've talked about in the past that CTRs aren't aren't always the beginning of investigations, but they certainly are a part and parcel of a number of them and has been documented by IRS in previous reports.

But they're talking here about the value and they say, again, it can identify emerging threats. It receives standard data to disrupt fraud. It can validate or challenge narratives and support case integrity during criminal investigations 'cause it would provide what they are calling a verifiable timestamped transaction data, which of course is true.

They have a good section in here on how they're used in criminal investigations. And they give you some case examples when they've identified things or have resulted in convictions or at least furthering investigations. And then they have a compare and contrast I thought was pretty interesting.

It's obvious, but it's nice to see this in one section and that's cTRs versus SARs. So they say CTRs are transaction based, so based on the activity. It's objective, threshold based cash transactions, and it does support tracing and used as evidence. Whereas SARs flagged potential suspicious activity. So you don't really know until you do the investigation what the bank has identified. It provides context and behavioral red flags and it, as they say, steers investigative development. So I think that's a good, as they say, elevator explanation, what's the difference between CTRs and SARs? From a law enforcement perspective, but as you mentioned this document, CI FIRST put it out and it's under the category of Fintechs Knowledge Exchange Alert.

Elliot Berman: Yes. Another good example of the work by IRS-CI to share information with and share the why of things with industry.

Where would you like to go next?

John Byrne: I think it was late last week, there was a White House strategy document on cyber strategy for America. Short document, seven pages long, but it talks about various, what they're calling, pillars of action that will guide how you implement and measure success.

And just mention a couple of them. To modernize and secure federal government networks. I think that makes sense. So you don't want to be cutting any any dollars from governments agencies that need that. Secure the critical infrastructure. That also makes a ton of sense. And they're suggesting that they would galvanize the role of states, local, tribal, and territorial authorities to compliment, but they say here and not a substitute for our national cybersecurity efforts. Not quite sure why they couched it that way. Sustained, superiority and critical and emerging technologies. And of course, build talent and capacity.

We would all agree you wanna build talent. So that means recruiting and keeping staff. So it'd be interesting to see. I don't know what this was in direct response to, but cyber issues continue to be a challenge for all governments, including ours.

Elliot Berman: Agreed. We've talked regularly about what's going on in the EU with the development of AMLA. And I saw that AMLA announced that later this month on the 24th, they're going to hold their first public hearings on two of the regulatory technical standards, one related to business relationships and the other to customer due diligence.

This is part of the ongoing effort to build out the rules and the practical activity that will be necessitated by the AML Regulations framework. If you're interested or it's germane to what you do, interested to either participate or sit and watch it's all available online and you can go to the AMLA website and find that information.

There'll be a sequence of these beyond these two. And these are additional steps as the AMLA regulations come fully online and AMLA, the FIU and regulator has all of the pieces together to do what they're mandated to do by the new regime.

John Byrne: You also had highlighted AUSTRAC had an announcement.

Elliot Berman: Yes. In the 2026 update in Australia to their anti-money laundering regulations AUSTRAC was given new authority to initiate what's called a compulsory examination. And they put out an announcement and guidance so people will understand how that works.

And again if you do business or have activity in Australia, you should take a look at the detail. But, it's a process where they can, if they have a reasonable suspicion that something. Either a regulatory violation has occurred or some other illegal activity, they can issue what's known in the rule as a 172A notice.

And then when that information allows, them to have people come to an interview, bring forth documents and the like. So an interesting authority, maybe a little bit like our subpoena authority that you see in the US, but built right into AUSTRAC, which is their FIU and primary AML regulator, right into their authority.

Again. And I think we saw one of these involved in one of the recent AUSTRAC cases that we talked about, that it started with one of these compulsory examinations.

John Byrne: Couple of items related to the war in terms of oil. On Friday, the US Department of Justice filed two civil forfeiture complaints against more than $15 million that were allegedly used to fund and elicit Iranian oil distribution network. And according to the complaints, the funds are subject to forfeiture 'cause they afford a person, a source of influence over the National Iranian oil company, the IRGC and related organizations. And so the complaint goes into detail about the individuals. That's on the Department of Justice website.

From our friends at the Organized Crime and Corruption Reporting Project, they released the outcomes of an investigation that cargo ships are transporting sanctioned Russian oil through the Baltic Sea, and they are routinely setting sale with two extra crew on board. Why is that relevant? These crew members are a pair of Russian men with backgrounds in security organizations. So a dozen of these folks were found to have links to the Wagner group, the paratrooper units, or Russia's Foreign Intelligence Service.

And according to the finding European intelligence officers told reporters that these covert vessel protection teams have been deployed to deter authorities in the Baltic Sea from boarding or seizing the sanctioned ships. That particular report is available on the OCCRP.org website.

Elliot Berman: What else do you have, John?

John Byrne: I think that was it. We did talk about the reports from FATF last week, and I think one that actually was released right after we recorded. And they do this every few years, the consolidated assessment rating. So from 2014 to 2026, this document has an overview of the ratings on both effectiveness and technical compliance for all the countries that have been assessed against the 2012 FATF recommendations.

So that's a, March 4th dated report. Some other reports are still due, but I thought that's always interesting. You don't have to be a FATF nerd, but to understand how the assessment processes work. That was dropped after our conversation last week.

Elliot Berman: And I know you've got some things in the pipeline and you wanted to mention some more details about the AML Partnership Forum.

John Byrne: So the Partnership Forum, the fourth annual, 19th and 20th, next week in Washington DC. We've been very fortunate, our steering committee of members of the government and the private sector have put together what we hope is gonna be a very insightful program.

Remember this Forum is not a typical conference and many of us have been to those. They do have panel discussions and fireside chats and presentations, but there's no press, there's no exhibit hall, and it's really designed to exchange information. We have less than 200 people. We don't try to make it a huge event. And we're just very fortunate to have the experts that we have that will be there both on the stage as it were, but also in the audience.

That's what's so important about these forums information available on LinkedIn, on websites. But there's still time to register.

Elliot Berman: Yes. And anything in the pipeline that you wanna talk about?

John Byrne: The interview that was posted today, so you'll see it Friday obviously as well. And that's an interview I did with a coalition under the umbrella of the Charity and Security Network doing a couple of things of timeliness. One is they are advocating to the, the FATF mutual evaluators of the US, which is going on as we speak. Some of the concerns they have with Recommendation Eight, which deals with terrorist financing.

But also in general, the difficulties that humanitarian groups continue to have to get financial access when banks or other financial institutions are just concerned or don't have enough data or support from regulators on whether they can bank these entities.

So that, that needs to be more than a conversation. We have four folks on that conversation and that is available on our website and on LinkedIn and other social media platforms.

Elliot Berman: And our AML Voices webinar is March 26th, and as we've mentioned before, it's going to focus on AMLA. We've got some great experts along with our colleague Vest McCreery, and they're gonna talk about how they're organizations are preparing and what parts of the new regime are giving them concern or they're finding the most challenging in terms of prepping for AMLA. So if you have any reason to be paying attention to AMLA, whether you are specifically regulated by it or your organization does business in the EU we strongly recommend it.

You can register for that at our website. It will livestream in the US at 11:00 AM. To accommodate folks here, but also folks in the UK and the EU. John I will talk to you next week, and you have a great rest of your week.

John Byrne: Stay safe, everybody. Take care, Elliot.

Elliot Berman: You too. Bye-bye.