Financial crime regulatory developments: May 2026

Summary: the NCA has launched a new initiative with banks to help identify and disrupt payments linked to the livestreaming of child sexual abuse overseas. It marks the first time the agency has formally partnered with financial institutions on this threat, sharing case studies and intelligence to help firms recognise suspicious transaction patterns.

Impact: banks are being encouraged to proactively detect and investigate payments that may fund abuse, as well as support law enforcement through monitoring restrictions such as Sexual Harm Prevention Orders. The initiative highlights how financial data can provide a critical opportunity to intervene, as these offences rely on identifiable payment flows.

Publication score

Summary: OFSI fined the London brand of a large German-based £165,000 for breaching UK Russia sanctions by processing payments to an entity owned by a Designated Person.

The breaches related to two payments (June and July 2022) totalling £635,618.75 made to Okko LLC, which became subject to sanctions after its owner (JSC New Opportunities) was designated. Although the bank screened the transactions, its systems failed to identify the sanctions risk because its third-party data provider did not capture ownership information linking Okko to the designated entity.

OFSI assessed the case as “serious”, highlighting that:

1. Funds were made available to a sanctioned-related entity, undermining sanctions objectives.
2. The issue was compounded by a second payment a month later.
3. There were gaps in risk management and oversight of the client’s sanctions controls.

Impact: this is a reminder that ownership and control risk should be actively managed through identifying ultimate ownership and control, as sanctions can apply indirectly. Additionally, firms should not place too much reliance on third-party screening providers, as they can have limitations which represent sanctions exposure, such as not capturing ownership data appropriately.

Publication score

Summary: this is a report issued by the FCA, outlining its findings (including both good and poor practice) from a recent assessment of firms' systems and controls for financial and trade sanctions.

The most common root causes of reported sanctions breaches are related to due diligence, alert management, transaction and name screening, as well as the management of frozen assets and compliance with specific and general licences.

Some of the common gaps identified include the following:

• Over-reliance on group of third-party controls.
• Risk assessments that are too high-level, incomplete or out of date.
• Managing indirect exposure to sanctioned parties.
• Identifying beneficial ownership and complex structures.
• Data quality issues and gaps in coverage.
• Poor vendor management and oversight. The report highlights trade sanctions controls are less mature than their financial sanction counterparts.

Impact: this is particularly relevant to firms offering trade finance products, insurance (marine, cargo), as well as payment firms with cross-border exposure.

Publication score

Summary: the UK is expanding sanctions enforcement to target evasion networks and financial infrastructure, especially in crypto and third-country channels, rather than relying solely on traditional designations.

Impact: firms are expected to improve the effectiveness of controls beyond basic sanctions screening, as the UK is targeting increasingly sophisticated evasion methods involving crypto networks, intermediaries and cross-border structures.

Publication score