Key insights:

• • • Protecting SNAP requires modernization and accountability 鈥� This includes providing chip-enabled cards, stronger monitoring, recipient education, retailer oversight, cross-agency coordination, and fair reimbursement for victims.

    • Skimming is a growing problem 鈥� In the context of financial fraud, skimming refers to the illegal capture of personal data, typically through concealed electronic devices placed over legitimate card readers.

    • The harm can be immediate and severe 鈥� If their food benefits are stolen through skimming, vulnerable households can lose essential food funds, deepening food insecurity in their community.

Electronic Benefit Transfer (EBT) cards serve as a critical resource for the millions of Americans who depend on the nation鈥檚 Supplemental Nutrition Assistance Program (SNAP) to keep food on the table. The typical SNAP household is low-income and often includes children, seniors, or individuals with disabilities, who have earnings that fall at or below the federal poverty level. Based on household size, income, and other qualifying factors, these families receive monthly monetary assistance to help cover basic nutritional needs at authorized retailers.

Think of an EBT card as a debit card specifically designed for food benefits. Recipients use it to access their monthly balance at approved stores, making the process straightforward and dignified. However, like any electronic payment system, EBT is not immune to exploitation. One of the most pressing threats is a type of fraud known as skimming, which puts vulnerable households at serious financial risk.

What is EBT skimming?

Skimming, in the context of financial fraud, refers to the illegal capture of personal data, typically through concealed electronic devices that are placed over legitimate card readers. In the case of EBT fraud, criminals generally install tampered card terminals to steal EBT card information, including account numbers and PINs.

Unlike most modern credit and debit cards, EBT cards still rely on magnetic stripe technology, not more secure embedded chips. This outdated system makes them especially vulnerable to cloning, or the creation of counterfeit cards that contain the victim鈥檚 account number and PIN. Once a thief captures the data, they can create these counterfeit cards and drain benefits almost immediately, often within minutes of the monthly benefit deposit.

The result is that much needed food benefits, meant to last an entire month, are stolen without warning or recourse.

Why is EBT skimming so devastating

The consequences of EBT skimming go far beyond financial loss. For recipients, the theft of SNAP benefits can have immediate and severe impacts on their household food security and well-being. Other reasons why this form of fraud is particularly harmful include:

• • • Irreplaceable funds 鈥� For low-income households, SNAP benefits represent a critical portion of their monthly food budget. Once stolen, these funds are often impossible to replace. Families may be forced to skip meals, rely on emergency food pantries, or divert money from other essential needs like rent or medicine.
    • Outdated security technology 鈥� Despite advances in payment security, most EBT cards still use magnetic stripes, which can be easily copied with inexpensive skimming devices. By contrast, EMV chip technology, standard on most consumer credit and debit cards, makes cloning significantly more difficult.
    • Speed and precision of theft 鈥� Thieves often time their attacks to coincide with the monthly benefit deposit cycle. Once benefits are loaded, stolen card data is used rapidly, sometimes within minutes, making recovery nearly impossible.
    • Targeting vulnerable populations 鈥� EBT skimming preys on some of the most vulnerable members of society, including seniors, disabled individuals, and families living paycheck to paycheck. Many recipients may not have the resources or knowledge to monitor account activity regularly or to lock their cards after use, leaving them at greater risk.

Beyond skimming: A broader challenge of fraud, waste & abuse

While skimming is a serious and visible form of EBT fraud, it is only one symptom of a larger systemic challenge that fraud, waste & abuse cause in federal benefit programs.

Other forms of fraud include: retailers trafficking in EBT benefits for cash, which is a violation of SNAP rules; misrepresentation of income or household size during application; duplicate or ineligible benefit issuance; and administrative errors that lead to overpayments.

Each instance, whether intentional or not, erodes public trust in the entire benefit system, strains limited program budgets, and diverts resources from those individuals who need them most.

With federal funding for social programs under constant scrutiny and subject to periodic budget constraints, it is imperative that every dollar is protected and used appropriately. Preventing fraud is not just about saving money 鈥� it鈥檚 about ensuring that limited public resources serve their intended purposes of reducing hunger and supporting economic stability.

How to prevent fraud, waste & abuse in SNAP

Addressing EBT skimming and broader program vulnerabilities requires a well-rounded strategy that features technology, policy, education, and oversight working together.

On the technology side, one of the most impactful steps forward would be transitioning EBT cards from outdated magnetic stripes to EMV chip technology. This upgrade alone would significantly reduce skimming risks, and federal investment in that infrastructure is a necessary part of making it happen. Alongside that, state and federal agencies should be leveraging data analytics and real-time transaction monitoring to flag suspicious activity, like multiple withdrawals across different locations within a short window of time.

Education also plays a bigger role than many people realize. A large portion of EBT users simply do not know how to protect themselves. Basic habits like covering the keypad when entering a PIN, routinely checking account balances, and reporting lost or stolen cards right away can go a long way in reducing exposure.

One of the most pressing threats is a type of fraud known as skimming, which puts vulnerable households at serious financial risk.

From an oversight perspective, the U.S. Department of Agriculture 鈥� the government agency that oversees SNAP 鈥� and state agencies need to conduct regular audits of authorized retailers and hold them accountable. Any retailer found engaging in trafficking or enabling skimming should face deauthorization and legal consequences as well. Equally important is making sure that victims of confirmed fraud are not left without recourse. Clear and consistent policies for replacing stolen benefits can help restore trust in the program and prevent the food insecurity that this type of fraud directly causes.

Finally, none of this works in isolation. Effective fraud prevention depends on strong coordination between state human services departments, law enforcement, financial institutions, and technology providers. Information sharing and joint task forces strengthen the ability to detect threats early and respond quickly when issues arise.

Protecting the safety net

SNAP is one of the nation’s most effective tools in the fight against hunger. However, its success depends on both integrity and accessibility. Skimming and other forms of fraud not only steal from individuals, but they also undermine confidence in the entire system.

Policymakers, administrators, and citizens must prioritize modernization, accountability, and victim protection. By addressing vulnerabilities like EBT skimming and reinforcing safeguards against waste and abuse, we can ensure that SNAP remains a reliable and secure resource for the millions of individuals who rely on it.

You can find out more about how public agencies are working to fight fraud in government benefit programs here

Key insights:

• • • Getting at the core legal question 鈥� In a case brought by defendant Ongkaruck Sripetch, the Supreme Court is deciding whether the SEC must prove investors suffered measurable financial loss before courts can order disgorgement, which would require fraudsters to give up illegal profits.

    • Why it鈥檚 high-stakes 鈥� Disgorgement is a major SEC enforcement tool 鈥� representing billions of dollars annually 鈥� so a new requirement to prove investor losses could sharply limit when and how much the SEC can recover.

    • How the justices seemed to lean (so far) 鈥� Questions at the argument before the Court suggested skepticism toward Sripetch鈥檚 position, with several justices asking why it would be an unfair penalty to take back ill-gotten gains and noting the practical difficulty of proving each investor鈥檚 exact loss.

If you鈥檝e ever wondered how the U.S. Securities and Exchange Commission (SEC) actually gets money back after it catches a fraudster, one of its biggest tools, disgorgement, is now under the microscope. This week, the U.S. Supreme Court heard arguments in a case, Sripetch v. SEC, that sounds technical on paper but has at its core a simple question: When the SEC makes a fraudster give up illegal profits, does it have to prove that investors suffered measurable, out-of-pocket losses first?

The case centers on Ongkaruck Sripetch, who the SEC says pocketed illicit proceeds through a classic pump-and-dump scheme from 2013 to 2017. Pump-and-dumps often involve penny stocks in which a person will hype up the price of these thinly traded stocks, then sell into the price spike they caused and walk away richer. Other stock traders who bought into the hype are the ones left holding the bag.

Sripetch admitted violating securities law and, in his subsequent criminal case, was sentenced to 21 months in prison. Separately, in the SEC鈥檚 civil action, a federal court in California ordered Sripetch to repay more than $3 million in ill-gotten gains plus interest.

The Supreme Court case isn鈥檛 a serious argument against the SEC鈥檚 ability to seek disgorgement 鈥� numerous courts have recognized the remedy for years, and Congress has since written the SEC鈥檚 ability to pursue it into federal law. The core question in the case is narrower, yet crucial for the SEC鈥檚 mission. It asks whether the SEC must show that victims suffered pecuniary or economic harm before a court can order disgorgement. Federal appeals courts have split on that point, which is why the Supreme Court agreed to take the case.

What is disgorgement, exactly?

Think of disgorgement as a legal give it back order. If a person or company makes money by breaking the securities laws 鈥� say by manipulating prices, lying to investors, or running a Ponzi-style scheme 鈥� disgorgement is designed to strip the profits away from that wrongdoing and the wrongdoers. In theory, it鈥檚 not about punishing someone for being bad, rather it鈥檚 about making sure crime doesn鈥檛 pay.

In real markets, harm can be scattered across thousands of trades, mixed up with normal price swings, and hard to trace to one bad actor. Disgorgement, on the other hand, gives securities regulators a way to focus on the part that鈥檚 often the clearest: How much ill-gotten profit the fraudster made.

Indeed, that not a punishment framing is important because the SEC has other ways to punish those convicted of securities law violations 鈥� such as civil penalties, disbarment from serving as an officer or director, industry suspensions, and more. Disgorgement is supposed to be different 鈥� an action that aims at profits, not pain. The government鈥檚 position in the Sripetch case puts it bluntly: Disgorgement is meant to strip ill-gotten gains from wrongdoers, not to compensate victims for their losses.

And disgorgement is not a niche tool. The SEC regularly collects big sums of seized money through disgorgement. According to recent figures, the SEC obtained about $1.4 billion through disgorgement in fiscal 2025 (excluding certain amounts), and $6.1 billion the year before, which represented nearly three-quarters of its total financial penalties for that year.

Those numbers may help explain why this Supreme Court fight is being watched so closely: The outcome could either keep the SEC鈥檚 playbook intact or force it to do a lot more legwork before it can ask courts to order payback.

The arguments before the Court

Earlier this week, both sides argued before the Supreme Court as to the potential future use of disgorgement and what requirements the SEC might have to meet when requesting court to order it.

Sripetch鈥檚 argument 鈥� Lawyers for Sripetch told the Court that the SEC shouldn鈥檛 be able to get disgorgement unless it can show that investors actually suffered financial harm, such as a price drop caused by the fraud or some other measurable loss. If the SEC can鈥檛 prove that kind of harm, the lawyer argues, then making Sripetch pay money looks less like giving it back and more like an impermissible penalty that the SEC is not allowed to levy.

The government鈥檚 argument 鈥� Lawyers for the U.S. Justice Department, defending the SEC, said the proof-of-loss requirement makes no sense. Disgorgement, in their view, is about the defendant鈥檚 gains, not the victim鈥檚 losses. One government lawyer summed it up as a straightforward principle: Disgorgement is intended to ensure a defendant does not profit from their own wrongdoing.

At this week鈥檚 argument, the justices sounded (at least generally) more sympathetic to the government than to Sripetch. Justice Amy Coney Barrett pressed the defense on its basic logic: If the court is only taking away ill-gotten gains 鈥� money the wrongdoer was never entitled to 鈥� why is that a penalty at all? Justice Ketanji Brown Jackson made a similar point, suggesting disgorgement would only feel like punishment when someone is forced to pay money that was rightfully theirs.

When Sripetch鈥檚 lawyer suggested the SEC should have to identify and prove each victim鈥檚 dollar loss, Justice Sonia Sotomayor鈥檚 response was basically, Why would anyone bother? If the SEC has to run a mini-trial on every investor鈥檚 exact harm just to reclaim the fraudster鈥檚 profits, disgorgement would be unworkable in many cases.

The practicality of that point is a big deal in securities fraud. In real markets, harm can be scattered across thousands of trades, mixed up with normal price swings, and hard to trace to one bad actor. Disgorgement, on the other hand, gives securities regulators a way to focus on the part that鈥檚 often the clearest: How much ill-gotten profit the fraudster made. The idea is deterrence-by-math 鈥� if you can鈥檛 keep the profits, the incentive to run the scheme shrinks.

The Supreme Court’s ruling, when it comes, could re-shape how the SEC negotiates settlements, litigates fraud cases, and talks about remedies and punishments going forward.

Still, some justices raised broader concerns about how disgorgement gets used in the real world, such as whether certain applications start to look punitive, or whether they raise questions about a defendant鈥檚 right to a trial by jury. However, the Court also seemed interested in deciding only the question of the requirement to prove victims鈥� losses and leaving those bigger constitutional debates for another day.

Why this matters (even if you aren鈥檛 the SEC)

If the Supreme Court agrees with Sripetch and requires proof of investor pecuniary harm, the SEC could face a higher hurdle in cases in which misconduct is real, but losses are tough to quantify on a trade-by-trade basis. That could mean fewer disgorgement awards, smaller ones, or more pressure to rely on classic penalties instead.

If the Court backs the government, however, disgorgement stays what it has largely been 鈥� a fast, flexible way to reclaim profits from securities fraud and a core part of how the SEC tries to keep the securities markets honest.

Either way, the ruling will shape how the SEC negotiates settlements, litigates fraud cases, and talks about remedies and punishments going forward. With the Court expected to issue its decision by the end of June, securities lawyers and stock market mavens will be keeping an eye on this case.

You can find more about the challenges facing the SEC here

Key insights:

• • • Non-compliance is significantly more expensive than compliance 鈥� Data consistently shows the cost of non-compliance can be greater than proactive compliance investments.

    • Reputational damage and hidden costs often outweigh direct fines 鈥� Beyond financial penalties, the damage from legal fees, loss of customer trust, and operational disruptions from non-compliance can inflict long-term harm.

    • Strategic investment in compliance yields a competitive advantage 鈥� A robust compliance program builds trust, attracts investors, and demonstrates greater operational resilience in a complex regulatory landscape.

There’s a persistent myth in the business world that compliance programs are a necessary burden, a line item to be minimized and managed rather than invested in strategically. The data tells a very different story, however, and it has for quite some time. For organizations still treating compliance as an overhead expense, it’s time to reconsider the math and view the broader strategic picture.

The numbers don’t lie: Non-compliance costs more

Non-compliance costs are 2.65-times the cost of compliance itself, a finding that dates back to the of multinational organizations. While the average cost of compliance for the organizations in that study was $3.5 million, the cost of non-compliance was much greater. That means simply by investing in compliance activities, organizations can help avoid problems such as business disruption, reduced productivity, fees, penalties, and other legal and non-legal settlement costs.

According to a later report from from 2017 (the most recent set of analytical data on the subject), the numbers have only grown more striking. The study showed that average cost of compliance increased 43% from 2011 to 2017, totaling $5.47 million annually. However, the average cost of non-compliance increased 45% during the same time frame, adding up to $14.82 million annually. The costs associated with business disruption, productivity losses, lost revenue, fines, penalties, and settlement costs add up to 2.71-times the cost of compliance.

And these non-compliance costs from business disruption, productivity losses, fines, penalties, and settlement costs, among others aren’t simply abstract risks. They’re real, recurring, and measurable, and they don’t stop with the fine itself.

Beyond the fines themselves, legal costs are a significant and often underestimated component of non-compliance.

This gap between compliance and non-compliance provides evidence that organizations do not spend enough of their resources on core compliance activities. If companies spent more on compliance in areas such as audits, enabling technologies, training, expert staffing, and more, they would recoup those expenditures and possibly more through a reduction in non-compliance cost.

While the math here is straightforward, the strategic case is even clearer. Compliance isn’t overhead; rather, it’s an investment with a measurable, proven return.

The hidden costs: Legal fees, fines & reputational fallout

Regulatory fines get the headlines, but they represent only part of what non-compliance actually costs an organization 鈥� a cost that has only risen over time. As of February, a total of 2,394 fines of around 鈧�5.65 billion have been recorded in the database, which lists the fines and penalties levied by European Union authorities in connection with its General Data Protection Regulation (GDPR).

Beyond the fines themselves, legal costs are a significant and often underestimated component of non-compliance. Regulatory norms are shifting constantly and navigating them requires specialized expertise. As quickly as the rules change, outside counsel and compliance specialists must keep pace, and that knowledge comes at a price. Every alleged compliance violation triggers an immediate need to engage qualified counsel, adding to a cost burden that compounds quickly and unpredictably.

Then there is reputational damage, perhaps the most enduring consequence of all. The cost of business disruption, including lost productivity, lost revenue, lost customer trust, and operational expenses related to cleanup efforts, can far exceed regulatory fines and penalties. Consider , whose compliance failures around its anti-money laundering (AML) efforts became a cautionary tale for the industry. TD Bank’s massive $3 billion in fines from US authorities wasn’t just the result of a few missteps; rather, it was caused by years of deep-rooted failures in its AML program, pointing to a culture that prioritized profit over compliance.

The findings from both the 2011 and 2017 studies provide strong evidence that it pays to invest in compliance.

TD Bank’s failure to make compliance a priority not only led to a huge fine but also seriously damaged its reputation, with revising TD’s outlook to negative in May 2024, where it remains. This is the kind of a reputational stigma that can take years to repair.

Leveraging compliance as a competitive advantage

There is also a positive side of the ledger that often goes unacknowledged. A robust compliance program signals to investors, partners, and clients that an organization is well-governed and trustworthy. That reputation doesn’t just retain market value; it actively attracts it.

Organizations that cut corners in compliance risk engaging in a short-sighted, high-risk strategy that will ultimately result in a negative outcome for the organization. Businesses that take compliance seriously tend to operate with greater predictability, fewer surprises, and stronger stakeholder confidence.

The 2017 Ponemon and Globalscape and study found that, on average, only 14.3% of total IT budgets were spent on compliance then, not much of an increase from the 11.8% reported in 2011. This clearly indicates that organizations are underspending on core compliance activities in the short term and aren’t prepared to allot further resources as the years go on. That gap represents not just risk, but a clear missed opportunity.

“The findings from both the 2011 and 2017 studies provide strong evidence that it pays to invest in compliance,鈥� explains Dr. Larry Ponemon, Chairman and Founder of the Ponemon Institute. 鈥淲ith the passage of more data protection regulations that can result in costly penalties and fines, it makes good business sense to allocate resources to such activities as audits and assessments, enabling technologies, training, and in-house expertise.”

The organizations that recognize compliance as a strategic function, not a reactive one, are the ones that will earn the trust of clients, the confidence of investors, and the operational resilience to weather an increasingly complex regulatory environment. The data is clear, and the choice is a critical one.

You can find out more about the challenges faced by corporate compliance professionals here

Key insights:

• • • Convenience has outpaced consumer understanding 鈥斕齅any users treat apps, prepaid accounts, and rewards programs as simple payment tools, remaining unaware they are entrusting their money to entities with few safeguards.

    • Risk is no longer confined to traditional banks 鈥� Some of the most significant financial activities now occur within platforms and brands that do not resemble banks at all.

    • Opacity enables systemic vulnerability 鈥� The less transparent an institution’s obligations, leverage, and oversight, the easier it is for financial fragility, misconduct, and systemic risk to grow unchecked.

When you think of where money is held, you generally think of a bank. However, as we look at the financial landscape today, money is being held at a wide range of institutions that often have varying levels of safety and oversight. Entities from Starbucks to Visa to Coinbase hold money for individuals, effectively serving as a bank, but often without the regulatory framework that comes with it.

Behind the scenes, it can seem like . In its daily operation, it collects prepaid funds that resemble deposits, holds them as liabilities, and uses them internally 鈥� all without offering interest, cash withdrawals, or FDIC insurance. Starbucks’ rewards program holds $1.8 billion in customer cash, and if it were a bank, that would make it bigger, , than 85% of chartered banks, making the coffee chain one of the .

This dynamic extends well beyond coffee shops. “Popular digital payment apps are increasingly used as substitutes for a traditional bank or credit union account but lack the same protections to ensure that funds are safe,” warns the . If a nonbank payment app’s business fails, your money is likely lost or tied up in a long bankruptcy process.

Shadow banking

Think of a Starbucks gift card as a financial instrument. Technically it is one, but no one seriously worries about it being weaponized for any large-scale financial crimes. Most people鈥檚 concerns about a gift card is either losing it. The real concern lies not in lost gift cards, however, but in the broader trend: Nonbank institutions managing vast sums without commensurate oversight 鈥� and scale matters. A lost gift card is a personal inconvenience; but an unregulated institution managing billions of consumer dollars in leveraged capital is a systemic one.

Shadow banking encompasses credit and lending activities by institutions that are not traditional banks, and crucially, they do not have access to central bank funding or public sector credit guarantees. And because they are not subject to the same prudential regulations as depository banks, they do not need to hold as high financial reserves relative to their market exposure, allowing for very high levels of leverage which in turn can magnify profits during boom periods and compound losses during downturns.

The shadow banking ecosystem is diverse, and each segment of it presents distinct risks:

• • Hedge funds and private equity firms听鈥� Firms like Blackstone, KKR, and Apollo manage vast capital pools using leveraged strategies under limited oversight. Their size and borrowing levels may mean that market reversals can trigger rapid deleveraging, spilling risk into broader markets.
  • Family offices听鈥� A private company or advisory firm that manages the wealth of high-net-worth families, these can operate with even less transparency and often outside direct regulatory scrutiny, enabling them to engage in extreme leveraging and posing risks of sudden collapse.
  • Nonbank mortgage lenders and FinTechs听鈥� This group faces lower capital requirements than traditional banks, leaving thinner buffers to absorb losses during downturns, which can be especially concerning considering this sector鈥檚 rapid growth.
  • Crypto exchanges听鈥� Like much of the cryptocurrency ecosystem, these exchanges operate in jurisdictional gray zones, complicating enforcement and enabling illicit financial flows.
  • Money market funds 鈥� While these are generally perceived as safe, they can suffer runs if confidence in underlying assets erodes, which can force fire sales that destabilize related markets.
  • Special Purpose Vehicles (SPVs) and Structured Investment Vehicles (SIVs)听鈥� These investment instruments allow large institutions to move risk off their balance sheets, rendering such activity invisible to regulators.

Shadow banking may be the single greatest challenge facing financial regulation. These non-traditional institutions act like banks, but without the safeguards that make banks accountable. And where accountability is absent, opportunity often fills the void.

The same opacity that makes shadow banking difficult to regulate also makes it attractive to those with less legitimate intentions. Without mandatory reporting requirements, standardized oversight, or the threat of deposit insurance revocation, these institutions can become conduits for money laundering, fraud, terrorist financing, and sanctions evasion in ways that traditional banks simply cannot. The question is no longer whether these vulnerabilities exist, but how they continue to be exploited.

The challenge of regulation

The global financial system has always evolved faster than the rules designed to govern it. What began as a coffee loyalty program and a few alternative lending platforms has quietly morphed into a parallel financial universe, one that moves trillions of dollars with a fraction of the transparency that traditional banking requires. That gap between innovation and oversight is not just a regulatory inconvenience, it鈥檚 an open door for illicit actors.

Closing that door will require more than periodic enforcement actions or piecemeal legislation. It will require regulators, lawmakers, and institutions to reckon honestly with how broadly the definition of a financial institution has expanded, and who bears the risk when things go wrong. Because historically, it has not been the institutions themselves; rather it has been the customers, the investors, and ultimately the public.

The first step, of course, is awareness. Recognizing that your money does not need to be in a bank to be at risk and that the custodians of that money need not be offshore shell companies to operate in shadows, can transform how we think about financial safety.

The line between a convenient app and an unaccountable financial intermediary is thinner than most realize. And in the world of financial crime, thin lines have a way of vanishing entirely.

You can learn more about the听many challenges facing financial institutions today听丑别谤别

Key insights:

• • • Geopolitical crises fuel financial volatility and illicit activity 鈥� Conflicts have traditionally accelerated capital shifts and flows, creating cover for bad actors.

    • Predictable patterns emerge 鈥� Financial institutions should watch for sudden cross-border activity, unusual cash deposits, and transactions from border areas.

    • Conflict zones enable black market expansion 鈥� They also should adapt their compliance systems to detect more sophisticated methods used by criminals, tightening screening and enhancing staff training.

While business and international politics may appear cold and calculating, these things are often driven by emotion, especially fear 鈥� and fear of instability often drives market volatility.

So it goes as the United States attacks one of the world’s largest militaries and supporters of regional terror groups, causing deepening instability in a Middle East already beset by violence. It is certain that there is already a surge of money flowing in and out of the region for different reasons. Legitimate and illegitimate actors alike will seek to both run away from the crisis and profit from it. However, there are some anti-money laundering specific thoughts that financial institutions need to consider during a time of global uncertainty.

The bottom line 鈥� lots of money is on the move. Funding will send aid groups towards the crisis; it will also send logistical supplies, war material, and other necessities. All of these cost money, and defense sectors in multiple countries will be pumping out munitions to refill stockpiles in any country that is related to or in the neighborhood of the conflict.

Not every large transaction is an unusual, reportable event, but financial institutions now need to look one or two layers below the surface. What does not seem related on the surface is always a red flag. Look at beneficial ownership of companies and vessels, look at relations of the owners, not just the 听(OFAC) results of those people themselves. The financial system will, and should, allow the legitimate funds to flow. However, financial investigators must remain diligent to catch bad actors that take advantage of the surge in non-profit activity or the urgency with which legitimate businesses operate in a conflict zone.

Risk Factor 1: Capital flight from regime change

Just as the fall of the Al-Assad regime in Syria caused family funds to flow to as regime members fled the country, you will see the same with politically exposed persons (PEPs) who are inevitably fleeing regime change in Iran. A political crackdown will come. Whether the victors are on the side of the West or not remains to be seen, but some factions are going to flee the country and take family wealth with them.

Banks and other financial services should watch for anyone connected to people moving money through neighboring countries in which they may have literally hiked or driven before depositing cash into a financial institution. There are stories of refugees leaving places with gold bands on their arms, cash and false bottom purses, and diamonds in the lining of sweaters. These things will be converted to cash in neighboring countries and put into financial systems less affected by the conflict. An influx of cash throughout the region, therefore, could indicate this type of capital flight.

Risk Factor 2: Illicit finance and black markets

Since the fall of Syria, we have also become aware of that helps fuel addiction and armed conflict. There are certainly other substances and drug trafficking networks about which we know very little on this side of the secrecy veil.

Therefore, this instability will be seen as a time of opportunity for criminal groups. Indeed, with Assad鈥檚 security forces no longer controlling middle eastern captagon and other narcotics trade and various armed groups looking for funding sources, this is an illicit business opportunity.

Financial institutions can expect rapid movement of money between unrelated shell corporations, new corporations, and shadow vessels. They also should expect the black market to boom with drugs, contraband Iranian oil, and funds tied to narcotics that they have only yet to discover. Illegal arms will also generate funding, so all of the methods, both formal and informal, used to transfer value will become active.

In fact, large portions of such funding will flow through financial institutions; and peer to peer payment providers, FinTechs, and money transmitters should be especially wary of funds moving rapidly through their platforms. A burst in conflict means a burst in activity from illicit sources; therefore, enhanced, targeted monitoring is a must.

How financial institutions鈥� risk & compliance teams should respond

First, all financial institutions鈥� risk & compliance departments need to assess their institutions鈥� OFAC and sanctions screening search parameters. This is a good time to dial up fuzzy logic capability and reduce match percentage thresholds. In other words, risk tolerance should go down while the metaphorical dragnet gets wider. Surge the department鈥檚 personnel capability to compensate if you have to, because that is better than a strict-liability OFAC fine. Remember, OFAC sanctions are closely tied to national security, especially when it comes to Iran. This is not an arena in which leniency can be expected. Compliance teams should look at monitoring systems and thresholds immediately, create geographical targeting models to cover the conflict zone, and consider a command center approach to deal with the fluidity of the situation until things settle.

If your institution has not already taken the hint from regulators, this also is an opportunity to double down on Customer Due Diligence and identity verification. Front line staff and embedded business compliance personnel should receive updated training and job aids to increase awareness and hone internal reporting. Indeed, it is an advanced business skill to understand complex corporate beneficial ownership, much less to detect when it may be tied to illicit activity or corrupt regimes. Now is the time to increase that level of knowledge and thereby make the culture of compliance more robust.

In every crisis there is opportunity as well as risk: Managing the risk allows every company to take advantage of the opportunity, shore up its mission, and strengthen the institution.

You can find out more about听the geopolitical and economic outlook for 2026听here

Key insights:

• • • Fraud prevention presents systems challenges 鈥� In the current advanced tech-enabled environment, AI-driven tools in the public sphere need human coordination and oversight to be employed properly.

    • The intangible cost of fraud is public trust 鈥� When public programs that are designed to support vulnerable populations fall victim to exploitation, confidence in the ability of government-administered programs falters.

    • The full scope of fraud is unknown 鈥� Many improper payments from government programs aren鈥檛 criminal. It鈥檚 that we need better data, clearer definitions, and a stronger understanding around what fraud truly is.

As public programs and the scale of fraud become the subject of national and state political discourse, more state governments and public sector agencies are evaluating the potential of data analytics and AI tools to curb fraud. As these institutions are realizing, effective fraud prevention is easier said than done, and investment in new detection tools will fail to keep pace with fraud if they don鈥檛 address structural, cultural, and coordination challenges.

Early fraud detection

Early detection of fraudulent activity, aided by AI tools and systems, may still be the most effective way to deter future problems. For example, California Community Colleges, the largest higher education system in the United States, currently serves more than two million students and has in two-thirds of its institutions in order to detect fake students. With open access for enrollment, the system is a magnet for fake students who apply, enroll, and fill seats in virtual classes that real students should be occupying, while fraudulently collecting federal and state student aid.

In 2024, it was estimated that nearly one-third (31%) of financial aid applicants at California Community Colleges were fraudulent, resulting in approximately $13 million in state and federal aid dollars being disbursed to fake students.

California Community Colleges employed a three-phased approach seeks to catch fraudsters who may slip through at the time of application, when they register for courses, and when they apply for financial aid. The system engaged in cross-agency collaboration with the California Department of Motor Vehicles and deployed a mobile ID system to authenticate student identity. Further, its data analytics looked at factors such as students鈥� IP addresses, time zones, age, and contact information to flag those patterns that could indicate a fake applicant. An AI tool analyzed course registration patterns, as well, identifying whether applicants have illogical or unusual patterns in the courses they are taking.

Then, system educators integrated into their virtual courses early on, requiring students to submit an introductory video, for example. This allows educators to cut non-participating students (presumed to be fake) before financial aid is disbursed.

These early detection tools, paired with human judgment, showed how a proactive approach can stop fraud before funds are lost.

Gaming government systems

While fake students illustrate small-scale exploitation in California, provider fraud is where large dollar amounts and case complexity arise. When fraudsters illegally obtain Medicaid funds for services they never rendered, for example, individuals in need of services suffer.

Minnesota鈥檚 now-shuttered Housing Stabilization Services program intended to help move individuals who were experiencing housing insecurity into transitional and then permanent housing solutions. According to a , the well-intentioned program enriched sophisticated fraudsters, who formed business entities and falsified employee hours, reimbursement claims, and patient identities 鈥� even going so far as to manufacture false case notes as a precaution against their records ever being audited. Not surprisingly, illegally gained reimbursements were used to fund high living expenses, luxury shopping, and cars.

Similar fraudulent providers have been charged by the U.S. Attorney’s Office for the Northern District of Texas as part of . Four individuals fraudulently billed around $20 million to federally funded programs and other insurers.

In another case that showed that fraudsters sometimes can come from inside the house, a group of were ruled against by a federal judge in a whistleblower lawsuit alleging that four insurers and six health systems routinely, improperly billed the state鈥檚 Medicaid program. Part of the reason for the judgment was because the disputed claims were still paid by the Indiana Medicaid program, despite it being aware of alleged issues. In this case, oversight gaps and a consistent pattern of not flagging improper payments revealed a structural weakness within the state office.

Different approaches for data analytics

Some agencies are employing different methods to leverage advanced tech to help in the fight against fraud. For example, the Louisiana Department of Health is using AI to scrutinize Medicaid recipients and their eligibility. A developed at the University of Louisiana at Lafayette will allow the Louisiana Department of Health to share data with the state鈥檚 Office of Motor Vehicles. By analyzing whether individuals have duplicate licenses in other states, their eligibility to receive benefits in Louisiana may be rescinded.

Focusing on a different tack and target, the Center for Medicaid and Medicare will deploy a six-year pilot program of the across six states: New Jersey, Ohio, Oklahoma, Texas, Arizona, and Washington. The pilot program will specifically target low-value services with little to no clinical, evidence-based benefits and will expedite review of those services that are at a higher risk for provider fraud, waste, or abuse. This heightened scrutiny of providers seeking Medicaid reimbursement is in alignment with recommendations from the around program integrity.

These varying approaches raise a difficult question: Is it better to risk inefficiency by targeting providers, or it better to risk inequity by targeting recipients?

Understanding the measures of fraud, waste, and abuse

The total cost of fraud is difficult to calculate, as there are countless incidents of fraudulent reimbursement requests, overbilling, or unnecessary medical treatment that cannot be counted. Two data measures that we have to understand to truly gauge the efficacy of public health systems’ financial health are the payment error rate and the dollars recovered through fraud controls.

are those payments that fail to meet statutory, regulatory, or administrative requirements. They may be for non-eligible services, be inappropriately or inaccurately coded, or may exceed program maximum amounts 鈥� but their common denominator is that they represent funds that were misspent or out of step with fund guidelines.

Improper payments are calculated and reported to Congress annually across all federal healthcare programs. The dollar recovery rate calculates the amount of inappropriate reimbursements recovered from fraudulent actors each year, usually through the pursuit of civil or criminal damages. However, it鈥檚 important to remember that not all improper payments are lost to fraud. For example, within the Medicaid program were most often tied to missing appropriate documentation for individuals receiving care.

Understanding these definitions determines how we measure success, design large government systems, and allocate enforcement dollars across states. Such preventative measures, especially now aided by AI and other advanced tech, will help the next generation of fraud detection professionals who will come to rely on the tools and platforms that we design now.

And as more state governments and public sector agencies seek to leverage AI tools and platforms, they would be wise to focus on efforts that collect and analyze real-time participant data and incorporate ethical AI oversight, while balancing an investment in prevention as well as prosecution.

You can learn more about the challenges that government agencies face today here

Key insights:

• • • Blockchain data exceeds Wolfsberg expectations 鈥� Public, attribution-rich ledgers give crypto firms immediate access to behavioral, network, and cross-chain signals that traditional banks must retrofit or request from third parties.

    • Crypto companies can leverage this data 鈥� With abundant labeled history and real-time on-chain context, crypto companies can combine rules, supervised machine learning, and unsupervised discovery to identify emerging typologies faster and with clearer explainability.

    • SARs become actionable intelligence, not just checked boxes 鈥� By including wallets, hashes, and traceable flows, this data can turn SARs filings into ready-to-investigate leads for law enforcement, thereby converting compliance from a cost center to a competitive advantage.

The Wolfsberg Group’s on modernizing suspicious activity monitoring comes at a crucial time for cryptocurrency companies. Traditional financial institutions are being encouraged to go beyond basic transaction monitoring by including behavioral analysis, network effects, and various risk indicators in their anti-money laundering (AML) programs. For cryptocurrency companies, the framework describes capabilities that blockchain data infrastructure was essentially built to support.

Wolfsberg’s recommendations map almost perfectly to what blockchain businesses already are able to do. While traditional banks work to update legacy transaction monitoring systems with new capabilities, crypto companies operate in an environment in which the data for complex monitoring already exists. For crypto companies, this shouldn鈥檛 be seen as simply having to adapt to a new standard, but rather as a unique opportunity to set a new standard.

Investigation advantages built into the technology

Traditional financial investigations operate within closed systems. Investigators, at the start of an investigation, primarily have access to data points from their institution and what is available online. They may then need to gather additional information, each controlled by different institutions with their own legal requirements and timelines. The financial trail crosses multiple organizations, jurisdictions, and record-keeping systems that do not communicate with each other. With Suspicious Activity Reports (SARs) filings, investigators are often forced to close an investigation with gaps in the full picture.

Cryptocurrency investigations begin with transparency. Blockchain attribution tools offer visibility into fund flows throughout the entire ecosystem. The financial trail is recorded on a public ledger, in which tracking money doesn’t require negotiating with counterparts or waiting for legal approvals. This fundamentally changes what’s possible during an investigation. Questions that would take traditional investigators weeks to answer through formal channels or go unanswered by the time the SAR is due can be resolved in hours using attribution data and on-chain analysis.

The data available to cryptocurrency companies means they can move past compliance as a check-the-box exercise and start getting creative when thinking about what’s actually possible.

The Wolfsberg framework emphasizes “expanded risk indicator coverage” by analyzing data points beyond transaction amounts, dates, and counterparties. Blockchain companies have easy access to this data 鈥� wallet age, complete transaction history, interaction patterns with decentralized finance protocols, network connections to known bad actors, mixing service usage, cross-chain behavior, and anomalies that would be invisible in traditional banking. The data exists and is readily available for use in innovative and unique ways.

Detection models that can do more than react

Wolfsberg recommends combining three approaches: i) rules-based monitoring for known risks; ii) supervised machine learning for identifiable patterns; and iii) unsupervised methods for detecting emerging threats. Cryptocurrency companies can implement all three at the same time because the underlying data supports each approach.

Rules-based monitoring handles obvious cases such as sanctioned wallet addresses, direct transfers from darknet marketplaces, and transactions routed through high-risk jurisdictions. This represents baseline coverage that almost every crypto company will already have implemented. Adding the ability to look up scam wallets that are self-reported by victims online and community reporting capabilities in blockchain forensic tools, the foundation for much more effective risk mitigation is easily established.

Using blockchain’s historical data, models can be trained on years of confirmed criminal activity that law enforcement or blockchain tools have already identified. As traditional banks can’t access validated historical data across the entire payment ecosystem at this scale, they typically must rely on internal data and industry guidance to develop their models. Cryptocurrency companies, however, can utilize blockchain history and attribution databases that document known illicit activity. This means models can be trained on nearly unlimited applicable data from the past and can even be trained on near-real-time data as it gets added to databases.

Yet, it is with unsupervised learning that crypto companies can genuinely innovate beyond what traditional finance does by feeding attributed wallets, self-reported fraud wallets, and public blockchains directly into machine learning or AI models. With this, companies can analyze complex, interconnected patterns of activity that allow models to continuously identify emerging typologies and patterns in near real-time and potentially instantly expose gaps in a scenario鈥檚 current coverage.

It is with unsupervised learning that crypto companies can genuinely innovate beyond what traditional finance does by feeding attributed wallets, self-reported fraud wallets, and public blockchains directly into machine learning or AI models.

The data available to cryptocurrency companies means they can move past compliance as a check-the-box exercise and start getting creative when thinking about what’s actually possible.

SAR quality as intelligence product

The Wolfsberg framework addresses SAR quality directly, highlighting the problem of financial institutions filing too many low-value reports because their systems generate alerts that they cannot fully resolve. Indeed, institutions file thousands of SARs because they have unanswered questions or are unsure of exactly what is going on due to a lack of available data, not because they’ve identified actual money laundering.

Blockchain data changes what SAR filings can look like in ways that matter for law enforcement. When attribution tools indicate that funds originated from a wallet cluster associated with ransomware, were transferred through a mixing service, appeared in a customer’s deposit address, and were immediately withdrawn to a known cash-out service, the SAR can describe the exact pattern of suspicious activity with on-chain evidence for each step.

Including wallet addresses and transaction hashes in SAR narratives provides investigators with something traditional bank SARs rarely offer: immediate starting points they can follow without additional legal process, immediately making the SAR actionable intelligence.

Law enforcement agencies are overwhelmed with SARs, and it often feels like an investigator鈥檚 SAR filings don’t lead anywhere. However, when investigators can include information that helps law enforcement investigate and prosecute cases quickly and effectively, those investigators also may start seeing activity on the blockchain, such as illicit actors’ wallets slow down or funds be seized from a scammer’s wallet. This not only helps with the feedback loop but also confirms to an investigator that their work is making a real difference.

Building programs that lead instead of follow

The Wolfsberg framework also makes clear that innovation in AML isn’t optional. Criminal networks evolve too quickly for static rule sets and outdated monitoring systems. Advanced approaches need to be explainable, properly validated, and integrated into broader risk management frameworks.

Financial institutions need to build models that fully use available blockchain data, then validate them against on-chain patterns that can be directly observed. They should also train their investigators to understand blockchain attribution and network analysis 鈥� not just how to read a blockchain explorer, but how to interpret what attribution tools reveal about fund flows and network connections. When filing SARs, institutions need to include the on-chain evidence that makes their filings immediately actionable for law enforcement.

Traditional financial institutions are modernizing systems designed for the pre-internet era, while cryptocurrency companies are building compliance programs in a data-rich environment that makes certain investigations more effective than they’ve been in the past. The opportunity here isn’t just about meeting the Wolfsberg recommendations; rather the opportunity is showing what becomes possible when compliance programs are built with these capabilities from the ground up and when the data advantages inherent to blockchain technology get used to their full potential.

That will be what changes how regulators think about the industry 鈥� and what turns compliance from a cost center into a competitive advantage.

You can find more of听our coverage of SARs and related efforts听to combat financial crimes here

Key insights:

• • • The OBBBA has stricter verification requirements 鈥� These requirements have inadvertently created an environment that incentivizes fraudulent activities, such as identity theft and document forgery, especially among individuals seeking Medicaid and ACA coverage.

    • The OBBBA enacts tax policy modifications 鈥� These modifications, including reduced third-party reporting mechanisms and expanded tax benefits, may create opportunities for underreporting of income among gig workers and small businesses.

    • OBBBA’s contains large-scale funding mechanisms 鈥� These mechanisms along with rapid implementation may put pressure on traditional procurement safeguards, creating potential challenges in oversight and accountability.

The One Big Beautiful Bill Act (OBBBA) aimed to fulfill several policy objectives from the Trump Administration’s campaign platform. However, an examination of the legislation and its implementation reveals mixed results, particularly concerning potential vulnerabilities for fraud, waste, and abuse across various sectors.

Healthcare eligibility fraud: A slippery slope

The OBBBA introduced stricter verification requirements for lawful status, residency, and work eligibility within healthcare benefit programs. While intended to bolster program integrity, these tightened standards have, in some cases, inadvertently incentivized fraudulent activities.

For example, individuals seeking Medicaid and Affordable Care Act (ACA) coverage have reportedly resorted to identity theft, document forgery, and falsified employment or training records to meet the new criteria. This environment has attracted organized fraud networks and unscrupulous enrollment brokers who exploit system vulnerabilities, ultimately impacting legitimate beneficiaries through compromised identities and bilking taxpayers through misallocated resources.

Historically, enhanced verification measures have sometimes led to similar unintended consequences. The period after passage of the Immigration Reform and Control Act of 1986 (IRCA), for instance, saw a rise in widespread counterfeiting operations due to document requirements. Similarly, Medicaid programs have consistently battled identity fraud, and related work requirement pilot programs have shown patterns of misreporting. The rapid, large-scale eligibility transitions during the pandemic also created opportunities for fraudulent activity. These historical examples demonstrate an unfortunate reoccurring pattern that sometimes administrative safeguards, while designed for integrity, can create incentives for sophisticated circumvention strategies.

Tax policy changes: Opening doors to evasion

The OBBBA’s tax policy modifications have introduced new dynamics in reporting and compliance, potentially affecting revenue collection. The legislation reversed the $600 1099-K reporting threshold and raised 1099-MISC/NEC thresholds to $2,000. This reduction in third-party reporting mechanisms makes it harder to ensure accurate income declaration. Simultaneously, the law expanded certain tax benefits, including a 100% federal credit for private-school scholarship donations and a doubled, qualified small business stock exclusion. These changes impact various stakeholders, including gig workers, self-employed individuals, operators of small businesses, high-income investors, charitable organizations, and tax planning professionals.

In addition, state-level scholarship programs with similar 100% credit structures have experienced various forms of abuse. These precedents indicate that the current changes in the OBBBA may create opportunities for underreporting of income among gig workers and small businesses. There is also potential for misuse of the new tax benefits through self-dealing arrangements or sophisticated strategies designed to minimize tax obligations.

History suggests that changes to reporting requirements and tax incentives can create compliance challenges. Past instances in which reporting mechanisms were weakened or enforcement reduced have correlated with an increase in the tax gap 鈥� the difference between taxes owed and taxes collected. The Tax Cuts and Jobs Act (TCJA) era, for example, demonstrated how new provisions could be exploited in unforeseen ways.

Unaccountable spending and contracting fraud: A risky proposition

The OBBBA also established significant funding mechanisms, including a $100 million Office of Management and Budget fund and $30 billion allocated for immigration enforcement activities, that granted relatively broad administrative discretion in their deployment. These substantial appropriations, intended for rapid implementation, may put pressure on traditional procurement safeguards.

Indeed, the sheer scale and urgency of these funding streams have attracted various participants, including agency officials with expanded discretionary authority, established government contractors, and new market entrants.

Historical experience with large-scale, rapidly deployed government funding suggests potential challenges in oversight and accountability. The Department of Homeland Security, for example, has been designated as High Risk by the Government Accountability Office partly due to procurement management concerns. In the past, post-9/11 security initiatives and Iraq reconstruction efforts also revealed vulnerabilities in expedited contracting processes; and more recently, COVID-19 relief programs like the Paycheck Protection Program demonstrated how substantial funding, compressed timelines, and reduced oversight can create conditions conducive to fraud and waste. These precedents suggest that the current funding structure within the OBBBA may face similar risks, including potential misallocation of resources, irregular contracting practices, and exploitation by opportunistic actors seeking to benefit from loosely constrained procurement processes.

Cross-cutting vulnerabilities and systemic impact

The OBBBA’s implementation has introduced significant operational changes across multiple government programs, leading to rapid policy transitions and large-scale re-verification processes. These administrative shifts have generated confusion among beneficiaries and stakeholders, which opportunistic actors have exploited.

This exploitation includes phishing operations and fraudulent benefit fixer services that prey on individuals struggling to navigate the new requirements. The pace and complexity of these changes have challenged traditional oversight mechanisms, as the government鈥檚 capacity for auditing, data analytics, and procurement controls has struggled to keep pace with the scale and speed of implementation demands.

These gaps in oversight and enforcement are likely to create systemic vulnerabilities beyond immediate program integrity concerns. When fraudulent activities succeed, legitimate program beneficiaries face reduced access to services as resources are diverted from their intended purposes. Simultaneously, compliant taxpayers bear increased burdens as fraudulent claims and inefficient spending patterns require additional revenue or reduce the effectiveness of public investments.

This dynamic illustrates how implementation challenges, like those in the OBBBA, can create cascading effects, ultimately undermining both program effectiveness and public trust in government operations, regardless of the underlying policy objectives.

You can find more of our coverage of听the impact of the One Big Beautiful Bill Act听here

Key insights:

• • Benefits of cooperation 鈥� Cooperative purchasing can significantly streamline procurement and level the playing field for smaller government agencies.

  • There are various models to follow 鈥� Different cooperative models offer distinct value: piggybacking improves access to competitive pricing with flexible adoption, while joint solicitations aggregate demand to secure more aggressive discounts by committing volume across multiple agencies.

  • Support is needed, and questions remain 鈥� Policy and institutional support are accelerating adoption, but trade-offs remain. State-backed entities and regional cooperatives expand contract access and scale, yet questions persist about true cost savings.

As of 2019, $4.45 trillion was spent across all levels of government, 50% of that spent by state and local entities, according to the U.S. Congressional Budget Office. These agencies have a fiscal responsibility to taxpayers to ensure that they receive competitive pricing on the goods and services they purchase.

Larger government agencies may have sophisticated procurement divisions with professional buyers and individuals responsible for soliciting and negotiating contracts in the best interest of the municipality. Meanwhile, smaller municipalities, which are less likely to have standalone procurement divisions, often receive less competitive pricing and haven鈥檛 had the staff capacity or expertise to negotiate the best terms for their purchasing needs.

Fortunately, new cooperative purchasing models are on the rise, and that could level the playing field between local governments no matter their size, while they also streamline procurement processes and save taxpayers money.

Cooperative procurement basics

Cooperative procurement takes two main forms: .

Piggybacking, the more common form of cooperative procurement, is when one agency utilizes another agency鈥檚 contract (even though they were not part of the original solicitation process.) This piggybacking allows for one agency to receive competitive pricing based on another agency鈥檚 solicitation efforts; and because suppliers are not guaranteed volume of purchase, discounts are not the most aggressive in this format.

Joint solicitation is less frequently used and occurs when two or more agencies combine their purchasing needs into a single solicitation 鈥� the equivalent of buying in bulk. Each agency is bound by the contract, but one entity is typically the lead agency. This offers suppliers an opportunity to guarantee larger purchase minimums and command more aggressive pricing discounts.

There are also membership-based entities that are helping to make government procurement easier and quicker, especially for smaller entities.

For example, is a Texas-based technology engine that connects government agencies and suppliers to facilitate peer engagement for public sector entities. Their leadership described a traditional local government solicitation process as lengthy, taking anywhere from 6 to 9 months for agencies to identify a need, solicit bids from suppliers, evaluate, and then execute a contract. The timeframe is streamlined up to 60% for Civic Marketplace users by accessing templates for solicitations, cooperative contracts, shortcuts to connect with pre-vetted vendors, and centralized vendor data. This platform also works to address another barrier of local government purchasing 鈥� the inequity between agencies of different sizes and sophistication.

New cooperative purchasing models are on the rise, and that could level the playing field between local governments no matter their size, while they also streamline procurement processes and save taxpayers money.

While Civic Marketplace is membership-based, it is not tied to a regional geography. Members can access volume-based pricing by aggregate demand across cooperative members as well as accessing shared contract language. States including Michigan and Minnesota have created special government entities to provide access to cooperative purchasing mechanisms.

Overall, these methods offer government agencies, especially smaller ones, a way to remain compliant with regulations, award contracts impartially, and remain transparent, all while engaging with peer communities with similar needs that can help agency procurement professionals foster a better understanding of pricing, scope of work, and vendor relationships compared to a wholly decentralized approach to purchasing.

Further, several state legislation and executive actions have also driven cooperative development. In Minnesota, for example, is a membership-free cooperative enacted by the state legislature, and public sector entities in the United States and Canada can access shared contracts and piggyback off them at no charge. Suppliers are also able to access the network at no fee, although a percentage of the contract fee is paid back to Sourcewell when a contract is utilized.

In Michigan, the (MMSA) was created as a virtual city by the governor鈥檚 office in 2012. The entity provides a small number of local municipalities within Michigan with procurement for very specific services including managed IT, cybersecurity, electronic payments, and more. MMSA has received positive feedback from vendors, noting that the streamlining of this process connects them with more prospective clients and allows them to flatten their pricing.

What are public procurement鈥檚 future needs?

The need for automation and streamlining in public procurement is evident, as the estimates that the size of the public sector鈥檚 purchasing manager workforce will lag behind private sector growth over the next decade by 1.3%. Fortunately, cooperative purchasing will enable smaller government agencies to be more agile with limited resources, and using pre-vetted, competitively solicited contracts will save them time and money.

Yet, the evolving space of cooperative procurement is not without criticism. Some argue that cooperative procurement is more about convenience than it is about realizing cost savings, and others argue that public procurement is a space that will likely be dominated by private sector players that are compensated off the top of executed contracts, costing taxpayers more than they might have paid otherwise. So far, there is limited data to speak to whether cooperative procurement opens opportunities for small, diverse, or local vendors 鈥� but anecdotally, it appears that broad online process benefits larger vendors who can deliver at scale.

As government agency leaders evaluate cooperative procurement for their own internal processes, they must weigh what is more important for them: convenience and time savings, realizing true cost savings, or directing more procurement dollars toward local and diverse-owned public suppliers.

You can find out more about the challenges that government agencies face here

Key insights:

• • • Auditors are critical in initial financial crime detection听鈥� Professionals responsible for auditing transactions are the primary line of defense in identifying suspicious activity, such as irregular deposits or transactions inconsistent with an account’s purpose.

    • CI-FIRST enhances SAR effectiveness and collaboration听鈥� The new CI-FIRST initiative by IRS Criminal Investigation marks a significant shift by providing financial institutions with feedback on SARs, fostering a more transparent and collaborative partnership with federal agencies.

    • Financial crimes are evolving, requiring improved SAR quality听鈥� Recent trends show a troubling rise in sophisticated financial crimes like account takeover fraud, elder exploitation, and resilient check fraud, underscoring the urgent need for enhanced clarity and improved quality in SARs preparation.

The financial professionals responsible for auditing transactions are integral to the detection of financial crimes. These individuals serve as the initial point of contact for identifying transactions that may be cause for concern, including patterns such as irregular recurring deposits or activity inconsistent with the account鈥檚 intended purpose.

Upon detection of potentially suspicious financial activity, a bank initiates a thorough internal review to assess whether the circumstances warrant the submission of a Suspicious Activity Report (SAR). If the criteria for suspicion are met, the electronically with the Financial Crimes Enforcement Network (FinCEN) within 30 to 60 days. The report is housed in a secure government database, accessible to authorized agencies such as the FBI, DEA, and IRS for further analysis. While this reporting mechanism plays a vital role in combating financial crime, it is not without limitations.

A significant challenge of the SARs system historically has been the absence of feedback provided reporting to banks regarding the outcomes of their submissions, resulting in a unilateral flow of information. To address this issue, the IRS Criminal Investigation launched a new initiative known as Feedback in Response to Strategic Threats (CI-FIRST).

The CI-FIRST initiative

In early 2025, the initiative was introduced, aiming to establish a transparent and effective partnership between federal agencies and private financial institutions. This program enhances transparency around SARs filings, providing financial institutions with clearer insight into how their submitted SARs are utilized in federal investigations. By doing so, it marks a significant shift in the way SARs are handled.

CI-FIRST fosters a more collaborative relationship between financial institutions and federal investigators, allowing for direct feedback and communication. This open dialogue could lead to more efficient and effective SARs processes. Moreover, the program has the potential to be a blueprint for other agencies, demonstrating a successful model for improving data quality and facilitating more robust information sharing. The success of CI-FIRST could have far-reaching implications for the way financial crimes are investigated.

Within this fraud landscape, several troubling patterns emerged that underscore the sophistication and persistence of financial criminals. For example, check fraud has demonstrated resilience despite the digital age, with financial institutions filing 682,276 SARs related to this traditional form of fraud, representing a notable uptick from previous periods.

CI-FIRST fosters a more collaborative relationship between financial institutions and federal investigators, allowing for direct feedback and communication.

Even more alarming was the dramatic 36% surge in account takeover fraud, a cybercrime that reflects criminals’ increasing ability to exploit digital vulnerabilities and compromise customer accounts. This surge resulted in nearly 178,000 reports, underscoring how criminals are adapting their methods to target online banking and other digital financial services.

The SARs data also revealed that identity theft remained a persistent threat, comprising more than one-quarter of all fraud-related SARs filed in 2024. This substantial proportion demonstrates how personal information breaches continue to fuel criminal enterprises across multiple fraud categories. Perhaps most concerning from a societal perspective was nearly 10% increase in elder financial exploitation cases compared to 2023, with 171,233 SARs filed specifically addressing crimes against vulnerable older adults. This trend reflects not only the increasing targeting of seniors but also potentially improved recognition and reporting of these crimes by financial institutions.

Financial institutions face mounting challenges

These comprehensive trends collectively illustrate the mounting challenges facing financial institutions, law enforcement, and regulatory bodies in their efforts to prevent, detect, and prosecute financial crimes. The sheer volume and diversity of criminal activity captured in these SAR statistics demonstrate that traditional approaches to combating financial crime require enhancement and modernization.

It is within this context that the CI-FIRST initiative emerges as a particularly relevant and timely response. One of the initiative’s most significant contributions lies in its commitment to providing enhanced clarity and guidance on the preparation of required SARs reports.

This improvement in clarity serves multiple critical functions in the financial crime prevention ecosystem. For example, by establishing clearer standards and expectations for SAR preparation, the initiative aims to improve the quality and consistency of the information provided to law enforcement agencies and regulatory bodies.

The sheer volume and diversity of criminal activity captured in these SAR statistics demonstrate that traditional approaches to combating financial crime require enhancement and modernization.

Further, the enhanced clarity in SARs preparation has direct implications for the speed and effectiveness of subsequent law enforcement actions. When SARs contain more precise, complete, and well-organized information, investigators can more quickly identify patterns, establish connections between cases, and build stronger foundations for legal action. This improved information quality significantly accelerates the process of obtaining subpoenas, as law enforcement officials can present more compelling and comprehensive evidence to judicial authorities when requesting these critical investigative tools.

Finally, the enhanced SARs preparation standards contribute directly to more effective prosecutions of individuals engaged in financial crimes. Prosecutors rely heavily on the detailed information contained in SARs to build their cases, and when this information is clearer, more thorough, and better organized, it becomes significantly easier to demonstrate criminal intent, establish patterns of illicit behavior, and present compelling evidence to juries. This improvement in the foundational documentation makes it substantially more likely that prosecutions will be both accurate in targeting genuine criminal activity and successful in securing convictions.

The expediency gained through these improvements creates a virtuous cycle in financial crime prevention. Faster, more successful prosecutions serve as stronger deterrents to potential criminals while also providing more rapid justice for victims. Additionally, enhanced efficiency allows law enforcement resources to be deployed more effectively across a broader range of cases, potentially addressing the growing volume of financial crimes reflected in the 2024 SAR statistics.

You can find more of our coverage of SARs and related efforts to combat financial crimes here