Key insights:

• • • AI is supercharging old fraud schemesĚý— By making synthetic identities, deepfake scams, and customer fraud faster, more credible, and harder to detect, AI is amplifying fraud and crime.

    • The real vulnerability may be internal silosĚý— Institutions need to be on the lookout, because what looks like a credit loss, an HR issue, or a payment request may actually be part of a wider multi-vector AI-enabled attack.

    • Institutions already have the tools to respondĚý— Through KYC and internal and behavioral data, financial institutions have the ability to respond to fraud threats — but only if teams connect and act together.

Fraud and crime existed long before AI, of course, but today’s technology delivers an acceleration in speed, scale, and success rate for fraudsters, resulting in billions of dollars in losses for victims. AI-enabled frauds on financial institutions by 2027 in the United States alone, and of detected fraud attempts on financial institutions use AI – and of these, 29% are successful.

To respond effectively to these threats, institutions need to implement a unified response that brings together departments that may not traditionally be partners. This cross-functional coordination should include not only the institution’s fraud and financial crime risk teams but also its credit risk, cybersecurity, and human resources functions.

And this response is critical, because today, financial institutions are being targeted by multiple types of AI-enabled attacks, including tactics such as:

• • • use of synthetic identities to circumvent know your customer/customer due diligence (KYC/CDD) controls and perpetrate fraud or launder money;
    • use of deepfake identities to gain employment, particularly by North Korean IT workers;
    • AI-enhanced “CEO frauds” to deceive staff into taking unauthorized actions; and
    • Bank customers may be targeted by fraud too, presenting further risk to financial institutions.

Let’s look at these threat vectors individually:

Vector 1: Synthetic identities and KYC/CDD

Synthetic identities can be entirely fabricated or may use combinations of real and fabricated personal information to create a new identity. For example, a fraudster may construct a synthetic identity using a Social Security number exposed during a data breach combined with an AI-generated passport.

This threat is real and happening now: identifies that criminals have already used AI to successfully open accounts using falsified documents, photographs, and videos. And according to , synthetic identities were used to open as many as 3% of US bank accounts, representing millions of identities. Not surprisingly, these illicit accounts are used to commit fraud and launder the proceeds of money laundering.

Vector 2: North Korean IT workers

North Korean individuals have successfully gained employment as remote IT workers at American companies, often passing themselves off as US nationals using AI-generated face-swapping technology combined with proxy computers and false identity documents. North Korean IT workers are almost $800 million annually for the regime.

Institutions deceived into employing these workers are not only against North Korea, but they are also exposing commercially sensitive data and systems to an adversary state, increasing the possibility of theft, cyber-attacks, and extortion.

Vector 3: CEO Fraud

A “CEO fraud” is a cybercrime in which an attacker impersonates an executive to deceive an employee into taking actions such as sending unauthorized wire transfers or disclosing sensitive information. AI accelerates these frauds by making them more personalized and credible.

In one of the more well-known examples, in an AI-enhanced CEO fraud in 2024 after the fraudster impersonated Arup Engineering’s CFO and requested a staff member to make several financial transfers. The criminals added credibility to the fraud by using a in which the target recognized many of their colleagues – unfortunately, all of them were deepfakes.

Vector 4: Frauds targeting customers

Where customers are targets, AI provides the scale, speed, and personalization to allow illicit actors to deliver individualized fraud. For example, whereas romance scams previously used repetitive scripts and re-used the same images of the romantic “partner,” fraudsters can now use AI-generated messages, images, or videos, continuously adapting the execution of the scam to the target’s responses and behaviors.

Creating a cross-functional and unified response

The examples above demonstrate the diverse and highly sophisticated uses of AI by illicit actors, both adversary states and criminal networks. Detecting and responding to these illicit activities requires joint action between teams that may not traditionally work closely together.

For example, if an account holder fails to repay a loan, the credit team may consider it to be a default by a legitimate customer and write it off as a credit loss. However, if the account was opened using a synthetic identity, investigation may reveal other accounts that share similar customer data points or transactional patterns. This could reveal a network of accounts that are perpetrating a fraud or money-laundering scheme. To detect and respond effectively, joint action is needed between KYC/CDD on-boarding teams, financial crime investigators, and fraud and credit risk professionals.

Alternatively, for HR teams to effectively identify use of face-swapping videos during a hiring process, knowledge from the organization’s cybersecurity team, especially of deepfake indicators, would be valuable. If a North Korea IT worker is hired and only later identified, cybersecurity and sanctions teams must be involved in the response to mitigate data, network, and compliance exposures.

Detecting and responding to all illicit activities requires joint action between teams that may not traditionally work closely together.

Finally, all staff may be targeted by deepfake fraud, but those in senior positions or departments with financial authority are the most vulnerable. This means it is essential for institutions to deliver employee training using real-life case studies, “near misses,” and scenarios drawn from across the institution and industry. This type of training will increase vigilance and minimize the likelihood of a successful attack.

For customers, financial institutions are well-positioned to identify indicators of fraud due to their extensive datasets of KYC/CDD records, transactional, and behavioral information. Institutions should enhance their customer relationships (as well as meet applicable regulatory requirements) by taking proactive measures to inform and protect their customers.

While AI has accelerated fraud and crime, financial institutions also hold valuable and relevant assets: the knowledge distributed across their cybersecurity, HR, credit risk, financial crime compliance, fraud, and KYC/CDD teams. By connecting these teams together, even in contexts in which these departments have not traditionally been partners, institutions will be well-positioned to protect both themselves and their customers from illicit actors’ sophisticated AI-enabled threats.

You can learn more about the fraud-fighting challenges faced by financial institutions and other organizations here

Key insights:

• • • Define your risk appetite — A clearly defined fraud risk appetite aligns prevention efforts with strategic objectives and ensures accountability by establishing acceptable levels of fraud risk across the organization.

    • Create a fraud-specialized team — Dedicated ownership of the vendors that supply fraud solutions by a fraud-specialized team — rather than by the procurement function — is critical to maximizing technology performance and adapting to emerging threats.

    • Establish a specialized prevention division — The rise of sophisticated scams demands the creation of a separate, specialized prevention division to avoid overburdening core fraud teams and ensure targeted, effective responses.

Corporate fraud represents one of the most significant risks facing organizations today. Yet many companies lack the structured governance and technology infrastructure needed to combat fraud effectively.

The solution requires that comprehensive fraud prevention frameworks be built on clear governance, proper technology deployment, and data-driven insights, according to Aaron Frye, Founder & CEO of Lucid Point Consulting. Organizations that implement these five pillars create resilient fraud prevention functions capable of identifying and preventing fraud before it impacts results. These five pillars include:

1. Develop a fraud risk appetite

Effective fraud prevention begins with a well-defined fraud risk appetite that tells the right story to the right stakeholders. Your framework must communicate to your board, executive leadership, and operational teams the level of fraud losses your organization should tolerate, and in which areas you should prioritize fraud prevention investments.

The fraud risk appetite framework must address several key considerations; for example, it should define the level of fraud risk that aligns with the organization’s growth objectives, identify the areas of greatest vulnerability, and evaluate which investments will yield the strongest return. Equally important is the ongoing monitoring and communication of progress through regular reporting on fraud risk metrics, vendor assessments, and investigation outcomes. These actions demonstrate to stakeholders that fraud prevention remains an active priority for the organization and ensures that fraud risk continues to inform organizational decision-making.

2. Establish clear ownership of risk-solution vendors

Many organizations invest significantly in fraud detection tools only to see disappointing returns. The problem often lies not in the tools themselves, but in unclear ownership and accountability for their performance.

Organizations that implement these five pillars create resilient fraud prevention functions capable of identifying and preventing fraud before it impacts results.

If your organization lacks a designated person or team within your fraud strategy function whose job it is to ensure the risk-solution tools you’re getting from vendors are the best for your enterprise, you likely aren’t getting the most out of your vendors. This dedicated fraud service ownership role must act as your internal champion, evaluating vendor performance, staying current with product enhancements, and ensuring integration with other fraud prevention initiatives.

Critically, procurement, sourcing, and vendor management functions should never own this role. These teams, by the nature of their titles and responsibilities, don’t prioritize fraud. They lack the specialized knowledge required to assess whether your fraud detection technology is performing optimally or adapting to emerging threat landscapes. Without dedicated fraud expertise overseeing your technological investments, advanced tools sit underutilized and critical fraud signals go undetected.

3. Develop a fraud governance function

Every organization should have a dedicated fraud risk governance team within its fraud risk management organization. This governance function serves as your second line of defense, working proactively to reduce operational chaos within your fraud strategy, operations, and investigation groups.

If a non-fraud governance function owns fraud governance, you are guaranteed not to be getting the best form of governance. Fraud is a specialized discipline requiring dedicated expertise and focus; and your governance team must develop policies, establish standards, monitor control effectiveness, and ensure consistent application of fraud prevention practices across the enterprise.

4. Document existing risks and resource gaps

One of the most important responsibilities of your fraud governance function is identifying and documenting the areas related to fraud risk that your current fraud risk teams don’t have time to review. Due to capacity constraints, it is impossible for many fraud risk teams to cover all open gaps. Your organization must understand those open gaps and not be ashamed to address them.

Create an action plan that documents open risk and self-identified issues that your current team cannot adequately address. This transparency demonstrates clear-eyed realism about your organization’s limitations and creates the business case for requesting additional resources or engaging external consultants to help close these risk gaps.

5. Address the growing scam-prevention challenge

needs its own prevention strategy division within your fraud risk function. Compromised business email, investment scams, and vendor fraud schemes represent an entirely new category of fraud risk that demands specialized attention.

Every organization should have a dedicated fraud risk governance team that serves as its second line of defense, working proactively to reduce operational chaos within corporate strategy, operations, and investigation groups.

There has never been a full manageable grip on fraud prior to the spike in scams. Therefore, you cannot expect your existing fraud risk teams to tackle a new wave of scams as a priority as well as to manage traditional fraud prevention responsibilities. Your core fraud function manages internal control systems, transaction monitoring, and investigation protocols. Adding comprehensive scam prevention to this workload without dedicated resources guarantees that identifying and preventing scams will receive insufficient attention.

Establish a dedicated scam-prevention division focused specifically on emerging scam threats, employee education, scam-specific prevention technology, and response protocols. This specialized approach ensures sophisticated scam schemes receive the expertise and resources necessary while your core fraud function continues addressing traditional fraud prevention requirements.

Going forward into the fight against fraud

In an era of escalating fraud threats, reactive detection is no longer sufficient. Organizations must adopt a proactive stance grounded in strong governance, clear accountability, and strategic resource allocation.

By defining a fraud risk appetite, assigning ownership of fraud prevention tools, strengthening governance, documenting unaddressed risks, and establishing a dedicated scam prevention function, companies can build resilient, forward-looking fraud prevention frameworks. These five pillars enable organizations to anticipate threats, allocate resources effectively, and protect both financial performance and reputational integrity.

Today, the path to fraud resilience begins not with technology alone, but with deliberate, enterprise-wide commitment to proactive risk management.

You can find out more about ways to

Key insights:

• • • Protecting SNAP requires modernization and accountability — This includes providing chip-enabled cards, stronger monitoring, recipient education, retailer oversight, cross-agency coordination, and fair reimbursement for victims.

    • Skimming is a growing problem — In the context of financial fraud, skimming refers to the illegal capture of personal data, typically through concealed electronic devices placed over legitimate card readers.

    • The harm can be immediate and severe — If their food benefits are stolen through skimming, vulnerable households can lose essential food funds, deepening food insecurity in their community.

Electronic Benefit Transfer (EBT) cards serve as a critical resource for the millions of Americans who depend on the nation’s Supplemental Nutrition Assistance Program (SNAP) to keep food on the table. The typical SNAP household is low-income and often includes children, seniors, or individuals with disabilities, who have earnings that fall at or below the federal poverty level. Based on household size, income, and other qualifying factors, these families receive monthly monetary assistance to help cover basic nutritional needs at authorized retailers.

Think of an EBT card as a debit card specifically designed for food benefits. Recipients use it to access their monthly balance at approved stores, making the process straightforward and dignified. However, like any electronic payment system, EBT is not immune to exploitation. One of the most pressing threats is a type of fraud known as skimming, which puts vulnerable households at serious financial risk.

What is EBT skimming?

Skimming, in the context of financial fraud, refers to the illegal capture of personal data, typically through concealed electronic devices that are placed over legitimate card readers. In the case of EBT fraud, criminals generally install tampered card terminals to steal EBT card information, including account numbers and PINs.

Unlike most modern credit and debit cards, EBT cards still rely on magnetic stripe technology, not more secure embedded chips. This outdated system makes them especially vulnerable to cloning, or the creation of counterfeit cards that contain the victim’s account number and PIN. Once a thief captures the data, they can create these counterfeit cards and drain benefits almost immediately, often within minutes of the monthly benefit deposit.

The result is that much needed food benefits, meant to last an entire month, are stolen without warning or recourse.

Why is EBT skimming so devastating

The consequences of EBT skimming go far beyond financial loss. For recipients, the theft of SNAP benefits can have immediate and severe impacts on their household food security and well-being. Other reasons why this form of fraud is particularly harmful include:

• • • Irreplaceable funds — For low-income households, SNAP benefits represent a critical portion of their monthly food budget. Once stolen, these funds are often impossible to replace. Families may be forced to skip meals, rely on emergency food pantries, or divert money from other essential needs like rent or medicine.
    • Outdated security technology — Despite advances in payment security, most EBT cards still use magnetic stripes, which can be easily copied with inexpensive skimming devices. By contrast, EMV chip technology, standard on most consumer credit and debit cards, makes cloning significantly more difficult.
    • Speed and precision of theft — Thieves often time their attacks to coincide with the monthly benefit deposit cycle. Once benefits are loaded, stolen card data is used rapidly, sometimes within minutes, making recovery nearly impossible.
    • Targeting vulnerable populations — EBT skimming preys on some of the most vulnerable members of society, including seniors, disabled individuals, and families living paycheck to paycheck. Many recipients may not have the resources or knowledge to monitor account activity regularly or to lock their cards after use, leaving them at greater risk.

Beyond skimming: A broader challenge of fraud, waste & abuse

While skimming is a serious and visible form of EBT fraud, it is only one symptom of a larger systemic challenge that fraud, waste & abuse cause in federal benefit programs.

Other forms of fraud include: retailers trafficking in EBT benefits for cash, which is a violation of SNAP rules; misrepresentation of income or household size during application; duplicate or ineligible benefit issuance; and administrative errors that lead to overpayments.

Each instance, whether intentional or not, erodes public trust in the entire benefit system, strains limited program budgets, and diverts resources from those individuals who need them most.

With federal funding for social programs under constant scrutiny and subject to periodic budget constraints, it is imperative that every dollar is protected and used appropriately. Preventing fraud is not just about saving money — it’s about ensuring that limited public resources serve their intended purposes of reducing hunger and supporting economic stability.

How to prevent fraud, waste & abuse in SNAP

Addressing EBT skimming and broader program vulnerabilities requires a well-rounded strategy that features technology, policy, education, and oversight working together.

On the technology side, one of the most impactful steps forward would be transitioning EBT cards from outdated magnetic stripes to EMV chip technology. This upgrade alone would significantly reduce skimming risks, and federal investment in that infrastructure is a necessary part of making it happen. Alongside that, state and federal agencies should be leveraging data analytics and real-time transaction monitoring to flag suspicious activity, like multiple withdrawals across different locations within a short window of time.

Education also plays a bigger role than many people realize. A large portion of EBT users simply do not know how to protect themselves. Basic habits like covering the keypad when entering a PIN, routinely checking account balances, and reporting lost or stolen cards right away can go a long way in reducing exposure.

One of the most pressing threats is a type of fraud known as skimming, which puts vulnerable households at serious financial risk.

From an oversight perspective, the U.S. Department of Agriculture — the government agency that oversees SNAP — and state agencies need to conduct regular audits of authorized retailers and hold them accountable. Any retailer found engaging in trafficking or enabling skimming should face deauthorization and legal consequences as well. Equally important is making sure that victims of confirmed fraud are not left without recourse. Clear and consistent policies for replacing stolen benefits can help restore trust in the program and prevent the food insecurity that this type of fraud directly causes.

Finally, none of this works in isolation. Effective fraud prevention depends on strong coordination between state human services departments, law enforcement, financial institutions, and technology providers. Information sharing and joint task forces strengthen the ability to detect threats early and respond quickly when issues arise.

Protecting the safety net

SNAP is one of the nation’s most effective tools in the fight against hunger. However, its success depends on both integrity and accessibility. Skimming and other forms of fraud not only steal from individuals, but they also undermine confidence in the entire system.

Policymakers, administrators, and citizens must prioritize modernization, accountability, and victim protection. By addressing vulnerabilities like EBT skimming and reinforcing safeguards against waste and abuse, we can ensure that SNAP remains a reliable and secure resource for the millions of individuals who rely on it.

You can find out more about how public agencies are working to fight fraud in government benefit programs here

Key insights:

• • • Getting at the core legal question — In a case brought by defendant Ongkaruck Sripetch, the Supreme Court is deciding whether the SEC must prove investors suffered measurable financial loss before courts can order disgorgement, which would require fraudsters to give up illegal profits.

    • Why it’s high-stakes — Disgorgement is a major SEC enforcement tool — representing billions of dollars annually — so a new requirement to prove investor losses could sharply limit when and how much the SEC can recover.

    • How the justices seemed to lean (so far) — Questions at the argument before the Court suggested skepticism toward Sripetch’s position, with several justices asking why it would be an unfair penalty to take back ill-gotten gains and noting the practical difficulty of proving each investor’s exact loss.

If you’ve ever wondered how the U.S. Securities and Exchange Commission (SEC) actually gets money back after it catches a fraudster, one of its biggest tools, disgorgement, is now under the microscope. This week, the U.S. Supreme Court heard arguments in a case, Sripetch v. SEC, that sounds technical on paper but has at its core a simple question: When the SEC makes a fraudster give up illegal profits, does it have to prove that investors suffered measurable, out-of-pocket losses first?

The case centers on Ongkaruck Sripetch, who the SEC says pocketed illicit proceeds through a classic pump-and-dump scheme from 2013 to 2017. Pump-and-dumps often involve penny stocks in which a person will hype up the price of these thinly traded stocks, then sell into the price spike they caused and walk away richer. Other stock traders who bought into the hype are the ones left holding the bag.

Sripetch admitted violating securities law and, in his subsequent criminal case, was sentenced to 21 months in prison. Separately, in the SEC’s civil action, a federal court in California ordered Sripetch to repay more than $3 million in ill-gotten gains plus interest.

The Supreme Court case isn’t a serious argument against the SEC’s ability to seek disgorgement — numerous courts have recognized the remedy for years, and Congress has since written the SEC’s ability to pursue it into federal law. The core question in the case is narrower, yet crucial for the SEC’s mission. It asks whether the SEC must show that victims suffered pecuniary or economic harm before a court can order disgorgement. Federal appeals courts have split on that point, which is why the Supreme Court agreed to take the case.

What is disgorgement, exactly?

Think of disgorgement as a legal give it back order. If a person or company makes money by breaking the securities laws — say by manipulating prices, lying to investors, or running a Ponzi-style scheme — disgorgement is designed to strip the profits away from that wrongdoing and the wrongdoers. In theory, it’s not about punishing someone for being bad, rather it’s about making sure crime doesn’t pay.

In real markets, harm can be scattered across thousands of trades, mixed up with normal price swings, and hard to trace to one bad actor. Disgorgement, on the other hand, gives securities regulators a way to focus on the part that’s often the clearest: How much ill-gotten profit the fraudster made.

Indeed, that not a punishment framing is important because the SEC has other ways to punish those convicted of securities law violations — such as civil penalties, disbarment from serving as an officer or director, industry suspensions, and more. Disgorgement is supposed to be different — an action that aims at profits, not pain. The government’s position in the Sripetch case puts it bluntly: Disgorgement is meant to strip ill-gotten gains from wrongdoers, not to compensate victims for their losses.

And disgorgement is not a niche tool. The SEC regularly collects big sums of seized money through disgorgement. According to recent figures, the SEC obtained about $1.4 billion through disgorgement in fiscal 2025 (excluding certain amounts), and $6.1 billion the year before, which represented nearly three-quarters of its total financial penalties for that year.

Those numbers may help explain why this Supreme Court fight is being watched so closely: The outcome could either keep the SEC’s playbook intact or force it to do a lot more legwork before it can ask courts to order payback.

The arguments before the Court

Earlier this week, both sides argued before the Supreme Court as to the potential future use of disgorgement and what requirements the SEC might have to meet when requesting court to order it.

Sripetch’s argument — Lawyers for Sripetch told the Court that the SEC shouldn’t be able to get disgorgement unless it can show that investors actually suffered financial harm, such as a price drop caused by the fraud or some other measurable loss. If the SEC can’t prove that kind of harm, the lawyer argues, then making Sripetch pay money looks less like giving it back and more like an impermissible penalty that the SEC is not allowed to levy.

The government’s argument — Lawyers for the U.S. Justice Department, defending the SEC, said the proof-of-loss requirement makes no sense. Disgorgement, in their view, is about the defendant’s gains, not the victim’s losses. One government lawyer summed it up as a straightforward principle: Disgorgement is intended to ensure a defendant does not profit from their own wrongdoing.

At this week’s argument, the justices sounded (at least generally) more sympathetic to the government than to Sripetch. Justice Amy Coney Barrett pressed the defense on its basic logic: If the court is only taking away ill-gotten gains — money the wrongdoer was never entitled to — why is that a penalty at all? Justice Ketanji Brown Jackson made a similar point, suggesting disgorgement would only feel like punishment when someone is forced to pay money that was rightfully theirs.

When Sripetch’s lawyer suggested the SEC should have to identify and prove each victim’s dollar loss, Justice Sonia Sotomayor’s response was basically, Why would anyone bother? If the SEC has to run a mini-trial on every investor’s exact harm just to reclaim the fraudster’s profits, disgorgement would be unworkable in many cases.

The practicality of that point is a big deal in securities fraud. In real markets, harm can be scattered across thousands of trades, mixed up with normal price swings, and hard to trace to one bad actor. Disgorgement, on the other hand, gives securities regulators a way to focus on the part that’s often the clearest: How much ill-gotten profit the fraudster made. The idea is deterrence-by-math — if you can’t keep the profits, the incentive to run the scheme shrinks.

The Supreme Court’s ruling, when it comes, could re-shape how the SEC negotiates settlements, litigates fraud cases, and talks about remedies and punishments going forward.

Still, some justices raised broader concerns about how disgorgement gets used in the real world, such as whether certain applications start to look punitive, or whether they raise questions about a defendant’s right to a trial by jury. However, the Court also seemed interested in deciding only the question of the requirement to prove victims’ losses and leaving those bigger constitutional debates for another day.

Why this matters (even if you aren’t the SEC)

If the Supreme Court agrees with Sripetch and requires proof of investor pecuniary harm, the SEC could face a higher hurdle in cases in which misconduct is real, but losses are tough to quantify on a trade-by-trade basis. That could mean fewer disgorgement awards, smaller ones, or more pressure to rely on classic penalties instead.

If the Court backs the government, however, disgorgement stays what it has largely been — a fast, flexible way to reclaim profits from securities fraud and a core part of how the SEC tries to keep the securities markets honest.

Either way, the ruling will shape how the SEC negotiates settlements, litigates fraud cases, and talks about remedies and punishments going forward. With the Court expected to issue its decision by the end of June, securities lawyers and stock market mavens will be keeping an eye on this case.

You can find more about the challenges facing the SEC here

Key insights:

• • • SAR volume is significantly underreported — Continuing and amended filings add approximately 20% to the official count yet remain invisible in trend analyses.

    • Filing activity is highly concentrated — A few large financial institutions dominate SARs volume, meaning trends reflect their practices more than systemic changes.

    • Agentic AI will drive a surge in SARs — Agentic AI risks increased noise over actionable intelligence, without addressing the unresolved question of whether current filings yield meaningful law enforcement outcomes.

The Suspicious Activity Reports (SAR) that financial institutions file with the U.S. Treasury Department’s Financial Crimes Enforcement Network (FinCEN) provide valuable insight, although they may not offer a comprehensive picture.

Prior to meaningful discussions regarding the future of SARs, it is essential for the financial crime community to clarify what is being measured. In 2025, for example, SAR filings of more than 4.1 million, representing an almost 8% increase compared to the total number of SARs filed in 2024.

Every figure FinCEN has published reflects original SARs only. Continuing activity SARs, which represent roughly 15% of all filings, are submitted under the original Bank Secrecy Act (BSA) identification number and never appear as new filings. Corrected and amended SARs add another 5% on top of that. This makes the real volume of SARs activity approximately 20% higher than what is reported.

The average community bank files fewer than one SAR a week, while the largest institutions file more than 500 a day.

Recent FinCEN guidance giving financial institutions more flexibility around continuing activity SARs sounds significant on paper, but as former Wells Fargo BSA/AML chief Jim Richards points out: “It won’t change the reported numbers — because those filings were never counted to begin with.” Financial crime professionals need to keep that gap in mind every time a trend line gets cited.

2025 was steady, not spectacular

There were roughly 300,000 SARs filed every single month of 2025, and the most notable thing is that nothing notable happened. That is likely a first on the volume side and worth acknowledging, but beyond that milestone the year did not hand financial crime professionals anything noteworthy. In a space that has dealt with pandemic distortions, crypto chaos, and fraud spikes that seemed to come out of nowhere, steady volume and predictable patterns are a little surprising. A quiet data set, however, is not the same as a quiet landscape, and financial crime professionals who are reading stability as stagnation may find themselves flat-footed when the numbers start moving again.

For example, one of the most underleveraged insights in the SARs space is just how concentrated filing activity really is. The numbers are stark: The top four banks file more SARs in a single day than 80% of the rest of the banks file in 10 years, according to 2019 data from a .

The average community bank files fewer than one SAR a week, while the largest institutions file more than 500 a day. “50 a year versus 500 a day,” notes Wells Fargo’s Richards, adding that such asymmetry has real implications for how the financial industry interprets trends. Meaningful movement in SARs data, up or down, is almost entirely dependent on what a handful of mega-institutions decide to do.

Not surprisingly, money services businesses (MSBs) are the second largest filing category, and virtual currency exchanges are almost certainly driving recent growth there, even if outdated category definitions make that difficult to confirm directly. Credit unions round out the top three.

The filing philosophy hasn’t changed and shouldn’t

Regulatory noise occasionally suggests that institutions should be more selective about what they file. However, compliance and legal reality have not shifted. No institution has ever faced serious consequences for filing too many SARs, and the cases that result in enforcement actions, reputational damage, and regulatory scrutiny are consistently about missed filings or late ones.

“You’re not going to get in trouble from filing too much,” Richards says. “Nobody ever has, and I doubt if anyone ever will.” For financial crime professionals, the calculus remains exactly what it has always been — when in doubt, file. That posture isn’t going to change, and frankly it shouldn’t.

Yet, here is where the SARs space gets genuinely interesting. Agentic AI use in SARs filings — systems in which multiple AI agents work through a case from screening to decision to documentation — is beginning to move from concept to deployment. The impact on filing volume likely will be significant.

The risk is a system flooded with AI-generated SARs of variable quality, creating more noise for law enforcement to sort through rather than sharper intelligence to act upon.

Whereas a small team today might work through a handful of cases a week, AI-assisted workflows could push that into the dozens. Multiply that across institutions already inclined to file rather than miss something, and the result is a coming surge in SARs volume that could play out over the next two to four years.

“Agentic AI has the potential to be a game changer on how we do our work,” Richards explains. “But I believe it’ll guarantee that there will be more SARs filed and not necessarily better and fewer SARs filed.” Indeed, the critical point for the financial crime community to internalize is exactly that.

The risk is a system flooded with AI-generated SARs of variable quality, creating more noise for law enforcement to sort through rather than sharper intelligence to act upon. Once the largest institutions adopt agentic AI as a best practice, others will follow quickly, and regulators will likely be several steps behind.

The value question can’t wait

The has been in place since 2014. Yet after 12 years of filings, the financial crime community still lacks a clear public accounting of whether that data has produced actionable law enforcement outcomes.

So, the question Richards is asking is one the entire industry should be asking: “Has anybody asked law enforcement?”

This question reflects a larger challenge that the industry needs to confront more aggressively, especially as AI technology is set to dramatically increase filing volume across the board. Increasing the volume without improving how the information is used does not represent progress. If SARs are not generating real investigative value, the solution is not to file more of them faster — instead, the pipeline should be fixed before it grows any bigger.

You can find more about the challenges that financial institutions face in managing SARs here

Key insights:

• • • AI scales deception — Fraudsters automate convincing scams, create synthetic identities, and overwhelm legacy controls, making AI an essential part of financial institutions’ anti-fraud solution.

    • “All-green” fraud is rising — The biggest losses often happen in correctly authenticated sessions, making them much harder to detect.

    • Behavior plus collaboration wins — Financial institutions need to shift from point-in-time checks to real-time, cross-channel behavioral signals and tighter inter-institution cooperation to spot coordinated campaigns and reduce friction without stalling growth.

How financial institutions are facing fraud in 2026 isn’t what it was like even two years ago. AI has industrialized deception, synthetic identities bypass traditional checks, and scams manipulate legitimate customers into moving their own money even as every security control shows green.

Today, financial institutions face a perfect storm, according to Michal Tresner, CEO of ThreatMark, and SaraĚýSeguin the DirectorĚýofĚýEnterprise Banking at Alloy. Indeed, they’re trying to manage attacks that scale automatically, identities that look real but aren’t, and victims who authenticate correctly before being convinced to hand over funds.

5 trends financial institutions need to understand in 2026

Looking at each of these five key challenges individually can offer both perspective and possible solutions.

1. The AI threat multiplier

Generative AI (GenAI) and large language models (LLMs) have fundamentally changed the fraud landscape. “AI is now the biggest threat facing financial institutions in 2026,” Tresner notes, adding that fraudsters are leveraging these technologies to create highly convincing content while automating attacks at unprecedented scale — a combination that overwhelms traditional security systems.

Seguin agrees and confirms this trend is . “Financial institutions are seeing a measurable increase in AI-enabled financial crimes, while consumers increasingly expect banks to deploy AI-based security in response,” she explains. The reality is stark: AI has become an essential tool for both fraudsters and those fighting against them.

2. The onboarding dilemma

In another area, the account opening process represents a critical vulnerability. Seguin points to rising first-party fraud and scams as particularly challenging because perpetrators often appear indistinguishable from legitimate customers going through the onboarding process. “A person may open an account with seemingly normal intentions — direct deposit or everyday banking — only to later engage in fraudulent activity,” she explains.

Onboarding is where institutions have the least certainty about either the authenticity of the identity or the legitimacy of the intent.

Tresner identifies a related threat: Synthetic identities. “Rather than stealing real identities, fraudsters now generate convincing fake ones, complete with realistic identity documents and even AI-generated images or video,” he says, noting that these synthetic identity accounts are exploding and frequently serve as infrastructure for moving stolen funds.

The common thread is that onboarding is where institutions have the least certainty about either the authenticity of the identity or the legitimacy of the intent.

3. Authentication under siege

Similarly, and even as financial institutions work to strengthen onboarding controls, account takeover remains a persistent threat. Fraudsters are now using AI to bypass authentication mechanisms at scale, making previously reliable security gates less trustworthy, Tresner explains. “Successful authentication can no longer serve as a definitive indicator of safety.”

Indeed, a properly authenticated session may still be the entry point for fraud, whether committed by an intruder or through a legitimate customer who is being manipulated.

4. The “all green” problem

Which brings us to another fraud scenario faced increasingly by financial institutions, and one that Tresner says may be 2026’s most operationally challenging issue — the fact that many scams don’t trigger traditional fraud controls. When the legitimate account holder initiates a transaction from their usual device and location using correct credentials, every standard check appears normal. The difference is the persuasion happening on the other side as fraudsters convince victims they’re interacting with trusted entities like banks, law enforcement, or romantic partners, and then direct them to transfer money.

Seguin notes that detecting these scenarios requires new approaches, such as identifying subtle behavioral signals like hesitation immediately before a money transfer. “Traditional device and credential checks won’t help when the customer is genuinely authenticated but acting under manipulation,” she explains.

5. Fraud as an industrial operation

Tresner emphasizes that modern fraud is not a series of isolated events but a coordinated, multi-step operation. Campaigns typically begin with establishing or compromising mule accounts, then deploying automated phishing kits to harvest personal data.

Younger users represent a growing target due to their online activity and platform usage, and the emergence of human trafficking-linked fraud operations has worsened this problem.

Not surprisingly, younger users represent a growing target due to their online activity and platform usage, Seguin says, adding that the emergence of human trafficking-linked fraud operations, including sextortion and overseas scam compounds, has worsened this problem.

What works in 2026

Tresner’s core recommendation for fraud investigators in financial institutions is for them to shift their focus from static, point-in-time checks to behavior-based detection. “Behavior profiling and analytics across channels can identify sophisticated actors and manipulation patterns invisible in single transactions or logins,” he explains, stressing that real-time cooperation among financial institutions is critical because fraudsters collaborate, and isolated defenses are insufficient.

Further, Seguin reframes fraud prevention as a growth enabler. “Effective risk controls allow institutions to launch products faster, set higher transaction limits with confidence, and avoid overly restrictive policies driven by fraud concerns,” she notes. Indeed, modern fraud defense isn’t just about reducing losses but about enabling safe expansion.

The 2026 fraud landscape presents compounding challenges: AI-driven scale and realism, onboarding uncertainty from synthetic identities and hidden intent, weakening authentication boundaries, scams that produce legitimate-looking transactions, and industrialized fraud operations that can span channels and institutions. Success in this area requires financial institutions to treat fraud as a behavioral, multi-channel, collaborative challenge because that’s exactly how their adversaries are operating.

You can learn more about the many challenges facing financial institutions today here

Key insights:

• • • Sextortion has evolved into a global industry — This crime is being fueled by organized crime networks and human trafficking.

    • Victims exist on both sides— Often, vulnerable workers, who operate as forced labor in scam compounds abroad, are as much the victims as those people being scammed online and extorted for financial gain.

    • Digital literacy and cross-border cooperation are strong tools — Governments and law enforcement need to better educate the public about these scams and seek better collaboration to prevent exploitation and to dismantle organized crime networks.

A 17-year-old Michigan high school student after inadvertently sharing explicit photos with a Nigerian sextortion scammer after the scammer posed as a teenage girl on a fraudulent Instagram account. Also, a 16-year-old Kentucky high school student after he was blackmailed with an AI-generated nude image.

Sadly, these two families are victims of the more than 100,000 sextortion reports filed with the National Center for Missing and Exploited Children (NCMEC) since 2020, many now involving AI-generated imagery. These reports are part of the larger increase in , which typically targets males ages 14 to 17 and which has been on the rise since 2020. These tragic cases are part of a vast network of scams that stretches from the to criminal compounds in Asia and Africa.

Sextortion in the modern age

The FBI defines sextortion as a criminal act in which an offender blackmails a victim for payment under the threat of releasing sexually explicit material, such as a photo or video. The material may have been solicited through a romance scam or may be the product of generative AI (GenAI). Sextortion is the latest trend in a series of scams that generate billions of dollars for international criminal syndicates on the backs of forced labor in parts of the world with unstable governance and oversight. An average 800 CyberTipline reports submitted to NCMEC from 2022 to 2023 related to the sextortion of minors.

NCMEC notes that victims of sextortion scams to the CyberTipline and make use of the . Take It Down allows for anonymous requests to remove explicit images from participating platforms and social media companies. encourages changing passwords after scam activity and not responding to any requests for payment, even if threats are made.

Organized crime syndicates and cyber-scams

are the “definitive market leaders” in cyber-enabled fraud and online scams, which have been rapidly expanding since the COVID-19 pandemic, according to the United Nations’ Office on Drugs and Crime. In areas of Asia with weak governance, scam centers and fraud gangs run sophisticated operations that often front as industrial parks or casinos and hotels. and coerced into defrauding other victims online. The trafficked individuals often are lured with false promises of high-paying jobs and the ability to maximize their language skills.

Broad enforcement efforts have been relatively ineffective as scamming operations simply move within the country or offshore.

Once there, victims are forced into labor to commit financial fraud usually by enticing smartphone users to invest in cryptocurrency scams or engaging in sextortion (which sometimes includes forced sex trafficking to produce sexual content). It is unclear if teenagers are being targeted explicitly or if they are inadvertently targeted through broader, population-wide cyber-scams.

The Myanmar town of Laukkaing (also spelled Laukkai), the capital city of the Kokang Self-Administered Zone is considered the engine-room of forced labor scamming. In Myanmar’s Kokang region, have turned from narcotics to online scamming, operating casinos, and scam compounds possibly because these crimes are more lucrative and easier to operate at scale.

In October 2023, a deadly crackdown at Myanmar’s Crouching Tiger Villa (referred to as the 1020 Incident) was the beginning of the crumbling of mafia-led control in Laukkaing. The Chinese government launched coordinated attacks, which resulted in . The leader of the Ming family (which operated Crouching Tiger Villa) took his own life after being captured, but of his extended family with ties to organized crime and illegal activities in Myanmar were sentenced in Chinese courts in September 2025, including 11 who were sentenced to death.

An estimated US $1.4 billion was generated by the Ming family over 10 years through telecommunications fraud, illegal casinos, drug trafficking, and prostitution.

Inside offshore scam compounds

Beyond Southeast Asia, forced-scam operations have grown rapidly across the Mekong region. TheĚý, funded in part by ¶¶ŇőłÉÄę, notes their study of CyberTipline reports and IP addresses point to a strong presence of scam compounds in Myanmar and Cambodia.

The financial impact of scam compounds is no small factor — ruling elites in these countries have a financial motivation to look the other way because of its high profitability. The in Cambodia are more than US $12.5 billion annually, or about half of the country’s formal GDP. Across Mekong countries (China, Myanmar, Laos, Thailand, Cambodia, and Vietnam), cyber-scam returns generate an estimated US $43.8 billion annually.

The financial impact of scam compounds is no small factor — ruling elites in these countries have a financial motivation to look the other way because of its high profitability.

Broad enforcement efforts have been relatively ineffective as scamming operations simply move within the country or offshore, and there are reports that these complex money laundering operations help move funds into the formal economy of countries with weak governance.

Despite the challenges in enforcement, some high-profile enforcement cases have helped to generate international coordination against cyber-scams and sextortion. A California teen’s death by suicide resulting from sextortion led to three years later. Interpol’s (July and August 2025) resulted in 260 arrests and more than 1,200 electronic device seizures in 14 African countries. The Association of Southeast Asian Nations (ASEAN) announced that as the main regional security concern last month. Domestically, the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) has issued sanctions on nine targets involved in scam operations in , and against (who is also associated with online scam centers).

Digital literacy as a solution

To truly begin to crack scam networks that operate in parts of the world with weak governance, of their citizens and support stronger cross-border investigation strategies. Stronger anti-money laundering frameworks can disrupt scam compounds more effectively than sting operations that just force the scam operation to move elsewhere.

It is critical that digital literacy is emphasized for online users who fall prey to sextortion and among job seekers lured into forced labor in scam compounds by fraudulent job advertisements. Cross-border collaboration among authorities, along with stronger enforcement and shared digital literacy, are the best defenses against this evolving threat.

You can find out more about our coverage of human trafficking, child exploitation, and forced labor at our Human Rights Crimes Resource Center here

Key insights:

• • • Old laundering patterns have modern wrappers— Nefarious actors now cooperate to move value through mirror-trade commodity flows and sometimes crypto, blending legal transactions with illicit proceeds.

    • FinTech expands laundering options— Peer-to-peer apps, reloadable cards, kiosks, and virtual assets allow for the execution of many small conversion transactions that break up funds and blur clean-to-dirty movement.

    • Fraud scales cheaply in an AI era— As cash use drops, scams and extortion become lower-risk and easier to industrialize — sometimes through forced-labor scam operations — making verification and policy adaptation urgent.

When incentives align, strangers can become business partners. In the 21st century, traditional finance, banking, and cash payments have been disrupted by a watershed of technological advances for which we are all unprepared. This time of crisis and opportunity has created an unexpected alliance between FinTech firms and traditional banking institutions.

To fight financial crime, however, it is important to deal with the ever-evolving ways for currency to change forms and change hands across vast distances. This new way of moving money mirrors ancient systems of debt ledgers & interpersonal trust, often known as Hawala or Fei Chien. Criminals continue to innovate with both methods, creating unsettling partnerships.

The cartel-business partnership

Cartels, underground banking networks, and legitimate businesses now collaborate — sometimes unwittingly — to launder money by moving value through mirror-trade commodity flows and cryptocurrency, merging legal trade with illegal profits. Near-cash-style FinTech methods — such as peer-to-peer apps, reloadable cards, kiosks, and virtual assets — can expand laundering opportunities by enabling numerous small conversion transactions that fragment funds and obscure the movement of illicit money. As cash use declines, fraud, including scams and extortion (sometimes executed through forced-labor scam operations) becomes less risky and easier to scale in the AI era, underscoring the urgent need for verification and policy adaptation.

The flow of illicit cash also extends to digital assets. Some of the cash money that gets stuffed into bitcoin ATM-style kiosks is from the drug trade. Indeed, the U.S. Treasury Department’s Financial Crimes Enforcement Network (FinCEN) issued an alert on this topic as well and, while the two schemes seem distinct, we can speculate that some of the resulting Bitcoin, crypto, or other virtual assets went to underground bankers facilitating a mirror trade for a countryman.

What is old is new again

In the world of finance, the dawning of a new era of digital, on-demand, borderless transactions provides access to an exciting frontier of possibility. New coins, new blockchain tokenization uses, and new FinTech tools with cool names are all rising and falling faster than the price of bitcoin.

The players in this intersection have figured out that trade is profitable, and legal trade leading to illicit substance trade is even more profitable. Underground shipping, sanctions evasion, and dark web services for money laundering are all profitable by themselves, and when combined, they represent an illicit economic blitzkrieg.

Cartels, underground banking networks, and legitimate businesses now collaborate — sometimes unwittingly — to launder money by moving value through mirror-trade commodity flows and cryptocurrency.

Crypto is the new Hawala or Fei Chien because, with no bank or government involved, people can keep common copies of a ledger instead of relying on a hawaladar or Chinese underground banker to keep records. Virtual assets could facilitate the currency side of mirror trades, refilling a person’s coffers via digital transfer which can then be moved to an exchange and on to a local bank.

Commodities are the new cash because mirror trades are physically settled in commodities. For example, investment in source chemicals for drugs, negotiated at a discount, helps expand the illicit cartel business. Similarly, one-off items can be used for large-cash replacement transactions.

FinTech is the new money service business (MSB). We know that they are regulated the same but often serve different market segments, and many now exchange government fiat currency for one or more forms of cryptocurrency. Money laundering thrives on breaking up funds into smaller amounts to avoid reporting; therefore, a multitude of near-cash options like peer-to-peer payment apps, reloadable cards, and virtual assets help the launderer with this problem.

One might imagine that lower-tier street dealers could have several peer-to-peer payment app accounts for ease of use, because although the criminal is running an illicit business, it’s a business, nonetheless. Industry experts call these small payments conversion transactions because they usually come from a clean, legitimate payroll source but are converted to dirty funds when spent on an illicit substance or activity.

Fraud is low risk and AI fuels the fire

In this rapid-fire digital transaction world, fraud is the new mugging, complete with racketeering and slave labor farms. The profit margin on physical intimidation has gone down because people use cash less often, and many seldom carry it at all.

Due to digital innovation, communication technology, and AI, however, the barrier to entry for fraudulent theft, extortion, or scamming has gone down dramatically as well. Presumably, the margins are high because the ability to fraudulently communicate has become exponentially enabled by these tech advances. Fraud and scams are ubiquitous to the point of impeding legitimate business from communicating with customers effectively.

The players in this intersection have figured out that trade is profitable, and legal trade leading to illicit substance trade is even more profitable.

Further, slave labor has reared its ugly head in yet another strange intersection among these many things. Fraudsters in Southeast Asia build warehouses filled with tech and then force local people to operate scams and fraud schemes at scale. Aggregated funds from these efforts are sometimes moved via commodity or artifact, but often these funds are gathered from kiosks or peer-to-peer apps and then moved through cryptocurrency transactions until they become increasingly arduous to track.

Looking to the new dawn

It seems every few minutes brings us a new tool, a new opportunity, a new way to move money, and a new way to get scammed out of it all. This expanding capability is fueled by GenAI and even more advanced forms of AI. Business expands, productivity expands, and resources are consumed faster. Fraud is enabled, scaled, and seems to hang in the very air.

With the proliferation of digital, borderless, and AI-enabled everything, the human touch is more important than ever. Business owners note that requests for memorabilia and other tokens of physical value continue to rise. Cash will not go away, but its share of transactions is already diminished with the advent of crypto, new intersections in commodity exchange, and other person-to-person ways to settle accounts.

For the financial institutions, government agencies, and fintech firms that populate this world, creating informed best-practices and sensible policy documents is critical at this phase of innovation. Without a proactive approach we cannot hope to stay ahead of criminals and keep legitimate markets secure.

You can find out more about how organizations are using new methods to detect and prevent financial fraud here

Key insights:

• • • Blockchain’s transparency is a double-edged sword— While criminals use crypto for illicit activities, the permanent and public nature of the blockchain ledger creates an undeniable trail, making it a powerful tool for law enforcement to track and seize illicit funds.

    • The rise of crypto forensics— A growing industry of specialized firms and investigators is leveraging blockchain’s inherent design to unravel complex financial crimes, demonstrating that “±ô´Ç˛őłŮ” crypto funds can often be recovered.

    • An evolving battlefield— Despite the ongoing challenges posed by tools like mixers and privacy coins, blockchain technology is fundamentally shifting how financial crime is fought, turning the very system criminals exploit into the means of their capture.

Cryptocurrencies and other digital assets are used by criminals, which is great for catching them. Indeed, the biggest criticism of crypto since its inception has been its criminal use, which was estimated to be almost half of all activity by the end of 2017. In the past three months alone, asset seizures and forfeitures of more than $22 billion in crypto have been made by authorities in the United Kingdom, the United States, and their international partners.

These historic interceptions of illicit funds prove that the fundamental architecture of blockchain — the digital ledger that underpins most virtual transactions — makes it the perfect tool for catching criminals, validating the hypothesis of Satoshi Nakamoto, the presumed pseudonym of the person or persons who developed bitcoin, that fraud could be prevented through intentional system design.

While criminals assumed they could optimize their illegal activities using crypto to obfuscate fund flows, the blockchain ledger’s immutability has created a niche for financial crime investigators seeking to unravel these cases. Companies like Chainalysis, Elliptic, and TRM Labs have become synonymous with these investigations, joined by a growing network of smaller firms that are democratizing crypto investigations, combating terrorist financing and online child abuse. Ultimately working to secure seized assets and prevent further harm. By all measures, the ecosystem is expanding rapidly.

Every crypto transaction creates a permanent trail that allows investigators to catch criminals even years after their crimes. This is how, a digital exchange hack in 2016 that resulted in the theft of 120,000 Bitcoin worth $72 million (at the time) and was chronicled in the Netflix documentary was wrapped up years later with the seizure of $4.5 billion in crypto and the arrest of the two alleged perpetrators in 2022. Law enforcement may not move as fast as crypto, but if the whale is big enough, they will catch it.

Indeed, the scale of cryptocurrency-enabled crime threatens Western economic stability. The FBI received 149,686 crypto-fraud complaints in 2024, totaling $9.3 billion in losses, likely significantly lower than the true figure. More than 100,000 people are trafficked and forced to operate scams from compounds in Cambodia and Myanmar. The Prince Holding Group, a transnational criminal organization headed by Chen Zhi, generated , approximately $10.95 billion annually.

Financial crime as economic warfare

These are just headlines. Further research in the Netherlands shows that only 11.8% of fraud victims actually report being victimized. While many dismiss fraud and blame victims, crypto-related fraud is becoming economic warfare systematically draining wealth from Western economies while enslaving hundreds of thousands in forced labor camps across the Global South. With potentially $80 billion lost annually to crypto fraud, the impact extends beyond the 1.14% of the US federal budget it represents. This illicit outflow causes loss of productive capital, tax base erosion, and reduced economic activity.

Yet the technology accused of enabling this new generation of fraud simultaneously provides the tools to detect and combat these criminal organizations more successfully than any financial crime fighting technology in history. The Chen Zhi case, easily the largest asset forfeiture in US history at around $15 billion, demonstrates this perfectly.

Every crypto transaction creates a permanent trail that allows investigators to catch criminals even years after their crimes.

This is why I’ve spent the last four years studying the crypto ATM industry. While most financial crime professionals saw a problematic service in a problematic industry, I saw a massive dataset of criminal activity that could predict other illicit activity beyond crypto ATMs. This dataset helped identify terrorist financiers, vendors of child sexual abuse material (CSAM), and countless scams and frauds. Layer data-rich sources like crypto ATMs with blockchain data, and a good investigator can achieve remarkable results.

Modern blockchain analytics leverage the features Nakamoto designed for trust and verification. Immutability makes evidence tampering impossible and investigations public; and verifiability allows investigators to validate every step of a criminal’s crypto trail. Consensus mechanisms create a distributed jury of millions, validating the evidence chain further. These features enabled authorities to map the , revealing 76,000 fake social media accounts operated from facilities using 1,250 phones across 10 Cambodian compounds, and tie it to $15 billion in bitcoin.

The same technology facilitating billions of dollars in pig butchering scams annually enables law enforcement to catch the transnational criminals and recover funds. Traditional financial crimes disappear into offshore accounts and shell companies, often leaving investigators blind. However, as anyone in blockchain forensics knows, Locard’s Exchange Principle remains true: Every contact leaves a trace. Blockchain’s public ledger means every suspicious transaction leaves a permanent clue.

Nakamoto’s vision of “electronic transactions without relying on trust” inadvertently created a system for establishing criminal culpability. The blockchain’s public nature convinced criminals they could hide in plain sight, but Nakamoto saw that participants would be deterred from fraud by this transparency. The naive assumption that users had nothing to hide if doing nothing wrong quickly revealed plenty were doing wrong. Still, the system proved fit for purpose once tools were built to catch bad actors. Nakamoto’s white paper’s emphasis on preventing double-spending through public verification created a framework in which crime-spending leaves permanent evidence. All a good investigator needs is time.

The rise of crypto forensics

As crypto advances, tools like bridges, mixers, and privacy coins pose constant challenges for investigators, but claiming the money is gone when crypto is involved is simply false. As blockchain forensics advances, criminals face an uncomfortable truth: They’ve been conducting operations on a permanent, public, immutable ledger. Their only protection is time and cryptographic puzzles that an entire industry is working to unravel.

While some has been diligent in pointing out some of the challenges in the industry and some of what’s been missed, there are a lot more illicit fraud cases that never see the light of day because of what has been prevented by blockchain forensics. And while it may not be perfect, the fact that there is an industry working to build a safer financial system than what has gone before is commendable, and the accountability that public ledgers have enabled is energizing for those that must police it.

Unfortunately, the $15 billion Chen Zhi seizure isn’t the end but the beginning. With at least $64 billion stolen annually, these criminals have little incentive to stop. While some scam compounds have been dismantled, reports indicate they’re simply being relocated.

Nevertheless, blockchain is setting a new paradigm in financial crime, one in which the technology enabling crime will eventually become the weapon that defeats it.

You can learn more about financial crimes and other regulatory issues involving cryptocurrencies here

Key insights:

• • • Fraud prevention presents systems challenges — In the current advanced tech-enabled environment, AI-driven tools in the public sphere need human coordination and oversight to be employed properly.

    • The intangible cost of fraud is public trust — When public programs that are designed to support vulnerable populations fall victim to exploitation, confidence in the ability of government-administered programs falters.

    • The full scope of fraud is unknown — Many improper payments from government programs aren’t criminal. It’s that we need better data, clearer definitions, and a stronger understanding around what fraud truly is.

As public programs and the scale of fraud become the subject of national and state political discourse, more state governments and public sector agencies are evaluating the potential of data analytics and AI tools to curb fraud. As these institutions are realizing, effective fraud prevention is easier said than done, and investment in new detection tools will fail to keep pace with fraud if they don’t address structural, cultural, and coordination challenges.

Early fraud detection

Early detection of fraudulent activity, aided by AI tools and systems, may still be the most effective way to deter future problems. For example, California Community Colleges, the largest higher education system in the United States, currently serves more than two million students and has in two-thirds of its institutions in order to detect fake students. With open access for enrollment, the system is a magnet for fake students who apply, enroll, and fill seats in virtual classes that real students should be occupying, while fraudulently collecting federal and state student aid.

In 2024, it was estimated that nearly one-third (31%) of financial aid applicants at California Community Colleges were fraudulent, resulting in approximately $13 million in state and federal aid dollars being disbursed to fake students.

California Community Colleges employed a three-phased approach seeks to catch fraudsters who may slip through at the time of application, when they register for courses, and when they apply for financial aid. The system engaged in cross-agency collaboration with the California Department of Motor Vehicles and deployed a mobile ID system to authenticate student identity. Further, its data analytics looked at factors such as students’ IP addresses, time zones, age, and contact information to flag those patterns that could indicate a fake applicant. An AI tool analyzed course registration patterns, as well, identifying whether applicants have illogical or unusual patterns in the courses they are taking.

Then, system educators integrated into their virtual courses early on, requiring students to submit an introductory video, for example. This allows educators to cut non-participating students (presumed to be fake) before financial aid is disbursed.

These early detection tools, paired with human judgment, showed how a proactive approach can stop fraud before funds are lost.

Gaming government systems

While fake students illustrate small-scale exploitation in California, provider fraud is where large dollar amounts and case complexity arise. When fraudsters illegally obtain Medicaid funds for services they never rendered, for example, individuals in need of services suffer.

Minnesota’s now-shuttered Housing Stabilization Services program intended to help move individuals who were experiencing housing insecurity into transitional and then permanent housing solutions. According to a , the well-intentioned program enriched sophisticated fraudsters, who formed business entities and falsified employee hours, reimbursement claims, and patient identities — even going so far as to manufacture false case notes as a precaution against their records ever being audited. Not surprisingly, illegally gained reimbursements were used to fund high living expenses, luxury shopping, and cars.

Similar fraudulent providers have been charged by the U.S. Attorney’s Office for the Northern District of Texas as part of . Four individuals fraudulently billed around $20 million to federally funded programs and other insurers.

In another case that showed that fraudsters sometimes can come from inside the house, a group of were ruled against by a federal judge in a whistleblower lawsuit alleging that four insurers and six health systems routinely, improperly billed the state’s Medicaid program. Part of the reason for the judgment was because the disputed claims were still paid by the Indiana Medicaid program, despite it being aware of alleged issues. In this case, oversight gaps and a consistent pattern of not flagging improper payments revealed a structural weakness within the state office.

Different approaches for data analytics

Some agencies are employing different methods to leverage advanced tech to help in the fight against fraud. For example, the Louisiana Department of Health is using AI to scrutinize Medicaid recipients and their eligibility. A developed at the University of Louisiana at Lafayette will allow the Louisiana Department of Health to share data with the state’s Office of Motor Vehicles. By analyzing whether individuals have duplicate licenses in other states, their eligibility to receive benefits in Louisiana may be rescinded.

Focusing on a different tack and target, the Center for Medicaid and Medicare will deploy a six-year pilot program of the across six states: New Jersey, Ohio, Oklahoma, Texas, Arizona, and Washington. The pilot program will specifically target low-value services with little to no clinical, evidence-based benefits and will expedite review of those services that are at a higher risk for provider fraud, waste, or abuse. This heightened scrutiny of providers seeking Medicaid reimbursement is in alignment with recommendations from the around program integrity.

These varying approaches raise a difficult question: Is it better to risk inefficiency by targeting providers, or it better to risk inequity by targeting recipients?

Understanding the measures of fraud, waste, and abuse

The total cost of fraud is difficult to calculate, as there are countless incidents of fraudulent reimbursement requests, overbilling, or unnecessary medical treatment that cannot be counted. Two data measures that we have to understand to truly gauge the efficacy of public health systems’ financial health are the payment error rate and the dollars recovered through fraud controls.

are those payments that fail to meet statutory, regulatory, or administrative requirements. They may be for non-eligible services, be inappropriately or inaccurately coded, or may exceed program maximum amounts — but their common denominator is that they represent funds that were misspent or out of step with fund guidelines.

Improper payments are calculated and reported to Congress annually across all federal healthcare programs. The dollar recovery rate calculates the amount of inappropriate reimbursements recovered from fraudulent actors each year, usually through the pursuit of civil or criminal damages. However, it’s important to remember that not all improper payments are lost to fraud. For example, within the Medicaid program were most often tied to missing appropriate documentation for individuals receiving care.

Understanding these definitions determines how we measure success, design large government systems, and allocate enforcement dollars across states. Such preventative measures, especially now aided by AI and other advanced tech, will help the next generation of fraud detection professionals who will come to rely on the tools and platforms that we design now.

And as more state governments and public sector agencies seek to leverage AI tools and platforms, they would be wise to focus on efforts that collect and analyze real-time participant data and incorporate ethical AI oversight, while balancing an investment in prevention as well as prosecution.

You can learn more about the challenges that government agencies face today here