Fintechs vs scammers. Global trends in anti-fraud and compliance regulations.

Battling against fraudsters is like fighting a virus: you come up with one tactic – they adapt to it and come at you from a different angle. So now we’re witnessing an “arms race” between those who’re here to protect clients’ money and those who want to put their hands on it.

Here we’ve put together a list of the most recent anti-fraud and compliance regulation measures that reflect a global effort to enhance financial security and consumer protection.

Lithuania’s amendments to anti-money laundering and counter-terrorist financing rules

Introduced on August 1, 2024, amendments to anti-money laundering and counter-terrorist financing regulations by Lithuanian authorities, clarify the exchange of intelligence between Financial Institutions (FI) to prevent fraud and other financial crimes.

• FI can share information about suspicious customer activity with other FIs, though they can’t say whether they have submitted a Suspicious Activity Report (SAR) to Lithuania’s Financial Crimes Investigation Service (FCIS).
• FI can only use data exchange platforms to share information with other FIs registered or providing services in Lithuania using EU passporting rights. 
• FI must inform the FCIS if they start sharing information through a data exchange platform.
• FI can share data related to suspicious transactions, client’s legal entity, persons involved in the ownership and control structure, termination/non-initiation of business relations or transactions, and purpose of the request.
• FI now can share data with crypto or virtual asset service providers (CASPs/ VASPs) as they were included in Lithuania’s extended legal description of a financial institution as of December 30, 2024.
• Transaction investigations between counterparty banks (not limited to Lithuania) are allowed based on legitimate interest.

UK set the threshold for mandatory payment fraud victims reimbursement to £85K

The UK’s Payment Systems Regulator (PSR) has implemented rules requiring banks to reimburse victims of authorized push payment fraud up to £85,000 (initial proposition was capped at £415,000) within five days, unless the customer is proven to have acted with gross negligence. 

Starting from October 7, 2024, such refunds became mandatory according to the Payment Systems Regulator (PSR) directive. 

According to PSR, the new cap of £85,000 would cover more than 99% of claims.

AI and biometrics run the ball 

Financial institutions are increasingly adopting artificial intelligence and biometric security measures to detect and prevent fraudulent activities in real-time. Common applications:

• Customer verification during online onboarding to ensure that financial institutions are engaging with a legitimate individual from the beginning, filtering out potential bad actors, bots, and fraudulent identities straight away.
• Ongoing authentication.Once a customer has been verified during the onboarding, they will also need to authenticate themselves on an ongoing basis when accessing their account online or making transactions. This way financial institutions can match new entries to the previously stored biometric information, to see if it’s the same person.
• Real-time transaction monitoring. AML systems analyze transactions as they unfold, using a set of predefined “rules”, quickly flagging any unusual or suspicious behavior, and triggering certain security measures like 3DS 2.0 to ensure transaction legitimacy. This may mean if a customer usually transacts from Northern Europe and suddenly tries to make an online purchase somewhere from Central Africa, the system identifies divergence from the usual behavior and makes such customer go through additional authentication in order to process such transaction.

US and Australian regulators put pressure on fintechs to improve anti-fraud measures

The Australian Securities and Investments Commission (ASIC) has taken legal action against major banks, such as HSBC, for allegedly insufficient scam prevention protocols. This move underscores the expectation that banks must proactively safeguard customers against fraudulent activities. 

Similarly, in the United States, the Consumer Financial Protection Bureau (CFPB) has expanded its oversight to include large payment apps like Venmo and PayPal. This initiative aims to ensure that fintech companies adhere to the same consumer protection standards as traditional banks, particularly concerning fraud prevention and data privacy. 

Stricter anti-money laundering (AML) measures

Financial institutions are facing increased pressure to strengthen their AML protocols. For instance, Nordea Bank was fined $35 million by the New York State Department of Financial Services for significant deficiencies in its AML programs. The bank’s failure to conduct adequate due diligence and transaction monitoring exposed it to high-risk activities, highlighting the critical need for robust AML controls.

More to come

Anti-fraud and compliance regulations in financial services are rapidly evolving and constantly adapting to new challenges.

Sources:

Lithuania’s latest AML and data sharing rules: key insights

Banks must refund fraud in five days but losses capped at £85,000

ASIC to sue HSBC over failure to protect customers from scam texts and calls – ABC News

Nordea to Pay $35 Million for Anti-Money-Laundering Violations – WSJ