Industry Insights: Financial Services and Banking

In one of the most infamous scandals in international banking, Deutsche Bank helped move an estimated $10 billion out of Russia without anyone inside the institution raising a flag. Between 2011 and 2015, the bank’s Moscow desk executed what came to be called “mirror trades”: Russian clients, including some tied to politically exposed and sanctioned networks, bought securities in Moscow while related counterparties sold the identical securities through the bank’s London office. Each individual trade looked routine. But the aggregate was a covert pipeline that moved billions in funds out of Russia through London and into offshore accounts, exposing the bank to regulatory penalties on three continents.

This case underscores a reality the financial industry is now grappling with. Banks, fintechs, digital asset platforms, and investment firms face risks today that have outgrown the tools built to detect them. The gap between what traditional compliance can protect against, and the evolving tactics and techniques of adversarial nations, is where strategic intelligence becomes essential.

A Growing Target

Governments in Western countries (including the United States, Canada, United Kingdom, Japan, Australia, and throughout Europe) have designated the financial services and banking sectors as critical infrastructure. When a sector is classified as critical infrastructure, it signifies that its assets, systems, and networks are essential to national security, the economy, or public health. Failure or compromise of that sector would cause debilitating effects for society.

Because financial institutions sit at the center of global capital flows, regulatory scrutiny, and geopolitical competition, their systems, people, and partnerships are persistent targets for state-sponsored actors. The PRC’s systemic emphasis on data as a driver of national power ensures that banks and financial services companies will remain high-priority intelligence targets, valued less for their role as financial intermediaries than for their visibility into the broader ecosystems of strategic industries and capital flows. Banks serve clients in defense, energy, advanced technology, and critical infrastructure. They sit at the center of cross-border trade and investment. And they play a pivotal role in enabling corporate strategy, allocating capital, and shaping risk assessments, giving adversaries a window into the decision-making processes of global firms and governments—and the people who lead them.

State-sponsored actors seeking to infiltrate hiring pipelines, exploit third-party relationships, and influence deals are targeting enterprise banks whose innovation units are building AI, quantum, and cybersecurity capabilities. In the fintech and digital asset space, payment platforms, digital wallets, and crypto-processing environments hold high-value data and assets that adversarial governments are actively pursuing for leverage. And investment firms face growing enforcement from regulatory agencies, where even indirect exposure to sanctioned entities can trigger scrutiny and jeopardize funding.

The pressure is showing up across the sector. North Korean operatives have used fabricated identities to secure remote IT roles inside U.S. financial firms, funneling salaries back to the regime while gaining access to sensitive systems. Those schemes have helped the DPRK steal more than $6 billion in cryptocurrency. At Coinbase, overseas support contractorswere bribed by cybercriminals to exfiltrate customer data from inside the company. The result was a $20 million ransom attempt that affected tens of thousands of users. Cases like the Bitzlato CEO arrest and the JPEX exchange scandal tell a different but related story: undisclosed foreign control and executive-level misconduct at crypto platforms can trigger sanctions exposure, money laundering investigations, and lasting reputational damage.

Where the Financial Sector is Most Exposed

Understanding where adversaries are finding their way into organizations starts with understanding how exposure accumulates. It comes through hiring decisions made without full visibility, deal counterparties whose ownership structures aren’t fully traceable, and supply chain dependencies that no one has examined closely enough. For organizations across financial services, markets, and banking, the risk concentrates in three places.

The first is people. Financial institutions need to screen applicants, employees, vendors, and contractors for risky affiliations and falsified resumes, especially in high-trust roles across cybersecurity, fraud, money-movement operations, AI, quantitative research, and cyber R&D. These are the positions state-sponsored actors are working hardest to access, and they are doing so through falsified credentials, hidden affiliations, and ties to foreign programs that conventional background checks were not designed to detect. Rapid hiring cycles and remote-first work have expanded the surface area, making continuous vetting of both candidates and existing personnel essential.

The second is deals and partnerships. Every M&A transaction, IPO, fund onboarding, investment deal, and joint venture pulls new entities into a financial institution’s orbit, and each one can carry hidden ties, foreign control, or sanctions exposure that is rarely visible from the outside. Financial institutions need to be able to identify these risks across counterparties, customers, investors, LPs, board members, and global partners before a deal closes or a relationship deepens. Even indirect exposure, like adversarial capital or a sanctioned co-investor on a cap table, can trigger regulatory reviews and jeopardize investments. The Deutsche Bank mirror trading scandal is a case in point: the clients and counterparties behind the scheme were closely related entities with common owners, but the bank’s KYC (Know Your Customer) processes failed to surface those connections until billions of dollars had already moved.

The third is open source software and supply chain dependencies. Financial institutions increasingly rely on open source tooling in internal platforms and quantitative systems, as well as third-party crypto-processing centers, liquidity partners, and external infrastructure providers. Contributors to these tools and organizational dependencies can carry hidden nation-state ties, and without visibility into who is contributing to the code and infrastructure these institutions depend on, the risk compounds silently.

Case Study: Tracing an IRGC-Linked Network into European Real Estate

In 2025, reporting by Bloomberg and the Financial Times identified more than 400 million euros worth of European properties linked to Ali Ansari, an Iranian national sanctioned by the UK that year for providing economic resources to the Islamic Revolutionary Guard Corps (IRGC). Despite the designation, his holdings, which include London properties, hotels in Germany, and a resort in Spain, largely remain intact. They are held through a web of offshore companies and proxy individuals spread across at least eight jurisdictions. Any financial institution that encountered this network through a deal, a counterparty, or a vendor relationship would have had no way of knowing what sat behind it using standard screening tools.

Strider traced the network from beginning to end. Inside Iran, Ansari built a sprawling empire under the Tat Group name, with holdings in banking, finance, and construction. Tracing Tat Bank’s ownership through Iran’s corporate registry leads through his core construction entity, through multiple U.S.-sanctioned holding companies, and finally to Bonyad Taavon Sepah, the IRGC Cooperative Foundation. From there, the money moved west along a deliberately layered route. Iranian oil revenues, sold to China through sanctioned crude channels, passed through UAE intermediaries, into offshore holding companies in Saint Kitts and Nevis and the Isle of Man, then into Luxembourg and Dutch corporate vehicles, and finally into European real estate. By the time the capital arrived, it looked like legitimate Western investment on paper.

The network also depended on trusted individuals who could operate without drawing attention. Iman Rahimi Aloughareh held senior roles across Ansari’s Iranian businesses while simultaneously serving as founding managing director of the Luxembourg entities and the German operating company that anchored the European structure. Despite sitting at the center of a network with direct ties to the IRGC, Aloughareh has never been sanctioned. His name would not appear in any due diligence screen. This is exactly the kind of hidden ownership, foreign control, and sanctions exposure that financial institutions need visibility into, and exactly the kind that regulators, once they uncover it, treat as the institution’s responsibility.

How Strider Helps Financial Institutions

Strider is the leading provider of strategic intelligence for identifying and mitigating nation-state risk. The platform equips CISOs, insider threat teams, fraud and FinCrime leaders, compliance organizations, and investment teams with visibility into workforce risk, third-party exposure, and malicious communications.

For personnel risk, People Search and Falsified Resume Screening verify identities and surface risky affiliations before and after hire. Insights surfaces targeted technologies and associated employees most at risk from state-sponsored actors and provides tailored briefings to reduce recruitment risk across AI, quantum, and cyber R&D programs.

For deals, partnerships, and supply chain risk, Organizations Search maps multi-tier ownership and personnel ties for deal counterparties, investors, LPs, board members, joint-venture partners, and crypto-processing vendors. It supports M&A, investment banking, and strategic transactions by identifying foreign ownership, sanctions exposure, and hidden affiliations, and helps organizations better align with compliance requirements.

For open source software risk, OSS Search detects state-linked contributors across open source repos and assesses contributors and dependencies in tooling used in internal platforms or quantitative systems, helping prevent supply chain compromise. Shield feeds curated selectors into SIEM and DLP tools to identify, flag, and monitor geopolitical threats, including malicious emails, domains, and multilingual terms tied to state-sponsored cyber or recruitment activity targeting employees. Strider also provides expert analysis within its Intelligence Center on threats facing the financial sector—offering additional context on state-sponsored recruitment initiatives and efforts to identify and exploit vulnerabilities.

Looking Ahead

The financial services sector is operating in a rapidly changing risk environment—where the threats are geopolitical, the exposure is structural, and the cost of finding out too late keeps rising. Strider gives financial institutions the strategic intelligence to see what’s coming and act before it arrives.