 This post is written by Peter Oakes, a leading financial services expert who has led the establishment of anti-money laundering enforcement functions at Central Banks (Ireland and Saudi Arabia) and worked as a senior regulator in Australia (ASIC) and UK (FSA/FCA). These days Peter is non-executive director of, and advisor to, financial services companies in Europe Union and the UK.  If you would rather listen to an audio summarising this blog and additional detail, you can do so by clicking here. This is a very good money laundering typology for AML training, especially if looking for an international ransomware-as-a-service case involving cryptocurrency, Ireland, the USA and how the High Court of Ireland exercises extradition treaty proceedings. Our Peter Oakes is often asked to write more about useful money laundering cases that can be used by MLROs (Money Laundering Reporting Officers) as typologies for AML training. This typology on Ireland's money laundering website, www.moneylaundering.ie, pulls together: * ransomware-as-service; * predicate criminal offence; * a Ukranian national living in Cork; * identification of proceeds of crime in bitcoin recorded on the supposedly anonymous promoting blockchain; * Irish High Court extradition proceedings; * alleged abuse of human rights; and * evidence from Google Analytics and Google Drive. So we am pretty sure it ticks all the "right boxes". The case when examined from multiple sources (like Money Laundering Ireland has done) provides interesting insights into the Irish extradition regime, identification of supposedly anonymous bitcoin transactions recorded on the blockchain and evidenced obtained from Google Analytics. 
Lytvynenko, based in Cork, Ireland, worked with others in the Conti ransomware group to hack victims’ networks, encrypt files, and demand ransom payments in exchange for restoring access and not leaking stolen data. Mr Justice David Keane (High Court of Ireland) determined that the U.S. DoJ application met all of the proofs prescribed by s.29 of the Extradition Act 1965 (as amended) and that the Lytvynenko’s objections based upon violations of his rights and abuse of process did not warrant the refusal of the order sought. Before the High Court evidence from Google analytics data on Lytvynenko’s account showed that he had searched for methods of thwarting Windows authentication and had watched YouTube videos on malware, hacking, Windows administration, building a remote access tool and penetration testing. The High Court also heard that cryptocurrency tracing performed by the FBI on the publicly available blockchain had also indicated that the Lytvynenko received payments in Bitcoin from Conti conspirators during approximately the same period as the attacks on six of the victims whose data was found in the respondent’s Google Drive. The conspiracy was alleged to have resulted in the payment of a combined ransom of approximately $634,000 in cryptocurrency. The Irish High Court had to consider both s.10(1) and s.10(1A) of the Extradition Act 1965, noting that extradition can be granted only in respect of an offence punishable both under the laws of the requesting country and of the State. The court was ultimately satisfied on the evidence that the requirements of correspondence and minimum gravity had been met and that the extradition of the respondent was not prohibited by Part II of the 1965 Act or by the relevant extradition provisions. Next the court had to consider that the “making of an extradition arrangement presupposes that the Government and the Oireachtas are satisfied, amongst other things, that a person being extradited to another State with which Ireland has such an arrangement will not have his constitutional (or ECHR) rights impaired”. Mr Justice Keane considered the Lytvynenko’s objections in turn but was not satisfied that they warranted refusal of the order sought where they did not meet the required thresholds and/or where there was an insufficient evidential basis to support them. The High Court back in 2025 made an order pursuant to s.29 of the 1965 Act committing the Lytvynenko’ to prison to await the making of an order for his extradition. The Irish judgement is The Attorney General v Oleksi Oleksiyovych Lytvynenko [2025] IEHC 100. See citations at end of this post.
Once he was extradited, more fun began. In the US it was argued that between 2020 and 2022, Conti attacks hit systems across 47 U.S. states, 31 countries, the District of Columbia, and Puerto Rico. The FBI estimates that at least $150 million in ransom payments were made by January 2022. Lytvynenko admitted to joining the group around September 2021. He acknowledged holding stolen data from multiple victims in the U.S. and abroad. He also worked on developing malware components, including a “loader” used to deliver other malicious tools during attacks. “He admitted to possessing data from eight U.S. and four overseas victims which had been stolen by Conti conspirators. Lytvynenko further admitted to joining a team run by a Conti conspirator during which time Lytvynenko was directed to work on coding a “loader,” which is typically a type of malware, or malicious software, that is used to load programs necessary to execute other malicious attacks.” reads the press release published by DoJ. Lytvynenko pleaded guilty on Friday 12 June 2026 to conspiracy to commit wire fraud for his role in the Conti ransomware operation. He is scheduled to be sentenced on September 10, 2026, and faces up to 20 years in prison. The final sentence will be determined by a federal judge after considering U.S. sentencing guidelines and other statutory factors. In September 2023, four other Conti conspirators were indicted in Tennessee. The FBI and U.S. Secret Service are investigating, with DOJ prosecutors handling the case. “Lytvynenko’s guilty plea is a significant step toward holding cyber criminals accountable for the damage they inflict on victims worldwide,” said Assistant Director Brett Leatherman of the FBI’s Cyber Division. “Lytvynenko profited from fear and coercion, conspiring to use Conti ransomware to extort victims and steal their data. This case demonstrates that the FBI and our partners will relentlessly pursue those responsible for cybercrimes, regardless of where they operate, and bring them to justice.” See citations at end of this post. The FBI informs that Conti emerged from the Ryuk gang and was closely linked to the TrickBot malware operation. The group became known for attacks on healthcare organizations, governments, and businesses before shutting down operations in 2022 after internal chats were leaked and law enforcement pressure increased. Sources:
0 Comments
 STRs Received at FIU Ireland (1995-2024)
1. Summary i. STR Volumes:
ii. Main Reporting Entities (2024):
iii. STReu (European Union reporting obligation):
2. What’s interesting i. VASPs volatility in STR reporting:
ii. E-Money Institutions as major STR drivers:
iii. Persistent dominance of banks but diversification of sources:
iv. International cooperation obligations:
 More than €90,000 seized in money laundering investigation [September 14, 2025]
1. Summary: i. Over €90,000 in cash was seized in a money laundering investigation in Ireland, focused on large cash withdrawals from ATMs in Dublin and Cork. The Garda National Economic Crime Bureau (GNECB) led the operation, which followed transactions between 11 August and 9 September 2025. ii. The withdrawals used bank cards linked to accounts based in Poland and Norway. During the operation, a vehicle was searched in Lucan, Dublin on 13 September, where a substantial amount of cash and multiple bank cards were recovered. A male in his early-30s was arrested under relevant sections of Irish law. iii. Later, a woman in her 30s was also arrested at a Dublin address. Additional searches in Cork recovered more cash, foreign currency, false ID documents, bank cards and mobile phones. Gardaí are cooperating with international law enforcement through Europol in relation to the foreign bank accounts connected to this case. Both suspects remain in custody and the investigation continues. 2. What’s interesting i. Cross-border bank accounts & multi-jurisdictional risk
ii. Large cash withdrawals from ATMs as a red flag
iii. Use of multiple bank cards and false IDs
iv. Timing / detection window
v. Asset seizure & law enforcement cooperation
vi. Use of false/fraudulent documentation / identity fraud
vii. Potential reputational & regulatory risk
Source: https://www.breakingnews.ie/ireland/more-than-90000-euro-seized-in-money-laundering-investigation-1806873.html  Student charged with money laundering after agreeing to act as money mule for text scam [September 12, 2025]
Summary: i. A 20-year-old student, Darragh Sutcliffe, pleaded guilty to money laundering after agreeing to act as a money mule for a “smishing” (text phishing) scam. He had no prior convictions. At the time of the offence, he was planning to sit accountancy exams. ii. Between 23-25 May 2023, €16,350 in fraudulently obtained funds from smishing scams were deposited into his account in four separate transactions. €9,350 came from one victim (Cork woman) via an “E-flow text scam” after she responded to a malicious message. Another €2,000 from a Killarney resident. iii. Sutcliffe withdrew about €3,500 from ATMs in Lucan before his bank froze his account. After his account was flagged, he went to Gardaí and made a false report to try to distance himself from the transactions. The banks reimbursed the victims, except AIB remained out €3,500 (the ATM withdrawals). iv. In court, his solicitor emphasised that he was a typical “non-complicit money mule” — i.e. someone who allows just their account to be used on promise of payments which never materialised. v. He’ll repay the stolen funds, was contrite, has family support; sentencing has been adjourned until February. The judge also ordered a €5,000 donation to a cancer charity. 2. What’s interesting: i. Money mule risk & identification
iii. Bank account usage, transaction monitoring, freezing mechanisms
iv. False reports / attempts to distance oneself
v. Financial harm & liability:
vi. Education & awareness as mitigation
vii. Sentencing & regulatory implications
Source: https://www.irishexaminer.com/news/arid-41704397.html  Four charged in connection with international money laundering probe [September 8, 2025]
1. Summary i. Four people in central Dublin have been charged with money laundering involving proceeds of crime, in amounts ranging from around €29,000 upwards. ii. The investigation is being carried out by An Garda Síochána’s GNECB (Garda National Economic Crime Bureau) under organised crime legislation. iii. The alleged laundering involved use of bank accounts in Poland and Norway; there were large cash withdrawals from ATMs in Dublin and Cork over a period (11 August - 9 September 2025). iv. Items seized include cash, bank cards, false identification documents, and mobile phones.
ii. ATM cash withdrawal patterns as red flags: Repeated, large withdrawals via ATMs in different locations (Dublin & Cork), often a sign of layering or attempt to extract physical cash; good reminder to ensure outbound cash flow monitoring is strong (not just deposits). iii. False identities & multiple devices: Use of false IDs, multiple bank cards, mobile phones suggests efforts to obscure identity, complicate tracing. Reinforces the importance of strong identity verification (KYC), device monitoring if relevant, and forensic recordkeeping. iv. Regulatory / legal tools in play: Use of organised crime and criminal justice legislation (Sections under Irish law) shows that law enforcement is using serious legal powers. For compliance programs, this implies that suspicious activity reports (SARs) etc. must be airtight; any lapses could lead to legal/regulatory exposure. 
Very good AML typology on money mules and goes to show that highly educated people can be sucked-in to money laundering. I posted about it on Linkedin here and a guest contributor also wrote a detailed piece here. Noting this person's background of a business degree and work at an airline and tech company, quite possible that a career in financial services may be on the cards. That is certainly not over, but there will be a big hurdle to clear because the fact that no conviction was recorded doesn't mean that the person does not have to disclose it, It will raise concerns about judgement with a potential future regulated financial services provider employer. ➡️ A business graduate who let her “con-artist boyfriend” use her bank account to launder money has been spared a criminal record. ➡️ Chelsea Stelma Cassule (25) had been taken into her then partner’s trust when she gave him access to her account, which was used to transfer the €300 proceeds of a fraud. ➡️ Judge John Hughes struck the case out at Dublin District Court after hearing she had made a €300 charity donation and a probation report put her at a “low risk” of reoffending. ➡️ Cassule, of Brabazon Hall, Cork Street, Dublin 8, had pleaded guilty to money laundering – possession of the proceeds of criminal conduct. ➡️ Cassule had no previous convictions. ➡️ A defence barrister said the third party was Cassule’s boyfriend at the time. He told her he had a job opportunity in Belfast and was going to move there but needed a deposit and asked to use her account. ➡️ She did not know her boyfriend was defrauding anyone but in the cold light of day, she accepted the story was “a little bit fanciful”, the barrister said. ➡️ The accused had a business degree and had worked for an airline and a tech company. ➡️ Judge Hughes said Cassule had been “a victim of this herself” and had not made any financial gain. Her “con-artist boyfriend” had “taken her into his trust” and her suspicions were lowered, but she “should have known better”, the judge said. ➡️ The accused had an otherwise “unblemished” record. Source: https://www.independent.ie/irish-news/courts/woman-who-let-boyfriend-use-her-account-for-money-laundering-avoids-criminal-record/a1373019726.html
Woman who let boyfriend use her account for money laundering avoids criminal record [September 3, 2025]
1. Summary: i. A business graduate allowed her “con-artist boyfriend” to use her bank account for money laundering. ii. She was spared a criminal record in relation to that offence. iii. Her defence emphasised that she had been manipulated / misled by her partner, and that her involvement was passive (i.e. letting use of account rather than actively operating the laundering) and that she did not profit. iv. The court considered her personal circumstances (e.g. being misled, her lack of awareness of full criminality) when deciding to not impose a criminal record. 2. What’s interesting: i. Non-complicity / Naivety” defence
ii. Risk of insiders or account holders being exploited
iii. Court leniency & thresholds for criminal record
iv. Implications for account monitoring / KYC / due diligence
 Inside an Irish Money Laundering Operation: A Case Study
When Gardaí raided a remote farm in County Clare, they didn’t just uncover livestock and machinery—they unearthed a sophisticated money laundering scheme that had quietly converted criminal proceeds into assets that looked, on the surface, perfectly legitimate. This case illustrates a classic Irish money laundering typology, showing how criminals place, layer, and integrate illicit cash within Ireland’s financial and property systems. Placement: Converting Cash into Tangible Assets The operation began with large volumes of cash generated from drug trafficking and organised crime. Instead of depositing the money directly into banks, where suspicious transaction reports (STRs) might be triggered, the criminals purchased agricultural land, machinery, and livestock. By acquiring a functioning farm, they could explain away large cash movements as agricultural income. This is a common Irish adaptation: cash-rich illicit groups investing in rural property or cash-intensive businesses (such as pubs, car washes, or construction firms) to disguise their income sources. Layering: Complex Transfers and False Trails Once the farm was operational, transactions became deliberately complex. Animals were bought and sold across county lines, often with inflated or understated valuations. Equipment was leased through third parties, and funds were moved across multiple Irish bank accounts in amounts just under the €10,000 reporting threshold. The criminals also relied on “money mules”—individuals, often vulnerable or indebted, who allowed their accounts to be used for funneling funds. This layering process created a tangled financial trail, frustrating investigators trying to trace the money back to its illicit origins. Integration: Dirty Money Becomes ‘Clean’ Over time, the scheme succeeded in integrating illicit funds into the mainstream economy. The farm produced legitimate revenue streams: cattle sales, EU agricultural subsidies, and lease agreements. Criminal proceeds were effectively rebranded as farm income. The perpetrators then used these seemingly legitimate profits to invest in vehicles, luxury goods, and even overseas property. By this stage, the money appeared clean—making it extremely difficult to prove its criminal origin without extensive investigation. This case demonstrates several AML red flags relevant to Ireland:
The case was eventually cracked by the Garda National Economic Crime Bureau (GNECB), working in partnership with the Criminal Assets Bureau (CAB). Assets—including the farm, machinery, and livestock—were seized under proceeds of crime legislation. Under the Criminal Justice (Money Laundering & Terrorist Financing) Act 2010, amended in line with EU directives, individuals convicted of laundering can face up to 14 years in prison and unlimited fines. In addition, the Central Bank of Ireland can levy significant administrative sanctions against financial institutions that fail to detect and report suspicious activity. This farm case typifies money laundering typologies in Ireland: criminal cash embedded in rural businesses, layered through complex transactions, and integrated into the economy via legitimate-looking revenue. For compliance officers, solicitors, accountants, and financial institutions, it serves as a reminder that criminal proceeds don’t always appear as stacks of cash in city banks—they may be hiding in plain sight on a quiet farm road in the Irish countryside. Source: https://www.irishmirror.ie/news/irish-news/crime/gallery/inside-clare-farm-criminal-assets-35794821  Two Guest Contributors wrote a piece on this story. See the other one here. Nail bar worker charged with money laundering after €80k seizure [August 26, 2025] Summary: i. Defendant: Quang Nguyen, 28, of Swords, Dublin; works in a nail bar. ii. Seizure: Gardaí recovered about €78,500 and £10,800 at his home. iii. Charge: Money laundering under section 7 of the Criminal Justice (Money Laundering and Terrorist Financing) Act 2010 — accused of possessing those amounts as proceeds of crime. iv. Explanation given: Nguyen told Gardaí that the euros came from friends to help him open a nail bar in Drogheda; he could not explain the origin of the British currency. The people allegedly supplying the funds have not yet been contacted or verified by Gardaí. v. Background & other facts:
What’s interesting: i. Large cash holdings + unexplained source(s): The combination of a high cash amount and inability to clearly verify or document the origin of funds (especially from “friends”) is a classic red flag. Being able to trace and validate origins of large cash deposits is critical for AML compliance. ii. Cross-currency risk / multiple currencies: The presence of both euros and British pounds, with only partial justification for one, adds complexity. Monitoring for unexplained foreign currency inflows is important, especially in jurisdictions close to or dealing with different currencies. iii. Use of funds for business investment claims vs. money laundering allegations: Claiming the money was intended for investment (e.g. starting a nail bar) is a common defense. Compliance must ensure that business investment claims are backed by legitimate documentation (invoices, contracts, etc.) and corroborated sources, not just anecdotal “friend-gave-me-money.” iv. Presumption of innocence but burden of proof on source verification: The case highlights that while legal process presumes innocence, from an institutional/compliance standpoint you must act on strong indicators. Documenting KYC, performing enhanced due diligence where needed, and maintaining records so you can support or contest claims about fund origin are vital. Source: https://www.waterford-news.ie/nail-bar-worker-charged-with-money-laundering-after-80k-seizure_arid-68834.html
 The saga of Thierry Fialek‑Birles—known in some circles as “Terry Birles,” the self‑styled Irish aristocrat—reveals the elaborate mechanics by which confidence fraud and money laundering intertwine, particularly in cross‑border contexts. His multi‑million‑euro scheme, which ensnared celebrated French comedian and filmmaker Dany Boon, was woven with layers of deception that offer vivid insight into typologies of transnational financial crime.
Claiming decency, heritage, and legal expertise, Fialek‑Birles convinced Boon he descended from an ancient Irish aristocratic family and was an Oxford‑educated maritime lawyer. Boon was drawn in by references to glitzy affiliations, including the Royal Cork Yacht Club, and grand plans involving yacht restorations and tax‑free investments with the (fake) Irish Central Bank These personal details were the foundation of trust—crafted authenticity intended to mask the reality of fraud and exploitation. Over several months, Boon transferred approximately €2.2 million for maintenance of his yacht and a further €4.5 million into a supposedly tax‑free investment scheme. Of course, that scheme was entirely fictitious. What emerges is a clear typology: criminals often deploy a mirage of legitimacy—be it elite education, exotic family history, or exclusive clubs—to lower suspicion and facilitate large financial transfers. Once the money was in, Fialek‑Birles dissolved the façade, vanishing from view. Subsequent investigations revealed he had exploited a network of shell companies across jurisdictions—Irish‑registered entities including South Seas Merchants Mariners Ltd Partnership (SSMM), as well as entities in Samoa, the British Virgin Islands, Antigua and Barbuda, and beyond. This corporate scaffolding served two purposes: obscuring the true ownership of funds and imprinting complexity into the trail—hallmarks of layering in money laundering typologies. Irish courts responded with stringent measures, including freezing orders (Mareva injunctions) that restrained assets—including yachts in Cork, property in Youghal, and offshore accounts—totalling upwards of €4.87 million in damages awarded to Boon by a High Court judgment. This demonstrates the integration of civil and criminal strategies to protect victims and recover assets. What does this typology teach us? First, exploitation of social engineering and reputation—as in claims of aristocracy or legal expertise—remains a potent tool in money laundering and fraud. Second, the use of front-companies and offshore jurisdictions is a recurring tactic to launder proceeds and obscure paper trails. Third, effective cross-border cooperation—from Interpol notices to freezing orders—is crucial for disruption. In essence, the fake aristocrat case underscores the risks when legitimacy becomes a façade. Criminals exploit cultural or institutional trust; legitimate structures—like courts and law enforcement—must respond with equal dexterity. Vigilance toward seemingly charismatic figures, investment opportunities, or inherited privilege remains a critical defense in the typology of transnational fraud and money laundering. Source: https://www.theguardian.com/world/2025/aug/26/dany-boon-french-film-star-the-fake-irish-aristocrat-thierry-fialek-birles-and-the-missing-euros |
AuthorOn this page you will find a selection of links to articles useful for AFC training. Archives
June 2026
Categories
All
|
RSS Feed