As digital finance transforms the Middle East, so do the threats facing banks, fintechs, and regulators. Joining us today is Dickon Johnston, CEO and founder of Themis, to discuss the region's evolving financial crime landscape — from sanctions evasion and sophisticated money laundering networks to AI-powered compliance and real-time risk monitoring. Dickon, welcome to the show.
Thank you, Rachel.
Let's start with Themis's mission in 2026. What are the most pressing forms of digital financial crime you're seeing in the Middle East, and how is Themis looking to tackle these at scale?
Sadly, financial crime is big business. The latest UNODC figures suggest that over 2.7% of global GDP is lost every year to money laundering and other forms of financial crime — trillions of dollars lining the pockets of organised crime groups, criminals, fraudsters, and in some cases state actors deliberately exploiting people, businesses, and the natural world. Our mission at Themis is to tackle that head on and stop the very real damage being caused — to people, businesses, the natural world, and as we've seen recently, to national security and the rule of law as well.
You mentioned state actors. You've published analysis on Iranian money laundering and sanctions evasion frameworks — shadow banking, front companies, crypto tactics. What can banks and fintechs in the Middle East practically do to combat this?
Since the strikes on Iran began, the IRGC has given us all a crash course in financial crime. The financial crime risks facing businesses in the UAE and across the region have dramatically increased with the conflict, because financial crime is an enabler at every stage of what the IRGC is doing — from initial fundraising to money laundering, proxy networks, cross-border transactions, maritime trade, and even dual-use goods. Did you know there has been a marked increase in the importation of washing machines into Iran since the start of the conflict? Not because of cleanliness — because these domestic products can be stripped down and their parts used to manufacture drones and missiles.
The number one risk for firms here is sanctions evasion — being caught up in those proxy networks, voluntarily or involuntarily. The IRGC uses two key tactics. First, corporate concealment — setting up legitimate-sounding businesses across the UAE and GCC, often employing nationals as CEOs and directors to conceal the true nature of their activities and remove the paper trail. What can look like a legitimate business, and often will have a legitimate trading element, can also be masking illicit activity — the illegal trade of sanctioned Iranian oil, for example.
Second, the deliberate recruitment and targeting of key individuals inside specific organisations to gain access to financial networks. These are often mid to low level employees, chosen specifically for the access their role provides. In April and May, we saw a spate of arrests in Dubai where members of these networks included an operations analyst at a well-known UK exchange house and a compliance officer at an energy company. They had been deliberately targeted. It's critically important that firms are aware not just of who they're doing business with, but who is employing them, financing them, shipping them, and ultimately who is behind any of these organisations. The government is cracking down hard — penalties for involuntary association with proxy networks or sanctioned entities can include a cessation of business activities or fines of up to AED 5 million.
You've described a highly complex system. Where is the sweet spot between AI detection and human judgement in financial crime compliance?
That balance between AI and human intelligence is genuinely critical, and it's one of the areas where Themis takes a leadership position — blending the latest AI with deep domain knowledge and human expertise. I've seen clients get very excited about generalist large language models. You can run a company name through one of these systems and get a well-written, nicely formatted report. But that is very dangerous in a field like financial crime. Generalist LLMs do not have the ability to triangulate and analyse data the way a trained human expert can. There is often hallucination. We've seen reports where the model has conflated multiple people with the same name into one profile. We had a client who was accused of being a drug trafficker in Australia — he'd never been to Australia. A simple conflation of names and identities that a human investigator spotted immediately.
AI has an enormous ability to assimilate millions of data points from around the world and spot hidden patterns and connections. But you also need the human brain, the learned experience, and the investigator's judgement to make the right business decisions.
You've spent more than a decade in the UAE. What specifically makes the UAE's regulatory framework so effective in combating financial crime?
A few things. First, there is clear direction and tone from the top. Anti-money laundering, counter financing of terrorism, and fraud have been set as national priorities. The UAE's AML-CTF strategy is ingrained in how all businesses operate here, because the UAE understands this is about good governance, attracting foreign direct investment, and providing an environment where markets are trusted, safe, and open to international trade. The UAE is also currently holding the presidency of the MENAFATF regional body — taking not just a position of compliance but of leadership.
And then there is the openness between public and private sector. We've worked closely with both since 2019. One thing I really admire about this environment is the willingness to share intelligence, guidance, and information with private sector firms. In some countries, regulators come down with a very heavy stick for any compliance failures. Here — whether through the General Secretariat, the Central Bank, ADGM, or DIFC — there is a genuine willingness to work with firms, explain the threats, explain the regulations, and provide guidance on the frameworks required.
Final question — it's been a year of intense risk across multiple dimensions. How should boards think about upgrading their real-time risk management solutions?
The conflict has shown us that risk is multifaceted — IRGC proxy networks, sanctions risk, trade risk, money laundering, and a significant increase in cyber crime. Organised crime groups have adopted AI wholesale. They are purchasing synthetic identities on the dark web — not just stolen passports, but complete packages including ID documents, proof of address, voice notes, and deepfake videos — all designed to get through the legacy systems many banks are still using.
It is critically important that all firms in the UAE are adopting AI seriously as part of their financial crime control framework. If they're not already, they are already exposed. And financial crime cannot be a one-off activity — continuous monitoring, continuous screening, and the combination of technology and human intelligence is what it takes to truly understand your clients, suppliers, third parties, and investors. Because what will hurt you most is being linked to one of these proxy networks. That will damage your reputation, your share price, and your legal and regulatory position very quickly.
That was both terrifying and informative — a real pleasure, Dickon.
I'm sorry for that — but thank you so much for having me.