In November 2025, the National Crime Agency published the results of Operation Destabilise — a multi-year investigation into a billion-dollar money laundering network that had operated across at least 28 UK cities and towns. The network, centred on two Russian-linked groups known as TGR and Smart, collected criminal cash generated from drugs, firearms and organised immigration crime, converted it into cryptocurrency and fed it into a global financial system that ultimately served the Russian state. A bank in Kyrgyzstan had been purchased specifically to facilitate sanctions evasion and payments in support of Russian military efforts.
128 arrests. Over £25 million seized in cash and cryptocurrency in the UK alone. A significant and sustained law enforcement operation — and by any measure, a serious disruption to a serious network.
And yet, within months of that announcement, a new investigation by the Organised Crime and Corruption Reporting Project demonstrated that the underlying problem had not gone away. It had simply adapted.
The OCCRP investigation, published this month and reported in partnership with SourceMaterial, found a network of payment brokers openly advertising sanctions-busting services on Telegram. Posing as a Russian businessman seeking to make payments to European suppliers, undercover reporters found agents willing to route funds through layered intermediaries in Hong Kong, Dubai, Indonesia and elsewhere — structuring transactions specifically to ensure, as one broker put it, that "there will be no trace of the Russian company."
One of the payment routes proposed by a broker identifying himself only as "Dima" led investigators to companies whose key figures had also been listed as executives in entities connected to TGR — the very network the NCA had dismantled months earlier. The network had not been destroyed. Parts of it had been reconstituted under new names, in new jurisdictions, with new structures.
"From a law enforcement perspective, payment systems are currently one or two years ahead of regulators when it comes to developing mechanisms for sanctions circumvention. This is a constantly evolving ecosystem backed by millions of dollars in investment, with clear support from the Russian state."
Ilia Shumanov, TriTrace Investigations — quoted in OCCRP, June 2026Why Britain Remains Central
The UK's prominence in both investigations is not accidental. London's position as a global financial centre, its company registration system, its property market and its legal infrastructure have made it uniquely attractive to those seeking to move and legitimise money. That attraction has not diminished with high-profile enforcement action — it has, if anything, become more sophisticated in response to it.
Operation Destabilise found networks operating in 28 UK cities and towns. TGR's listed address was in Fitzrovia, central London. Companies connected to the network were registered in the UK, incorporated and dissolved as circumstances demanded. One Remit Ltd, a UK company used for international money transfers on behalf of the network, was dissolved in 2024 — shortly before the sanctions that would have caught it were imposed.
The OCCRP investigation found similar patterns. Entities with no corporate footprint that could be verified. Operators who existed only on Telegram. Structures that shifted from one jurisdiction to another as banks and regulators adapted. The opacity was not incidental — it was the product.
The Due Diligence Gap
Both investigations point to the same underlying problem: the information that formal processes produce is, by design, insufficient. Company registrations tell you who is listed as a director — not who is actually in control. Sanctions lists tell you who has been caught — not who has restructured their operations since. Corporate databases tell you what is on the record — not what has been carefully kept off it.
This is the environment in which lawyers, wealth funds, financial institutions and communications firms are expected to conduct due diligence on counterparties, investors and clients. The formal picture — the one that emerges from database searches and public filings — can be, and frequently is, an incomplete or deliberately misleading account of the real one.
What Databases Cannot Tell You
Who is actually in control. Beneficial ownership structures routinely place nominees between the real controller and the registered entity. Corporate records show the nominee. Finding the controller requires asking different questions of different people.
What happened before the record was created. Individuals and companies with problematic histories can restructure, rename and reincorporate. The new entity is clean. The history requires investigation.
What the network looks like. The TGR and Smart networks operated through dozens of interconnected entities across multiple jurisdictions. Understanding the network — rather than any single node within it — requires the kind of cross-border source work that databases simply cannot replicate.
What is happening now. Sanctions lists and enforcement records describe what has already been found. The OCCRP investigation found brokers actively advertising sanctions-busting services this month. That information exists on Telegram. It does not exist in any corporate database.
The Investigative Journalism Standard
What makes the OCCRP investigation notable — beyond its findings — is its methodology. The reporters did not rely on corporate databases or sanctions lists. They went to where the activity was actually happening, asked the right questions of the right people and built a picture from primary sources. That is how the connection between a Telegram broker, a Canadian company, a Lithuanian electronic money institution and the already-sanctioned TGR network was established — not from any public record, but from the kind of investigative work that follows the thread wherever it leads.
That methodology — finding people, asking questions, building a picture from sources rather than systems — is what separates genuinely useful intelligence from the kind of surface-level database output that gives clients a false sense of security. In an environment where the people you most need to know about have the strongest possible incentive to keep themselves out of the databases, it is the only methodology that reliably gets to the truth.
The scale of what Operation Destabilise uncovered — and the speed with which elements of those networks reconstituted themselves, as the OCCRP investigation suggests — is a reminder that the threat is not static. It evolves. The structures change. The jurisdictions shift. The people remain, operating under new names, through new entities, in new locations.
Keeping pace with that requires the same skills that found them in the first place: not databases, but sources. Not filings, but people who know what is actually happening and are willing to say so.