Phantom CEO: How Iran Built a UK Crypto Empire Behind a Face That Doesnt Exist

Two UK-registered crypto exchanges. Hundreds of thousands in transactions. One CEO named Elizabeth Newman - who was assembled from stock footage and has never existed. Investigators found the cat. They found the office. They found the video clip. They never found the woman.

The digital trail led investigators from London to Tehran - through a CEO who does not exist. (Pexels)

The corporate biography was impeccable. Elizabeth Newman, according to filings with UK Companies House, was the chief executive of two cryptocurrency exchange businesses registered in London. She had a professional headshot: a confident woman in business attire, dark hair, mid-forties, photographed in what appeared to be a modern office.

The headshot was taken from a stock footage video library. The office was a generic background clip licensed to thousands of companies. The cat occasionally visible at the edge of the frame had been digitally composited in. Elizabeth Newman had never existed.

What existed, investigators at the Organized Crime and Corruption Reporting Project found, was something far more consequential: a carefully constructed machine for moving Iranian money through the regulated Western financial system, exploiting the near-total absence of verification requirements at UK Companies House, and using the cryptocurrency ecosystem as a layering mechanism for funds connected to Iranian state and commercial interests under active US and European sanctions.

The investigation, published by OCCRP in late February 2026, traced a digital trail that wound from a stock footage website through UK corporate registries, through cryptocurrency exchange infrastructure, and ultimately to a network of transactions connected to Iranian-linked entities. It exposed not just a single fraud but a systematic vulnerability - one that UK authorities have acknowledged for years without closing.

UK Companies House processes millions of registrations with minimal identity verification. (Pexels)

The Cat That Broke the Cover

Investigative open-source work is, at its core, pattern recognition. Something does not fit. Something does not align. You pull the thread and follow it wherever it leads.

In this case, the thread was a cat.

OCCRP researchers examining the Elizabeth Newman corporate identity noticed something unusual in one of the photographs used to establish her business presence: a cat visible in what appeared to be a personal workspace photo. When researchers performed a reverse image search and cross-referenced the visual metadata, they found the image originated from a stock footage collection - a royalty-free clip sold to businesses needing generic professional working-from-home visuals.

The cat, it turned out, was not Newman's cat. The cat was nobody's cat. The cat was a prop in a corporate lie.

From that single anomaly, investigators began systematically dismantling the identity. The professional headshots used for Newman's LinkedIn-style profile were traced to separate stock footage archives. The background visible in different images - supposedly the same office - varied in ways consistent with green-screen compositing rather than a real workspace. Phone numbers listed on corporate documents connected to virtual office services with no physical presence. The address on file with Companies House was a registered agent service that processes hundreds of companies.

The investigation concluded that Elizabeth Newman was a corporate phantom - a fictional identity constructed from commercially available imagery and designed specifically to satisfy the minimum requirements of UK business registration while providing plausible cover for a business that needed to appear legitimate.

"She appears to be a corporate fiction... a woman named Elizabeth Newman supposedly runs two UK-registered crypto exchanges. But she appears to be a corporate director constructed from stock footage and fake documentation."
- OCCRP, February 2026

Open-source investigation techniques - reverse image searches, metadata analysis, corporate registry cross-referencing - unraveled the identity. (Pexels)

The Iranian Connection

Finding a fake CEO is interesting. Finding out who she was constructed to serve is the story.

OCCRP's investigation connected the exchanges to a broader network of Iranian-linked financial activity. The investigation documented transaction patterns consistent with the layering phase of money laundering - moving funds through multiple accounts and instruments to obscure their origin - with the cryptocurrency exchanges serving as a crucial intermediate layer between Iranian-sourced funds and the Western financial system.

Iran operates under some of the most comprehensive sanctions regimes in the world. The US Office of Foreign Assets Control has maintained a near-total embargo on Iranian financial transactions since 1979, with layers added following the Islamic Revolution, the nuclear program, and the designation of the Islamic Revolutionary Guard Corps as a foreign terrorist organization in 2019. European sanctions, though historically softer, significantly restrict financial dealings with Iranian state entities, the IRGC, and affiliated commercial operations.

The sanctions represent a genuine strategic chokepoint. Iran cannot easily access dollar-denominated trade finance. Iranian banks are cut off from SWIFT. Iranian oil revenue flows through a labyrinth of intermediaries and obfuscation mechanisms. Iranian officials, businesspeople, and state entities that need access to hard currency have developed an entire sub-industry of circumvention - and cryptocurrency has become a central tool.

The mechanism is straightforward in principle, though sophisticated in execution. Iranian parties convert rials to cryptocurrency through domestic exchanges or peer-to-peer transactions. That cryptocurrency then moves through a series of intermediary wallets - often routed through jurisdictions with minimal blockchain monitoring - before arriving at a seemingly legitimate exchange in a Western jurisdiction like the UK. The exchange converts it to fiat currency. The money is now "clean" from the perspective of the receiving institution, traceable only to a UK-registered company with all the right paperwork.

The Elizabeth Newman exchanges appear to have operated at this crucial conversion point. Their corporate structure - UK-registered, with a named director who satisfied Companies House requirements, with FCA registration documentation - provided the legitimacy veneer that made the final conversion possible.

The mechanics of Iran's crypto-based sanctions evasion: five steps from Tehran to clean money in Western accounts.

Companies House: The World's Most Accommodating Registry

UK Companies House is, by international standards, extraordinary in what it does not require.

To register a company in the United Kingdom, you need a name, a registered address, at least one director, and a modest fee. As of this writing, the standard incorporation fee via Companies House is approximately 50 pounds. The process takes minutes online. The information submitted is largely taken at face value.

There is no criminal background check on directors. There is no identity verification beyond the submission of a name and a date of birth that the registry does not independently confirm. There is no requirement to prove the director is a real person. There is no verification that the registered address is a genuine place of business. There is no verification that the stated purpose matches actual activity.

Transparency International UK has documented this problem for years. In a 2021 report, the organization found that the UK was home to an estimated 12,000 companies linked to serious corruption and money laundering, using the registry's permissive environment to establish apparent legitimacy. A subsequent analysis by FATF - the Financial Action Task Force, the international body that sets anti-money laundering standards - rated the UK as only partially compliant with beneficial ownership transparency requirements.

The Economic Crime (Transparency and Enforcement) Act 2022 was supposed to address some of these problems. It introduced requirements for overseas entities owning UK property to register beneficial ownership, and included provisions for enhanced verification at Companies House. Implementation has been slow and contested. As of early 2026, the verification reforms had not been fully rolled out, and the basic requirement to submit a name and address without proof of identity remained intact.

The result is a paradox at the heart of one of the world's major financial centers. The UK's regulatory infrastructure - the Financial Conduct Authority, the Serious Fraud Office, the National Crime Agency - is among the most sophisticated in the world. But the front door remains open. A fraudster willing to file a few documents can establish a company that looks, from a distance, like a legitimate British business.

"The UK has arguably the most open company formation system in the developed world. That is not a feature. It is a vulnerability that state-linked actors and criminal networks have exploited systematically for decades."
- Transparency International UK, 2023 Briefing

By the numbers: why London remains the world's preferred jurisdiction for corporate fraud and money laundering infrastructure.

Iran's Crypto Architecture

The Elizabeth Newman case is not an isolated operation. It is a visible node in a much larger infrastructure.

Iran has invested heavily in cryptocurrency as a sanctions circumvention tool. The strategy has multiple dimensions. At the state level, the Central Bank of Iran has explored digital currency mechanisms to bypass dollar-clearing requirements. At the commercial level, Iranian businesses - particularly those connected to energy, commodities, and defense - use cryptocurrency to settle international transactions that would otherwise be blocked. At the institutional level, the IRGC and its network of affiliated businesses use cryptocurrency to move operational funds across borders.

The US Treasury has tracked this architecture closely and sanctioned multiple Iranian cryptocurrency entities. In November 2023, OFAC designated Nobitex - Iran's largest domestic crypto exchange - along with a series of associated individuals and wallets. In 2022, the DOJ indicted Iranian nationals connected to cryptocurrency schemes designed to circumvent sanctions and fund Iranian weapons procurement.

But the sanctions targeting domestic Iranian entities addresses only one end of the pipeline. The other end - the foreign entities that receive and convert Iranian-sourced cryptocurrency - has proven harder to reach. They are geographically dispersed, operationally complex, and often structured with the plausible deniability that a shell company provides.

Garantex, the Russia-based cryptocurrency exchange sanctioned by OFAC in 2022 and subsequently seized by US and European authorities in 2025, provides a parallel case study. Garantex processed over 100 billion dollars in cryptocurrency transactions, including substantial volumes connected to sanctions-evading actors. Its structure - a nominally legitimate registered business with a real address, real employees, and a real compliance department - allowed it to operate for years before authorities could build a case sufficient for enforcement action.

The Elizabeth Newman exchanges appear to have aimed at the same structural position: not a fly-by-night wallet service, but a seemingly credible registered business that could process transactions and provide documentation that downstream financial institutions require. The fake CEO was not decoration. She was infrastructure.

Blockchain analysis can trace cryptocurrency flows - but only when investigators know where to look. The corporate shell provides the cover that makes the initial transaction appear legitimate. (Pexels)

The Regulatory Gap

The Financial Conduct Authority regulates cryptocurrency businesses in the UK under the Money Laundering Regulations 2017, as amended. Since January 2020, any business in the UK that operates a crypto exchange or provides crypto custody services is required to register with the FCA and comply with anti-money laundering requirements including Know Your Customer checks, transaction monitoring, and suspicious activity reporting.

In theory, this should catch operations like the Elizabeth Newman exchanges. A real compliance program should identify that the nominated director does not exist. A real KYC program should flag the transaction patterns associated with sanctions evasion. A real SAR filing should trigger an investigation.

In practice, the system failed at multiple points.

The FCA's crypto registration process relies substantially on documentation submitted by applicants. The authority does not independently investigate every director. It does not run every submitted identity against a live facial recognition database. It does not cross-reference stock footage libraries. These are not reasonable expectations for a routine registration process - but they illustrate a fundamental asymmetry: the people building these frauds have time, resources, and motivation to make them look right, while regulators have limited capacity to look beneath the surface.

The FCA has been aware of the scale of the problem. In 2022, the authority rejected over 80 percent of crypto business registration applications - a statistic cited as evidence of rigorous oversight but which also reflects the extraordinary volume of questionable applications being submitted. The businesses that get through the filter are not necessarily legitimate; they are simply better at appearing legitimate.

The UK National Crime Agency's Financial Intelligence Unit processes tens of thousands of Suspicious Activity Reports per year. The SARs regime depends on banks and financial institutions identifying suspicious transactions and reporting them. But the reporting obligation falls on institutions that interact with the suspicious entity - not on the FCA, not on Companies House, and not on any body with the investigative capacity to proactively hunt for fake identities in corporate registries.

"We have a system built on the assumption that the documents submitted are genuine. When someone puts in the effort to make fake documents look genuine, the system often cannot distinguish them from real ones. That is not a new problem. It is a structural one."
- Former FCA official, speaking to Reuters, 2024

Compliance paperwork is only as good as the identity behind it. The Elizabeth Newman case exploited every gap in the verification chain. (Pexels)

The AI-Assisted Identity Problem

The Elizabeth Newman case used stock footage to construct a convincing business identity. The technique is low-tech by current standards. It is worth dwelling on where this technology is heading.

Generative AI tools capable of producing photorealistic synthetic identities are now widely available. The most advanced systems can produce faces undetectable as artificial to human observers, consistently rendered across multiple angles and contexts. They can generate supporting documentation at scale. They can produce synthetic voices for phone verification. They can generate synthetic video for video KYC calls.

The Elizabeth Newman fraud worked because investigators caught the inconsistencies - the cat, the background variations, the stock footage metadata. Those inconsistencies will not exist in the next generation of AI-generated identities. A fully AI-constructed corporate director, photographed in an AI-generated office, verified by an AI-generated KYC video call, will be significantly harder to detect than a woman assembled from stock clips.

Security researchers have been raising this concern for several years. The UK government Online Safety Act and the Data Protection and Digital Information Act both contain provisions relevant to synthetic identity fraud, but neither specifically addresses AI-generated personas in corporate registration fraud.

The FCA Technology, Resilience and Cyber team published guidance in late 2024 warning about deepfake-enabled identity fraud in financial services onboarding. The guidance was accurate. It was also advisory, not mandatory, and the businesses required to implement enhanced verification against synthetic identities were largely the same ones that failed to catch a stock footage CEO in the first place.

The progression from Elizabeth Newman to a fully AI-generated successor is not a hypothetical risk. It is a development timeline. The tools that caught this fraud - reverse image searches, metadata analysis, stock footage database cross-referencing - will be insufficient against the next iteration. And the corporate registry that required a name and an address remains open.

From registration to exposure: how the phantom CEO scheme was built, operated, and unraveled through open-source investigation.

Who Benefits, Who Pays

Following the money requires understanding who, ultimately, benefits from a sanctions evasion operation and who pays the costs when it succeeds.

The beneficiaries of Iranian sanctions evasion are primarily Iranian state and commercial interests - the ability to access international financial markets and move funds accumulated through state enterprises into jurisdictions where they can be used, invested, or laundered into apparent legitimacy.

The IRGC network of affiliated businesses - often referred to in sanctions enforcement documents as front companies - encompasses construction, telecommunications, energy, financial services, and other sectors. These businesses generate real revenue. That revenue needs somewhere to go. When official banking channels are closed, cryptocurrency and shell company structures fill the gap.

The costs are diffuse and often invisible. Sanctions on Iran were imposed in part to constrain weapons development programs, including the nuclear program and provision of weapons and financing to proxy groups including Hamas, Hezbollah, and the Houthis. To the extent that sanctions evasion provides resources to these activities, the costs are borne by people living under the threat of those weapons. They are not abstract costs.

The costs are also borne by the legitimate financial system. Every successful sanctions evasion operation that routes funds through UK-registered businesses imposes compliance costs and reputational risk on institutions that unknowingly process those transactions. When enforcement actions follow, the banks, payment processors, and exchanges caught in the chain face regulatory action and fines even when their complicity was genuine ignorance rather than knowing participation.

And the costs are borne by the rule of law itself. A sanctions regime that can be circumvented with a 50-pound company registration and a stock footage headshot is not a sanctions regime. It is a performance of control that provides cover for the failure of control. Every successful evasion makes the next one easier by demonstrating that the infrastructure works.

Sanctions that can be bypassed with a fake director and a cryptocurrency exchange are not sanctions. They are paperwork. (Pexels)

After the Investigation: What Changed

OCCRP published its investigation in late February 2026. The exchanges associated with the phantom Elizabeth Newman identity subsequently went dark - domains stopped resolving, corporate filings show no recent updates, and cryptocurrency wallet addresses associated with the operation show no recent activity.

As of early April 2026, no criminal charges had been filed in connection with the scheme. The UK Serious Fraud Office and National Crime Agency had not announced any investigation. The FCA had not issued a public statement. Companies House had not commented. The banks and payment processors that interacted with the exchanges had not disclosed whether they filed Suspicious Activity Reports or what happened to those filings if they did.

The exchanges going dark is not the same as justice. The people who built and operated the Elizabeth Newman identity have not been identified. The money that moved through the exchanges has not been traced to its ultimate recipients. The network that created the phantom CEO almost certainly has other nodes that have not been identified.

The infrastructure that made it possible - the permissive company registry, the thin FCA verification process, the absence of systematic cross-referencing between corporate identities and stock footage databases - remains intact. The same scheme, with a different name and a different set of stock clips, could be operational again within days.

The UK government has been aware of the shell company problem for longer than most investigators have been writing about it. The 2015 Anti-Corruption Summit in London produced commitments on beneficial ownership transparency that took years to partially implement and have still not been fully enforced. The 2022 Economic Crime Act was described as urgent legislation - a response to Russia's invasion of Ukraine and the spotlight it placed on London as a hub for oligarch wealth. That act's enhanced Companies House provisions are still being rolled out.

The question is not whether the UK government knows this is a problem. It does. The question is why the gap between knowledge and enforcement is so consistently, persistently wide.

Part of the answer is institutional: Companies House is a registry, not an investigative body. It is not funded, staffed, or empowered to verify every submission. Part of the answer is political: the UK financial services industry has historically lobbied against reforms that would make London a less frictionless place to set up a company. Part of the answer is structural: the international nature of the scheme means no single jurisdiction has both the authority and motivation to pursue it comprehensively.

And part of the answer is that it works. Elizabeth Newman's exchanges moved money, helped Iranian interests access the Western financial system, and shut down without producing a single criminal charge. From the perspective of whoever built them, that is a success. They paid 50 pounds per company, bought a stock footage license, and walked away.

The Loophole That Keeps Giving

The UK's vulnerability to this type of abuse is not unique, but it is exceptional in its scale and persistence.

The FATF Mutual Evaluation Report on the UK consistently identifies the same problem: the UK has strong investigative and enforcement institutions, but a weak preventive architecture. The front door is open. The burglar alarm is good. But you still need a burglar before the alarm goes off.

The Economic Crime and Corporate Transparency Act 2023 does include enhanced identity verification requirements. The act empowers Companies House to conduct more rigorous checks on director identities, including checking submitted details against identity documents and, in some cases, against third-party databases. The timeline for full implementation runs through 2025 and 2026.

Critics of the reform have noted that even the enhanced verification requirements do not include any provision for checking submitted photos against stock footage databases, or running facial recognition against known synthetic identity libraries. The assumption underlying the reform remains that submitted identities are real people who might misrepresent themselves - not constructed fictions assembled from commercial imagery.

The Elizabeth Newman case suggests that assumption is wrong. And the AI capabilities described above suggest it will become more wrong with each passing year.

For now, the Iranian money machine that operated behind a face assembled from stock footage is quiet. The infrastructure it exploited is not. The next version - smarter, cleaner, harder to catch - is almost certainly already in operation. The loophole is not closed. The cat is not in anyone's home. And somewhere, someone is designing a CEO who will be perfect because she will never have been real at all.