Financial crime bulletin

The intriguing thing about financial crime is that it’s always morphing, like a strain of flu; you may cure today’s strain but the next year it evolves into something bad, if not worse. In today’s world, financial crime has become smarter, faster and harder to trace – crossing borders and exploiting the very technologies meant to drive the progress. In response to these challenges, companies around the world are enhancing their frameworks for managing financial crime risks, being adaptable to dynamic regulatory landscapes, adjusting to changing regulatory environments, and using modern technologies to not only detect threats but anticipate them.

Our perspective

Understanding the evolving and diverse types of financial crime typologies is crucial for companies, as it enables the institution to effectively assess potential vulnerabilities in their respective control environment (including the ever-evolving partner ecosystem) and mitigate risks appropriately to protect from potential harm.

To remain ahead of the evolving threats, institutions must adopt a proactive and comprehensive approach that tackles these diverse types of financial crime. This means not only responding to risk events as they arise but anticipating them and integrating cross-functional strategies to prevent the risk at initial manifestation stages. The key to effectively manage financial crime risks is to develop a culture of compliance and ethical conduct across the organisation.

Furthermore, addressing financial crime is crucial not just for supporting the integrity of the financial system but also for fostering a fair and transparent environment that enables participants to achieve their business goals. Implementing strong regulations, promoting ethical practices, and holding wrongdoers accountable are essential steps in combating financial crime and preserving trust in financial institutions.

Key insights on evolving fraud trends:

Concept of cyber security, information security and encryption, secure access to user's personal information, secure Internet access, cybersecurity.

While globally we are seeing an increased adoption of AI and ML based solutions for financial crime detection and prevention, there’s also a marked uptick in the same technology being leveraged by fraudsters/threat actors. Few examples below:

Agentic AI powered frauds - Fraudsters are using artificial intelligence to produce hyper-realistic fake emails, invoices, and even synthetic voices that may impersonate executives. The imperative that the use of effective technology governance and real-time monitoring becomes pivotal to combat AI related frauds
Deepfake payments - The banking and payment industries are on heightened alert in response to an evolving new threat from the realm of cybersecurity that involves deepfake payments by scammers done through manipulative video calls to authorise fraudulent payments.

The use of cryptocurrency presents new challenges and considerations for AML initiatives. We are noticing regulatory authorities intensifying their oversight of cryptocurrency transactions and working to address regulatory gaps that may be exploited for illicit activities

Unauthorised/toxic access to company networks and systems led to increase in insider threats and vendor fraud. This often involve individuals using permitted access to company's data resources to inflict damage on the company's equipment, information, networks and systems encompassing various malicious activities. The effectiveness of insider threat programs is critical to mitigating vulnerabilities before they materialize within the control environment

Outdated defences and fraud blind spots are emerging fraud risks, wherein, fraudsters may take advantage of outdated software/misconfigured systems and use loopholes in the digital systems, which in turn, result in financial and data loss to businesses and consumers. Conducting ongoing fraud risk assessments at risk-based intervals by qualified specialists is a pivotal measure in mitigating potential fraud-risk blind spots

Users may store digital IDs on their device that make it easier to authenticate across platforms. It could be imperative for businesses to implement measures to verify and safeguard these identities, particularly as they become more prevalent in financial transactions and international dealings

To deal with emerging Financial Crime and Compliance (FCC) risks, we are seeing more frequent regulatory releases or amendments. E.g., U.S.A. Securities and Exchange Commission (SEC) forming crypto task force, UAE's Dubai Financial Services Authority (DFSA) making amendments to Simplified customer due diligence (SDD) and Annual Information Return. The Canadian Department of Finance introducing new regulatory amendments to strengthen AML/ATF framework and steps taken by Singapore's Monetary Authority with respect to Governance and Risk management.

Here's a snapshot of noted regulatory initiatives/enactments during 2025

Regulators speak – Global regulatory landscape

Memorandum of Understanding (MOU) published for updates on SDN List¹On 13 January 2025, OFAC had published its MOU with the United Kingdom's Office of Financial Sanctions Implementation (OFSI) that aimed to strengthen their collaborative relationship to advance their common mission of investigating, enforcing, and promoting compliance with economic sanctions and certain trade sanctions promulgated by the United States and the United Kingdom.

Regulatory body: Office of Foreign Assets Control (OFAC), Department of Treasury (DOT)

FATF's Increased Monitoring and Call for Action²
On 26 February 2025, the FATF added Laos and Nepal to its list of Jurisdictions under increased monitoring and removed Philippines from that list. The FATF’s list of High-Risk Jurisdictions subject to a Call for Action remains the same, with Iran, the Democratic People’s Republic of Korea (DPRK), and Burma subject to calls for action.

Regulatory body: The Financial Crimes Enforcement Network (FinCEN)

Formation of New Crypto Task Force³On 21 January 2025, SEC Acting Chairman launched a crypto task force dedicated to developing a comprehensive and clear regulatory framework for crypto assets. The Task Force will collaborate with Commission staff and the public to set the SEC on a sensible regulatory path that respects the bounds of the law.

Regulatory body: U.S. Securities and Exchange Commission (SEC)

Withdrawal of guidance for banks related to their crypto asset⁴
On 24 April 2025, Federal Reserve Board announced the withdrawal of guidance for banks related to their crypto-asset and dollar token activities and related changes to its expectations for these activities.

Regulatory body: The Federal Reserve

Identify the natural persons behind shell companies⁵On 14 April 2025, FinCEN announced the renewal of its Geographic Targeting Orders (GTOs) that require U.S. title insurance companies to identify the natural persons behind shell companies used in non-financed purchases of residential real estate.

Regulatory body: The Financial Crimes Enforcement Network (FinCEN)

AML-CFT-CPF Policy and Strategy⁶
On 21 February 2025, FSC published AML-CFT-CPF Policy and Strategy that builds on the foundation of the objectives in the 2020 Policy outlined in the four (4) key areas of supervision, enforcement, promotion of cooperation and stakeholder awareness and outreach, but addresses the specific ML, TF and PF risks that impact the work of the Commission as the Territory’s financial services regulator in separately identified AML, CFT and CPF Policies.

Regulatory body: British Virgin Islands (BVI), Financial Services Commission (FSC)

European Commission’s Call for Advice (AML/CFT)⁷
On 6 March 2025, EBA launched a public consultation on four draft Regulatory Technical Standards (RTS) that will be part of the EBA’s response to the European Commission’s Call for Advice. These technical standards will be central to the EU’s new AML/CFT regime and will shape how institutions and supervisors will comply with their AML/CFT obligations under the new AML/CFT package. The consultation runs until 6 June 2025.

Regulatory body: European Banking Authority (EBA)

New measures to strengthen the response to fraud and money laundering⁸
On 10 April 2025, The Hong Kong Monetary Authority (HKMA), the Hong Kong Police Force (HKPF) and The Hong Kong Association of Banks (HKAB) jointly announced a series of new measures to prevent, detect and disrupt financial crime, including fraud and associated mule account networks.

Regulatory body: Hong Kong Monetary Authority (HKMA)

Governance and Risk management⁹
On 4 March 2025, MAS conducted thematic inspections on the effectiveness of selected banks’ governance and risk management of their commodity financing business, with an emphasis on lending standards and practices to the commodity trader client segment in the oil and gas sector. The paper sets out MAS’ supervisory expectations, areas for improvement, and includes good practices that banks and finance companies are encouraged to work towards.

Regulatory body: Monetary Authority of Singapore (MAS)

New regulatory amendments to strengthen AML/ATF framework¹⁰
On 7 March 2025, Government of Canada announced the upcoming implementation of new regulatory amendments to strengthen Canada’s Anti-Money Laundering and Anti-Terrorist Financing (AML/ATF) framework and ensure that it is even more robust and effective in addressing threats of financial crime.

Regulatory body: Department of Finance Canada

Amendments to SDD and Annual Information Return¹¹
On 26 February 2025, DFSA in exercise of its powers, conferred by Article 23 of the Regulatory Law 2004, made amendments to the Anti-Money Laundering, Counter-Terrorist Financing and Sanctions Module (AML) with respect to Simplified customer due diligence (SDD) and Annual Information Return that came into force w.e.f March 3, 2025.

Regulatory body: Dubai Financial Services Authority (DFSA)

Regulators speak – Indian regulatory landscape

India

Regulatory prescriptions and Institutional Safeguards¹²On 17 January 2025, RBI rolled out its circular related to prevention of financial frauds perpetrated using voice calls and SMS – regulatory prescriptions and Institutional Safeguards. As per the guidance, any entity who wishes to send commercial communication to its existing or prospective customers – are needed to fulfil prescribed regulatory requirements.

Regulatory body: Reserve Bank of India (RBI)

Guidelines on (KYC/AML/CFT)¹³

On 17 January 2025, PFRDA in its circular updated guidelines on Know Your Customer/Anti-Money Laundering/Combating the Financing of Terrorism (KYC/AML/CFT) for use by Points of Presence (PoPs), National Pension System (NPS) Trust, Central Recordkeeping Agency (CRAs) and Retirement Advisers registered under the PFRDA Act and the respective Regulations.

Regulatory body: Pension Fund Regulatory and Development Authority (PFRDA)

Obligation to give information in respect of crypto asset¹⁴
On 1 February 2025, Income Tax Department through its explanatory memorandum to Budget 2025 introduced section 285BAA explaining the provisions related to obligation to give information of crypto asset. It also proposed to amend clause (47A) of section 2 to insert sub-clause (d) which states that the definition of virtual digital asset (VDA) was also amended to include any article using crypto like technology. These amendments will take effect from the 1st day of April 2026.

Regulatory body: Income Tax Department, Ministry of Finance

Fraudulent/ manipulative activities on social media platforms¹⁵

On 11 April 2025, SEBI in its notice cautioned public against fraudulent/manipulative activities on Social Media Platforms (SMPs) related to securities market.

Regulatory body: Securities and Exchange Board of India (SEBI)

Way forward

A range of technological innovations is expected to enable compliance leaders to significantly revamp their AML strategies, lower operational expenses, and mitigate regulatory risks. As financial crime evolves in complexity, organisations need to adopt smart, integrated technologies that provide real-time risk evaluations, enhanced verification processes and flexible compliance solutions.

It is essential not only to align with regulatory standards, but it is also crucial to advance further by setting up dynamic, technology-driven ecosystems capable of swiftly and accurately anticipating, detecting, and addressing emerging financial risks. Moreover, investing in technology has transitioned from being a choice to a necessity for upholding financial integrity in a progressively intricate global environment. The traditional ‘tick-the-box’ compliance approach is no longer enough in today's fast-paced and sophisticated financial landscape. The future lies in embracing advanced technologies like artificial intelligence, machine learning, and big data analytics to build proactive, intelligent systems.

^[1] OFAC's Memorandum of Understanding with the OFSI, US Department of Treasury (DOT), January 25
^[2] Press release: FATF identifies Jurisdictions with AML/CFT/CPF, FinCEN, February 25
^[3] Press release: SEC Crypto 2.0: Acting Chairman announces Formation of New Crypto Task Force, January 25
^[4] Press release: Federal Reserve Board announces the withdrawal of guidance for banks related to their crypto-asset, April 25
^[5] Press release: FinCEN renews Residential Real Estate Geographic Targeting Orders, April 25
^[6] Press Release 7 of 2025: Commission publishes AML-CFT-CPF Policy and Strategy, FSC, February 25
^[7] Press release: New rules related to the AML/ CFT package, EBA, March 25
^[8] Press release: HKMA, HKPF and HKAB jointly announce new measures to strengthen the response to fraud and money laundering, April 25
^[9] Governance and Risk Management of Commodity Financing, MAS, March 25
^[10] Press release: Government strengthens Canada’s AML framework with new regulatory amendments, Department of Finance Canada, March 25
^[11] RMI 397/2025 AML/CFT and sanctions module rule-making instrument (No. 397) 2025, DFSA, February 25
^[12] Circular: RBI/2024-25/105 CEPD.CO.OBD.No. S1270/50-01-001/2024-25, January 25
^[13] Master Circular: PFRDA/Master Circular/2024/04/PoP-02, January 25
^[14] Memorandum: Vide Finance Act 2022, taxation of virtual digital assets (VDA) has been introduced in the Income-tax Act, 1961 (‘the Act’), February 25
^[15] Press release: PR No.: 22/2025, April 25

India Insights

Our insights is your gateway to thought leadership and in-depth reports. Explore our curated collection of valuable content, where we delve into complex business challenges, share industry trends, and provide actionable insights.

The Cybersecurity and Cyber Resilience Framework aims to strengthen cybersecurity measures and ensure adequate cyber resilience for regulated entities

POV on usage and challenges for internal (office) accounts along with concerns raised by RBI and indicative actions for banks.

Originating from the ancient Trojan deception, money mules embody a modern-day Trojan horse strategy, navigating through digital financial systems.

RBI releases revised fraud risk management directions for Regulated Entities

This issue of the first notes aims to provide an overview of the revised fraud risk management system and framework for banks, NBFCs (including HFCs).