The evolving geopolitical environment is heightening financial crime risks across the GCC by intensifying sanctions enforcement, disrupting trade and supply chains, and accelerating cross-border capital flows.
Together this evolving climate creates opportunities for regulators in the Gulf to maximise financial regulation ahead of FATF evaluations this year, which will sharpen scrutiny on how effectively these risks are being addressed by governments and businesses alike.
The UAE left FATF’s grey list in 2024 whilst Kuwait was placed on the grey list earlier this year.
Sanctions and Corporate Concealment
A central risk in this landscape is corporate concealment.
Iran-linked networks, including those tied to the IRGC, have long targeted Gulf financial and trade hubs to try to set up front networks, leaning on the Gulf’s well-regulated, globally connected centres to blend in and avoid scrutiny.
A key tactic used by Iranian proxy networks is the creation, acquisition, or repurposing of companies across the GCC to form globally connected corporate networks. These structures — often supported by nominee directors and layered ownership — are used by Iran-linked actors to raise funds, build and move reserves, and obscure the true source and destination of funds or goods within complex international flows.
Dual-Use & Proliferation Risks
The current conflict is also heightening the risk of dual-use goods being diverted for military and proliferation purposes, particularly as demand for sensitive technologies and components increases.
Procurement networks will look to adapt quickly — using intermediaries, front companies, and falsified end-use declarations to acquire controlled goods under the guise of legitimate trade.
At the same time, associated financial flows are structured to appear routine, embedding proliferation financing risks within standard commercial transactions. This means there is a greater need to understand not just counterparties, but also the purpose, end users, and routing of goods and payments.
Capital Flows
The current uncertainty in the Middle East is accelerating capital movement, as individuals in Iran and across the region seek to hedge against volatility and protect assets. While the vast majority of these flows are legitimate, their volume and velocity create a dense backdrop of financial activity that complicates oversight.
For Iran’s government and its proxy networks, there is a strong incentive to move money quickly at the moment, both to get ahead of potential sanctions, currency pressure, or asset freezes, ensuring they can continue funding core state activities and regional operations. In practice, this often means shifting funds across borders, into alternative channels, or through intermediary networks to maintain access and flexibility despite increasing restrictions.
Transactions are increasingly fragmented across jurisdictions, intermediaries, and asset classes, with funds often routed through layered pathways that obscure ultimate beneficial ownership. In this environment, illicit finance can be more easily concealed within broader patterns of capital reallocation, as traditional monitoring systems struggle to distinguish meaningful anomalies from conflict-driven “noise.”
Risks are further heightened by the growing reliance on informal and alternative financial channels, particularly those historically leveraged by Iran-linked and proxy networks. These include hawala systems, exchange houses operating in variably regulated environments, and crypto-based platforms, all of which offer speed, flexibility, and in some cases reduced transparency.
During periods of instability, the advantages of these channels become even more pronounced, increasing their attractiveness for actors seeking to evade scrutiny or restrictions. At the same time, the coexistence of legitimate use of these channels at a higher rate during instability further complicates detection and enforcement efforts.
These dynamics are particularly acute in the GCC, given its role as a key financial and logistics hub bridging regional and global capital flows.
Repurposing of Quasi-Legitimate Structures
One typology to pay particular attention to is the repurposing of legitimate businesses or quasi-legitimate networks by Iranian proxy actors.
Rather than setting up new front companies, intermediaries may acquire or co-opt entities or even individuals with clean track records, using them to embed illicit activity within otherwise normal operations or to move funds with less scrutiny.
This tactic can often appear in periods of conflict or geopolitical uncertainty, as it allows networks to move quickly, tap into existing commercial relationships, and benefit from the credibility of established firms. In practice, this can involve acquiring a legitimate business to act as a front, using trusted trading companies to reroute goods, or blending sanctioned-linked funds into otherwise routine financial transactions.
The result is a much more blurred risk landscape. Illicit activity becomes harder to detect because it sits within familiar structures. For businesses, this places greater emphasis not just on who they are dealing with, but how those entities are being used, requiring closer scrutiny of transaction patterns, ownership changes, and the underlying purpose of commercial activity.
Increasing Use of Cryptocurrency
Iran’s crypto ecosystem has grown rapidly into one of the largest in the world, valued at around $7–8B and increasingly embedded in both the domestic economy and state financial strategy.
Alongside this, there are increasing indications of crypto brokers offering payment settlement services specifically for sanctions circumvention.
These brokers facilitate payments across intermediary networks in third countries, using a mix of crypto and cash. This is another area to pay attention to, as these brokers are appearing in more and more places, with Hong Kong appearing to be a key market.
Adapting their AML/CFT Frameworks
For GCC-based firms looking to navigate shifting regulatory scrutiny, a key starting point is recognising that, amidst ongoing regional uncertainty, risk is likely to become more concentrated around specific operational chokepoints in the near term.
In practice, this means focusing on areas where access, opacity, and cross-border activity intersect. Corporate service providers can be used to establish or manage opaque ownership structures for sanctions evasion; and crypto and alternative payment systems are increasingly used to facilitate fast, less transparent cross-border transfers. These are the points where illicit actors are most actively exploiting gaps, and where controls need to be strongest.
Regulators are also making it clear that blanket de-risking is not the right way to go. The emphasis, particularly from FATF, is on a genuinely risk-based approach, with a much sharper focus on beneficial ownership transparency.
Firms need to go deeper: stronger network analysis, more robust ownership mapping across jurisdictions, and closer scrutiny of intermediaries — not just direct counterparties.
This also means adapting to a much more fluid sanctions environment. Rapid changes, such as shifting restrictions on Russian and Iranian oil, are making real-time monitoring and recalibration essential. Firms need the ability to quickly update controls, reassess exposures, and monitorclients and transactions on an ongoing basis, not just at onboarding.
Compliance obligations are also becoming more layered and more stringent, especially around sanctions. Iran-related risk doesn’t sit within one regime, with firms facing overlapping but divergent sanctions frameworks in the US, UN, EU, and UK.
Due Diligence
From a practical perspective, this raises the bar for due diligence. Firms should be mapping beneficial ownership chains in detail, identifying indirect exposure (including factoring in the 50% ownership rule), and assessing how clients interact with higher-risk sectors such as shipping, commodities, and dual-use goods. Supply chain visibility is key, particularly where goods may be rerouted through transshipment hubs or linked to shadow fleet activity.
Ultimately, there needs to be a real shift is from static compliance to continuous risk management and awareness building. Firms need stronger pre- and post-transaction monitoring, clearer escalation protocols, and a more proactive approach to identifying red flags.
A key enabler of this is the use of cross-industry data and AI-driven tools. These can help uncover hidden links across networks, map complex ownership structures, and detect unusual patterns in corporate behaviour and trade flows that may not be visible through traditional checks. In an environment where risk is increasingly embedded within legitimate activity, leveraging advanced analytics is becoming essential to identify indirect exposure and stay ahead of evolving threats.
Key Red Flag Institutions
Institutions should be watching for red flags that suggest a counterparty is being used to move Iran-linked funds, disguise trade, or create distance from sanctioned actors.
One major cluster of red flags sits around ownership and control. Institutions should pay close attention to any recently changed ownership structures that could have been undertaken to disguise connections with or ownership by a sanctioned actor.
Counterparties that rely heavily on nominees or corporate service providers with no clear necessity, and entities whose business footprint does not match their stated activity, should also be viewed as suspicious. Again, this matters in large part because sanctions risk can attach not only to designated parties but also to the entities owned by these parties, directly or indirectly.
A second cluster is around trade and shipping behaviour. For Iran-related exposure, key indicators include unusual routing through third countries, especially hubs known to be used by Iranian actors. Last-minute changes to shipping documents, inconsistencies between goods, counterparties, and payment flows, and transactions touching oil, petrochemicals, dual-use goods, or maritime logistics are also all higher-risk.
A third area is around payments and settlement patterns. Institutions should treat as higher risk the use of exchange houses, unexplained third-party payments, settlement through multiple intermediaries, and any abrupt shift toward informal channels, cash-heavy settlement, or crypto-linked payment chains.
Institutions should also watch for network-level inconsistencies rather than isolated anomalies. A client may appear low risk on their own, but become high risk when viewed alongside shared directors, repeated use of the same agents, overlapping addresses, links to high-risk logistics providers, or exposure to sectors and jurisdictions repeatedly appearing in Iran-related enforcement actions. That is why this environment increasingly requires network analysis and data-driven approach, not just name screening.
AI Usage as a Preventative Tool
Cross-border financial crime is becoming more sophisticated, more coordinated, and harder to detect using traditional methods. Criminal networks operate across jurisdictions, exploit regulatory gaps, and deliberately fragment their activity to avoid detection. In this environment, advanced analytics and AI are no longer optional — they are essential.
Historically, financial crime detection has focused on individual transactions or accounts. But cross-border crime doesn’t happen in isolation — it happens across networks. AI enables institutions to move beyond siloed analysis and instead identify patterns of behaviour across multiple entities, geographies, and timeframes. Financial crime isn’t a single event — it’s a network, and AI helps us see the whole network, not just one transaction at a time.
Traditional rules-based systems are effective at catching known risks, but they struggle with new and evolving threats — particularly when criminals deliberately structure activity to stay below detection thresholds. AI changes this by identifying unusual patterns rather than relying solely on predefined rules, detecting subtle anomalies across large datasets, and uncovering previously unknown typologies. In short, rules catch what we already know; AI helps us find what we don’t.
A major challenge for financial institutions is the sheer volume of alerts, many of which turn out to be false positives. AI helps here too — by prioritising high-risk cases, reducing unnecessary alerts, and allowing investigators to focus on genuine threats. AI doesn’t just find more risk; it helps focus on the risk that matters.
As financial crime continues to evolve across borders, so too must the tools used to combat it. Advanced analytics and AI provide a step-change in capability, enabling institutions to detect complex, coordinated activity that would otherwise go unnoticed.
Staying Ahead of Regulatory Arbitrage
As regulatory scrutiny and law enforcement tightens in certain jurisdictions, those undertaking illicit activities will look to shift to other third countries where less attention being paid. This kind of regulatory arbitrage means risk won’t be concentrated in just a couple of places and that higher-risk countries will shift in coming months.
For compliance teams, this makes it critical to monitor country risk consistency and think beyond jurisdiction-by-jurisdiction risk and instead assess how activity connects across borders. Greater focus should be placed on cross-border linkages, intermediary networks, and how different partsof a transaction fit together—not just whether each individual element appears compliant on its own.
Fast-Moving Sanctions Landscape
Sanctions risk is becoming harder to navigate, not just because of volume, but because of divergence, creating grey areas and compliance uncertainty. For instance, the US has lifted some restrictions for now on Iranian and Russian oil to address the current energy crisis, meaning that companies need to have monitoring in place to track and incorporates such changes into their sanctions compliance.
At the same time, enforcement is becoming more expansive — focusing on facilitators, intermediaries, and entire networks rather than just primary actors. This means firms need faster sanctions recalibration: the ability to quickly interpret new measures, assess exposure, and update controls in near real time. It also requires a deeper understanding of indirect risk—particularly around ownership (e.g. the 50% rule), sectoral exposure, and activities that could trigger secondary sanctions.
Transactional Monitoring
Rather than relying solely on static risk indicators, firms should place greater emphasis on how clients behave over time. This includes identifying changes in transaction patterns, use of new intermediaries, shifts in trade routes, or activity that doesn’t align with a client’s known profile.
The focus should be on spotting deviations and inconsistencies early—before they escalate into more serious exposure.
Given capacity constraints, compliance efforts should be more targeted. This means prioritising higher-risk client segments, products, and corridors — particularly those exposed to cross-border trade, complex corporate structures, or alternative payment methods.
A more risk-led allocation of resources will be critical to maintaining effectiveness as threats become more concentrated and harder to detect.
Reviewing Capabilities
Finally, firms should take stock of whether their existing tools are fit for purpose. Many traditional systems struggle to detect indirect or network-based risk.
Over the next six to twelve months, there should be a clear focus on upgrading data sources, improving data quality, and integrating more advanced analytics or AI-driven tools. These can help surface hidden connections, identify emerging typologies, and reduce reliance on manual processes, ultimately enabling faster, more informed decision-making.
Staying ahead will depend on being more agile, more targeted, and better equipped, combining strong fundamentals with the right data, tools, and insight to keep pace with a rapidly evolving risk landscape.
NOTE: This Article Represents the Viewpoint of Dickon Johnstone, CEO of Themis.
Stay Up to Date with the Latest Updates at Finance ME
Moody’s and S&P Reaffirm UAE Ratings Despite Ongoing War
Asia Fuel Strategy Shifts from Energy Transition to Cash Flow Control
$2.3M On Chain in One Hour: How the IRGC Bypasses Global Finance
