The Surge In Cyber Enabled Fraud

In late February, the Financial Action Task Force (FATF) issued a report highlighting that cyber-enabled fraud (CEF) is now a core global money laundering risk.

‍

Surging Risks

In Singapore alone, CEF cases have surged by 61% over the span of just 2 years. In the UK, CEF accounts for 40% of all crime, and in the US, losses from CEF reach into tens of billions annually. These are not isolated incidents. 

Transnational cybercrime syndicates are notorious for running scam compounds, often embedded between the borders of Southeast Asia. Human rights abuses, trafficking and coercion are widespread in these places.

‍

The Response

Revised FATF standards aim to see financial institutions deploy more aggressive measures to combat CEF. These will include confirmation of payee mechanisms and non-conviction-based confiscation protocols to impede the flow of illicit funds.

On the due-diligence side, multiplex approaches in collecting beneficial ownership information to better expose shell companies are expected to be the norm moving forward. Financial institutions are also advised to modernize their current risk-scoring capabilities to close any oversight gaps. 

‍

Emerging Tech

The catalyst for CEF surges is the exponential technological innovation in the past decade. AI-enabled tools such as deepfakes, automation, website creation and mass deployment have lowered the barriers of entry for criminals worldwide.

While these new tools remain relatively cheap for threat actors, financial institutions (FIs) struggle to keep up, often hampered by bureaucratic procedures. The new FATF standards will alleviate some problems involved in oversight and improper documentation, but excessive regulatory procedures may not be enough to close the gap with an enemy that relies on cheap, rapidly evolving, and highly scalable technologies.

The asymmetry is stark: fighting these threats through conventional compliance mechanisms is like deploying expensive military missiles to shoot down enemy drones assembled from scrapyard parts: costly, slow, and ultimately unsustainable response to a threat defined by its disposability and scale.

‍

Bridging The Gap

We believe the answer lies in bridging the innovation gap between threat actors and regulators. This cat-and-mouse dynamic that has long plagued sectors handling regulation, compliance, and infrastructure only ends when we move beyond reactive, bureaucratic oversight toward anticipatory, predictive responses.

This requires a fundamental shift in how we conceptualize data privacy. Private data silos that are fragmented by industries and organizations into jurisdictional blind spots need to give way to permissioned public-private data pipelines that empower AI to detect and flag illicit flows before they obfuscate and vanish into virtual assets.

FATF's push for machine learning enabled risk scoring mechanisms being the norm is a step in the right direction. But most importantly, is whether FIs are willing to take this threat seriously, and act accordingly.

‍