Learn more about the latest security and privacy threats
Back

Prince Group sanctions widen: OFAC adds 35 targets, FinCEN moves on H-Pay

Michelangelo Frigo Michelangelo Frigo (Co-Founder at Zyphe) Published June 26, 2026 Reviewed by Charlene Wang
Editorial illustration for the article "Prince Group sanctions widen: OFAC adds 35 targets, FinCEN moves on H-Pay".

On 23 June 2026 OFAC hit Cambodia's Prince Group with 35 new sanctions targets and FinCEN moved on H-Pay. Here is what it means for KYC screening teams.

Table of contents

On 23 June 2026 the US Treasury widened its Prince Group sanctions, adding 9 individuals and 26 entities tied to the Cambodian scam conglomerate. OFAC named the group's second in command, Hu Xiaowei, while FinCEN moved to sever a renamed Huione affiliate, H-Pay, from the US financial system.

Treasury's 23 June 2026 action against Cambodia's Prince Group spans OFAC designations, a parallel FinCEN section 311 move and a Justice Department seizure. These are the load-bearing facts for a compliance team.

  • OFAC designated 9 individuals and 26 entities under Executive Order 13581, eight months after the original October 2025 takedown of the same network.
  • The new targets sit behind front companies in Hong Kong, Singapore, the British Virgin Islands, the United Kingdom, Thailand and Cambodia.
  • FinCEN separately proposed adding H-Pay Service PLC, a rebrand of the previously sanctioned Huione Pay, to its Huione Group special measure.
  • The case shows how shell layering and corporate name changes defeat name-only sanctions screening, the gap that decentralised KYC and beneficial-ownership resolution close.

What did OFAC and FinCEN actually do?

On 23 June 2026 the Office of Foreign Assets Control designated 9 individuals and 26 entities connected to Cambodia's Prince Group Transnational Criminal Organization, acting under Executive Order 13581 as amended by Executive Order 13863. The same day, the Financial Crimes Enforcement Network proposed extending its Huione Group special measure, and the Justice Department seized backend infrastructure the network used to launder funds.

Treasury framed the harm in plain terms. "Scam centers in Southeast Asia steal billions of dollars from American victims each year," said Secretary Scott Bessent. The lead target, Hu Xiaowei, was described as the group's second in command and operates under aliases including Chen Xiao'er. He was arrested in Osaka on 14 June 2026, days before the designations landed.

ItemDetailPrimary source
Date of action23 June 2026Treasury press release sb0538
New designations9 individuals, 26 entitiesOFAC recent actions, 23 June 2026
Sanctions authorityExecutive Order 13581, as amendedOFAC
Parallel FinCEN moveAdd H-Pay to Huione section 311 ruleFederal Register, 25 June 2026
Original network designation14 October 2025, with the United KingdomOFAC

How does this build on the October 2025 action?

This is the second wave against the same network. On 14 October 2025 OFAC, coordinating with the United Kingdom, designated the Prince Group as a transnational criminal organization and hit 146 individuals and entities, alongside a record Justice Department forfeiture of bitcoin tied to the group's founder, Chen Zhi. The June 2026 round closes gaps the first wave left open, chiefly aliases and successor companies. The crypto angle is central, and it lands as the sector absorbs the end of the MiCA transitional period, which holds digital-asset firms to bank-grade screening.

The pattern matters more than any single name. Hu Xiaowei was already sanctioned in October 2025 under one alias, yet kept operating through firms registered under other identities. FinCEN's H-Pay proposal is the clearest example of the evasion playbook. After the October 2025 final rule severed Huione Pay from the US financial system, the operator rebranded the same business as H-Pay Service PLC, which FinCEN now proposes to add by name plus "any successor entity".

WaveDateScopeLead instrument
First14 Oct 2025146 designations, UK joint actionOFAC TCO listing
Second23 Jun 20269 individuals, 26 entitiesOFAC plus FinCEN section 311

What does this mean for your obligations?

For any regulated firm, two distinct duties are now live: sanctions screening against the updated SDN list, and correspondent-account due diligence under the section 311 measure. They are not interchangeable, and Prince Group sanctions touch both at once.

On the sanctions side, the OFAC additions are immediately enforceable, and OFAC applies strict liability. You must screen customers and counterparties against the refreshed list, apply the 50 percent rule so that entities majority-owned by blocked persons are treated as blocked even when unnamed, and re-screen your existing book because several of these names were already in the network. The front-company spread across Hong Kong, Singapore and the British Virgin Islands means a name match alone will miss most exposure. You need beneficial-ownership resolution to connect a clean-looking counterparty back to a designated person.

On the section 311 side, the proposed H-Pay measure, once final, prohibits covered US financial institutions from maintaining correspondent accounts that process transactions for the named entity. That is a record-keeping and transaction-monitoring obligation, not just a list check. If a relationship surfaces, the duty to file a Suspicious Activity Report attaches in the United States, and equivalent Suspicious Transaction Report duties apply elsewhere. Customer due diligence and enhanced due diligence on higher-risk crypto and payment counterparties should now treat rebrands and successor entities as a standing risk, not an edge case. The escalation here echoes the lesson of Canaccord's record FinCEN penalty: regulators now expect screening that survives obfuscation, not a box-ticking list check.

What is still uncertain or risky?

The hardest problem this action exposes is unresolved: sanctions evasion through renaming and re-incorporation moves faster than listings can follow. FinCEN itself acknowledges that Huione changed names specifically to dodge the October 2025 rule, and the "successor entity" language is an attempt to keep pace. Compliance teams cannot assume a cleared name stays clean.

Three further risks are worth naming. First, alias coverage: Hu Xiaowei operated under several identities, and a screening engine keyed to one spelling would have passed the others. Second, shell opacity: layered companies in secrecy-friendly jurisdictions break the link between a transacting entity and its ultimate owner, so screening that stops at the immediate counterparty under-detects. Third, false positives and cost: aggressive re-screening of an existing book generates alert volume that strains investigation teams, and over-blocking carries its own commercial and conduct risk. None of these is solved by adding more names to a list.

Why do scam-centre networks expose KYC gaps?

Scam-centre money laundering is engineered to defeat identity controls, which is why the Prince Group sanctions map so directly onto KYC weaknesses. The proceeds move through accounts opened with stolen or synthetic identities, then wash through payment processors and shell companies designed to look ordinary. Each layer is a point where weak onboarding or screening lets tainted value through, and each is a control a regulated firm is expected to own.

The defensive lesson is consistent across the Prince Group sanctions, the Huione measure and the underlying fraud: verifying that a person is genuine at onboarding, and that an entity's beneficial owners are who they claim, is the control that catches what a static list cannot. That is also why widening AML perimeters, such as Australia's tranche two reforms, keep landing on the same fix, and you can see how identity verification works end to end.

How should compliance teams respond?

Start with the mechanics. Re-screen your full customer and counterparty base against the updated SDN list, apply the 50 percent rule to catch unnamed majority-owned entities, and flag any exposure to Hong Kong, Singapore or British Virgin Islands shells linked to the named individuals. Map your correspondent and payment relationships against the proposed H-Pay measure now, before it is finalised, and refresh enhanced due diligence on crypto and money-services counterparties. Treat aliases and successor entities as expected behaviour, not anomalies, and document the beneficial-ownership chain rather than the surface name.

This is where verification at the identity layer earns its place. Zyphe verifies a person once through a chip-read, liveness-checked credential, then lets that proof be re-presented across institutions, with recursive ultimate-beneficial-owner resolution that traces ownership through layered structures. To see how that closes the screening gap this case exposed, book a demo.

The bottom line

The widened Prince Group sanctions and the parallel H-Pay measure send one message to compliance teams: lists are necessary but not sufficient. Networks that launder scam proceeds evade by renaming entities and hiding behind layered shells, so a control built on exact-name matching will keep missing them. The durable defence is verified identity at onboarding and beneficial-ownership resolution that survives a rebrand, applied consistently across every regulated relationship.

Cited sources

Michelangelo Frigo Michelangelo Frigo (Co-Founder at Zyphe) Michelangelo Frigo is a privacy and identity infrastructure expert and co-founder of Zyphe.

Frequently Asked Questions

On 23 June 2026 OFAC designated 9 individuals and 26 entities tied to Cambodia's Prince Group Transnational Criminal Organization under Executive Order 13581. It is the second major wave against the network, following the original October 2025 joint action with the United Kingdom, and targets leadership, scam-compound investors and front companies.

Hu Xiaowei is described by Treasury as the Prince Group's second in command and operates under aliases including Chen Xiao'er. He was already partly designated in October 2025 under one alias and was arrested in Osaka, Japan, on 14 June 2026. The June action expanded coverage to his other identities and linked companies.

FinCEN proposed amending its October 2025 Huione Group special measure to add H-Pay Service PLC and any successor entity. Huione rebranded its sanctioned payment business as H-Pay to keep operating, so FinCEN moved to sever the renamed entity from the US financial system under section 311 of the USA PATRIOT Act.

Firms must re-screen against the updated SDN list, apply OFAC's 50 percent rule to unnamed majority-owned entities, and prepare for the section 311 correspondent-account prohibition once the H-Pay rule is final. Because the targets hide behind shell companies, beneficial-ownership resolution matters more than a surface name match.

The designated network routes funds through shells in Hong Kong, Singapore, the British Virgin Islands and elsewhere. A counterparty can pass a name-only sanctions check while its ultimate owner is a blocked person. Resolving beneficial ownership through layered structures is what connects a clean-looking entity back to a sanctioned individual.

See privacy-first KYC in action

Verify identity without storing a single document. Reusable credentials, an exportable audit trail, and a 15-minute integration.

Book a demo