Primer: How This Piece Got Here

This essay has already lived a small life of its own.

Since July, it circulated through several major legacy outlets. Some passed quickly and professionally; others expressed enthusiasm, requested time-consuming revisions, and ultimately stepped back for reasons that were never fully articulated. The responses varied, but the pattern was clear: uncertainty around unfamiliar frameworks, discomfort with material that sits outside conventional editorial lanes, and a broader hesitancy to publish work that challenges inherited assumptions.

The experience reinforced something that is only now beginning to shift. As recently as this past summer, traditional media still treated illicit liquidity as a peripheral issue. But the field is finally catching up. The traction my newer work has gained—across policy, enforcement, and analytical circles—reflects a broader recognition that liquidity is central terrain, not an auxiliary concern. The industry is evolving, even if the legacy editorial machinery has been slower to recognize the shift.

This piece was written to explain that evolution—how illicit liquidity systems now outlast militaries, sanctions regimes, and enforcement architecture itself—and why understanding this shift is no longer optional. Its publication journey ended up mirroring its own thesis: frameworks built for a previous era often struggle to accommodate the realities of the present one.

Since writing it, I’ve expanded and refined many of the concepts it introduced, but this remains the originating document. I am publishing it here in the form it was meant to take—not diluted, not retrofitted to an older template, and not reshaped to fit the boundaries of legacy formats. If those outlets revisit this space later, they can. My readers don’t need them to recognize the stakes.

Below is the full piece, unchanged except for minor clarity edits—the version that wasn’t designed to make anyone comfortable, but to make the problem clear.

In May 2025, FinCEN designated Huione Group and Huione Pay as a “primary money laundering concern”, citing $4 billion in proceeds tied to scams, human trafficking, and North Korean hackers. Despite global scrutiny, Huione remains operational.

This outcome is a strategic warning.

Huione’s resilience typifies a new global architecture of shadow liquidity that sustains conflict, corruption, and authoritarian influence from Southeast Asia to West Africa and beyond. These networks do not survive because they evade detection but because enforcement strategies continue to treat financial infrastructure as peripheral rather than primary terrain.

While U.S. and allied responses have prioritized weapons transfers, territorial control, and traditional alliance-building, adversaries have quietly focused on what actually sustains power: value mobility. The real vulnerability is our failure to treat financial infrastructure as battlespace—one that sustains adversaries and keeps them resilient against sanctions and other enforcement measures.

If adversaries can move value with speed, deniability, and scale, they do not need air superiority or territorial control. They can fund insurgency, project influence, and exploit crises faster than formal systems can adapt. The longer this architecture remains intact, the greater the threat to global stability.

To remain effective, national security thinking must evolve to treat financial infrastructure as core battlespace. This includes conceptualizing the purpose of tools currently under development, such as DARPA’s Advanced Analysis of Multinational Money Laundering (A3ML) initiative—not merely as forensic engines, but as platforms for pre-emptive disruption of shadow liquidity networks.

Defining the Battlespace

Shadow liquidity is a distinct category of capital movement—decentralized, broker-mediated, and designed for cross-jurisdictional convertibility beyond banking oversight. These networks—operating through over-the-counter (OTC) crypto brokers, stablecoin corridors, hawala-style settlement systems, and gray-market payment platforms like Huione—form a parallel liquidity architecture outside formal regulation. Shadow liquidity spans both licit and illicit nodes; Illicit Liquidity Networks (ILNs) are its subset devoted specifically to illegal flows.

Persistence makes shadow liquidity strategically significant. Traditional threat finance has generally been treated as episodic: discrete flows tied to specific actors, transactions, or events, which can be traced, disrupted, and prosecuted. Shadow liquidity systems, by contrast, behave like infrastructure. They are not pipelines serving a single organization or network but adaptive, self-reinforcing ecosystems that outlast individual actors.

The convergence of these systems with crypto rails has accelerated their reach and resilience. OTC brokers link fiat currencies to dollar-denominated stablecoins, serving not just as technical facilitators, but essential nodes in an informal financial network where trade settlement, investment flows, and other illicit capital flows blend into the same liquidity pools.

Treating shadow liquidity as just another typology of illicit finance misses its structural role: it is not a symptom of criminal activity but an enabler of hybrid state and non‑state operations. Whether used to sustain sanctioned economies, move capital into gray‑zone investment projects, or provide working liquidity to transnational criminal or militant networks, these systems create strategic depth for actors who would otherwise be constrained by formal financial architectures.

Understanding modern threat finance requires a shift from seeing illicit flows as isolated events to mapping the living infrastructure that sustains them. Shadow liquidity is not the side effect of a globalized economy; it is the battlespace in which financial sovereignty, hybrid conflict, and criminal enterprise now converge.

Case study cluster:

The following cases illustrate how shadow liquidity manifests across regions and conflict theaters, showing both its adaptability and its strategic impact. Taken together, these cases illustrate a convergence: shadow liquidity networks evolve into semi-sovereign systems once they achieve scale. Whether scam economies in Southeast Asia, Iran’s proxy liquidity, or Russia’s mercenary finance, the pattern is the same — financial autonomy emerges faster than enforcement adapts. This comparative view highlights why treating flows as isolated typologies misses the structural threat.

Southeast Asia – China’s Shadow Finance Ecosystem

Southeast Asia has become the epicenter of China’s offshore liquidity blowback. What began as state-managed capital outflows—meant to bypass controls and evade sanctions—has evolved into a parasitic financial ecosystem: scam compounds, gray casinos, and informal payment rails now operate beyond Beijing’s reach while draining billions from China’s own economy.

Across Cambodia, Laos, and Myanmar, Huione Pay and networks like it anchor scam hubs tied to Chinese-funded Special Economic Zones (SEZs) and armed actors. This reach extends beyond the region, as evidenced by the Houthis’ use of Huione as a money laundering service, underscoring how Southeast Asia’s shadow finance now fuels conflicts beyond the region. China’s offshore shadow finance systems are no longer just a laundering problem but a crisis of sovereignty. These systems persist not through evasion, but through structural autonomy.

Iran – Liquidity Proxies and Strategic Autonomy

Iran’s proxy liquidity system has become semi-sovereign—sustaining regional influence while eroding domestic control.

Groups like Hezbollah and the Houthis now operate independent financial architectures, built on regional taxation, smuggling, and crypto-mediated commodity sales. Stablecoins and hawala networks stretching from Cambodia to Venezuela allow these proxies to generate and deploy funds without central disbursement—blurring the line between state-backed operations and autonomous liquidity regimes.

Tehran’s leverage is now negotiated, not commanded. Even Iraqi militias once firmly under Iranian Revolutionary Guard Corps (IRGC) influence increasingly pursue self-financing agendas. Meanwhile, the IRGC has offshored vast capital through front companies, creating a shadow reserve system that sustains proxy operations but hollows out Iran’s monetary base.

Phantom gold accounting and offshore accounts conceal a liquidity collapse. The rial’s redenomination—slashing four zeros—signals a potential regime-induced currency failure. Sanctions that target banks or known intermediaries miss the mark; the true threat is not just the actors, but the parallel financial architecture sustaining them.

Russia – Mercenary Liquidity Infrastructure

The resilience of Wagner and its successor, the Africa Corps, reveals how deeply embedded shadow liquidity systems are in Russia’s expeditionary strategy. These networks bypass Moscow’s formal financial system, instead relying on resource smuggling, gold and diamond flows laundered through Dubai, and opaque third-party facilitators. Non-bank intermediaries and commodity traders provide both mobility and deniability, with indications that stablecoin rails bridge African resource wealth to operational accounts abroad.

Russian mercenary operations in Africa reveal how shadow liquidity enables sanctions evasion and strategic divergence. These networks can outgrow state control, making local deals that contradict official policy. The enforcement lesson is structural: targeting individuals fails when the network is modular, adaptive, and partially sovereign. Wagner’s liquidity architecture shows how private and state power converge through shadow finance

Synthesis:

Liquidity systems built for strategic depth have mutated into semi-autonomous infrastructures. Across Southeast Asia’s scam-finance belt, Iran’s proxy networks, and Russia’s mercenary plunder, a common feature emerges—adaptability and persistence. These are not episodic money trails but living financial architectures. Disrupting them requires more than transaction monitoring; it demands ecosystem-level mapping and structural interventions.

Institutional Blind Spots

Despite advances in threat finance, global security systems remain misaligned. The core challenge is conceptual inertia. National security and regulatory frameworks still treat illicit finance as a transactional problem despite shifting circumstances. The greatest threats now move not through isolated bank accounts or criminal actors, but through decentralized liquidity networks—adaptive, hybrid financial ecosystems that function beyond the reach of conventional enforcement.

These networks are not invisible. They are partially observed, persistently flagged, and yet structurally misunderstood. Financial surveillance tracks anomalies inside banks but misses liquidity outside them. What it cannot see, let alone disrupt, is the architecture of liquidity that exists outside its perimeter.

Today’s adversarial liquidity flows increasingly blend stablecoin corridors, over-the-counter (OTC) brokers, shell companies, nested exchanges, and informal value transfer systems like hawala. They straddle legality, often making use of mainstream platforms and payment rails while remaining structurally opaque. These flows do not behave like traditional laundering transactions, but rather like sovereign financial systems in miniature, operating under their own rules and norms. Current tools were built to find bad actors, not to identify financial sovereignty.

This actor-centric paradigm enables profound blind spots. Compliance tools detect transactions but fail to contextualize liquidity patterns across jurisdictions and asset types. As a result, regulators and intelligence agencies see fragments—but no infrastructure. The network remains intact, quietly evolving.

Legal constraints further widen the gap. Jurisdictional silos, lengthy mutual legal assistance treaty (MLAT) procedures, and fragmented beneficial ownership laws delay or block enforcement. Meanwhile, regulatory frameworks remain chronically outdated. Cryptocurrency policy is inconsistent across the U.S., EU, and Asia. Platforms offering liquidity-as-a-service—such as peer-to-peer (P2P) exchanges, stablecoin escrow markets, and anonymous crypto wallets—often fall through the cracks. Many operate in legal gray zones or under regulatory arbitrage, where no single state has oversight, and with little incentive to close the gap.

The result is not a lack of information, but an inability to act on what is already visible. Shadow liquidity does not thrive in darkness. It thrives in disconnection—between agencies, between legal systems, and between the visible and the actionable. This disjointedness is no longer an anomaly. It is the terrain upon which adversarial financial networks are built.

From Designation to Disruption: the Legal Infrastructure for Liquidity Warfare and A3ML

The proposed Anticipatory and Adaptive Anti-Money Laundering (A3ML) framework is designed to identify, designate, and dismantle illicit liquidity systems. Unlike traditional tools focused on compliance and anomalies, A3ML can become an AI-driven infrastructure mapping system. To be effective, it must be trained on deep, pattern-based financial research and empowered by cross-jurisdictional legal reform. Its targeting must focus not only on bad actors, but on the systemic architecture that sustains them.

The American legal architecture built to combat organized crime offers a blueprint for confronting today’s most urgent financial threat: illicit liquidity networks. The Racketeer Influenced and Corrupt Organizations Act (RICO) succeeded not by prosecuting criminals one by one, but by treating entire criminal enterprises as unified entities. It marked a doctrinal shift—from targeting individuals to dismantling infrastructure.

Illicit finance in 2025 demands a similar evolution of thought. What we face today are not merely networks of bad actors but global, adaptive liquidity ecosystems that serve as the financial backbone of transnational crime, proxy warfare, and authoritarian statecraft. These systems are durable, decentralized, and increasingly indistinguishable from legitimate financial activity. We must understand them not as criminal anomalies, but as sovereign financial organisms enabled by adaptive cross-jurisdictional infrastructure.

This is not about policing bad actors. It is about mapping and disabling the systems that allow bad actors to regenerate faster than enforcement can respond.

Civil Asset Forfeiture as Strategic Weapon

Time is the decisive variable in liquidity warfare. Prosecutions remain too slow to neutralize networks moving billions in real time. A3ML must therefore expand the civil asset forfeiture logic pioneered under RICO across global jurisdictions. Unlike criminal cases, civil forfeiture permits freezing assets on a preponderance of the very evidence A3ML is built to track in real time.

Civil forfeiture enables pre-emptive action against identified liquidity networks—especially when paired with new legal definitions that treat financial networks, not just individuals, as targets. This mechanism already exists. What is missing is the conceptual shift that elevates illicit liquidity to the level of strategic infrastructure.

To operate globally, this tool must be accompanied by jurisdictional harmonization. While A3ML does not currently establish mutual recognition protocols, its framework could build on existing international precedents—such as the Strasbourg and Warsaw Conventions—to enable partner states to enforce each other’s forfeiture orders against designated liquidity networks. The goal is speed: convert intelligence into disruption within days, not years.

Jurisdictional Leverage and Legal Hooks

The United States already has the legal foundation to operationalize A3ML. Statutes such as Section 311 of the USA PATRIOT Act and the Bank Secrecy Act provide hooks for systemic disruption, especially when combined with U.S. control over dollar clearing and correspondent banking access. A3ML’s contribution is not legal but conceptual: it unifies these authorities into a framework for targeting liquidity networks rather than isolated actors—and at speeds much faster than human analysis.

Global coordination is not just possible—it is already taking shape. The Financial Action Task Force (FATF), long the international standard-setter for AML/CFT compliance, has begun to acknowledge the complexity of illicit financial infrastructures beyond formal institutions. Initiatives like Operation Grafos—which targeted professional money laundering networks as coherent entities—represent a significant step toward structural thinking. Grafos – highlighted in the FATF’s 2025 report on terrorist finance - showed that the global community is starting to move from transactional enforcement to enterprise-level disruption.

But FATF’s core recommendations still focus primarily on institutional behavior: due diligence, beneficial ownership, and recordkeeping. They stop short of mapping or designating networked liquidity systems, and they lack the enforcement mandates required to neutralize them.

This is where A3ML fits—not as a competitor to established frameworks, but as their architectural complement and enforcer. It provides the conceptual framing and enforcement logic needed to extend current compliance standards into a cross-jurisdictional, structural response to liquidity-based threats. By aggregating and processing data in real time, A3ML can reframe illicit finance not as a series of reporting failures, but as a systematized battlespace—one that demands structural tools to navigate and dismantle. It must be trained on real data and paired with cross-border reform.

Defining the Target: Illicit Liquidity Networks

Illicit Liquidity Networks (ILNs) are the unlawful subset of shadow liquidity—persistent financial structures, whether criminal, corporate, or state-aligned, through which value moves beyond sovereign control. Where shadow liquidity describes the broader architecture, ILNs identify the specifically illicit nodes that A3ML is designed to dismantle.

A3ML could designate ILNs as systemic threats rather than fragmented cases. Phase I would map ILNs through public–private partnerships. Phase II would build on emerging stablecoin oversight to close gray intermediaries. Phase III would disable them through forfeiture, cutoffs, and coordinated sanctions. Implementing these phases would require no new agency, only integration of existing authorities. A3ML is not a silver bullet but a structural correction. Without it, security architecture will remain reactive—outpaced by networks that understand one truth: control liquidity, and you control survival. Operational success will depend on embedding liquidity mapping into existing security frameworks and building analytic partnerships capable of predictive disruption beyond the banking system.

Conclusion – Sovereignty and Strategy in the Age of Hybrid Liquidity

Sovereignty today is no longer defined by borders, flags, or deterrence, but by the ability to control the flow of capital—licit and illicit, digital and analog, state and shadow. In this battlespace, liquidity itself is sovereignty. Without tools to secure the circulatory system of finance, every alliance, sanction, and military asset is vulnerable to erosion by this new paradigm.

Illicit liquidity networks enable proxy wars, hollow out regulatory regimes, and entrench criminal ecosystems that feed on institutional weakness. And they do it faster than conventional enforcement can react. Treating financial architectures as an auxiliary domain of national security is no longer tenable. What A3ML offers is not just a legal instrument—it is a strategic reorientation. One that recognizes that power now flows through networks, not just weapons; through escrow chains and stablecoins, not just supply chains and ships.

If we fail to respond, we invite encroachment—not by military forces, but by liquidity systems we ignored. The choice is clear: keep reacting in fragments, or build the architecture to defeat liquidity insurgency systemically.