30 Charged. A Decade-Long Scheme. Tens of Millions in Illicit Profits. And a Warning We've Been Sounding for Years.

On May 6, 2026, the DOJ unsealed charges against 30 defendants corporate attorneys, financial professionals, and a web of intermediaries  in a large-scale insider trading scheme involving stolen MNPI from some of the nation's most prominent M&A law firms. (U.S. Department of Justice, U.S. Attorney's Office, District of Massachusetts, May 6, 2026). What was involved? Burner phones, encrypted apps, coded language, shell companies routed through Panama and Switzerland. This wasn't just about opportunity, it was architected.

This case is a stark reminder of something I and other financial crimes/AML risk professionals have written about and vocalized with growing urgency for years: that intermediaries with access  whether attorneys, accountants, agents, consultants, or financial professionals represent one of the most significant and underestimated insider threat vectors in our financial system – professional enablers of financial crime. And these risks don't stop at insider trading.

These covert, high-risk mechanisms  shell companies, layered ownership structures, offshore accounts, coded networks are the opposite of transparency. They are the infrastructure of financial crime: sanctions evasion, money laundering, fraud, cartel finance, and foreign illicit finance. Insider trading already represents nearly 33% of all SEC enforcement actions in FY2025, up from 26% the prior year. (Holland & Knight, "SEC Enforcement 2025 Year in Review," Dec. 2025). The threat landscape is expanding, not shrinking.

These professional enablers are often able to circumvent the AML and fraud technologies designed to flag suspicious behavioral activity and transactions. AML software is often blind to the activity authorized by these trusted intermediaries. The ‘fix’ isn’t just better software; it's a proactive human-led investigative, forensic-level approach into the relationships behind the transactions.

In March 2025, FinCEN issued an interim final rule removing the requirement for U.S. companies and U.S. persons to report beneficial ownership information under the Corporate Transparency Act  exempting domestic entities entirely. (FinCEN, "FinCEN Removes Beneficial Ownership Reporting Requirements for U.S. Companies and U.S. Persons, Sets New Deadlines for Foreign Companies," Interim Final Rule, March 21, 2025). I wrote about this gap in a January 2026 post: "Closing the CTA–Beneficial Ownership Gap." The rollback didn't just stall reform. It pushed open a door we were working to close one that bad actors, along with these professional enablers never stopped walking through.

This latest action fortifies what many of us have argued: that weakening CTA beneficial ownership requirements has impaired the effectiveness of the U.S. AML program. Without enforceable BO transparency, shell companies remain easy to form and difficult for banks to trace without the technology tools and trained teams with the analytical depth to recognize and mitigate these risks. And while the U.S. pulls back, our international partners are moving forward. FATF's Recommendations 24 and 25  strengthened in 2022 and further clarified in 2023  require member countries to implement central beneficial ownership registers with verification mechanisms to ensure accuracy. (FATF, Guidance on Beneficial Ownership and Transparency of Legal Arrangements, March 2023; FATF Recommendations 24 & 25, revised 2022). The EU has mandated central BO registries since its 4th Anti-Money Laundering Directive in 2015, expanding to public access requirements under the 5th AMLD in 2018. (EU 4th Anti-Money Laundering Directive, 2015; EU 5th Anti-Money Laundering Directive, 2018).

The U.S. is moving in the opposite direction and the networks that exploit opacity are paying attention. The 30 defendants charged yesterday allegedly used shell companies and offshore accounts precisely because opacity works. The banks see it. Regulatory bodies and law enforcement must listen to the private sector if the intelligence and data are there.

The convergence is real:

→ Intermediaries with privileged access and exploitable trust

→ Shell company infrastructure with no meaningful BO reporting

→ A regulatory rollback that widened an already known gap

→ AI and cyber tools now available to threat actors at scale

This is not a compliance check-the-box problem. It is a national security and financial system integrity problem.

Therefore, as FinCEN and the U.S. regulatory environment have pulled back, the burden of truth-seeking has shifted entirely to the financial institution. If the government won't mandate transparency, the financial sector must meet this threat directly deploying AI and cyber tools to combat the very weapons bad actors are using against us: deepfakes, synthetic identities, and fraudulent documentation designed to defeat static controls. Incorporate transparency holistically within AML and fraud program frameworks through the CIP-KYC onboarding process and periodic review protocols. As bad actors continue leveraging the latest advancements in AI to generate increasingly convincing shell personas and documentation, compliance risk frameworks must evolve from basic, static documentation review to dynamic behavioral monitoring and adaptive risk detection.

For CEOs and Board of Directors, this is not a moment to wait for regulatory direction. Enforcement posture shifts. Administrations change. However, the underlying risks of money laundering, sanctions evasion, fraud, illicit finance flowing through opaque structures do not. The legal and reputational exposure of getting this wrong remains significant regardless of the regulatory climate. Boards have a fiduciary responsibility to ensure their institutions are not the path of least resistance for bad actors. That means investing in the people, programs, and independent advisory support needed to stay ahead, not scaling back because the current regulatory environment feels lighter. Boards would be wise to commission an independent ‘Insider Threat & Intermediary Vulnerability Assessment’ to assess and locate the gaps this latest DOJ case highlights.

The cost of independent advisory and framework strengthening today is a fraction of the legal fees, deferred prosecution agreements (DPAs), and market-cap hits that follow a DOJ or other regulatory public unveiling with all the details of your enforcement action, penalties and settlement. The question isn't whether your institution will face scrutiny. It's whether you'll be prepared when it arrives.

The assessment, build out, and strengthening of your compliance-risk framework needs to happen now before the red flags are waving. Independent, experienced advisory support can make the difference between being prepared and absorbing the full cost of operational, regulatory and reputational remediation.

The work has never been more important.

Endnotes:

1. U.S. Department of Justice, U.S. Attorney's Office, District of Massachusetts. "Thirty Individuals Charged in Global Insider Trading Scheme Netting Tens of Millions in Illicit Profits." Press Release, May 6, 2026. https://www.justice.gov/usao-ma/pr/thirty-individuals-charged-global-insider-trading-scheme-netting-tens-millions-illicit

2. Holland & Knight, "SEC Enforcement 2025 Year in Review," December 2025.

3. FinCEN, "FinCEN Removes Beneficial Ownership Reporting Requirements for U.S. Companies and U.S. Persons, Sets New Deadlines for Foreign Companies," Interim Final Rule, March 21, 2025.

4. FATF, Guidance on Beneficial Ownership and Transparency of Legal Arrangements, March 2023; FATF Recommendations 24 & 25 (revised 2022).

5. EU 4th Anti-Money Laundering Directive (4AMLD), 2015; EU 5th Anti-Money Laundering Directive (5AMLD), 2018.