Key takeaways:

• • • Human trafficking is a financial crime 鈥� Without the financial system, human trafficking networks cannot operate at scale. Banks, compliance officers, money transmitters, and casinos are uniquely positioned to detect suspicious patterns.

    • The 2026 World Cup amplifies existing risks 鈥� With 5.5 million additional visitors expected in Mexico City alone, criminal networks will exploit the surge in cash flows, new customers, and cross-border movement.

    • Red flags are observable in financial behavior 鈥� Human trafficking networks often leave detectable financial footprints, which is why financial institutions must update monitoring systems and stay alert to unusual transaction spikes during the tournament.

MEXICO CITY 鈥� As the 2026 FIFA World Cup get ready to hold its tournament in June and July across three North American countries, anti-human trafficking experts are meeting as well and attempting to address the challenges facing the three host countries of the largest World Cup in history.

To that end, the Association of Certified Anti-Money Laundering Specialists (ACAMS), in partnership with 成人VR视频, organized one such event, focused on the scourge of human trafficking that often surrounds large sporting events like the World Cup.

One speaker at the event noted an important clarification in the difference between human trafficking and human smuggling 鈥� two terms that are frequently confused yet carry vastly different legal and humanitarian implications. The key distinction lies in consent and the nature of the crime. In human smuggling, the individual being transported across borders consents to the movement, typically driven by socioeconomic necessity, and the offense is considered a crime against the state. Human trafficking, by contrast, is a crime committed directly against the victim, often involving exploitation through force, coercion, threats, or deception, and does not require the crossing of any international border.

The ACAMS event challenged the common belief is that human trafficking is exclusively sexual in nature. In fact, there are 10 additional forms of exploitation beyond sexual abuse, including slavery, forced labor or services, use of minors in criminal activities, forced marriage, servitude, labor exploitation, forced begging, illegal adoption of minors, organ trafficking, and illicit biomedical experimentation on human beings.

As the World Cup approaches, financial institutions鈥� compliance teams must recognize that the same operational conditions that make major sporting events exciting are precisely the conditions that money launderers and traffickers seek to exploit.

Still, sexual exploitation remains the dominant form of human trafficking. Indeed, it is the second most lucrative illicit business in the world after drug trafficking, with every 15 minutes of sexual abuse of a trafficking victim generating approximately $30.

Of course, without clients, there is no demand, said one speaker from the 脕GAPE Foundation, an organization that works to raise awareness against gender-based violence and human trafficking.

Financial sector as a key line of defense

When identifying human trafficking, it鈥檚 wisest to examine it from a financial perspective to find important indicators, according to several speakers. Indeed, the financial sector plays a critical role given its capacity to detect suspicious accounts and payments, shell companies, cash movements, digital platforms, and commercial operations.

For example, when a customer opens an account or conducts a transaction, certain red flags can be visible, including whether the customer needs to consult notes to answer basic questions such as their address or occupation, or that their responses are not spontaneous or natural. Also, another indicator is if the customer’s profile is inconsistent with the type or volume of transactions being conducted.

For financial institutions, there are other patterns that have triggered alerts in illicit activity in the past, including near-immediate deposits and withdrawals with no clear justification for the cash flow, or multiple individuals registered at the same address or linked to the same account.

Similarly, another red flag would be if there鈥檚 a high number of accounts opened from the same state or municipality with similar patterns, particularly in areas identified as origin points for trafficking networks; or, payment of multiple short-term rentals or payments abroad to unverifiable recruiters or employment agencies.

Financial institutions should be on the lookout for companies that file no tax returns or invoice simulated transactions, or that use of front men to open accounts or conduct operations.

Also, new businesses whose declared activity does not correspond to their financial operations should be flagged, as well as any frequent, large-volume purchases of condoms, lingerie, or women’s clothing inconsistent with the declared business activity.

Indicators at the 2026 World Cup

In the context of major sporting events such as the World Cup, existing risks are significantly amplified, several speakers pointed out. Sexual tourism, including the commercial sexual exploitation of children and adolescents, is a known and serious threat. Indicators that are relevant not only for the financial and banking sectors, but also for the real estate, tourism, transportation, hospitality, and restaurant industries including unusual accommodation requests, such as deactivating security cameras, delivering keys through third parties, or inquiring about the presence of neighboring guests.

When identifying human trafficking, it鈥檚 wisest to examine it from a financial perspective to find important indicators, and the financial sector plays a critical role given its capacity to detect suspicious accounts.

These industries should also be on the lookout for any adult or group of adults traveling with an unusually large number of minors, or individuals who travel in silence and are accompanied by someone who appears to exercise visible control over them.

As the World Cup approaches, financial institutions鈥� compliance teams must recognize that the same operational conditions that make major sporting events exciting 鈥� high transaction volumes, new customers, cross-border flows, and institutional attention diverted toward the event itself 鈥� are precisely the conditions that money launderers and traffickers seek to exploit.

For these compliance teams, monitoring systems must be updated, know-your-customer processes must go beyond documentation and reflect a genuine understanding of the client’s activity and context, and on-site verification visits must be conducted by personnel who know exactly what they are looking for.

The financial sector does not need to become an investigative body; however, it does need to remain alert, informed, and willing to report. Indeed, this is exactly what the compliance function exists for, and in the context of human trafficking, the cost of silence is measured not in fines or reputational damage, but in human lives.

Please add your voice to 成人VR视频鈥� flagship , a global study exploring how the professional landscape continues to change.听

Key insights:

• • • Geopolitical crises fuel financial volatility and illicit activity 鈥� Conflicts have traditionally accelerated capital shifts and flows, creating cover for bad actors.

    • Predictable patterns emerge 鈥� Financial institutions should watch for sudden cross-border activity, unusual cash deposits, and transactions from border areas.

    • Conflict zones enable black market expansion 鈥� They also should adapt their compliance systems to detect more sophisticated methods used by criminals, tightening screening and enhancing staff training.

While business and international politics may appear cold and calculating, these things are often driven by emotion, especially fear 鈥� and fear of instability often drives market volatility.

So it goes as the United States attacks one of the world’s largest militaries and supporters of regional terror groups, causing deepening instability in a Middle East already beset by violence. It is certain that there is already a surge of money flowing in and out of the region for different reasons. Legitimate and illegitimate actors alike will seek to both run away from the crisis and profit from it. However, there are some anti-money laundering specific thoughts that financial institutions need to consider during a time of global uncertainty.

The bottom line 鈥� lots of money is on the move. Funding will send aid groups towards the crisis; it will also send logistical supplies, war material, and other necessities. All of these cost money, and defense sectors in multiple countries will be pumping out munitions to refill stockpiles in any country that is related to or in the neighborhood of the conflict.

Not every large transaction is an unusual, reportable event, but financial institutions now need to look one or two layers below the surface. What does not seem related on the surface is always a red flag. Look at beneficial ownership of companies and vessels, look at relations of the owners, not just the 听(OFAC) results of those people themselves. The financial system will, and should, allow the legitimate funds to flow. However, financial investigators must remain diligent to catch bad actors that take advantage of the surge in non-profit activity or the urgency with which legitimate businesses operate in a conflict zone.

Risk Factor 1: Capital flight from regime change

Just as the fall of the Al-Assad regime in Syria caused family funds to flow to as regime members fled the country, you will see the same with politically exposed persons (PEPs) who are inevitably fleeing regime change in Iran. A political crackdown will come. Whether the victors are on the side of the West or not remains to be seen, but some factions are going to flee the country and take family wealth with them.

Banks and other financial services should watch for anyone connected to people moving money through neighboring countries in which they may have literally hiked or driven before depositing cash into a financial institution. There are stories of refugees leaving places with gold bands on their arms, cash and false bottom purses, and diamonds in the lining of sweaters. These things will be converted to cash in neighboring countries and put into financial systems less affected by the conflict. An influx of cash throughout the region, therefore, could indicate this type of capital flight.

Risk Factor 2: Illicit finance and black markets

Since the fall of Syria, we have also become aware of that helps fuel addiction and armed conflict. There are certainly other substances and drug trafficking networks about which we know very little on this side of the secrecy veil.

Therefore, this instability will be seen as a time of opportunity for criminal groups. Indeed, with Assad鈥檚 security forces no longer controlling middle eastern captagon and other narcotics trade and various armed groups looking for funding sources, this is an illicit business opportunity.

Financial institutions can expect rapid movement of money between unrelated shell corporations, new corporations, and shadow vessels. They also should expect the black market to boom with drugs, contraband Iranian oil, and funds tied to narcotics that they have only yet to discover. Illegal arms will also generate funding, so all of the methods, both formal and informal, used to transfer value will become active.

In fact, large portions of such funding will flow through financial institutions; and peer to peer payment providers, FinTechs, and money transmitters should be especially wary of funds moving rapidly through their platforms. A burst in conflict means a burst in activity from illicit sources; therefore, enhanced, targeted monitoring is a must.

How financial institutions鈥� risk & compliance teams should respond

First, all financial institutions鈥� risk & compliance departments need to assess their institutions鈥� OFAC and sanctions screening search parameters. This is a good time to dial up fuzzy logic capability and reduce match percentage thresholds. In other words, risk tolerance should go down while the metaphorical dragnet gets wider. Surge the department鈥檚 personnel capability to compensate if you have to, because that is better than a strict-liability OFAC fine. Remember, OFAC sanctions are closely tied to national security, especially when it comes to Iran. This is not an arena in which leniency can be expected. Compliance teams should look at monitoring systems and thresholds immediately, create geographical targeting models to cover the conflict zone, and consider a command center approach to deal with the fluidity of the situation until things settle.

If your institution has not already taken the hint from regulators, this also is an opportunity to double down on Customer Due Diligence and identity verification. Front line staff and embedded business compliance personnel should receive updated training and job aids to increase awareness and hone internal reporting. Indeed, it is an advanced business skill to understand complex corporate beneficial ownership, much less to detect when it may be tied to illicit activity or corrupt regimes. Now is the time to increase that level of knowledge and thereby make the culture of compliance more robust.

In every crisis there is opportunity as well as risk: Managing the risk allows every company to take advantage of the opportunity, shore up its mission, and strengthen the institution.

You can find out more about听the geopolitical and economic outlook for 2026听here

Key insights:

• • • Debanking can have harsh consequences 鈥� Losing a bank relationship can abruptly cut off finances and damage reputations, often excluding people and firms from basic economic life, often without a clear explanation.

    • The core tension for banks 鈥� Financial institutions need to balance the risk between AML/KYC and fraud versus preserving fair access to financial services. As reputational and ideological factors enter into decision-making, concerns about discretion and due process grow.

    • Policy is moving toward guardrails 鈥� Already many policymakers are pushing for clearer documentation, transparent notices, a common-sense path to appeal, and a bright line between financial鈥慶rime risk and other risks.

Financial institutions serve as the foundation of the modern economy. Nearly every transaction 鈥� from paying for services to buying a cup of coffee 鈥� depends on an institution that facilitates or underwrites these exchanges. In this interconnected system, access to banking relationships has become essential for meaningful economic participation for individuals and organizations.

This dependence creates significant consequences for society. Without access to banking services, both businesses and individuals face significant barriers to participating in the economy. Businesses cannot easily pay their employees, fulfill tax obligations, or conduct basic commercial activities. Similarly, individuals struggle to receive payments and manage their personal finances. When institutions terminate these relationships, they effectively exclude people and businesses from the broader economic system. This reality applies to both traditional banks and modern FinTech companies.

Given banking relationships’ critical role in economic participation, the circumstances under which these relationships end deserve careful examination. Financial institutions face ongoing challenges in determining which customers they can serve while meeting regulatory obligations and business objectives. This decision-making process has evolved and can ultimately lead to what experts call debanking 鈥� a practice that involves closing accounts and terminating interactions between debanked individuals or organizations and the financial institutions doing the debanking.

What debanking is 鈥� and isn’t

The impact of debanking extends far beyond the inconvenience of closing an account. Affected individuals may face extended periods without access to essential funds needed for survival, and they often suffer lasting reputational damage that may cause other financial institutions to reject them as well. Most concerning, however, is that banks rarely provide clear explanations for debanking decisions, leaving individuals unable to address potential misunderstandings or prevent future occurrences.

Without access to banking services, both businesses and individuals face significant barriers to participating in the economy.

This lack of transparency and the cascading effects of banking exclusion demonstrate the profound power that financial institutions hold in determining who can fully participate in the modern economy. This also causes concern about who holds this power and how it can ultimately be kept in check.

Not surprisingly, the concept of debanking has become a contentious issue in the financial sector, with proponents and critics presenting varying perspectives on its implications. At its core, debanking most often occurs when financial institutions terminate or refuse to establish customer relationships, often due to concerns about risk management or regulatory compliance.

Financial institutions argue that debanking is a necessary measure to mitigate potential risks, such as money laundering, terrorist financing, and other fraudulent activities by certain individuals or businesses. By terminating these illicit customer relationships, banks aim to protect themselves from reputational damage, financial losses, and regulatory penalties while maintaining financial system integrity and adhering to anti-money laundering (AML) and know-your-customer (KYC) regulations.

Critics, on the other hand, argue that debanking can have unintended consequences, particularly for marginalized communities and individuals who may not have access to alternative financial services. This can lead to financial exclusion, making it difficult for people to access basic banking services, such as deposit accounts, credit, and payment processing services.

However, the scope and application of debanking practices have expanded beyond traditional risk-based criteria. Questions have emerged regarding the appropriateness of account closures based on reputational concerns, political associations, or ideological considerations. This broader application has intensified public discourse about the boundaries of institutional discretion and the potential implications for financial inclusion.

Policymakers now are working to ensure that banks can address genuine risks without discriminating against customers based on their lawful views.

To navigate this issue, financial institutions need to follow a balanced approach. This involves enhancing transparency, providing channels for appeal or alternative services, and refining regulations to define acceptable grounds for debanking. The goal is to maintain a secure and inclusive financial system that effectively manages risk while protecting the interests of ordinary citizens and legitimate businesses.

Policymakers get involved

In response to concerns that non-financial factors may influence these decisions, an Executive Order was issued by the Trump administration in August to establish clearer guidelines for banking institutions, requiring that account management decisions be based primarily on financial and risk-related criteria. The order seeks to standardize practices across the industry and provide greater transparency in the decision-making process for account closures and financial service terminations.

In September, at the Association of Certified Anti-Money Laundering Specialists (ACAMS) Assembly held in Las Vegas, Mike Greenman, Senior Vice President and Chief Counsel of Financial Crimes Legal at US Bank, emphasized the critical importance that financial institutions present clear documentation for when and how debanking decisions were made about specific industries. Greenman strongly advised institutions to “always separate financial crime risk from other risks.”

Looking ahead at debanking

The issue of debanking has garnered attention due to high-profile cases and concerns about potential misuse. Investigations in several countries have found no evidence of widespread politically motivated debanking, but the perception of potential abuse has led many critics to re-examine this practice. Policymakers now are working to ensure that banks can address genuine risks without discriminating against customers based on their lawful views.

To navigate this issue, a balanced approach is necessary, one that involves enhancing transparency, providing channels for appeal or alternative services, and refining regulations to define acceptable grounds for debanking. The goal for financial institutions should be to maintain a secure and inclusive financial system that effectively manages risk while protecting the interests of ordinary citizens and legitimate businesses.

You can find out more about the regulatory challenges that financial institutions face here

Key insights:

• • • Auditors are critical in initial financial crime detection听鈥� Professionals responsible for auditing transactions are the primary line of defense in identifying suspicious activity, such as irregular deposits or transactions inconsistent with an account’s purpose.

    • CI-FIRST enhances SAR effectiveness and collaboration听鈥� The new CI-FIRST initiative by IRS Criminal Investigation marks a significant shift by providing financial institutions with feedback on SARs, fostering a more transparent and collaborative partnership with federal agencies.

    • Financial crimes are evolving, requiring improved SAR quality听鈥� Recent trends show a troubling rise in sophisticated financial crimes like account takeover fraud, elder exploitation, and resilient check fraud, underscoring the urgent need for enhanced clarity and improved quality in SARs preparation.

The financial professionals responsible for auditing transactions are integral to the detection of financial crimes. These individuals serve as the initial point of contact for identifying transactions that may be cause for concern, including patterns such as irregular recurring deposits or activity inconsistent with the account鈥檚 intended purpose.

Upon detection of potentially suspicious financial activity, a bank initiates a thorough internal review to assess whether the circumstances warrant the submission of a Suspicious Activity Report (SAR). If the criteria for suspicion are met, the electronically with the Financial Crimes Enforcement Network (FinCEN) within 30 to 60 days. The report is housed in a secure government database, accessible to authorized agencies such as the FBI, DEA, and IRS for further analysis. While this reporting mechanism plays a vital role in combating financial crime, it is not without limitations.

A significant challenge of the SARs system historically has been the absence of feedback provided reporting to banks regarding the outcomes of their submissions, resulting in a unilateral flow of information. To address this issue, the IRS Criminal Investigation launched a new initiative known as Feedback in Response to Strategic Threats (CI-FIRST).

The CI-FIRST initiative

In early 2025, the initiative was introduced, aiming to establish a transparent and effective partnership between federal agencies and private financial institutions. This program enhances transparency around SARs filings, providing financial institutions with clearer insight into how their submitted SARs are utilized in federal investigations. By doing so, it marks a significant shift in the way SARs are handled.

CI-FIRST fosters a more collaborative relationship between financial institutions and federal investigators, allowing for direct feedback and communication. This open dialogue could lead to more efficient and effective SARs processes. Moreover, the program has the potential to be a blueprint for other agencies, demonstrating a successful model for improving data quality and facilitating more robust information sharing. The success of CI-FIRST could have far-reaching implications for the way financial crimes are investigated.

Within this fraud landscape, several troubling patterns emerged that underscore the sophistication and persistence of financial criminals. For example, check fraud has demonstrated resilience despite the digital age, with financial institutions filing 682,276 SARs related to this traditional form of fraud, representing a notable uptick from previous periods.

CI-FIRST fosters a more collaborative relationship between financial institutions and federal investigators, allowing for direct feedback and communication.

Even more alarming was the dramatic 36% surge in account takeover fraud, a cybercrime that reflects criminals’ increasing ability to exploit digital vulnerabilities and compromise customer accounts. This surge resulted in nearly 178,000 reports, underscoring how criminals are adapting their methods to target online banking and other digital financial services.

The SARs data also revealed that identity theft remained a persistent threat, comprising more than one-quarter of all fraud-related SARs filed in 2024. This substantial proportion demonstrates how personal information breaches continue to fuel criminal enterprises across multiple fraud categories. Perhaps most concerning from a societal perspective was nearly 10% increase in elder financial exploitation cases compared to 2023, with 171,233 SARs filed specifically addressing crimes against vulnerable older adults. This trend reflects not only the increasing targeting of seniors but also potentially improved recognition and reporting of these crimes by financial institutions.

Financial institutions face mounting challenges

These comprehensive trends collectively illustrate the mounting challenges facing financial institutions, law enforcement, and regulatory bodies in their efforts to prevent, detect, and prosecute financial crimes. The sheer volume and diversity of criminal activity captured in these SAR statistics demonstrate that traditional approaches to combating financial crime require enhancement and modernization.

It is within this context that the CI-FIRST initiative emerges as a particularly relevant and timely response. One of the initiative’s most significant contributions lies in its commitment to providing enhanced clarity and guidance on the preparation of required SARs reports.

This improvement in clarity serves multiple critical functions in the financial crime prevention ecosystem. For example, by establishing clearer standards and expectations for SAR preparation, the initiative aims to improve the quality and consistency of the information provided to law enforcement agencies and regulatory bodies.

The sheer volume and diversity of criminal activity captured in these SAR statistics demonstrate that traditional approaches to combating financial crime require enhancement and modernization.

Further, the enhanced clarity in SARs preparation has direct implications for the speed and effectiveness of subsequent law enforcement actions. When SARs contain more precise, complete, and well-organized information, investigators can more quickly identify patterns, establish connections between cases, and build stronger foundations for legal action. This improved information quality significantly accelerates the process of obtaining subpoenas, as law enforcement officials can present more compelling and comprehensive evidence to judicial authorities when requesting these critical investigative tools.

Finally, the enhanced SARs preparation standards contribute directly to more effective prosecutions of individuals engaged in financial crimes. Prosecutors rely heavily on the detailed information contained in SARs to build their cases, and when this information is clearer, more thorough, and better organized, it becomes significantly easier to demonstrate criminal intent, establish patterns of illicit behavior, and present compelling evidence to juries. This improvement in the foundational documentation makes it substantially more likely that prosecutions will be both accurate in targeting genuine criminal activity and successful in securing convictions.

The expediency gained through these improvements creates a virtuous cycle in financial crime prevention. Faster, more successful prosecutions serve as stronger deterrents to potential criminals while also providing more rapid justice for victims. Additionally, enhanced efficiency allows law enforcement resources to be deployed more effectively across a broader range of cases, potentially addressing the growing volume of financial crimes reflected in the 2024 SAR statistics.

You can find more of our coverage of SARs and related efforts to combat financial crimes here

Among traditional financial institutions, the on-boarding process, which includes customer screening, can consume valuable time and can sometimes extend to several days. Enhancing efficiency necessitates accelerating the screening and compliance procedures to ensure protection for both the customer and the institution involved. This need for efficiency aligns closely with the objectives of the customer identification program (CIP), which plays a vital role within financial institutions by helping to prevent financial crimes.

Compliance with CIP regulations performs several essential functions in addition hindering financial crimes such as money laundering, terrorist financing, and identity theft. Compliance with CIP, which verifies customer identities to deter such illicit activities, is legally required, through regulations like the USA PATRIOT Act. Non-compliance with CIP can result in substantial fines and reputational harm.

Need for ID verification is critical

Efficient identity verification is critical for the risk management function of a financial institution鈥� compliance program, as delays may lead to the inadvertent on-boarding of high-risk clients, who may pose financial and legal risks. Adherence to CIP requirements also supports institutional integrity, fostering trust among regulators, customers, and the public. Additionally, accurate and timely identification underpins ongoing anti-money laundering (AML) and counter-financing of terrorism monitoring, ensuring the continued effectiveness of these efforts.

In essence, prompt compliance is not merely about fulfilling a requirement 鈥� it entails actively safeguarding the financial system and the institution from imminent threats while meeting legal obligations in a timely manner.

As financial crimes evolve, regulatory bodies update CIP rules to address new threats and ensure robust defenses. Technological advancements, such as the development of AI, also play a role, as new tools and methods for verifying customer identities become available, enhancing security and efficiency. Additionally, changes in laws and regulations, such as amendments to the PATRIOT Act, necessitate updates to ensure continued compliance. And global standards 鈥� like those set by the intergovernmental Financial Action Task Force 鈥� may influence CIP rule changes to align with international best practices.

Further, feedback and experience from implementing existing rules can lead to refinement that improves effectiveness and reduces compliance burdens. These changes aim to enhance the ability of financial institutions to prevent financial crimes and maintain compliance while lowering regulatory costs and improving operational efficiency.

Changes to CIP requirements coming in 2025

Much like every other year, compliance professionals in 2025 face potential changes to CIP rules. The most significant changes include:

• • • Partial SSN collection 鈥� Banks may be permitted to collect only the last four digits of a new customer’s Social Security number (SSN).
    • Third-party verification 鈥� The full SSN would be obtained from a reputable third-party source before the account is opened.
    • Modernization of on-boarding 鈥� This approach is intended to align regulatory requirements with modern on-boarding processes currently used by many non-bank financial technology firms.
    • Enhanced customer experience 鈥� The proposed change aims to reduce friction between customers and the bank by simplifying the account-opening process.
    • Potential for increased automation 鈥� The use of third-party verification tools could lead to more automated on-boarding processes.

A joint proposal from U.S. Securities and Exchange Commission and the U.S. Treasury Department鈥檚 Financial Crimes Enforcement Network means that it is likely that the CIP rule will be changed within the next year, likely as an update withing the AML rule, which already includes CIP requirements for some investment advisers.

These potential changes to CIP rules reflect the dynamic nature of the financial industry and its regulatory environment and seek to modernize the on-boarding process, aligning it more closely with common practices used by non-bank financial technology firms. In short, these changes are designed to enhance customer experience by reducing friction and simplifying account opening procedures while leveraging automation for greater efficiency.

As financial institutions implement these updates, they will be better positioned to address new challenges, optimize compliance, and continue providing secure and seamless services in an increasingly fast-paced business environment. As a best practice, however, customer-facing institutions should pay close attention to the imminent regulatory changes as well as the timing for compliance. It is likely that compliance effective dates will lie in 2026, but it is important not to rest on that assumption.

The future in real-time

As financial institutions navigate the evolving landscape of real-time transactions, the necessity for efficient customer on-boarding processes becomes increasingly critical 鈥� and CIP plays a pivotal role in that. Indeed, CIP not only ensures the demand for speed but also helps financial institutions in their fight against financial crime.

As such, compliance with CIP regulations is essential for managing risks, fostering trust among stakeholders, and supporting ongoing monitoring efforts. And as regulations and technologies advance, financial institutions need to continuously adapt to best maintain robust defenses and operational efficiency, protecting themselves and their customers from illicit activity.

You can find more information on the challenges financial institutions face in听fighting money laundering and other financial fraud here

The听听issued by Treasury’s Financial Crimes Enforcement Network (FinCEN) aims to implement provisions of the听 (AML Act) by amending financial institutions’听听(BSA) obligations.

“We at Treasury and FinCEN believe that this is a transformative moment in the history of AML/CFT policy for the United States,” a Treasury official said during the announcement of the proposed rule. “While it is certainly true that for some financial institutions some aspects of this rule are already in place, this would, for the first time, codify the risk-based nature of AML/CFT programs and also direct financial institutions to allocate their [resources] to high-priority areas that will support the needs of law enforcement.”

Proposal seeks feedback on AML/CFT priorities

FinCEN issued the first-ever 听in June听2021, as required by the AML Act, which aimed to help financial institutions focus their limited resources. The law required FinCEN to issue a rule clarifying how financial institutions were to incorporate the priorities into their AML/CFT programs within six months of naming them.

Instead, it took FinCEN three years to propose the rule recently made public, in part because the rulemaking required consultation with federal banking regulators, including the Board of Governors of the Federal Reserve System, the Office of the Comptroller of the Currency, the Federal Deposit Insurance Corporation, and the National Credit Union Administration.

“As you will see in the proposal鈥� we have a discussion in there on the AML/CFT priorities,” the Treasury official said. “We also have a number of questions soliciting feedback from the public on both the composition of the priorities and how financial institutions specifically should be supervised for their incorporation into the risk assessment process, so the AML/CFT priorities continue to be refined.”

The official added that the proposed rule “will not, on its own, achieve Treasury’s objective of a more effective and risk-based AML/CFT regime,鈥� but it does set up 鈥渁 critical foundation for future changes in the U.S. AML/CFT framework through the multi-step, multi-year implementation of the AML Act.”

The proposed rule also “would encourage financial institutions to modernize their AML/CFT programs where appropriate to responsibly innovate, while still managing illicit finance risks.” Treasury said in its press release.

Written comments on FinCEN’s proposed rule must be received within 60 days of its July 3 publication in the Federal Register.

Creating a more 鈥渆ffective and risk-based鈥� regulatory regime

“It has been an important priority for Treasury to issue this proposed rule that promotes a more effective and risk-based regulatory and supervisory regime that directs financial institutions to focus their AML/CFT programs on the highest priority threats,” stated听Wally Adeyemo, deputy secretary of the Treasury, in a press release.

FinCEN Director Andrea Gacki added that the proposed rule “is a significant milestone in FinCEN’s efforts to implement the AML Act,鈥� calling the proposed rule 鈥渁 critical part of our efforts to ensure that the AML/CFT regime is working to protect our financial system from longstanding threats like corruption, fraud, and international terrorism, as well as rapidly evolving and acute threats, such as domestic terrorism, and ransomware and other cybercrime.”

The Treasury鈥檚 fact sheet stated that the proposed rule would:

• • • amend the existing program rules to explicitly require financial institutions to establish, implement, and maintain effective, risk-based, and reasonably designed AML/CFT programs with certain minimum components, including a mandatory risk assessment process;
    • require financial institutions to review government-wide AML/CFT priorities and incorporate them, as appropriate, into risk-based programs, as well as provide for certain technical changes to program requirements;
    • promote clarity and consistency across FinCEN’s program rules for different types of financial institutions; and
    • articulate certain broader considerations for an effective and risk-based AML/CFT framework as envisioned by the AML Act.

Notably, the Treasury official added that the proposal includes a provision that would require financial institutions to consider BSA filings they have made, such as suspicious activity reports (SARs) and currency transaction reports, as part of their risk assessment processes.

FinCEN’s approach taken in the proposed rule “is consistent with a key recommendation in听, which recommended proposing regulations to require financial institutions to have reasonably designed and risk-based AML/CFT programs supervised on a risk basis and taking into consideration the effects of financial inclusion,” Treasury stated in its release. “For example, through its emphasis on risk-based AML/CFT programs, the proposed rule seeks to avoid one-size-fits-all approaches to customer risk that can lead to financial institutions declining to provide financial services to entire categories of customers.”

BNPL programs are a financing option that allows consumers to make purchases and pay for them over time, typically in a series of installments. These programs have become increasingly popular, especially with online shopping. Some key features of BNPL programs include:

• • • Immediate purchase 鈥� Consumers can buy a product from participating stores or small businesses without paying the full price upfront. This is especially important if the item is necessary or in short supply.
    • Installment payments 鈥� The total cost is divided into smaller, more manageable payments, usually paid bi-weekly or monthly.
    • Interest and fees 鈥� Some BNPL programs are interest-free if payments are made on time, while others may charge interest or late fees if payments are missed.
    • Approval process 鈥� Approval for BNPL is generally quicker and easier than traditional credit, with many services requiring only a soft credit check or basic personal information.
    • Flexibility 鈥� Purchases through BNPL programs can be used for a wide range of products and services, from clothing and electronics to travel and home improvement.

Popular BNPL providers include companies like Afterpay, Klarna, Affirm, and Sezzle. Each company has its own standards and practices, and terms are usually presented prior to completing the loan. While these programs can make it easier to afford larger purchases, it’s important for consumers to be aware of the terms and conditions, including any potential fees or interest, to avoid accumulating debt.

When discussing BNPL, the most frequently cited danger is over-extension of the user鈥檚 finances. Because these programs do not immediately report to credit bureaus, it is easier for the user to overspend or take on more loans than they are comfortably able to pay regularly. When stacked on top of one another these payments can become incredibly expensive.

BNPL, unlike standard credit cards, may not guarantee protection for issues with the initial purchase. If a BNPL-program customer is scammed or needs a return, that process is solely at the discretion of the seller. This means that the buyer may bear the burden of the loss and still could be responsible for paying for an item that does not function or that they may not have received.

Regulation of BNPL programs

In the United States, credit cards are regulated by several entities to ensure they operate fairly and transparently, and much of the responsibility for managing problems with consumers is on the credit card companies, which often must bear the burden of loss in order to protect individuals.

While BNPL providers are subject to various regulations and oversight, the specifics can vary by country and region. Some of the key points regarding the regulation of BNPL providers include:

• • • Consumer protection laws 鈥� In many countries, BNPL providers must comply with consumer protection laws that ensure fair treatment, transparency, and protection against unfair practices. These laws may require clear disclosure of terms, fees, and interest rates.
    • Financial regulators 鈥� Depending on the jurisdiction, financial regulatory bodies may oversee BNPL providers. For example, in the US, the Consumer Financial Protection Bureau (CFPB) has expressed interest in regulating the BNPL sector to ensure consumer protections; while in the United Kingdom, the Financial Conduct Authority (FCA) has been reviewing BNPL products and may impose regulations to protect consumers.
    • Credit reporting 鈥� Some BNPL providers report payment history to credit bureaus, and in such cases, the BNPL providers may be subject to regulations governing credit reporting and responsible lending practices.
    • Advertising and marketing 鈥� Regulations may also govern how BNPL services are marketed to ensure that advertising is not misleading and that consumers are fully informed about the terms and potential risks.
    • Data privacy 鈥� BNPL providers must adhere to data privacy regulations, such as the European Union鈥檚 General Data Protection Regulation (GDPR) to protect consumers’ personal and financial information.

It is important to remember that not every BNPL program is responsible for adhering to all regulations. Credit card companies are generally more heavily regulated than BNPL companies, but the regulatory landscape for BNPL services is evolving and becoming more stringent as these services become more widespread.

While BNPL services offer convenience, it’s also important for consumers to understand the programs鈥� terms and conditions and to be aware of the regulatory environment in their specific region to ensure their rights are protected.

Regulatory scrutiny is increasing, and some countries are beginning to implement or consider regulations specifically targeting BNPL services. As mentioned, the CFPB has started to look more closely at BNPL providers to ensure they are transparent and fair to consumers and may also begin taking steps to regulate BNPL in the same way that credit cards are regulated. This move would provide protection for the customers in cases of fraud and scams and would also provide more consistency in regard to the programs鈥� terms and conditions.

While this increased transparency may come at a snail鈥檚 pace, it surely will be a step in the right direction to help create a sustainable area of consumer financing.

When thinking of a life insurance policy, most people think of a traditional term-life policy. These policies hold no cash value, and the only benefit is that, if premiums are paid over the course of the agreed-upon term, and the insured person dies, the company will pay out. However, if the term comes to an end and the insured is alive, the person gets no money back.

In addition to the standard term-life policy, however, there are several types of life insurance policies with cash value:

• • • Whole life insurance 鈥� It provides coverage for the insured’s entire lifetime, as long as the premiums are paid. It also includes a savings component known as cash value, which grows over time and can be borrowed against or withdrawn.
    • Universal life insurance 鈥� This type of permanent life insurance offers more flexibility than whole life insurance. Policyholders can adjust their premiums and death benefits. Universal life also includes a cash value component that earns interest.
    • Variable life insurance 鈥� This type also provides lifelong coverage, but with a built-in investment component under which the cash value can be invested in a variety of different accounts similar to mutual funds. This type of policy has potential for higher returns but also comes with increased risk, as the cash value can fluctuate based on the performance of the chosen investments.
    • Indexed universal life insurance 鈥� A variation of universal life, this policy allows the cash value to grow based on a stock market index (like the S&P 500). It usually provides a guarantee that the cash value will not drop below a certain level, even if the index performs poorly.

Unfortunately, these products also can become attractive to scammers that can steal from the policyholder or the insurance company. There is a high cash value in many cases, making a relatively easy scam lucrative; and the onus is on the insurance companies to protect themselves and their customers.

Complying with regulatory requirements

It is critical that insurance companies comply with all regulatory standards to protect themselves and their customers. A failure to confirm identification at the time of application, loan, or payout, for example, offers a clear opening for scammers. Accounts can be fraudulently opened or closed, which also could give cash to the scammer.

Some insurance companies have lower thresholds for personal identification than traditional banks. This lapse allows scammers access to these high-value accounts with less personal identifying information, which could result in scammers changing deposit accounts and making loans or withdrawals without the actual owners鈥� knowledge. Multifactor identification and other protection measures need to be in place within insurance companies to mitigate this danger. In addition to protecting individuals from basic scams, insurance companies want to be protected from losses as well as violations of regulatory standards.

Knowing their regulatory standards

A proper compliance program will limit the ability of nefarious actors to take advantage of the system in place. For an insurance company to have a proper compliance program, the first step is to know what regulatory standards are in place.

Insurance companies must comply with a number of regulatory standards, depending on the products that they offer. The (NAIC) provides uniform regulatory guidance in the insurance industry. However, according to , individual states have the authority to implement the guidance as they deem appropriate.

For example, the offers several points of guidance for insurance companies to follow to establish a stronger data security system for their own and their customers鈥� protection. This guidance includes provision to address:

• • • Risk assessment 颅鈥� Insurance companies are required to conduct risk assessments to identify potential threats to the security of personal information.
    • Information security program 鈥� Insurers must develop, implement, and maintain a comprehensive information security program based on the outcome of the risk assessment.
    • Oversight of third-party service providers 鈥� Insurers are responsible for ensuring that their third-party service providers are capable of protecting personal information and are held to appropriate standards of conduct.
    • Incident response plan 鈥� The law requires insurers to have an incident response plan in place to promptly address and mitigate any breach of security that compromises personal information.
    • Notification of breach 鈥� In the event of a data breach, insurers are required to notify affected individuals and regulators within a specified timeframe.

The NAIC published this model law, which aims to establish standards for data security, investigation, and notification of a cybersecurity event applicable to insurers, agents, and other licensed entities. , only 23 jurisdictions have implemented it, which means that many individuals in most jurisdictions are vulnerable.

As insurance companies鈥� offerings become more diverse, it becomes more important for these companies to have proper compliance programs that protect the insurance company itself from scams, manipulation, reputational damage, and financial penalties.

The proposal has been more than 20 years in the making and will require advisers registered with the U.S. Securities and Exchange Commission (SEC) and exempt reporting advisers (ERAs) to establish AML programs, file听听(SARs), and comply with AML reporting and recordkeeping obligations as a “financial institution” under the听听(BSA), which, among other things, would require firms to file听听(CTRs) and keep records relating to money transfers.

The proposal would apply only to advisers required to be registered with the SEC and ERAs; however, future rulemaking may include other types of advisers, such as state-regulated advisers. If adopted, FinCEN would delegate its examination authority to the SEC.

In 2003 and again in 2015, FinCEN proposed to include certain investment advisers within the definition of “financial institution” and impose AML compliance obligations on such advisers. The proposals were met with heavy resistance from the industry and never formalized. In fact, the 2015 proposal was substantially similar to the current one but has now been expanded to include ERAs as a covered adviser for AML program requirements.

Since then, many advisers have voluntarily implemented an AML program on their own initiative as a best practice. In addition, programs were implemented to satisfy the requirements of counterparties or to allow broker-dealers to rely upon them for part of their AML program.

AML program requirements

Under the latest proposal, an adviser would be required to develop and implement a written, risk-based program that is reasonably designed to prevent the adviser from being used to facilitate money laundering and the financing of terrorism.

The program must include a designated AML compliance officer, AML training and periodic independent testing of the program’s compliance. It must also be approved in writing by the organization鈥檚 board of directors or trustees, and if there is no such board, by the sole proprietor, general partner, trustee, or other person(s) with functions similar to a board of directors.

Since the AML compliance program requirement is risk-based, advisers and ERAs will have the flexibility to tailor their programs to the specific risks associated with their businesses.

Notably, FinCEN did not impose a Customer Identification Program (CIP) requirement in this proposal; however, FinCEN did state it anticipates the CIP requirement will be addressed through future joint rulemaking with the SEC.

FinCEN also is not proposing an obligation for advisers to collect beneficial ownership information for legal entity customers. FinCEN anticipates addressing this requirement in a subsequent rulemaking.

Firms that are dually registered with the SEC as investment advisers and broker-dealers would not be required to establish multiple or separate programs, provided that a comprehensive AML program covered both activities.

SARs requirement

The proposed rule would subject advisers to suspicious activity reporting obligations similar to those required of broker-dealers.听An adviser must report suspicious transactions that are conducted or attempted by, at, or through an adviser and involve or aggregate at least $5,000 in funds or other assets.

Advisers would be required to assess client activity and relationships for money-laundering risks and develop a suspicious transaction monitoring program that is suitable for the adviser in the context of such risks. In circumstances that require immediate attention, advisers must notify the appropriate law enforcement authority at once and submit timely SARs.

FinCEN suggests suspicious activity monitoring could include screening for fraud indicators (e.g., paying for investments through multiple transfers from different financial institutions) or the use of negotiable instruments common to money-laundering schemes (e.g., money orders).

Other regulations would be similar to those applicable to broker-dealers, including requirements around SAR-filing times (i.e., 30 calendar days after initial detection of reportable facts), record retention (i.e., five years after the SAR was filed) and confidentiality requirements.

Bank Secrecy Act and currency transaction reports

FinCEN also proposes to incorporate advisers into the BSA’s definition of a “financial institution.” These financial institutions are subject to additional AML regulations beyond the standard program requirements.

For example, a “financial institution” is required to file a currency transaction report for any single-day transaction involving the transfer of more than $10,000 by, through, or to the investment adviser. This would replace the current measure requiring an adviser to file reports on Form 8300 for the receipt of more than $10,000 in cash and negotiable instruments.

FinCEN regulations require firms to file currency transaction reports electronically within 15 days of the reported transaction(s). Reports must be retained for a minimum of five years following the date of filing. Additionally, firms must be conscious of recordkeeping and travel rules obligating them to create and retain fund-transmittal records and to ensure that certain transmittal information “travels” to the next financial institution in the payment chain. Accordingly, the proposed rule requires that records be maintained for transmittals of $3,000 or more.

The FinCEN proposal is now available for comment, although a final compliance date has yet to be determined.

Criminals can learn quickly how to exploit automated KYC checks, even biometric ones, to open hundreds of accounts. Firms believe their marketing is bringing in new customers, but a sudden acceleration in account openings can be attacks by criminals taking advantage of an on-boarding weakness, said Uri Rivner, chief executive at Refine Intelligence in Tel Aviv.

“Everything is digital, and we rely on identity checks that are mostly based on data, especially if we want to make it very quick and frictionless,鈥� Rivner said. 鈥淏ut even the more advanced systems that do a video interview or facial recognition 鈥� there are ways for criminals to bypass that.”

Mule accounts

Transparency International Russia (in exile) recently 听showing the ease by which mule accounts from payments firms authorized by the United Kingdom鈥檚 Financial Conduct Authority (FCA) could be bought on the dark web. And it was reported that Mercuryo.io, another FCA-authorized firm, was to “maximize customer pass rates globally, to expand as fast as they could.”

Financial firms can easily be deceived by stolen identity documents if they do not have proper scanning measures, authentication, and biometrics. There are databases of fake and stolen identification documents against which customers’ documents should be checked to avoid being exploited by criminals opening accounts to sell on as mule accounts.

“The bottom line is if a company is doing a lightweight KYC process without any other controls, and they’re under attack, they were asking for it,” Rivner said, adding that many firms, especially in the US, have implemented behind-the-scenes biometrics and advanced analytics to catch these attacks, while other companies still opt for the high-end, sophisticated identity verification tools.

Electronic KYC is a valid way to on-board clients from a regulatory perspective, but it is unwise to market easy KYC, because that will attract criminals who will quickly exploit it.

Kathryn Westmore, senior research fellow at the Centre for Financial Crime and Security Studies at the Royal United Services Institute in London, agreed. “If you look at the wording of the guidance from the Joint Money Laundering Steering Group, it’s permissible to rely on these third parties to do electronic verification so long as you are comfortable with that,鈥� Westmore said. 鈥淭he real question is: how robust are these companies?”

Criminals can learn quickly how to exploit automated KYC checks, even biometric ones, to open hundreds of accounts.

Not all companies offering these KYC and identity verification tools can deliver, however. Some banks are听听that overpromised on the effectiveness of artificial intelligence tools but did not deliver.

The UK’s Payment Systems Regulator (PSR) 听last year showing nine smaller payment firms were among the top 20 highest receivers of authorized push payment (APP) fraud. The worst performer was Dzing Finance, which saw that 187,695 per 1 million of its transactions were APP fraud. The FCA imposed restrictions on Dzing a few days after the PSR published its data.

“There is a whole range of these firms that continue to operate despite having received [anti-money laundering] AML fines in other jurisdictions or [that] have clear links to Russia or other countries,” Westmore said. 鈥淪ome are advertising accounts that can be opened instantaneously with minimal checks. They’re appealing to people who are wary about big banks and don’t want to give away their information to anybody or to people who want to abuse their facilities.鈥�

Identity verification, not KYC

Some frictionless customer on-boarding tools are not really KYC, they are identity verification 鈥� and there is a difference, Rivner said.

“Banks are supposed to understand the customer, not just know the customer,” Rivner explained. 鈥淏anks knew the customers but also knew the life story of the customer. They knew why the customer was doing what they’re doing. They understood the context around those activities. This knowledge has been deteriorating over the years with the move to digital.鈥�

Identity verification may confirm a customer’s identity, but it does not provide transactional behavior insight to distinguish between suspicious and legitimate activity. This knowledge gap could lead to accounts being frozen too frequently or unnecessarily while the firm investigates transactions. Indeed, these delays can be more detrimental to a customer relationship than cumbersome on-boarding.

While it is important to strive to make financial institutions more accessible, it is fundamental to the prevention of fraud to adhere to the standards set by regulatory agencies.