Key insights:

• • • Non-compliance is significantly more expensive than compliance 鈥� Data consistently shows the cost of non-compliance can be greater than proactive compliance investments.

    • Reputational damage and hidden costs often outweigh direct fines 鈥� Beyond financial penalties, the damage from legal fees, loss of customer trust, and operational disruptions from non-compliance can inflict long-term harm.

    • Strategic investment in compliance yields a competitive advantage 鈥� A robust compliance program builds trust, attracts investors, and demonstrates greater operational resilience in a complex regulatory landscape.

There’s a persistent myth in the business world that compliance programs are a necessary burden, a line item to be minimized and managed rather than invested in strategically. The data tells a very different story, however, and it has for quite some time. For organizations still treating compliance as an overhead expense, it’s time to reconsider the math and view the broader strategic picture.

The numbers don’t lie: Non-compliance costs more

Non-compliance costs are 2.65-times the cost of compliance itself, a finding that dates back to the of multinational organizations. While the average cost of compliance for the organizations in that study was $3.5 million, the cost of non-compliance was much greater. That means simply by investing in compliance activities, organizations can help avoid problems such as business disruption, reduced productivity, fees, penalties, and other legal and non-legal settlement costs.

According to a later report from from 2017 (the most recent set of analytical data on the subject), the numbers have only grown more striking. The study showed that average cost of compliance increased 43% from 2011 to 2017, totaling $5.47 million annually. However, the average cost of non-compliance increased 45% during the same time frame, adding up to $14.82 million annually. The costs associated with business disruption, productivity losses, lost revenue, fines, penalties, and settlement costs add up to 2.71-times the cost of compliance.

And these non-compliance costs from business disruption, productivity losses, fines, penalties, and settlement costs, among others aren’t simply abstract risks. They’re real, recurring, and measurable, and they don’t stop with the fine itself.

Beyond the fines themselves, legal costs are a significant and often underestimated component of non-compliance.

This gap between compliance and non-compliance provides evidence that organizations do not spend enough of their resources on core compliance activities. If companies spent more on compliance in areas such as audits, enabling technologies, training, expert staffing, and more, they would recoup those expenditures and possibly more through a reduction in non-compliance cost.

While the math here is straightforward, the strategic case is even clearer. Compliance isn’t overhead; rather, it’s an investment with a measurable, proven return.

The hidden costs: Legal fees, fines & reputational fallout

Regulatory fines get the headlines, but they represent only part of what non-compliance actually costs an organization 鈥� a cost that has only risen over time. As of February, a total of 2,394 fines of around 鈧�5.65 billion have been recorded in the database, which lists the fines and penalties levied by European Union authorities in connection with its General Data Protection Regulation (GDPR).

Beyond the fines themselves, legal costs are a significant and often underestimated component of non-compliance. Regulatory norms are shifting constantly and navigating them requires specialized expertise. As quickly as the rules change, outside counsel and compliance specialists must keep pace, and that knowledge comes at a price. Every alleged compliance violation triggers an immediate need to engage qualified counsel, adding to a cost burden that compounds quickly and unpredictably.

Then there is reputational damage, perhaps the most enduring consequence of all. The cost of business disruption, including lost productivity, lost revenue, lost customer trust, and operational expenses related to cleanup efforts, can far exceed regulatory fines and penalties. Consider , whose compliance failures around its anti-money laundering (AML) efforts became a cautionary tale for the industry. TD Bank’s massive $3 billion in fines from US authorities wasn’t just the result of a few missteps; rather, it was caused by years of deep-rooted failures in its AML program, pointing to a culture that prioritized profit over compliance.

The findings from both the 2011 and 2017 studies provide strong evidence that it pays to invest in compliance.

TD Bank’s failure to make compliance a priority not only led to a huge fine but also seriously damaged its reputation, with revising TD’s outlook to negative in May 2024, where it remains. This is the kind of a reputational stigma that can take years to repair.

Leveraging compliance as a competitive advantage

There is also a positive side of the ledger that often goes unacknowledged. A robust compliance program signals to investors, partners, and clients that an organization is well-governed and trustworthy. That reputation doesn’t just retain market value; it actively attracts it.

Organizations that cut corners in compliance risk engaging in a short-sighted, high-risk strategy that will ultimately result in a negative outcome for the organization. Businesses that take compliance seriously tend to operate with greater predictability, fewer surprises, and stronger stakeholder confidence.

The 2017 Ponemon and Globalscape and study found that, on average, only 14.3% of total IT budgets were spent on compliance then, not much of an increase from the 11.8% reported in 2011. This clearly indicates that organizations are underspending on core compliance activities in the short term and aren’t prepared to allot further resources as the years go on. That gap represents not just risk, but a clear missed opportunity.

“The findings from both the 2011 and 2017 studies provide strong evidence that it pays to invest in compliance,鈥� explains Dr. Larry Ponemon, Chairman and Founder of the Ponemon Institute. 鈥淲ith the passage of more data protection regulations that can result in costly penalties and fines, it makes good business sense to allocate resources to such activities as audits and assessments, enabling technologies, training, and in-house expertise.”

The organizations that recognize compliance as a strategic function, not a reactive one, are the ones that will earn the trust of clients, the confidence of investors, and the operational resilience to weather an increasingly complex regulatory environment. The data is clear, and the choice is a critical one.

Please add your voice to 成人VR视频鈥� flagship , a global study exploring how the professional landscape continues to change.听

Key insights:

• • • Convenience has outpaced consumer understanding 鈥斕齅any users treat apps, prepaid accounts, and rewards programs as simple payment tools, remaining unaware they are entrusting their money to entities with few safeguards.

    • Risk is no longer confined to traditional banks 鈥� Some of the most significant financial activities now occur within platforms and brands that do not resemble banks at all.

    • Opacity enables systemic vulnerability 鈥� The less transparent an institution’s obligations, leverage, and oversight, the easier it is for financial fragility, misconduct, and systemic risk to grow unchecked.

When you think of where money is held, you generally think of a bank. However, as we look at the financial landscape today, money is being held at a wide range of institutions that often have varying levels of safety and oversight. Entities from Starbucks to Visa to Coinbase hold money for individuals, effectively serving as a bank, but often without the regulatory framework that comes with it.

Behind the scenes, it can seem like . In its daily operation, it collects prepaid funds that resemble deposits, holds them as liabilities, and uses them internally 鈥� all without offering interest, cash withdrawals, or FDIC insurance. Starbucks’ rewards program holds $1.8 billion in customer cash, and if it were a bank, that would make it bigger, , than 85% of chartered banks, making the coffee chain one of the .

This dynamic extends well beyond coffee shops. “Popular digital payment apps are increasingly used as substitutes for a traditional bank or credit union account but lack the same protections to ensure that funds are safe,” warns the . If a nonbank payment app’s business fails, your money is likely lost or tied up in a long bankruptcy process.

Shadow banking

Think of a Starbucks gift card as a financial instrument. Technically it is one, but no one seriously worries about it being weaponized for any large-scale financial crimes. Most people鈥檚 concerns about a gift card is either losing it. The real concern lies not in lost gift cards, however, but in the broader trend: Nonbank institutions managing vast sums without commensurate oversight 鈥� and scale matters. A lost gift card is a personal inconvenience; but an unregulated institution managing billions of consumer dollars in leveraged capital is a systemic one.

Shadow banking encompasses credit and lending activities by institutions that are not traditional banks, and crucially, they do not have access to central bank funding or public sector credit guarantees. And because they are not subject to the same prudential regulations as depository banks, they do not need to hold as high financial reserves relative to their market exposure, allowing for very high levels of leverage which in turn can magnify profits during boom periods and compound losses during downturns.

The shadow banking ecosystem is diverse, and each segment of it presents distinct risks:

• • Hedge funds and private equity firms听鈥� Firms like Blackstone, KKR, and Apollo manage vast capital pools using leveraged strategies under limited oversight. Their size and borrowing levels may mean that market reversals can trigger rapid deleveraging, spilling risk into broader markets.
  • Family offices听鈥� A private company or advisory firm that manages the wealth of high-net-worth families, these can operate with even less transparency and often outside direct regulatory scrutiny, enabling them to engage in extreme leveraging and posing risks of sudden collapse.
  • Nonbank mortgage lenders and FinTechs听鈥� This group faces lower capital requirements than traditional banks, leaving thinner buffers to absorb losses during downturns, which can be especially concerning considering this sector鈥檚 rapid growth.
  • Crypto exchanges听鈥� Like much of the cryptocurrency ecosystem, these exchanges operate in jurisdictional gray zones, complicating enforcement and enabling illicit financial flows.
  • Money market funds 鈥� While these are generally perceived as safe, they can suffer runs if confidence in underlying assets erodes, which can force fire sales that destabilize related markets.
  • Special Purpose Vehicles (SPVs) and Structured Investment Vehicles (SIVs)听鈥� These investment instruments allow large institutions to move risk off their balance sheets, rendering such activity invisible to regulators.

Shadow banking may be the single greatest challenge facing financial regulation. These non-traditional institutions act like banks, but without the safeguards that make banks accountable. And where accountability is absent, opportunity often fills the void.

The same opacity that makes shadow banking difficult to regulate also makes it attractive to those with less legitimate intentions. Without mandatory reporting requirements, standardized oversight, or the threat of deposit insurance revocation, these institutions can become conduits for money laundering, fraud, terrorist financing, and sanctions evasion in ways that traditional banks simply cannot. The question is no longer whether these vulnerabilities exist, but how they continue to be exploited.

The challenge of regulation

The global financial system has always evolved faster than the rules designed to govern it. What began as a coffee loyalty program and a few alternative lending platforms has quietly morphed into a parallel financial universe, one that moves trillions of dollars with a fraction of the transparency that traditional banking requires. That gap between innovation and oversight is not just a regulatory inconvenience, it鈥檚 an open door for illicit actors.

Closing that door will require more than periodic enforcement actions or piecemeal legislation. It will require regulators, lawmakers, and institutions to reckon honestly with how broadly the definition of a financial institution has expanded, and who bears the risk when things go wrong. Because historically, it has not been the institutions themselves; rather it has been the customers, the investors, and ultimately the public.

The first step, of course, is awareness. Recognizing that your money does not need to be in a bank to be at risk and that the custodians of that money need not be offshore shell companies to operate in shadows, can transform how we think about financial safety.

The line between a convenient app and an unaccountable financial intermediary is thinner than most realize. And in the world of financial crime, thin lines have a way of vanishing entirely.

You can learn more about the听many challenges facing financial institutions today听here

Key insights:

• • • Geopolitical crises fuel financial volatility and illicit activity 鈥� Conflicts have traditionally accelerated capital shifts and flows, creating cover for bad actors.

    • Predictable patterns emerge 鈥� Financial institutions should watch for sudden cross-border activity, unusual cash deposits, and transactions from border areas.

    • Conflict zones enable black market expansion 鈥� They also should adapt their compliance systems to detect more sophisticated methods used by criminals, tightening screening and enhancing staff training.

While business and international politics may appear cold and calculating, these things are often driven by emotion, especially fear 鈥� and fear of instability often drives market volatility.

So it goes as the United States attacks one of the world’s largest militaries and supporters of regional terror groups, causing deepening instability in a Middle East already beset by violence. It is certain that there is already a surge of money flowing in and out of the region for different reasons. Legitimate and illegitimate actors alike will seek to both run away from the crisis and profit from it. However, there are some anti-money laundering specific thoughts that financial institutions need to consider during a time of global uncertainty.

The bottom line 鈥� lots of money is on the move. Funding will send aid groups towards the crisis; it will also send logistical supplies, war material, and other necessities. All of these cost money, and defense sectors in multiple countries will be pumping out munitions to refill stockpiles in any country that is related to or in the neighborhood of the conflict.

Not every large transaction is an unusual, reportable event, but financial institutions now need to look one or two layers below the surface. What does not seem related on the surface is always a red flag. Look at beneficial ownership of companies and vessels, look at relations of the owners, not just the 听(OFAC) results of those people themselves. The financial system will, and should, allow the legitimate funds to flow. However, financial investigators must remain diligent to catch bad actors that take advantage of the surge in non-profit activity or the urgency with which legitimate businesses operate in a conflict zone.

Risk Factor 1: Capital flight from regime change

Just as the fall of the Al-Assad regime in Syria caused family funds to flow to as regime members fled the country, you will see the same with politically exposed persons (PEPs) who are inevitably fleeing regime change in Iran. A political crackdown will come. Whether the victors are on the side of the West or not remains to be seen, but some factions are going to flee the country and take family wealth with them.

Banks and other financial services should watch for anyone connected to people moving money through neighboring countries in which they may have literally hiked or driven before depositing cash into a financial institution. There are stories of refugees leaving places with gold bands on their arms, cash and false bottom purses, and diamonds in the lining of sweaters. These things will be converted to cash in neighboring countries and put into financial systems less affected by the conflict. An influx of cash throughout the region, therefore, could indicate this type of capital flight.

Risk Factor 2: Illicit finance and black markets

Since the fall of Syria, we have also become aware of that helps fuel addiction and armed conflict. There are certainly other substances and drug trafficking networks about which we know very little on this side of the secrecy veil.

Therefore, this instability will be seen as a time of opportunity for criminal groups. Indeed, with Assad鈥檚 security forces no longer controlling middle eastern captagon and other narcotics trade and various armed groups looking for funding sources, this is an illicit business opportunity.

Financial institutions can expect rapid movement of money between unrelated shell corporations, new corporations, and shadow vessels. They also should expect the black market to boom with drugs, contraband Iranian oil, and funds tied to narcotics that they have only yet to discover. Illegal arms will also generate funding, so all of the methods, both formal and informal, used to transfer value will become active.

In fact, large portions of such funding will flow through financial institutions; and peer to peer payment providers, FinTechs, and money transmitters should be especially wary of funds moving rapidly through their platforms. A burst in conflict means a burst in activity from illicit sources; therefore, enhanced, targeted monitoring is a must.

How financial institutions鈥� risk & compliance teams should respond

First, all financial institutions鈥� risk & compliance departments need to assess their institutions鈥� OFAC and sanctions screening search parameters. This is a good time to dial up fuzzy logic capability and reduce match percentage thresholds. In other words, risk tolerance should go down while the metaphorical dragnet gets wider. Surge the department鈥檚 personnel capability to compensate if you have to, because that is better than a strict-liability OFAC fine. Remember, OFAC sanctions are closely tied to national security, especially when it comes to Iran. This is not an arena in which leniency can be expected. Compliance teams should look at monitoring systems and thresholds immediately, create geographical targeting models to cover the conflict zone, and consider a command center approach to deal with the fluidity of the situation until things settle.

If your institution has not already taken the hint from regulators, this also is an opportunity to double down on Customer Due Diligence and identity verification. Front line staff and embedded business compliance personnel should receive updated training and job aids to increase awareness and hone internal reporting. Indeed, it is an advanced business skill to understand complex corporate beneficial ownership, much less to detect when it may be tied to illicit activity or corrupt regimes. Now is the time to increase that level of knowledge and thereby make the culture of compliance more robust.

In every crisis there is opportunity as well as risk: Managing the risk allows every company to take advantage of the opportunity, shore up its mission, and strengthen the institution.

You can find out more about听the geopolitical and economic outlook for 2026听here

Key insights:

• • • Fraud prevention presents systems challenges 鈥� In the current advanced tech-enabled environment, AI-driven tools in the public sphere need human coordination and oversight to be employed properly.

    • The intangible cost of fraud is public trust 鈥� When public programs that are designed to support vulnerable populations fall victim to exploitation, confidence in the ability of government-administered programs falters.

    • The full scope of fraud is unknown 鈥� Many improper payments from government programs aren鈥檛 criminal. It鈥檚 that we need better data, clearer definitions, and a stronger understanding around what fraud truly is.

As public programs and the scale of fraud become the subject of national and state political discourse, more state governments and public sector agencies are evaluating the potential of data analytics and AI tools to curb fraud. As these institutions are realizing, effective fraud prevention is easier said than done, and investment in new detection tools will fail to keep pace with fraud if they don鈥檛 address structural, cultural, and coordination challenges.

Early fraud detection

Early detection of fraudulent activity, aided by AI tools and systems, may still be the most effective way to deter future problems. For example, California Community Colleges, the largest higher education system in the United States, currently serves more than two million students and has in two-thirds of its institutions in order to detect fake students. With open access for enrollment, the system is a magnet for fake students who apply, enroll, and fill seats in virtual classes that real students should be occupying, while fraudulently collecting federal and state student aid.

In 2024, it was estimated that nearly one-third (31%) of financial aid applicants at California Community Colleges were fraudulent, resulting in approximately $13 million in state and federal aid dollars being disbursed to fake students.

California Community Colleges employed a three-phased approach seeks to catch fraudsters who may slip through at the time of application, when they register for courses, and when they apply for financial aid. The system engaged in cross-agency collaboration with the California Department of Motor Vehicles and deployed a mobile ID system to authenticate student identity. Further, its data analytics looked at factors such as students鈥� IP addresses, time zones, age, and contact information to flag those patterns that could indicate a fake applicant. An AI tool analyzed course registration patterns, as well, identifying whether applicants have illogical or unusual patterns in the courses they are taking.

Then, system educators integrated into their virtual courses early on, requiring students to submit an introductory video, for example. This allows educators to cut non-participating students (presumed to be fake) before financial aid is disbursed.

These early detection tools, paired with human judgment, showed how a proactive approach can stop fraud before funds are lost.

Gaming government systems

While fake students illustrate small-scale exploitation in California, provider fraud is where large dollar amounts and case complexity arise. When fraudsters illegally obtain Medicaid funds for services they never rendered, for example, individuals in need of services suffer.

Minnesota鈥檚 now-shuttered Housing Stabilization Services program intended to help move individuals who were experiencing housing insecurity into transitional and then permanent housing solutions. According to a , the well-intentioned program enriched sophisticated fraudsters, who formed business entities and falsified employee hours, reimbursement claims, and patient identities 鈥� even going so far as to manufacture false case notes as a precaution against their records ever being audited. Not surprisingly, illegally gained reimbursements were used to fund high living expenses, luxury shopping, and cars.

Similar fraudulent providers have been charged by the U.S. Attorney’s Office for the Northern District of Texas as part of . Four individuals fraudulently billed around $20 million to federally funded programs and other insurers.

In another case that showed that fraudsters sometimes can come from inside the house, a group of were ruled against by a federal judge in a whistleblower lawsuit alleging that four insurers and six health systems routinely, improperly billed the state鈥檚 Medicaid program. Part of the reason for the judgment was because the disputed claims were still paid by the Indiana Medicaid program, despite it being aware of alleged issues. In this case, oversight gaps and a consistent pattern of not flagging improper payments revealed a structural weakness within the state office.

Different approaches for data analytics

Some agencies are employing different methods to leverage advanced tech to help in the fight against fraud. For example, the Louisiana Department of Health is using AI to scrutinize Medicaid recipients and their eligibility. A developed at the University of Louisiana at Lafayette will allow the Louisiana Department of Health to share data with the state鈥檚 Office of Motor Vehicles. By analyzing whether individuals have duplicate licenses in other states, their eligibility to receive benefits in Louisiana may be rescinded.

Focusing on a different tack and target, the Center for Medicaid and Medicare will deploy a six-year pilot program of the across six states: New Jersey, Ohio, Oklahoma, Texas, Arizona, and Washington. The pilot program will specifically target low-value services with little to no clinical, evidence-based benefits and will expedite review of those services that are at a higher risk for provider fraud, waste, or abuse. This heightened scrutiny of providers seeking Medicaid reimbursement is in alignment with recommendations from the around program integrity.

These varying approaches raise a difficult question: Is it better to risk inefficiency by targeting providers, or it better to risk inequity by targeting recipients?

Understanding the measures of fraud, waste, and abuse

The total cost of fraud is difficult to calculate, as there are countless incidents of fraudulent reimbursement requests, overbilling, or unnecessary medical treatment that cannot be counted. Two data measures that we have to understand to truly gauge the efficacy of public health systems’ financial health are the payment error rate and the dollars recovered through fraud controls.

are those payments that fail to meet statutory, regulatory, or administrative requirements. They may be for non-eligible services, be inappropriately or inaccurately coded, or may exceed program maximum amounts 鈥� but their common denominator is that they represent funds that were misspent or out of step with fund guidelines.

Improper payments are calculated and reported to Congress annually across all federal healthcare programs. The dollar recovery rate calculates the amount of inappropriate reimbursements recovered from fraudulent actors each year, usually through the pursuit of civil or criminal damages. However, it鈥檚 important to remember that not all improper payments are lost to fraud. For example, within the Medicaid program were most often tied to missing appropriate documentation for individuals receiving care.

Understanding these definitions determines how we measure success, design large government systems, and allocate enforcement dollars across states. Such preventative measures, especially now aided by AI and other advanced tech, will help the next generation of fraud detection professionals who will come to rely on the tools and platforms that we design now.

And as more state governments and public sector agencies seek to leverage AI tools and platforms, they would be wise to focus on efforts that collect and analyze real-time participant data and incorporate ethical AI oversight, while balancing an investment in prevention as well as prosecution.

You can learn more about the challenges that government agencies face today here

Key insights:

• • • Blockchain data exceeds Wolfsberg expectations 鈥� Public, attribution-rich ledgers give crypto firms immediate access to behavioral, network, and cross-chain signals that traditional banks must retrofit or request from third parties.

    • Crypto companies can leverage this data 鈥� With abundant labeled history and real-time on-chain context, crypto companies can combine rules, supervised machine learning, and unsupervised discovery to identify emerging typologies faster and with clearer explainability.

    • SARs become actionable intelligence, not just checked boxes 鈥� By including wallets, hashes, and traceable flows, this data can turn SARs filings into ready-to-investigate leads for law enforcement, thereby converting compliance from a cost center to a competitive advantage.

The Wolfsberg Group’s on modernizing suspicious activity monitoring comes at a crucial time for cryptocurrency companies. Traditional financial institutions are being encouraged to go beyond basic transaction monitoring by including behavioral analysis, network effects, and various risk indicators in their anti-money laundering (AML) programs. For cryptocurrency companies, the framework describes capabilities that blockchain data infrastructure was essentially built to support.

Wolfsberg’s recommendations map almost perfectly to what blockchain businesses already are able to do. While traditional banks work to update legacy transaction monitoring systems with new capabilities, crypto companies operate in an environment in which the data for complex monitoring already exists. For crypto companies, this shouldn鈥檛 be seen as simply having to adapt to a new standard, but rather as a unique opportunity to set a new standard.

Investigation advantages built into the technology

Traditional financial investigations operate within closed systems. Investigators, at the start of an investigation, primarily have access to data points from their institution and what is available online. They may then need to gather additional information, each controlled by different institutions with their own legal requirements and timelines. The financial trail crosses multiple organizations, jurisdictions, and record-keeping systems that do not communicate with each other. With Suspicious Activity Reports (SARs) filings, investigators are often forced to close an investigation with gaps in the full picture.

Cryptocurrency investigations begin with transparency. Blockchain attribution tools offer visibility into fund flows throughout the entire ecosystem. The financial trail is recorded on a public ledger, in which tracking money doesn’t require negotiating with counterparts or waiting for legal approvals. This fundamentally changes what’s possible during an investigation. Questions that would take traditional investigators weeks to answer through formal channels or go unanswered by the time the SAR is due can be resolved in hours using attribution data and on-chain analysis.

The data available to cryptocurrency companies means they can move past compliance as a check-the-box exercise and start getting creative when thinking about what’s actually possible.

The Wolfsberg framework emphasizes “expanded risk indicator coverage” by analyzing data points beyond transaction amounts, dates, and counterparties. Blockchain companies have easy access to this data 鈥� wallet age, complete transaction history, interaction patterns with decentralized finance protocols, network connections to known bad actors, mixing service usage, cross-chain behavior, and anomalies that would be invisible in traditional banking. The data exists and is readily available for use in innovative and unique ways.

Detection models that can do more than react

Wolfsberg recommends combining three approaches: i) rules-based monitoring for known risks; ii) supervised machine learning for identifiable patterns; and iii) unsupervised methods for detecting emerging threats. Cryptocurrency companies can implement all three at the same time because the underlying data supports each approach.

Rules-based monitoring handles obvious cases such as sanctioned wallet addresses, direct transfers from darknet marketplaces, and transactions routed through high-risk jurisdictions. This represents baseline coverage that almost every crypto company will already have implemented. Adding the ability to look up scam wallets that are self-reported by victims online and community reporting capabilities in blockchain forensic tools, the foundation for much more effective risk mitigation is easily established.

Using blockchain’s historical data, models can be trained on years of confirmed criminal activity that law enforcement or blockchain tools have already identified. As traditional banks can’t access validated historical data across the entire payment ecosystem at this scale, they typically must rely on internal data and industry guidance to develop their models. Cryptocurrency companies, however, can utilize blockchain history and attribution databases that document known illicit activity. This means models can be trained on nearly unlimited applicable data from the past and can even be trained on near-real-time data as it gets added to databases.

Yet, it is with unsupervised learning that crypto companies can genuinely innovate beyond what traditional finance does by feeding attributed wallets, self-reported fraud wallets, and public blockchains directly into machine learning or AI models. With this, companies can analyze complex, interconnected patterns of activity that allow models to continuously identify emerging typologies and patterns in near real-time and potentially instantly expose gaps in a scenario鈥檚 current coverage.

It is with unsupervised learning that crypto companies can genuinely innovate beyond what traditional finance does by feeding attributed wallets, self-reported fraud wallets, and public blockchains directly into machine learning or AI models.

The data available to cryptocurrency companies means they can move past compliance as a check-the-box exercise and start getting creative when thinking about what’s actually possible.

SAR quality as intelligence product

The Wolfsberg framework addresses SAR quality directly, highlighting the problem of financial institutions filing too many low-value reports because their systems generate alerts that they cannot fully resolve. Indeed, institutions file thousands of SARs because they have unanswered questions or are unsure of exactly what is going on due to a lack of available data, not because they’ve identified actual money laundering.

Blockchain data changes what SAR filings can look like in ways that matter for law enforcement. When attribution tools indicate that funds originated from a wallet cluster associated with ransomware, were transferred through a mixing service, appeared in a customer’s deposit address, and were immediately withdrawn to a known cash-out service, the SAR can describe the exact pattern of suspicious activity with on-chain evidence for each step.

Including wallet addresses and transaction hashes in SAR narratives provides investigators with something traditional bank SARs rarely offer: immediate starting points they can follow without additional legal process, immediately making the SAR actionable intelligence.

Law enforcement agencies are overwhelmed with SARs, and it often feels like an investigator鈥檚 SAR filings don’t lead anywhere. However, when investigators can include information that helps law enforcement investigate and prosecute cases quickly and effectively, those investigators also may start seeing activity on the blockchain, such as illicit actors’ wallets slow down or funds be seized from a scammer’s wallet. This not only helps with the feedback loop but also confirms to an investigator that their work is making a real difference.

Building programs that lead instead of follow

The Wolfsberg framework also makes clear that innovation in AML isn’t optional. Criminal networks evolve too quickly for static rule sets and outdated monitoring systems. Advanced approaches need to be explainable, properly validated, and integrated into broader risk management frameworks.

Financial institutions need to build models that fully use available blockchain data, then validate them against on-chain patterns that can be directly observed. They should also train their investigators to understand blockchain attribution and network analysis 鈥� not just how to read a blockchain explorer, but how to interpret what attribution tools reveal about fund flows and network connections. When filing SARs, institutions need to include the on-chain evidence that makes their filings immediately actionable for law enforcement.

Traditional financial institutions are modernizing systems designed for the pre-internet era, while cryptocurrency companies are building compliance programs in a data-rich environment that makes certain investigations more effective than they’ve been in the past. The opportunity here isn’t just about meeting the Wolfsberg recommendations; rather the opportunity is showing what becomes possible when compliance programs are built with these capabilities from the ground up and when the data advantages inherent to blockchain technology get used to their full potential.

That will be what changes how regulators think about the industry 鈥� and what turns compliance from a cost center into a competitive advantage.

You can find more of听our coverage of SARs and related efforts听to combat financial crimes here

Key insights:

• • • The OBBBA has stricter verification requirements 鈥� These requirements have inadvertently created an environment that incentivizes fraudulent activities, such as identity theft and document forgery, especially among individuals seeking Medicaid and ACA coverage.

    • The OBBBA enacts tax policy modifications 鈥� These modifications, including reduced third-party reporting mechanisms and expanded tax benefits, may create opportunities for underreporting of income among gig workers and small businesses.

    • OBBBA’s contains large-scale funding mechanisms 鈥� These mechanisms along with rapid implementation may put pressure on traditional procurement safeguards, creating potential challenges in oversight and accountability.

The One Big Beautiful Bill Act (OBBBA) aimed to fulfill several policy objectives from the Trump Administration’s campaign platform. However, an examination of the legislation and its implementation reveals mixed results, particularly concerning potential vulnerabilities for fraud, waste, and abuse across various sectors.

Healthcare eligibility fraud: A slippery slope

The OBBBA introduced stricter verification requirements for lawful status, residency, and work eligibility within healthcare benefit programs. While intended to bolster program integrity, these tightened standards have, in some cases, inadvertently incentivized fraudulent activities.

For example, individuals seeking Medicaid and Affordable Care Act (ACA) coverage have reportedly resorted to identity theft, document forgery, and falsified employment or training records to meet the new criteria. This environment has attracted organized fraud networks and unscrupulous enrollment brokers who exploit system vulnerabilities, ultimately impacting legitimate beneficiaries through compromised identities and bilking taxpayers through misallocated resources.

Historically, enhanced verification measures have sometimes led to similar unintended consequences. The period after passage of the Immigration Reform and Control Act of 1986 (IRCA), for instance, saw a rise in widespread counterfeiting operations due to document requirements. Similarly, Medicaid programs have consistently battled identity fraud, and related work requirement pilot programs have shown patterns of misreporting. The rapid, large-scale eligibility transitions during the pandemic also created opportunities for fraudulent activity. These historical examples demonstrate an unfortunate reoccurring pattern that sometimes administrative safeguards, while designed for integrity, can create incentives for sophisticated circumvention strategies.

Tax policy changes: Opening doors to evasion

The OBBBA’s tax policy modifications have introduced new dynamics in reporting and compliance, potentially affecting revenue collection. The legislation reversed the $600 1099-K reporting threshold and raised 1099-MISC/NEC thresholds to $2,000. This reduction in third-party reporting mechanisms makes it harder to ensure accurate income declaration. Simultaneously, the law expanded certain tax benefits, including a 100% federal credit for private-school scholarship donations and a doubled, qualified small business stock exclusion. These changes impact various stakeholders, including gig workers, self-employed individuals, operators of small businesses, high-income investors, charitable organizations, and tax planning professionals.

In addition, state-level scholarship programs with similar 100% credit structures have experienced various forms of abuse. These precedents indicate that the current changes in the OBBBA may create opportunities for underreporting of income among gig workers and small businesses. There is also potential for misuse of the new tax benefits through self-dealing arrangements or sophisticated strategies designed to minimize tax obligations.

History suggests that changes to reporting requirements and tax incentives can create compliance challenges. Past instances in which reporting mechanisms were weakened or enforcement reduced have correlated with an increase in the tax gap 鈥� the difference between taxes owed and taxes collected. The Tax Cuts and Jobs Act (TCJA) era, for example, demonstrated how new provisions could be exploited in unforeseen ways.

Unaccountable spending and contracting fraud: A risky proposition

The OBBBA also established significant funding mechanisms, including a $100 million Office of Management and Budget fund and $30 billion allocated for immigration enforcement activities, that granted relatively broad administrative discretion in their deployment. These substantial appropriations, intended for rapid implementation, may put pressure on traditional procurement safeguards.

Indeed, the sheer scale and urgency of these funding streams have attracted various participants, including agency officials with expanded discretionary authority, established government contractors, and new market entrants.

Historical experience with large-scale, rapidly deployed government funding suggests potential challenges in oversight and accountability. The Department of Homeland Security, for example, has been designated as High Risk by the Government Accountability Office partly due to procurement management concerns. In the past, post-9/11 security initiatives and Iraq reconstruction efforts also revealed vulnerabilities in expedited contracting processes; and more recently, COVID-19 relief programs like the Paycheck Protection Program demonstrated how substantial funding, compressed timelines, and reduced oversight can create conditions conducive to fraud and waste. These precedents suggest that the current funding structure within the OBBBA may face similar risks, including potential misallocation of resources, irregular contracting practices, and exploitation by opportunistic actors seeking to benefit from loosely constrained procurement processes.

Cross-cutting vulnerabilities and systemic impact

The OBBBA’s implementation has introduced significant operational changes across multiple government programs, leading to rapid policy transitions and large-scale re-verification processes. These administrative shifts have generated confusion among beneficiaries and stakeholders, which opportunistic actors have exploited.

This exploitation includes phishing operations and fraudulent benefit fixer services that prey on individuals struggling to navigate the new requirements. The pace and complexity of these changes have challenged traditional oversight mechanisms, as the government鈥檚 capacity for auditing, data analytics, and procurement controls has struggled to keep pace with the scale and speed of implementation demands.

These gaps in oversight and enforcement are likely to create systemic vulnerabilities beyond immediate program integrity concerns. When fraudulent activities succeed, legitimate program beneficiaries face reduced access to services as resources are diverted from their intended purposes. Simultaneously, compliant taxpayers bear increased burdens as fraudulent claims and inefficient spending patterns require additional revenue or reduce the effectiveness of public investments.

This dynamic illustrates how implementation challenges, like those in the OBBBA, can create cascading effects, ultimately undermining both program effectiveness and public trust in government operations, regardless of the underlying policy objectives.

You can find more of our coverage of听the impact of the One Big Beautiful Bill Act听here

Key insights:

• • Benefits of cooperation 鈥� Cooperative purchasing can significantly streamline procurement and level the playing field for smaller government agencies.

  • There are various models to follow 鈥� Different cooperative models offer distinct value: piggybacking improves access to competitive pricing with flexible adoption, while joint solicitations aggregate demand to secure more aggressive discounts by committing volume across multiple agencies.

  • Support is needed, and questions remain 鈥� Policy and institutional support are accelerating adoption, but trade-offs remain. State-backed entities and regional cooperatives expand contract access and scale, yet questions persist about true cost savings.

As of 2019, $4.45 trillion was spent across all levels of government, 50% of that spent by state and local entities, according to the U.S. Congressional Budget Office. These agencies have a fiscal responsibility to taxpayers to ensure that they receive competitive pricing on the goods and services they purchase.

Larger government agencies may have sophisticated procurement divisions with professional buyers and individuals responsible for soliciting and negotiating contracts in the best interest of the municipality. Meanwhile, smaller municipalities, which are less likely to have standalone procurement divisions, often receive less competitive pricing and haven鈥檛 had the staff capacity or expertise to negotiate the best terms for their purchasing needs.

Fortunately, new cooperative purchasing models are on the rise, and that could level the playing field between local governments no matter their size, while they also streamline procurement processes and save taxpayers money.

Cooperative procurement basics

Cooperative procurement takes two main forms: .

Piggybacking, the more common form of cooperative procurement, is when one agency utilizes another agency鈥檚 contract (even though they were not part of the original solicitation process.) This piggybacking allows for one agency to receive competitive pricing based on another agency鈥檚 solicitation efforts; and because suppliers are not guaranteed volume of purchase, discounts are not the most aggressive in this format.

Joint solicitation is less frequently used and occurs when two or more agencies combine their purchasing needs into a single solicitation 鈥� the equivalent of buying in bulk. Each agency is bound by the contract, but one entity is typically the lead agency. This offers suppliers an opportunity to guarantee larger purchase minimums and command more aggressive pricing discounts.

There are also membership-based entities that are helping to make government procurement easier and quicker, especially for smaller entities.

For example, is a Texas-based technology engine that connects government agencies and suppliers to facilitate peer engagement for public sector entities. Their leadership described a traditional local government solicitation process as lengthy, taking anywhere from 6 to 9 months for agencies to identify a need, solicit bids from suppliers, evaluate, and then execute a contract. The timeframe is streamlined up to 60% for Civic Marketplace users by accessing templates for solicitations, cooperative contracts, shortcuts to connect with pre-vetted vendors, and centralized vendor data. This platform also works to address another barrier of local government purchasing 鈥� the inequity between agencies of different sizes and sophistication.

New cooperative purchasing models are on the rise, and that could level the playing field between local governments no matter their size, while they also streamline procurement processes and save taxpayers money.

While Civic Marketplace is membership-based, it is not tied to a regional geography. Members can access volume-based pricing by aggregate demand across cooperative members as well as accessing shared contract language. States including Michigan and Minnesota have created special government entities to provide access to cooperative purchasing mechanisms.

Overall, these methods offer government agencies, especially smaller ones, a way to remain compliant with regulations, award contracts impartially, and remain transparent, all while engaging with peer communities with similar needs that can help agency procurement professionals foster a better understanding of pricing, scope of work, and vendor relationships compared to a wholly decentralized approach to purchasing.

Further, several state legislation and executive actions have also driven cooperative development. In Minnesota, for example, is a membership-free cooperative enacted by the state legislature, and public sector entities in the United States and Canada can access shared contracts and piggyback off them at no charge. Suppliers are also able to access the network at no fee, although a percentage of the contract fee is paid back to Sourcewell when a contract is utilized.

In Michigan, the (MMSA) was created as a virtual city by the governor鈥檚 office in 2012. The entity provides a small number of local municipalities within Michigan with procurement for very specific services including managed IT, cybersecurity, electronic payments, and more. MMSA has received positive feedback from vendors, noting that the streamlining of this process connects them with more prospective clients and allows them to flatten their pricing.

What are public procurement鈥檚 future needs?

The need for automation and streamlining in public procurement is evident, as the estimates that the size of the public sector鈥檚 purchasing manager workforce will lag behind private sector growth over the next decade by 1.3%. Fortunately, cooperative purchasing will enable smaller government agencies to be more agile with limited resources, and using pre-vetted, competitively solicited contracts will save them time and money.

Yet, the evolving space of cooperative procurement is not without criticism. Some argue that cooperative procurement is more about convenience than it is about realizing cost savings, and others argue that public procurement is a space that will likely be dominated by private sector players that are compensated off the top of executed contracts, costing taxpayers more than they might have paid otherwise. So far, there is limited data to speak to whether cooperative procurement opens opportunities for small, diverse, or local vendors 鈥� but anecdotally, it appears that broad online process benefits larger vendors who can deliver at scale.

As government agency leaders evaluate cooperative procurement for their own internal processes, they must weigh what is more important for them: convenience and time savings, realizing true cost savings, or directing more procurement dollars toward local and diverse-owned public suppliers.

You can find out more about the challenges that government agencies face here

Key insights:

• • • Auditors are critical in initial financial crime detection听鈥� Professionals responsible for auditing transactions are the primary line of defense in identifying suspicious activity, such as irregular deposits or transactions inconsistent with an account’s purpose.

    • CI-FIRST enhances SAR effectiveness and collaboration听鈥� The new CI-FIRST initiative by IRS Criminal Investigation marks a significant shift by providing financial institutions with feedback on SARs, fostering a more transparent and collaborative partnership with federal agencies.

    • Financial crimes are evolving, requiring improved SAR quality听鈥� Recent trends show a troubling rise in sophisticated financial crimes like account takeover fraud, elder exploitation, and resilient check fraud, underscoring the urgent need for enhanced clarity and improved quality in SARs preparation.

The financial professionals responsible for auditing transactions are integral to the detection of financial crimes. These individuals serve as the initial point of contact for identifying transactions that may be cause for concern, including patterns such as irregular recurring deposits or activity inconsistent with the account鈥檚 intended purpose.

Upon detection of potentially suspicious financial activity, a bank initiates a thorough internal review to assess whether the circumstances warrant the submission of a Suspicious Activity Report (SAR). If the criteria for suspicion are met, the electronically with the Financial Crimes Enforcement Network (FinCEN) within 30 to 60 days. The report is housed in a secure government database, accessible to authorized agencies such as the FBI, DEA, and IRS for further analysis. While this reporting mechanism plays a vital role in combating financial crime, it is not without limitations.

A significant challenge of the SARs system historically has been the absence of feedback provided reporting to banks regarding the outcomes of their submissions, resulting in a unilateral flow of information. To address this issue, the IRS Criminal Investigation launched a new initiative known as Feedback in Response to Strategic Threats (CI-FIRST).

The CI-FIRST initiative

In early 2025, the initiative was introduced, aiming to establish a transparent and effective partnership between federal agencies and private financial institutions. This program enhances transparency around SARs filings, providing financial institutions with clearer insight into how their submitted SARs are utilized in federal investigations. By doing so, it marks a significant shift in the way SARs are handled.

CI-FIRST fosters a more collaborative relationship between financial institutions and federal investigators, allowing for direct feedback and communication. This open dialogue could lead to more efficient and effective SARs processes. Moreover, the program has the potential to be a blueprint for other agencies, demonstrating a successful model for improving data quality and facilitating more robust information sharing. The success of CI-FIRST could have far-reaching implications for the way financial crimes are investigated.

Within this fraud landscape, several troubling patterns emerged that underscore the sophistication and persistence of financial criminals. For example, check fraud has demonstrated resilience despite the digital age, with financial institutions filing 682,276 SARs related to this traditional form of fraud, representing a notable uptick from previous periods.

CI-FIRST fosters a more collaborative relationship between financial institutions and federal investigators, allowing for direct feedback and communication.

Even more alarming was the dramatic 36% surge in account takeover fraud, a cybercrime that reflects criminals’ increasing ability to exploit digital vulnerabilities and compromise customer accounts. This surge resulted in nearly 178,000 reports, underscoring how criminals are adapting their methods to target online banking and other digital financial services.

The SARs data also revealed that identity theft remained a persistent threat, comprising more than one-quarter of all fraud-related SARs filed in 2024. This substantial proportion demonstrates how personal information breaches continue to fuel criminal enterprises across multiple fraud categories. Perhaps most concerning from a societal perspective was nearly 10% increase in elder financial exploitation cases compared to 2023, with 171,233 SARs filed specifically addressing crimes against vulnerable older adults. This trend reflects not only the increasing targeting of seniors but also potentially improved recognition and reporting of these crimes by financial institutions.

Financial institutions face mounting challenges

These comprehensive trends collectively illustrate the mounting challenges facing financial institutions, law enforcement, and regulatory bodies in their efforts to prevent, detect, and prosecute financial crimes. The sheer volume and diversity of criminal activity captured in these SAR statistics demonstrate that traditional approaches to combating financial crime require enhancement and modernization.

It is within this context that the CI-FIRST initiative emerges as a particularly relevant and timely response. One of the initiative’s most significant contributions lies in its commitment to providing enhanced clarity and guidance on the preparation of required SARs reports.

This improvement in clarity serves multiple critical functions in the financial crime prevention ecosystem. For example, by establishing clearer standards and expectations for SAR preparation, the initiative aims to improve the quality and consistency of the information provided to law enforcement agencies and regulatory bodies.

The sheer volume and diversity of criminal activity captured in these SAR statistics demonstrate that traditional approaches to combating financial crime require enhancement and modernization.

Further, the enhanced clarity in SARs preparation has direct implications for the speed and effectiveness of subsequent law enforcement actions. When SARs contain more precise, complete, and well-organized information, investigators can more quickly identify patterns, establish connections between cases, and build stronger foundations for legal action. This improved information quality significantly accelerates the process of obtaining subpoenas, as law enforcement officials can present more compelling and comprehensive evidence to judicial authorities when requesting these critical investigative tools.

Finally, the enhanced SARs preparation standards contribute directly to more effective prosecutions of individuals engaged in financial crimes. Prosecutors rely heavily on the detailed information contained in SARs to build their cases, and when this information is clearer, more thorough, and better organized, it becomes significantly easier to demonstrate criminal intent, establish patterns of illicit behavior, and present compelling evidence to juries. This improvement in the foundational documentation makes it substantially more likely that prosecutions will be both accurate in targeting genuine criminal activity and successful in securing convictions.

The expediency gained through these improvements creates a virtuous cycle in financial crime prevention. Faster, more successful prosecutions serve as stronger deterrents to potential criminals while also providing more rapid justice for victims. Additionally, enhanced efficiency allows law enforcement resources to be deployed more effectively across a broader range of cases, potentially addressing the growing volume of financial crimes reflected in the 2024 SAR statistics.

You can find more of our coverage of SARs and related efforts to combat financial crimes here

Key insights:

• • • Coordinated investigations boost detection 鈥� The recent operation formed a fusion center in which data was shared and compared, enabling earlier and more effective identification of fraudulent patterns.

    • Advanced analytics uncover complex schemes听鈥� Fraudsters allegedly used hundreds of shell companies to mask illicit activities, complicating detection, but analytics platforms leveraging third-party data help identify anomalies.

    • Multi-entity collaboration is essential 鈥� Broader cooperation and data sharing across entities increase the likelihood of timely detection and enforcement actions.

State and federal prosecutors recently charged more than 320 people for $14.6 billion in false claims in what is described as the largest coordinated takedown of healthcare fraud schemes in the history of the U.S. Department of Justice.

The key word here is coordinated. Traditionally, Medicare, Medicaid, private insurers, and other organizations have tended to investigate fraud in isolation. Each agency or carrier worked its own pipeline 鈥� reviewing claims, generating leads, and pursuing cases on its own.

Fraudsters, meanwhile, are more equal opportunity exploiters, often spreading their tentacles across numerous targets. This not only increases their total potential illicit gains, but it also reduces their detectable footprint within any single target. In schemes that sprawl across multiple targeted entities, even if the fraudulent activity is discovered, each target only sees a slice of the total picture.

This recent operation completely flipped that script. The organizations that were targeted for fraud formed a fusion center that shared and compared data. While each individual organization carries its own unique vulnerabilities, the more data that’s shared between more parties, the more likely that patterns can be identified or that perpetrators will hit a trip wire somewhere along the way in one of the targeted organizations and be detected.

The goal of such coordination is to spot fraud as early as possible, before it has a chance to permeate more deeply into each affected organization. Even with coordination, the challenge remains to detect sophisticated fraud before it balloons into multi-billion-dollar losses. The $14.6 billion figure likely reflects activity that went undiscovered for years.

Early detection is key

In many of these types of fraud schemes, there are massive numbers of dots to connect and threads to follow. In this recent takedown, fraudsters had allegedly set up hundreds of shell companies to mask their illicit transactions, which intentionally made it difficult to trace the fraud back through the shadow businesses to the individual perpetrators.

Advanced analytics platforms that leverage third-party data can help spot these suspicious patterns. And the more entities and more data that these platforms have to work with, the greater their ability to spot anomalies through analysis, such as:

• • • Risk scoring 鈥� Assigning fraud-specific risk ratings based on abnormal billing patterns, outlier service volumes and geographic spikes
    • Entity resolution 鈥� Linking providers, clinicians, and business owners to spot potential shell companies
    • Ownership mapping 鈥� Uncovering hidden relationships among entities registered in different states or countries

Yet, even with advanced analytics and other data sources, detecting fraud and piecing together the multitude of disparate leads that could potentially point back to the perpetrators is a daunting task. Further, the government agencies and private insurers involved both make extensive use of contractors, which, on the one hand, can add another layer of complexity, but at the same time, these contractor networks can also provide additional resources and data for spotting fraudulent patterns.

As the recent takedown demonstrates, it鈥檚 difficult for any single entity to handle this by themselves. For example, the alleged fraudsters in the recent takedown reportedly used entities spread across multiple countries. So, the wider the net is cast, the more likely it is to get better, faster results that can lead to enforcement actions.

Coordinating learnings to assist prevention

While it鈥檚 vital to analyze cases after they鈥檙e successfully concluded to better identify and correct weaknesses and vulnerabilities and to prevent fraud from recurring, it鈥檚 equally important for agencies and organizations to find out what went right and share best practices.

While one organization may fall victim to a fraud scheme, another organization may find that they managed to partially or completely deter the same scheme. By comparing notes along with data, organizations can see which policies, procedures, or technology solutions specifically either enabled or deterred the fraud.

Then, policies and procedures can be reshaped based on what other agencies or carriers are learning in real time as they deal with fraudsters. When organizations share datasets, a suspicious provider or transaction that is flagged by one organization can immediately trigger alerts across the coordinated agencies and carriers. Even if organizations have dissimilar systems or datasets, they can share best practices and adopt similar data taxonomies to make sharing of data easier.

Even if an organization isn鈥檛 part of a multi-agency task force, the principle holds: The more you break down silos 鈥� between departments, between payers, and between public and private sectors 鈥� the faster organizations will be able to spot patterns that might otherwise get missed, enabling earlier detection and faster action.

The extent and breadth of the recent takedown 鈥� from bogus wound-care supplies to illegal pill mills, fraudulent catheter claims, and more totaling billions of dollars 鈥� underscores how fraudsters will seek to exploit every vulnerability and loophole they can find. At the same time, the successfully coordinated crackdown demonstrates how collaboration, data sharing, and the right technologies can help organizations and agencies turn the tide.

You can find out more about the ongoing fight against medical fraud here

Key insights:

• • • Accelerating bank-fintech partnerships 鈥� Acting Comptroller Hood emphasized the importance of innovation in the financial sector, advocating for more freedom for fintech companies and encouraging banks to engage responsibly with digital assets.

    • Advancing financial inclusion 鈥� Hood said he passionately supports initiatives aimed at increasing capital access for underserved communities and promoting economic participation, highlighting financial inclusion as a critical civil rights issue.

    • Modernizing regulation to stimulate growth 鈥� The Acting Comptroller stresses the need for individualized, risk-based supervision and reducing regulatory burdens to unleash growth in the financial sector.

In February, Rodney E. Hood, former chair of the National Credit Union Administration Board, became the first African American to be name Acting Comptroller of the Currency. And although his historic appointment may be temporary 鈥� as Jonathan Gould is undergoing hearings for the permanent position 鈥� Acting Comptroller Hood is living up to his assertion that, 鈥�Acting does not mean inactive.鈥�

At the June U.S. Chamber of Commerce Capital Markets Forum, Acting Comptroller Hood for the regulatory agenda of the Office of the Comptroller of the Currency (OCC), which included these highlights:

Ready all players: Green lights for crypto & fintech

The first two of Acting Comptroller Hood鈥檚 cited priorities focused on innovation: first, by allowing fintech firms to operate more freely; and second, by expanding the ability for banks to hold digital and cryptocurrency assets.

He cited his desire to focus on 鈥渁ccelerating bank-fintech partnerships,鈥� adding that 鈥渋nnovation is the currency of progress.鈥� He also encouraged 鈥渆xpanding responsible engagement with digital assets鈥� by participating in “the architecture of a new financial frontier.鈥�

These priorities represent a full turn towards the modernization of the financial system, as it seems that the government now is recognizing that these technologies are not going away. Renewing and updating the regulations surrounding these issues is better than trying to put 鈥渘ew wine in old wineskins.鈥� Simply put, when new things emerge, we need to create new ways to govern them.

Further, Hood also indicated his passionate support for initiatives designed for financial inclusion, capital access for underserved communities, and fuller economic participation. 鈥淔inancial inclusion is the civil rights issue of our time,鈥� Hood said, adding that viewing fintech companies as a way to help underserved people access banking services is critical.

In the speech, Hood mentioned modernizing regulations as his last major initiative, perhaps for impact. He hailed regulatory rightsizing as one of the OCC鈥檚 most consequential priorities, noting that each financial institution requires individualized, risk-based supervision, not a one-size-fits-all approach. (Interestingly, on the OCC website under the , however, reducing regulatory burden is listed first, indicating its true place in the priority matrix.

Modernizing regulation to unleash growth

Overall, each of Hood鈥檚 main points send us the same direction 鈥� toward modernization of the US financial system via new technologies and markets, and by opening up more ways for financial institutions to move money.

While nothing here points to reducing requirements around anti-financial crime regimes, the effect of this loosening of the spigot likely will introduce new and divergent risks into many financial institutions. The logic behind this is simple: more products, more ways to move money, and more customers is a formula that adds to proportionate increases in risk. Illicit actors are sure to be standing ready to take advantage of the situation.

Indeed, smart financial services companies will keep anti-financial crime efforts front-and-center, empowering their traditional lines of defense to ensure that business growth is from legitimate customers operating legal enterprises. One area that will affect financial crimes departments is the . This typically refers to customers or businesses that are legal but may be considered unsavory, such as firearms or adult entertainment.

Economics and opinions aside, financial crimes teams are overwhelmed and the winds are blowing more work in their direction. Monitoring legitimate businesses by applying the same kind of due diligence standards meant to stem the flow of criminal money creates more noise. Although it is possible to collate funds from illicit activity into a business that already walks close to the line of legality, being classified as high-risk is hardly a good way to evade scrutiny. These businesses will remain high-risk for reasons unrelated to reputational risk, and financial crimes teams will still review them for unusual behavior rather than because of a moral judgement.

Hood also discussed reassessing capital requirements so that such standards are not excessive. This 鈥� while it could contribute to shaky institutions that grow artificially large and risk collapse 鈥� could also just be a great way to stimulate investment in the sector. The proof will be evident over the next couple of years.

Combining all these elements that Hood outlined draws an interesting picture. Fintechs are going to be empowered to onboard new customers, especially because so many people are underbanked. At the same time, banks will be required to keep less capital on hand and will be free to lend out more to a broader definition of qualified borrowers. Speculative digital assets and cryptocurrencies will now be on the balance sheets of these same banks with fewer capital requirements.

Assessing each bank with a tailor-made, risk-based approach is wonderful in theory but in reality, it requires time, effort, and expertise. A flood of innovation and capital may continuously stimulate the economy and become the so-called rising tide that lifts all ships; but there are other potential futures that do not look quite as rosy. For example, the financial services sector could find itself drowning in customers, unable to keep up with the many requirements that will inevitably stay in place.

What can the financial industry do in response?

Innovation in the banking sector means the same in the criminal sector, and we must continue to strive for innovation in areas of law enforcement, intelligence, and anti-crime. Institution leaders need to consider acquiring targeted technological tools to make team members more powerful.

AI and automation may take away some entry-level jobs, and people must become adept at leveraging new tools and honing stronger skills to stay competitive. In collaboration with automated systems, people can do more, better. This means institutions鈥� compliance & risk departments, as always, must continuously train workers to stay at the cutting edge of required skillsets.

Additionally, institutions should find new ways to intelligently target criminal networks instead of just monitoring and reviewing the typical big, unusual, or fast transaction patterns. Behavioral typologies, intelligence analysis of where money is used in supporting illegal activity, and a better understanding of the humans involved, are all available to a department willing to innovate. At this point, banks and other financial services institutions cannot let the criminals out-think the financial industry.

When we hear that an administration hopes to remove regulations and shrink government, we think there will be fewer jobs in compliance. Yet, the opposite is likely true, since these priorities signal a shift to making it easier for financial institutions to do business, exploit digital technologies, and add customers. Naturally, the combination leads to increased volumes in risk, and therefore, the work of risk & compliance professionals remains important and massive.

Register now for The Emerging Technology and Generative AI Forum, a cutting-edge conference that will explore the latest advancements in GenAI and their potential to revolutionize legal and tax practices