FinCEN Finds Cambodia-Based Huione Group to be of Primary Money Laundering Concern, Proposes a Rule to Combat Cyber Scams and Heists

Immediate Release

WASHINGTON — Today, the U.S. Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN) issued a finding and notice of proposed rulemaking (NPRM) pursuant to Section 311 of the USA PATRIOT Act that identifies Cambodia-based Huione Group as a financial institution of primary money laundering concern and proposes to sever its access to the U.S. financial system.

Huione Group serves as a critical node for laundering proceeds of cyber heists carried out by the Democratic People’s Republic of Korea (DPRK), and for transnational criminal organizations (TCOs) in Southeast Asia perpetrating convertible virtual currency (CVC) investment scams, commonly known as “pig butchering” scams, as well as other types of CVC-related scams. Given the money laundering risk posed by Huione Group, FinCEN is proposing to prohibit U.S. financial institutions from opening or maintaining correspondent or payable-through accounts for or on behalf of Huione Group.

“Huione Group has established itself as the marketplace of choice for malicious cyber actors like the DPRK and criminal syndicates, who have stolen billions of dollars from everyday Americans,” said Secretary of the Treasury Scott Bessent. “Today’s proposed action will sever Huione Group’s access to correspondent banking, degrading these groups’ ability to launder their ill-gotten gains. Treasury remains committed to disrupting any attempt by malicious cyber actors to secure revenue from or for their criminal schemes.”

As described in the NPRM, for years, Huione Group has laundered proceeds of CVC scams, including CVC investment scams, and heists. Huione Group has set up a network of businesses, each playing a different role in its money laundering enterprise, that includes Huione Pay PLC, a payment services institution; Huione Crypto, a virtual assets service provider (VASP); and Haowang Guarantee, an online marketplace offering illicit goods and services. This network offers services ranging from an online marketplace selling items useful for carrying out cyber scams, to payment services in fiat currency and CVC frequently used for money laundering, as well as a recently developed stablecoin. FinCEN’s investigation identified that, in aggregate, Huione Group laundered at least $4 billion worth of illicit proceeds between August 2021 and January 2025. Of the $4 billion worth of illicit proceeds, FinCEN found that Huione Group laundered at least $37 million worth of CVC stemming from DPRK cyber heists, at least $36 million from CVC investment scams, and $300 million worth of CVC from other cyber scams.

The risks presented by Huione Group’s association with illicit actors and transactions linked to illicit activity are compounded by either an absence of, or ineffective, anti-money laundering/know your customer (AML/KYC) policies and procedures among Huione Group’s components. Despite publicly available information describing the use of Huione Group’s various services by TCOs for scam activity, none of the three Huione Group components had published AML/KYC policies. Huione Group itself has even recognized this deficiency, detecting that the company’s KYC capabilities were seriously insufficient after failing to identify that one of its components indirectly received funds from a DPRK heist.

The NPRM as submitted to the Federal Register is currently available here. Written comments on the NPRM may be submitted within 30 days of publication of the NPRM in the Federal Register.