​The discovery was made as part of an operation targeting an organised crime gang involved in the sale and supply of controlled drugs and money laundering activities in the Dublin area

Three men have been arrested in Dublin after gardaí found almost €350,000 in cash stuffed inside a suitcase in a car.
​
The discovery was made as part of an operation targeting an organised crime gang involved in the sale and supply of controlled drugs and money laundering activities in the Dublin area.

The car was searched in Drumcondra on Friday.

The operation was carried out by the Dublin Crime Response Team (DCRT) who searched three men, who were passengers in the vehicle, and their luggage, and located and seized an estimated €345,640 cash.
Three men, aged in their 40s, were arrested by gardaí and are currently being detained at garda stations in the Dublin region.

Assistant Commissioner Paul Cleary, from the Dublin Metropolitan Region, said: “This significant seizure of cash not only removes ill-gotten gains from the hands of criminals, but also deprives them of money they would have used to fund further criminal activities and cause harm in our communities.”

Source: ​https://www.irishexaminer.com/news/courtandcrime/arid-41676992.html

Definitely a great AML typology for MLROs' training kit and of course a useful Know Your Employee one as well.

I would love to hear from current law enforcement officers and the many ex law enforcement officers in the network on their thoughts on this case.

A National Crime Agency (NCA) officer has been jailed for stealing £4.4m worth of bitcoin seized during a joint operation with the US Federal Bureau of Investigation (FBI), after the criminal he was investigating told the police it was missing.

Paul Chowles thought he had got away with the crime for five years, prosecutors said, after laundering the money on the dark web and spending £613,000, mostly on day-to-day expenses.

The 42-year-old had been working as an investigator on the case of Thomas White from Liverpool, who ran an online black market for illegal drugs, known as Silk Road 2.0, launched a month after a website of the same name was shut down in 2013 by the FBI.

It was White, while under investigation, who noticed someone had taken 50 bitcoin of the 97 he had, and told police it had to be someone inside the NCA because they had the private keys for his cryptocurrency wallet.

Merseyside police, which had responsibility for managing White in the local area following his release on licence in early 2022, discussed the theft with the NCA, in meetings that Chowles attended.

During the investigation, officers discovered Chowles had stolen the money between 6 and 7 May 2017, two years after the White investigation was over, and in the following five years had been spending it in supermarkets and hardware stores and on fuel and meals, with investigators uncovering hundreds of debit card transactions.

What are some of the lessons from this case?

Generally, the case of the NCA officer jailed for stealing seized bitcoin offers sobering lessons for Money Laundering Reporting Officers (MLROs) and law enforcement agencies. It underscores the critical threat posed by insider abuse and the importance of knowing your employees—especially those entrusted with sensitive financial or digital assets.

More specifically, here are 5 Key Lessons for MLROs and Law Enforcement.

Key Lessons for MLROs and Law Enforcement
​
1. Insider Threats Are Real and Costly
Even trusted officers can exploit access for personal gain.
Chowles used his position to divert seized Bitcoin, bypassing internal controls.
Insider threats are harder to detect than external ones because they exploit legitimate access.

2. Know Your Employee (KYE) Is as Crucial as KYC
Background checks, ongoing vetting, and behavioral monitoring are essential.
Chowles had no prior criminal record, but his misuse of crypto tools went unnoticed for years.
Agencies must implement continuous risk assessments for staff in sensitive roles.

3. Weak Internal Controls Enable Exploitation
Chowles used mixing services to obscure transactions—a red flag for MLROs.
Lack of multi-signature wallets, audit trails, and real-time monitoring allowed the theft to go undetected.
Agencies must adopt blockchain analytics tools and segregation of duties.

4. Training in Crypto Forensics Is Vital
Law enforcement and MLROs must understand crypto mechanics, including wallets, mixers, and blockchain tracing.
Chowles exploited gaps in institutional knowledge to cover his tracks.
Regular training and collaboration with tech experts can close these gaps.

5. Reputation and Public Trust Are at Stake
This case damages the credibility of the NCA and raises doubts about asset integrity.
MLROs must ensure that seized assets are handled transparently and securely.
Agencies should publish audit results and enforce accountability to rebuild trust.

Sources:

• https://www.linkedin.com/posts/peteroakes_lawenforcement-bitcoin-moneylaundering-activity-7351707428448522240-m1q6
• https://moneylaundering.com.au
• https://www.theguardian.com/uk-news/2025/jul/16/national-agency-officer-jailed-for-stealing-44m-worth-of-seized-bitcoin

A very interesting case study / typology for fast growing digital banks, payments firms and crypto-asset services providers and indeed any fintech in any country where there are anti-money laundering requirements.

A few days ago our Peter Oakes wrote a piece on Linkedin about Monzo Bank's continuing plans to establish an authorised bank in Ireland.  See https://www.linkedin.com/feed/update/urn:li:activity:7347556992883843072.

Today the UK Financial Conduct Authority issued an enforcement notice and fine of £21mn against the rapidly growing digital bank.

Hope this short blog helps financial crime professionals and MLROs with some useful thought for AFC training and the typology library.


📈 As Growth Accelerates, So Must Your Controls
Rapid client onboarding and frequent product rollouts increase exposure to money laundering (ML) and terrorist financing (TF) risk. Firms often focus on scaling—the tech stack, user experience, marketing—while compliance lags. Regulatory expectations, however, demand that internal controls scale simultaneously. Digital banks must avoid the “too little, too late” trap.

A detailed, documented risk assessment underpins everything: products, client segments, geographies, channels. That assessment must inform transaction monitoring rules, reporting thresholds, enhanced due diligence, ongoing review, staff training, management information (MI), and audit cycles.

🛡️ Foundation: AML/CTF Risk Assessment
* Per Irish and EU standards, and echoed in Central Bank of Ireland guidance, your AML/CFT framework must include key elements:
* Thorough risk assessment at the outset and with any material change (new product, geography, channel)
* Board and senior management oversight with regular MI and challenge sessions
* Tailored governance, controls, training, and testing based on risk
This creates the durable infrastructure needed for AML resilience.

🧱 Case Study: Monzo’s £21M Fine for AML Failings
In June 2025, the FCA levied a £21 million penalty on Monzo, citing systemic weaknesses in financial crime control frameworks as the firm scaled its product footprint.

The FCA’s Final Notice (link below) highlighted:

• Insufficient customer risk profiling
• Flawed transaction monitoring
• Under-resourced compliance function

👉 Access the case materials from FCA:
“FCA fines Monzo £21 m for failings in financial crime controls”

• FCA's Final Notice - https://www.fca.org.uk/publication/final-notices/monzo-bank-limited.pdf
• FCA's Press Release - https://www.fca.org.uk/news/press-releases/fca-fines-monzo-21m-failings-financial-crime-controls  

This is a red flag for high-growth fintechs: internal control gaps are not just theoretical—they trigger high-profile enforcement.

🧭 Key Tactical Takeaways

• Embed risk assessment into product development and expansion
• Treat each new product or market like a mini ML/TF risk assessment project.
• Strengthen transaction monitoring in pace with growth
• Ensure value, frequency, and risk coverage evolve with transaction volumes.
• Elevate compliance’s role in tech decisions
• Document regtech capabilities and embed regular health checks.
• Invest in MI for senior leadership and board visibility
• Highlight top risk trends, STR volumes, alert outcomes, and audit results.
• Audit governance effectiveness frequently
• Compliance committees, challenge sessions, and record-keeping must be independently reviewed.
• Prepare for external audit and supervisory attention
• Firms like Monzo have shown regulators won’t hesitate to name and penalize.

✍️ Final Word for MLROs
As MLROs at high-growth firms, your role is to translate risk into action. Ensure your AML/CFT framework is not just documented—but truly operational across all products and regions. Be proactive, visible, and predictive.

CENTRAL BANK OF IRELAND PRESS RELEASE – Wednesday 2 July 2025

The Central Bank takes enforcement action against Swilly Mulroy Credit Union for breaches of Anti Money Laundering requirements.

The Central Bank of Ireland (the Central Bank) has fined Swilly Mulroy Credit Union (Swilly Mulroy) €36,273 for breaching requirements of the Criminal Justice (Money Laundering and Terrorist Financing) Act 2010 (the 2010 Act) and the Credit Union Act 1997 (the 1997 Act).

The 2010 Act requires firms to put in place safeguards against the risk of money laundering and the 1997 Act requires credit unions to develop and implement risk management systems to monitor and manage risks.

The Central Bank’s investigation found that Swilly Mulroy operated a practice of soliciting and accepting cash from depositors who did not hold accounts with the Credit Union. This money would then be electronically transferred to a branch of a local bank, without first being deposited in an account in the customer’s name at Swilly Mulroy. As a result, Swilly Mulroy failed to conduct the necessary Anti-Money Laundering checks on the depositors and the transactions.

This specific cash intensive practice had been flagged to the credit union sector as presenting a heightened money laundering risk.

The investigation found that Swilly Mulroy operated in this way between 2 January 2014 and 30 June 2021, during which time it processed €8,751,694 in deposits from 2,329 cash lodgements. The Board of Swilly Mulroy was aware of the risks associated with the practice from 2015 but failed to act on its risk management obligations under the 1997 Act.  A new management team ceased the practice in 2021 and subsequently brought it to the attention of the Board.

The issue was not brought to the Central Bank’s attention and was discovered in 2022 during an inspection by the Central Bank’s Anti-Money Laundering Division.  The Central Bank commenced this enforcement investigation in 2023.

The investigation yielded multiple examples of cash lodgements, which in the usual course should have triggered additional and careful scrutiny but instead were processed without any Anti-Money Laundering checks. 

Swilly Mulroy has therefore breached multiple requirements of the 2010 Act.

Swilly Mulroy has admitted the prescribed contraventions and has agreed to the undisputed facts as set out in the attached Settlement Notice. As part of the settlement agreement reached between the Central Bank and Swilly Mulroy, the Central Bank has determined that sanctions comprising a reprimand and monetary penalty in the amount of €51,819 are both warranted and proportionate to the size of the firm. The application of a 30% settlement scheme brings the amount to €36,273. The sanctions have been accepted by Swilly Mulroy. The sanctions are subject to confirmation by the High Court and will not take effect unless confirmed.
​
Colm Kincaid, the Central Bank’s Director of Enforcement, said:
​
“Anti-money laundering and counter terrorist financing legislation is designed to prevent the financial system being used to launder the proceeds of crime or fund terrorist activities. One of its key safeguards is that regulated financial service providers have controls in place to identify their customers and detect potential money laundering or terrorist financing. Where firms allow gaps in their control framework, they create opportunities for criminals and terrorists to use our financial system to pursue their illegal activities. It is also important that, when firms identify that such control gaps exist, they must report it to the Central Bank, so that appropriate actions can be taken to manage and mitigate the risk.

This action demonstrates the Central Bank’s continued focus on firms’ compliance with their legal obligations to safeguard the integrity of our financial system.”  

​
​