Deepa Sinha
May 15, 2025
Fraud, cybersecurity, and artificial intelligence have long been treated as separate domains within financial services. Each came with its own tools, teams, and terminology, but the walls between them have started to crack.
What once seemed like parallel conversations are now colliding, and the implications are profound. Financial institutions, already under pressure to keep up with digital change, are finding themselves caught between innovation and risk, trust and uncertainty.
To help unpack what this shift means for banks, regulators, and compliance teams today, Trade Treasury Payments’ (TTP) Carter Hoffman spoke with Deepa Sinha, SVP, Payments and Financial Crimes at BAFT and Elizabeth Rosenberg from the Wolfsberg Group.
Gone are the days when financial crime relied on crude email scams or low-tech spoofing. Generative AI has handed new tools to criminals, allowing them to produce fake voices, mimic customer behaviour, and orchestrate attacks that no longer need to be large in scale to be devastating in impact.
Sinha said, “We’ve seen generative AI being weaponised by fraudsters to scale phishing, spoofing, deep fake attacks, bypassing the traditional verification methods.”
One deepfake video or one real-time social engineering ploy can move millions and the threat is forcing institutions to confront this shift in real-time. Traditional defences (like passwords, static verification, even two-factor authentication), are often no longer sufficient given how fluid, fast, and personal AI-driven fraud can be. Fraudsters don’t need to break in, they just have to convince someone to open the door.
When you combine this AI-powered manipulation of trust with the immediacy of modern payment systems, it’s clear to see that the nature of the threats has changed. This new kind of financial crime no longer respects the lines between digital security and financial controls.
Banks are responding by bringing cybersecurity and fraud detection closer together, relying on behavioural analytics and network-based monitoring to flag what once went unnoticed.
Sinha said, “There’s a growing push for cross institution data sharing and federated learning models to detect fraud patterns beyond organisational boundaries. This marks a cultural as well as operational shift in cybersecurity strategy moving from silo defense to ecosystem based resilience.”
Coordinating approaches in this manner though is not always enough. Institutions must learn constantly, because the threats learn too.
Institutions have embraced machine learning in the hope of moving faster than their attackers. And in many ways, they have. False positives in transaction monitoring are declining. Risk profiles are becoming more dynamic. Hidden links between accounts and identities are being uncovered. But the smarter these systems become, the harder they are to explain.
Sinha said, “One key gap is explainability. So many AI models are still ‘black boxes’, making regulatory compliance and internal validation challenging.”
That causes problems both internally, where compliance teams need to justify decisions, and externally, where regulators require transparency. Unfortunately, the tools that offer the most promise often offer the least visibility, creating a tension between capability and accountability that remains unresolved.
To complicate matters, many institutions are still saddled with outdated infrastructure. AI struggles to function when data is trapped in silos or riddled with inconsistencies. There are also concerns over the integrity of the data itself. Bias, gaps, and outdated inputs can skew outcomes and compound risk.
Meanwhile, policymakers are beginning to move. In the EU, new rules are demanding greater auditability and fairness in AI deployment. In the US, emerging frameworks are asking similar questions. But institutions cannot afford to wait for perfect clarity.
Rosenberg said, “A challenge for financial institutions is staying the course with existing regulatory obligations as well as this need to detect crime that is proliferating in different areas, not paying attention to rhetoric until and unless it is translated into actual concrete policy guidance.”
This creates a rather narrow path for financial institutions to travel, advancing innovation on the one side while staying aligned with principles that are still being written on the other.
Criminal networks operate without borders. Their money moves across jurisdictions, through systems designed to support global commerce, but the regulatory responses remain rooted in national structures. Financial crime may be a shared threat, yet compliance obligations differ from one country to the next, and that divergence is becoming harder to manage.
The US and the EU have both signalled their intent to modernise anti-money laundering frameworks, though their approaches are not aligned.
Rosenberg said, “The European and the US efforts towards AML revision are not coordinated, which will probably lead to some new forms of friction. For multinational firms, this creates new challenges, though it’s a bit of a boon for professional services of all stripes, who are helping to navigate legal complexities.”
Financial institutions are finding themselves caught between overlapping regimes, sometimes needing to restructure their legal entities just to meet local obligations. In the process, attention is diverted away from actually detecting and stopping criminal activity.
While shared principles remain, the harsh reality is that interpretation and application differ. Without harmonisation, there will be more uncertainty in the system at a time when the system is already rife with uncertainty.
Continuing down this path, where institutions independently deploy cross-border detection models and coordination, where it exists at all, is only reactive, will result in a patchwork of rules and approaches applied to a network of threats.
Traditionally, compliance teams have focused on interpretation and enforcement. Their role has been to ensure that institutions meet their obligations. But that role is changing. Compliance can no longer remain passive, and there is a growing recognition that compliance professionals must now help define the future.
Rosenberg said, “Compliance professionals… must understand themselves as part of a conversation; as stakeholders who can help create a different framework and be active participants in change.”
That means engaging with policymakers, contributing to internal strategy, and playing a central role in shaping how institutions use new technologies. Risk-based thinking must now become the starting point for innovation.
But it’s important to remember that not all threats are equal and not all risks deserve the same attention. The idea that every process or control must meet the same standard of perfection has made many programmes inefficient.
What matters more is how information is used. Regulatory frameworks already speak about usefulness to law enforcement. The idea that a programme should be built to generate insight, not just satisfy inspection, is gaining ground and with that shift comes opportunity. Technology can support investigators, streamline monitoring, and automate reporting, but it can’t replace judgment, especially in areas like trade-based money laundering, where patterns are complex and context matters.
Sinha said, “Rather than fearing automation… compliance teams should embrace technology as a compliance ally, not a threat or a burden.”
The challenge is to let machines do what they do best, so people can focus where they’re needed most.
—
The boundaries that once defined fraud prevention, cybersecurity, and compliance have faded. In their place is a more fluid, unpredictable space where threats evolve quickly and but so too do the tools to fight them.
Smart systems need smarter oversight. Global risks need more coherent rules. And compliance needs a seat at the table.
The future of financial crime detection won’t be shaped by technology alone. It will be shaped by the people willing to use it wisely.
May 15, 2025
May 15, 2025
May 15, 2025
May 14, 2025
May 14, 2025
Trade Treasury Payments is the trading name of Trade & Transaction Finance Media Services Ltd (company number: 16228111), incorporated in England and Wales, at 34-35 Clarges St, London W1J 7EJ. TTP is registered as a Data Controller under the ICO: ZB882947. VAT Number: 485 4500 78.
© 2025 Trade Treasury Payments. All Rights Reserved.
English
