Daily FinCrime Brief – 2025-11-26

🔍 Executive Summary

• Hamas attack victims file a lawsuit in New York accusing Binance of facilitating more than $1 billion in transactions for Hamas, Palestinian Islamic Jihad and other terrorist groups through its platform.
• The Philippine Anti-Money Laundering Council freezes nearly PHP 12 billion in assets tied to an alleged flood-control graft scheme.
• Australian lender Bendigo and Adelaide Bank discloses serious anti-money laundering and counter-terrorism financing control gaps identified by a Deloitte review, triggering market pressure and regulatory risk.
• US authorities sentence the leader of a Colombian money-laundering organization to five years in prison for laundering at least $1.2 million in drug proceeds through US bank accounts as part of a transnational network.
• In the US, the proposed GENIUS Act would bring payment stablecoin issuers squarely under Bank Secrecy Act requirements, with full AML and KYC programs and supervision.
• EU authorities continue building the new AMLA-centered architecture, including EBA advice on harmonised rules and work on trust-led intelligence sharing among financial institutions.
• The US, UK and Australia jointly sanction Russian bulletproof hosting provider Media Land and publish guidance on tackling such infrastructure, targeting ransomware ecosystems.
• A cluster of crypto crime cases sees the founders of Samourai Wallet sentenced to prison, a California man pleading guilty to laundering at least $25 million from online scams, and other enforcement actions against laundering via privacy tools.

🌍 Regional Breakdown

Middle East / Global — Hamas victims sue Binance over alleged terror financing

Source: Blockhead (citing court filings)
Date: 26 November 2025
Topic: Sanctions; Terrorist financing; Crypto / VASPs

Victims of the 7 October Hamas attacks in Israel have filed a civil lawsuit in New York accusing Binance of facilitating more than $1 billion in transactions for Hamas, Palestinian Islamic Jihad and other terrorist groups, including through its now-defunct Binance TR platform. The complaint argues that the exchange allegedly continued to serve sanctioned or high-risk users even after its 2023 US guilty plea and multi-billion dollar settlement, and points to political developments including a presidential pardon for former CEO Changpeng Zhao as compounding governance concerns.

Link: Blockhead (citing court filings)

Asia-Pacific (Philippines) — Philippine AMLC freezes nearly PHP 12bn in flood-control graft probe

Source: Philippine Daily Inquirer
Date: 26 November 2025
Topic: AML; Corruption; Asset freezes; Enforcement

The Philippine Anti-Money Laundering Council has issued freeze orders over almost 12 billion pesos (around $210 million) in assets linked to an alleged large-scale corruption scheme involving flood-control projects. The orders cover bank accounts and other properties of current and former public officials and private contractors as investigators probe suspected kickbacks and overpricing.

Link: Philippine Daily Inquirer

Asia-Pacific (Australia) — Australian bank’s AML and CTF control gaps exposed by Deloitte review

Source: Reuters
Date: 25 November 2025
Topic: AML; Banking supervision; Risk management; AUSTRAC

Bendigo and Adelaide Bank disclosed that a Deloitte investigation into suspicious activity at one of its branches found deficiencies in its anti-money laundering and counter-terrorism financing controls, extending beyond a single location and impacting key elements of its risk-management framework. The review, covering activity from 2019 to 2025, concluded that the bank’s approach to identifying, mitigating and managing money-laundering and terrorism-financing risks was inadequate, prompting commitments from the board to strengthen systems and raising the prospect of regulatory follow-up by AUSTRAC.

Link: Reuters

Latin America / North America — Leader of Colombian laundering network jailed for US$1.2m drug proceeds scheme

Source: US Department of Justice
Date: 26 November 2025
Topic: Money laundering; Drug trafficking; Trade-based schemes

The US Department of Justice sentenced Colombian national Michael Nunez Daza, also known as Luky, to 60 months in prison and ordered forfeiture of $1.2 million for leading a transnational money-laundering organization. According to court documents, the network picked up bulk cash from drug trafficking in multiple US cities, deposited it into US bank accounts held by third parties and then arranged corresponding peso deliveries in Colombia, moving at least $1.2 million in eight months for Mexico-based traffickers.

Link: US Department of Justice

North America (United States) — GENIUS Act would formalise AML and KYC expectations for stablecoin issuers

Source: GARP; JDSupra and Ankura
Date: 26 November 2025 (analysis pieces)
Topic: Regulation; Stablecoins; AML and KYC; BSA

Risk experts continue to analyse the proposed US GENIUS Act, which would create a federal framework for payment stablecoins and bring issuers squarely under Bank Secrecy Act obligations, including full AML, KYC and sanctions compliance programmes. Commentary from GARP and legal practitioners highlights that stablecoin issuers would likely be treated as financial institutions for Bank Secrecy Act purposes, with bank-like supervision and clear obligations to monitor transactions, file suspicious activity reports and manage sanctions risk.

Link: GARP; JDSupra and Ankura

Europe — EU builds AMLA-centric regime and promotes trust-led intel sharing

Source: European Banking Authority; fintech.global
Date: November 2025
Topic: Regulation; AMLA; Supervisory convergence; Information sharing

Within the EU’s AML package, the European Banking Authority has advised the European Commission on harmonised supervisory rules that will underpin the new EU Anti-Money Laundering Authority, aiming to align expectations for high-risk sectors and cross-border groups. In parallel, sector commentators describe a shift towards trust-led intelligence sharing among financial institutions under the new AML Regulation, with more structured mechanisms for joint analysis of typologies and risks across borders.

Link: European Banking Authority; fintech.global

Global / Russia — Western allies sanction Russian bulletproof host Media Land

Source: US Department of the Treasury; UK and Australian government statements; Risky.biz
Date: November 2025
Topic: Sanctions; Cybercrime; Ransomware; Infrastructure abuse

The US, UK and Australia jointly imposed sanctions on Media Land, a Russia-based bulletproof hosting provider that has long supported ransomware operators and other cybercriminal infrastructure. Authorities described Media Land as a key enabler for multiple ransomware groups, and accompanied the sanctions with joint Five Eyes guidance on identifying and mitigating risks arising from bulletproof hosting providers more broadly.

Link: US Department of the Treasury; UK and Australian government statements; Risky.biz

North America — Crypto-mixing and scam laundering cases highlight enforcement focus

Source: US Department of Justice; Risky.biz
Date: November 2025
Topic: Crypto and DeFi crime; Money laundering; Mixers; Enforcement

A US judge sentenced Samourai Wallet founders Keonne Rodriguez and William Lonergan Hill to five and four years in prison respectively, after prosecutors said the privacy-focused wallet was used to launder more than $237 million from multiple crypto heists while being marketed as a tool to evade law enforcement. In a separate case, California resident Kunal Mehta pleaded guilty to laundering at least $25 million in cryptocurrency stolen from online scams and hacks for a group that stole a total of around $263 million, underscoring the Department of Justice focus on mixers, stealth wallets and professional launderers operating at scale.

Link: US Department of Justice; Risky.biz

📌 Final Notes

1. Crypto remains at the centre of terrorism financing and laundering risk. The Binance lawsuit, Samourai Wallet sentences and related cases underscore regulators’ and prosecutors’ focus on platforms that allegedly market or tolerate anonymised flows, and will raise expectations for banks and fintechs to treat virtual asset service providers and mixers as high-risk counterparties with enhanced due diligence and sanctions controls.
2. Supervisors and financial intelligence units are ramping up structural AML responses. The Bendigo review, the Philippine AMLC asset freezes and the FATF grey-list update collectively signal lower tolerance for weak risk-management frameworks and politically exposed corruption schemes, especially where banks have missed red flags over long periods.
3. Policy work is shifting from pure AML compliance to outcome-based asset recovery and systemic financial stability. FATF’s asset recovery guidance and the GENIUS Act debate both emphasise ensuring that criminal proceeds are actually confiscated and that fast-growing corners of finance, like stablecoins, are inside a robust Bank Secrecy Act and AML perimeter rather than operating in a grey zone.
4. Europe is moving towards a more centralised, intelligence-led AML regime. The emerging AMLA framework and push for trust-based information sharing point to a future where cross-border typology sharing and supervisory convergence will matter as much as local filing rules, and groups with multi-EU footprints should plan for more consistent scrutiny of group-wide risk.
5. Cyber-financial crime convergence is now routine. Ransomware infrastructure sanctions, Russian laundering networks using acquired banks and large-scale online scam laundering cases show that cyber, sanctions and AML teams can no longer operate in silos; integrated threat-intel, transaction monitoring and sanctions screening are becoming table stakes.