Warning

Please be vigilant about TRM impersonation scams, especially those claiming to assist with fund recovery. More info

Solutions
Products
RESOURCES
Customers
Company
Request a demo
en
Search
Search
Insights
March 3, 2026

Intel Snacks: Iranian Capital Flight

TRM Team
Intel Snacks: Iranian Capital Flight

Intel topic: Iranian capital flight

Snacks: Cheez-Its and Chick-O Sticks

In the first episode of Intel Snacks, Jenny Gai and Tom Armstrong unpack Iranian capital flight amid economic distress and intensified sanctions pressure.

As inflation, currency devaluation, and enforcement actions targeting Iran’s shadow oil fleet strain the economy, billions of dollars in capital have flowed out of the country — including through shadow banking networks and crypto rails. The discussion highlights how these flows intersect with Chinese and Hong Kong-based financial channels and mimic typologies that resemble Chinese money laundering operations.

For compliance teams, the key takeaway is clear: traditional screening alone may not surface this risk. Intelligence-driven controls, agile investigations, and deeper typology analysis are essential to identifying layered and obfuscated sanctions evasion activity.

Transcript

​​Jenny Gai (00:04):

Hi, I'm Jenny Gai. I lead product marketing for our private sector and regulator business segments here at TRM.

Tom Armstrong (00:11):

And I am Tom Armstrong. I run our compliance advisory function.

Jenny Gai (00:15):

We're so excited to welcome you to our first episode of Intel Snacks. This is a series where we unpack an interesting piece of intel and what it means for compliance teams, and we do this while eating snacks. So Tom, what are we chatting about today?

Tom Armstrong (00:31):

Iran's in the news, we are talking about Iran and specifically Iranian capital flight. So money leaving the country.

Jenny Gai (00:40):

But before we dive in, let's talk snacks. Today's theme is favorite snacks. Tom has given me his favorite snack, a Chick-O Stick, which is a candy from the 1950s.

Tom Armstrong (00:51):

I am doing Jenny's favorite snack, which is Cheez-Its my kids, coerced me into buying a box of Cheez-Its the other day at the grocery store. I won't say it was the worst mistake in my shopping cart, but I'm a little bit nervous about this one.

Jenny Gai (01:05):

Amazing. So definitely stay until the end for some very candid snack reactions. But first, let's dive in. Tom, can you give us a little bit of context around what we're seeing from Iran?

Tom Armstrong (01:15):

Yeah, absolutely. So Iran has obviously been in the news all weekend. I'm sure people saw the strikes in Iran and around the Persian Gulf. But before the actual attacks, one of the principal catalysts for the conflict right now was all the mass protests in Iran and the protests were largely driven by their economy, which was in complete freefall and still is. The value of the real was completely falling. Inflation had been entrenched for years, sometimes as high as 40%. And then you layer on top of that, the Trump administration had this maximum pressure campaign, which included not just stricter sanctions, but also this global effort to track and seize vessels that were tied to Iran's shadow oil fleet. So when you combine severe economic distress with comprehensive sanctions, it's predictable that we would see a lot of capital flight out of the country. Right? So Iranian wealth is essentially leaving the country in record numbers, and that ultimately brings risk of sanctions, evasion, and tainted property that could hit your institutions.

(02:17):

FinCEN has been talking about this lately as well. You may remember that last fall they released a financial trend analysis talking about the Iranian shadow banking economy. One of the things that they mentioned was, and it was fascinating, they said that there were about 9 billion in flows that they had seen in suspicious activity reports that people had reported. Coincidentally, that is the same amount that the Iranian Central Bank said that they had seen a record number of net outflows in Q2 of last year. So you have this money in billions of dollars that's leaving the country. It's leaving through this shadow banking network, which is essentially front companies, oil companies, investment companies, moving assets abroad. Funds didn't just stay in the region, they went through US and UK institutions and correspondent accounts. What struck me about FinCEN's FTA was that the majority of the originating accounts they said were being sent from Chinese and Hong Kong based accounts.

(03:14):

Here's the really fascinating connection with crypto. We absolutely see crypto rails being used as one of the mechanisms for this capital flight, and if you trace out from some of these Iranian entities and follow the flow of funds and these sanctions of Asian patterns, they look really similar to what we see from Chinese money laundering organizations. In terms of the tactics, the techniques, how they layer those funds and a material amount of these digital asset fund flows are ending up in more regulated institutions and exchanges. Exactly consistent with what FinCEN had noted in their FTA last fall.

Jenny Gai (03:49):

Yeah, I think it's been really interesting to see the timeline of these events. So starting from the Predatory Sparrow hack, one of our threat intel analysts found something really interesting, started to pull apart that thread, ultimately leading to a Washington Post article about this, uncovering two UK front companies that were basically facilitating sanctions evasion blows using stable coins and digital assets for Iran. So thinking about this timeline and some of the intel that's out there, if I'm a compliance analyst listening to this, what are some of the actionable takeaways that I can use and think about for my own compliance program?

Tom Armstrong (04:29):

Yeah, one of the things I like talking a lot about is having intelligence driven controls. This is, I think, different from a risk-based approach because intelligence gives you really clear signal of what the risks are and where to go kind of hunt for these nexus points. So in the crypto compliance space, I think this is where it's helpful to have a team who has workflow flexibility that can go down some rabbit holes, right? When your compliance controls are based completely on just screening and monitoring the thing directly in front of you, the address directly in front of you, you're likely to miss this typology because the layering is so extensive. You have to have teams that are more agile, can spend time investigating and counts that maybe are hitting some of the traditional red flags that fin said noted, like consistent velocity, not maintaining much of an account balance ties to the UAE Singapore Hong Kong, but also be able to dig down and try to find connections to Iranian touchpoints as the source of funding. Again, basic screening and monitoring is good for some basic functions, but that's not enough to identify this particular risk where we're seeing a lot of the outflows and the typologies and how it manifests itself. So the intelligence suggests it's just too obfuscated, but it is there if you're able to again, kind of do some of those deeper dives. Speaking of deeper dives on rabbit holes, we're maybe nervous to go around. Should we dive into our snacks?

Jenny Gai (05:53):

Yes, I definitely think we should. Do you want to go first, Tom?

Tom Armstrong (05:56):

I’ll go first. I don't know what cheese it was going for here. It says it's made with a hundred percent real cheese, and I'm just going to pretend that's true, but I don't believe it. I have not had a Cheez-It for 20 years, 25, 30 years, and for good reason.

Jenny Gai (06:19):

Are they better than you remembered?

Tom Armstrong (06:21):

Oh, no way. Okay. Absolutely not. So at first, not bad. The flavor didn't hit me, which was good. When the flavor hits late, it's like a kicker and then it comes in a way that I don't like. No, that's a no for me, that that's an absolute no.

Jenny Gai (06:39):

A really fantastic Cheez-It review. Alright, let me see. Okay, so I knew nothing about this candy. It is a crunchy peanut butter rolled in toasted coconut.

Tom Armstrong (06:49):

If I may just set the scene for you. As you partake, Chick-O Sticks are perfect for long road drives. Feet on the dashboard, windows down big blue skies in front of you. That's the perfect setting for a Chick-O Stick.

Jenny Gai (07:02):

Right? Here we go. It's not bad.

Tom Armstrong (07:18):

Yeah. Yeah, it's delicious. It's like the texture is perfect. Butterfinger texture.

Jenny Gai (07:26):

Yeah. When you describe this to me is basically the inside of a butter finger.

Tom Armstrong (07:31):

Yeah, but not as crumbly. It's put together nicely with the little kind of coconut flavor, so yeah.

Jenny Gai (07:38):

All right. I think we were one for one on these snacks.

Tom Armstrong (07:42):

New favorite snack for you? A confirmed not favorite snack for me. I can now confirm that buying more Cheez-Its last night at the grocery store was a mistake.

Jenny Gai (07:52):

It’s not. Cheez-Its are still my number one, but this was an okay snack. Anyways, thank you all for joining us. Hope you come next time where we are going to have new intel and new snacks. 

{{horizontal-line}}

Frequently asked questions (FAQs)

​​1. What is Iranian capital flight and why does it matter for compliance teams?

Iranian capital flight refers to the large-scale movement of wealth out of Iran amid economic instability, sanctions pressure, and currency devaluation. For compliance teams, this matters because some of these flows may involve sanctions evasion, shadow banking networks, front companies, and crypto assets — creating exposure risk for financial institutions and digital asset platforms.

2. How are crypto assets used in sanctions evasion and capital flight?

Crypto assets can serve as an alternative rail for moving funds across borders when traditional financial channels are restricted. In some cases, actors layer transactions through exchanges, over-the-counter brokers, and intermediary wallets to obscure the source of funds.

3. What can compliance teams do to detect and mitigate this risk?

Traditional sanctions screening alone may not be sufficient. Compliance programs should incorporate intelligence-driven controls, monitor for behavioral red flags (e.g. rapid fund movement, low account balances, jurisdictional exposure), and conduct deeper investigations into layered transaction patterns. Agile investigative workflows and cross-border typology awareness are critical to identifying potential sanctions evasion risks.

This is some text inside of a div block.

Related posts

arrow right
BLOG
March 2, 2026

How Iran’s Crypto Market is Reacting to Conflict

arrow right
BLOG
January 9, 2026

How Two UK-registered Companies Moved Over a Billion in Stablecoins for the IRGC

arrow right
BLOG
September 16, 2025

OFAC Targets Global Network Financing Iran’s IRGC

No posts to show
No posts to show
No posts to show
No posts to show
No posts to show
Subscribe and stay up to date with our insights
No items found.
Digital illustration showing a pie chart, masked criminal figure, and crypto coin symbol on a data grid background—representing crypto crime analytics.
REPORT
See the trends and typologies that shaped the illicit crypto ecosystem in 2025
READ THE REPORT →
Blue diamond with a circle overlayed in white on a dark blue background
REPORT
Unlocking more clarity for institutional adoption with key crypto policy shifts in 2025
READ THE REPORT →
3D illustration of a blue magnifying glass hovering over a digital fingerprint on a dark background, symbolizing crypto investigations or forensic analysis.
FLIP BOOK
Learn more about common crypto-enabled scam typologies in our "Investigating Crypto Scams" flip book
Get your copy →
Illustration of a stablecoin represented by a dollar symbol surrounded by icons for growth, risk alert, user profiles, and a security shield with a target, connected through a network of hexagons — symbolizing the interconnected risks and compliance considerations in digital asset ecosystems.
USE CASE
Learn how TRM helps compliance teams monitor exposure, detect threats, and safeguard their organizations
TRM for stablecoin risk management →
A worn silver wrench tool on a brown-red background, as a metaphor for violent crime
BLOG
Learn about the recent rise of "wrench attacks" and crypto-related violent crime
Read the post →
Illustration of a financial institution icon and a compliance document with checkboxes, symbolizing regulatory due diligence and financial compliance in the digital asset ecosystem.
GUIDE
Learn best practices for evaluating the legal, operational, and financial integrity of crypto entities before engagement
Get the guide →
A judge's gavel rests beside a stack of gold-colored cryptocurrency tokens, including Bitcoin, Dogecoin, Ethereum, and others, symbolizing the intersection of digital assets and regulatory or legal oversight.
REGULATORY ACTION TRACKER
Stay updated on the latest crypto-linked regulatory actions available in the public domain
Check it out →
Screenshot of the splash page used by law enforcement agencies following the takedown of Garantex, with bold red lettering reading, "This domain has been seized," along with the logos of various international law enforcement agencies involved in the action.
BLOG
Learn more about the global law enforcement operation that took down Garantex
Read the post →
Illustration of cryptocurrency crime on a dark blue background featuring bright blue and white blockchain symbols (including Bitcoin and TRON), financial graphs, and a hacker icon.
REPORT
2025 Crypto Crime Report: Explore how the crypto crime landscape evolved over the past year
DIG IN NOW →
Bright blue fiber optic cables on a dark blue background, with flashes of white sparks interspersed throughout.
REPORT
As AI technology becomes more sophisticated, so will the ways in which criminals use it. See what TRM is doing to counter AI-enabled crime.
FIGHT AI WITH AI →
Illustration of cryptocurrency crime on a dark blue background featuring bright blue and white blockchain symbols (including Bitcoin and TRON), financial graphs, and a hacker icon.
REPORT
The crypto crime landscape saw significant shifts in 2024, including decreases in illicit volumes. Dig into the data here.
PREVIEW THE CRYPTO CRIME REPORT →
Cork board with mugshots of Heather "Razzlekhan" Morgan and Ilya Lichtenstein, with their names written in handwritten script below their photos, and push pins on the board connected by red string.
DOCUMENTARY
Stream “Biggest Heist Ever” and get a behind-the-scenes peek from the TRM team
CHECK IT OUT →
A light blue two dimensional circle (representing a stablecoin) floating against dark blue and white curved lines (representing waves), with thin dotted blue and white lines overhead to represent wind.
REPORT
Explore the macro trends and jurisdictional developments that shaped the global crypto policy landscape in 2024
READ THE REPORT →
Illustration on a dark blue background showing a bug and exclamation mark (representing illicit activity), a globe with pin points, a coin, and a bar chart.
REPORT
See the countries with the highest rates of crypto adoption — and the highest rates of exposure to illicit activity
READ THE REPORT NOW →
A blue rectangle with geometric shapes in the background and dots connected by thin lines in the foreground, representing connections on the bockchain.
WHITE PAPER
Explore four ways TRM improves compliance in the modern sanctions enforcement era
Download the white paper →
Illustration of a pig butchering chart featuring various cryptocurrency logos in each section, with a bright blue sheriff's badge on top, symbolizing law enforcement's role in combating fraud.
CASE STUDY
See how Deputy District Attorney Erin West and the REACT Task Force are fighting back against pig butchering
WATCH THE VIDEO →
Illustration of an eye, skull and crossbones, and a pie chart on a light blue background, symbolizing the dangers of crypto scams and financial fraud.
REPORT
Explore the key trends that shaped that the illicit crypto economy in 2023
GET THE REPORT →
Close-up photograph of the United States Capitol building with snow falling
BLOG
Learn why cryptocurrency has become a central issue in the 2024 US election
READ THE POST
Illustration of a Russian doll toy containing a ransomware attack inside the smallest one
REPORT
Take a deep-dive into the Russian-speaking illicit crypto ecosystem
READ THE FULL REPORT
Outline of pig with law enforcement shield overlaid
Case Study
Learn more about how the REACT Task Force is tackling pig butchering
Read the case study
Illustration of a Russian doll toy containing a ransomware attack inside the smallest one
REPORT
Explore recent ransomware trends in the Russian-speaking crypto ecosystem—including the role of ransomware groups in cybercrime around the world
GET THE REPORT
Person typing on a laptop keyboard with dark blue filtered overlay
BLOG POST
Learn about summer 2024’s spate of ransomware attacks, and the proliferation of RaaS around the world
READ THE POST
REPORT
Learn about cryptocurrency’s role in the international synthetic drug precursor market
GET THE REPORT