Why is Cambodia not on FATF Grey List?
Huoine still growing despite moves to block US financial access
Source: Chainalysis.
The Cambodian financial conglomerate Huione, accused of being a “one-stop shop” for the technology needed for cybercrime, has continued to expand despite US action to end its access to the American financial system.
The US Department of the Treasury’s Financial Crimes Enforcement Network (FINCEN) on May 1 desginated Huione as a “financial institution of primary money laundering concern.” FINCEN cited Huione’s role in “pig butchering” scams carried out in Cambodia, as well as its involvement in North Korean cyber-heists.
“Pig butchering” scams are designed to part people from large amounts of money as fast as possible. They are carried out from cyber-scam compounds in Southeast Asian countries including Cambodia and Myanmar, which run on the forced labour of the victims of human trafficking.
The Cambodian government stands accused of complicity in the racket. Prime Minister Hun Manet's cousin Hun To is a director of Huione Pay.
The FINCEN decision proposes to sever the access of Huione to the US financial system. Most banks react to such a proposal immediately, rather than waiting for final confirmation, meaning that Huione’s US banking access was effectively lost straight away.
Despite that, the FINCEN action hasn’t even succeeded in slowing the down Huione’s growth, let alone curtailing its ability to operate, according to research published in June by the Chainalysis blockchain analytics firm.
Laundering services which continue to be supplied by Huione include pre-paid card transfers and cash to crypto conversions. “Huione’s continued operation, even after its public-facing infrastructure was taken down, reveals the limits of current approaches to combating deeply embedded criminal financial networks,” Chainalysis says.
Casinos Repurposed
So what can be done? Clearly a more co-ordinated international approach is needed. The problem is clearly too big and complex for any government to tackle alone, even one as powerful as the US. FINCEN said at the time of its action that it was not aware of any other government taking similar action against Huione.
Moves by a single country against organisations such as Huione displace money laundering but don’t stop it. Regulators and financial intelligence units need to be co-operating much more, rather than operating in national silos.
As I argued on Substack here, wider adoption of the “Travel Rule” issued by the Financial Action Task Force (FATF), the global money laundering and terrorist financing watchdog, is an obvious way forward.
The Travel Rule requires Virtual Asset Service Providers (VASPs) to collect and transmit information about the originators and beneficiaries of crypto transactions.
However, the rapid growth in cyber-scam activity in Cambodia since Covid-19 appears to have caught the FATF off-guard. Cambodia was removed from the FATF’s “grey list” of countries subject to increased monitoring in February 2023, having spent four years on the list since 2019. The country had previously been on the grey list from June 2011 to February 2015.
Financial controls in the country’s casino industry were cited by the FATF as a reason for putting the country back on the grey list in 2019. Progress was subsequently deemed to have been made.
But we know now that Covid-19, which wiped out business at the casinos, led to their repurposing into cyber-scam facilities.[1] The United Nations Office on Drugs and Crime has said that the pandemic in fact accelerated, rather than initiated, the shift.
In that light, the FATF needs to revisit its over-optimistic assessment of the progress made by Cambodia and address the well-documented issue of casino repurposing. The possibility of a return to the grey list is a lever which could be used to put pressure on the regime to clean up its act.
[1] Cyberfraud in the Mekong reaches inflection point, UNODC reveals