Announcement by FinCEN
In a significant move to combat financial crime, the U.S. Treasury’s Financial Crimes Enforcement Network (FinCEN) announced today its proposal to restrict the operations of Cambodia’s Huione Group, identifying it as a major concern for money laundering. This initiative falls under Section 311 of the USA PATRIOT Act, aiming to cut off the group’s access to the U.S. banking system.
Implications of Huione Group
Huione Group has been implicated in laundering money linked to high-profile cyber crimes, particularly those orchestrated by North Korea and other Southeast Asian criminal networks involved in various scams, including the notorious “pig butchering” investment frauds. Secretary of the Treasury Scott Bessent declared that Huione Group has emerged as a pivotal player in facilitating financial operations for cybercriminals, which has led to the theft of significant sums from American citizens.
“The potential risks posed by Huione Group cannot be overstated. Their operations have allowed criminal organizations to launder billions,”
Bessent asserted.
This proposed rule would, if enacted, prevent U.S. financial institutions from instituting accounts related to Huione Group, thereby crippling the laundering capabilities of these illicit operations.
Extent of Financial Crimes
With a sprawling network of entities including Huione Pay PLC, which offers payment processing, and Huione Crypto, a virtual assets provider, the group has reportedly laundered over $4 billion in illegal funds between August 2021 and January 2025. Notably, this figure includes at least $37 million associated with North Korean cyber thefts and $36 million linked to fraudulent investment schemes involving convertible virtual currency (CVC).
Lack of Compliance and Next Steps
FinCEN’s inquiry further highlighted a troubling lack of anti-money laundering (AML) and know your customer (KYC) policies within Huione Group’s various subsidiaries. Despite clear evidence of their services being exploited by transnational criminal organizations (TCOs), these subsidiaries have failed to implement or publish adequate safeguards against such abuses. In fact, Huione Group admitted that its KYC processes were highly deficient, as evidenced by a failure to spot financial activities from a component that had unknowingly received funds from a North Korean hack.
As the NPRM is now available in the Federal Register, stakeholders and the public are invited to submit their feedback regarding the proposed regulations over the coming 30 days, marking an essential step towards disrupting the finances of criminal actors in the cyber domain.
