By Bradley Elliott, CEO, RelyComply

Armed with advanced AI and machine learning, fraudsters are operating faster, smarter, and at a scale previously unimaginable. Fraud is no longer opportunistic - it is engineered, tested, and continuously optimised. What was once the domain of isolated cybercriminals has evolved into highly organised, digital enterprises capable of launching thousands of simultaneous attacks across onboarding, payments, and digital servicing channels.

One rapidly growing threat is the use of AI-generated identities and deepfake technology. Fraudsters are no longer simply attempting to trick controls - they are systematically testing them. We are seeing organised networks create thousands of synthetic identity variations to probe individual components of onboarding journeys, such as selfie verification or liveness detection.

Each attempt introduces a small variation - a different facial movement, lighting condition, or AI-generated image artefact - allowing criminals to learn exactly where controls succeed and where they fail. Once a vulnerability is identified, that intelligence is shared instantly across global fraud networks, enabling rapid exploitation at scale.

This industrialised approach has transformed fraud into a continuously learning ecosystem; meanwhile, financial institutions remain constrained by fragmented data sharing rules, legacy infrastructure, and slower regulatory change cycles.

In the UK, the first half of 2025 saw over £600 million stolen through payment-related fraud, including Authorised Push Payment (APP) scams and investment fraud. This doesn’t include a further £870 million, which was intercepted by financial institutions, demonstrating both the scale of attempted attacks and the growing burden placed on firms to prevent losses before they occur.

Fraud is fast becoming the world’s first automated criminal economy, leveraging generative AI, instant payment rails, digital assets, and identity manipulation techniques to move funds quickly and repeatedly.

Every regulated financial institution, from major banks to building societies and credit unions, is now operating within this evolving threat landscape. Many must balance rising compliance obligations with customer expectations for seamless digital experiences. Without modern AML infrastructure, these competing pressures can create operational strain and increase exposure to financial crime risk.

 

 

Fraud’s changing face

Fraud is now structured, scalable, and driven by commercial interests. APP fraud continues to grow, with criminals impersonating trusted organisations including banks, building societies, law enforcement bodies, and service providers.

Romance and investment scams exploit trust as much as technology, using psychological manipulation to convince victims to transfer funds or disclose sensitive information, robbing victims of their life savings, trust and dignity. In many cases, these victims are subsequently used as money mules, helping criminals move funds through legitimate financial systems.

Behind the scenes, fraud networks increasingly resemble legitimate SaaS businesses. Fraud-as-a-service (FaaS) providers offer subscription-based phishing kits, bot networks, synthetic identity tools, and attack scripts, enabling criminals to launch sophisticated operations with minimal technical expertise.

Compromised personal data is widely traded in the form of “fullz” - complete identity packages including names, credentials, behavioural data, and device fingerprints. These datasets allow criminals to replicate trusted identities repeatedly, significantly increasing the success rate of attacks.

AI has accelerated this shift. Synthetic identity fraud and deepfake impersonation are rising sharply, enabling criminals to bypass traditional identity controls and scale attacks rapidly. A single compromised identity can now be reused across thousands of fraud attempts, dramatically increasing the efficiency of criminal operations.

 

 

The asymmetry between attackers and defenders

Criminal networks operate without regulatory or organisational constraints. They share intelligence instantly, iterate rapidly, and optimise continuously.

Financial institutions, by contrast, must balance data privacy requirements, regulatory compliance obligations, and internal governance processes. While these safeguards are essential for protecting consumers, they can also slow the adoption of new defensive capabilities.

Significant effort has been invested in regulating how customer data is stored, shared, and processed. However, criminals are often able to access personal information through publicly available sources or previously compromised datasets, creating an uneven playing field between attackers and defenders.
Building societies and credit unions frequently operate within complex legacy technology environments, where manual processes and fragmented systems can slow investigations and limit visibility across customer risk signals.

At the same time, expectations for seamless digital journeys continue to grow. Customers increasingly expect strong security without additional friction, placing further pressure on firms to modernise fraud prevention approaches without compromising user experience.

Across the UK, the cost of financial crime compliance is estimated at £38.3 billion annually, reflecting the complexity of maintaining effective controls while adapting to new threat typologies.

 

 

Regulation is evolving - but criminals move faster

Regulators are actively working to understand how AI should be governed within financial services. However, the pace of technological change means regulatory frameworks are often developed iteratively, addressing specific use cases such as onboarding verification or transaction monitoring before broader standards emerge.

This can result in a form of regulatory “patchwork”, where guidance evolves gradually as new risks become better understood.

Initiatives such as regulatory sandbox environments are helping bridge this gap, providing controlled spaces where financial institutions and technology providers can test new approaches and share insights with regulators.

This collaborative approach is critical. Explainability, auditability, and human oversight remain essential when deploying AI within AML and fraud prevention frameworks. Firms must be able to demonstrate not only that controls are effective, but also how decisions are reached.

 

 

Closing the gap through structural and cultural change

Many organisations still rely on batch-based monitoring, fragmented case management processes, or infrequent rule updates, limiting their ability to respond dynamically to emerging fraud patterns.

Effective fraud prevention increasingly depends on real-time intelligence, continuous model tuning, and integrated data frameworks that allow institutions to detect suspicious activity earlier in the lifecycle.

However, technology alone will not solve the problem. Organisations must also embed an AML-first culture, ensuring financial crime prevention is considered at the design stage of products, workflows, and customer journeys.

Collaboration across financial institutions, regulators, fintech providers, and law enforcement agencies will be essential to improving intelligence sharing while maintaining appropriate safeguards around data privacy.

 

 

Turning compliance into capability

Fraud has evolved far beyond isolated phishing attempts. It is now a persistent, technology-enabled threat that requires coordinated structural and cultural change across the financial ecosystem.

Institutions that invest in modern RegTech infrastructure, AI-enabled AML controls, and collaborative intelligence-sharing frameworks will be better positioned to protect customers while maintaining competitive digital experiences.

Rather than viewing AML purely as a regulatory obligation, forward-looking organisations are recognising its role in building trust, enabling digital growth, and strengthening operational resilience.
Fraud may be scaling rapidly, but so too can our ability to prevent it. With the right combination of technology, collaboration, and cultural alignment, Building Societies and other financial institutions can move from reactive defence to proactive protection - reducing risk while improving customer confidence in the digital financial system.

Those who act early will not only reduce exposure to financial crime but help shape a more secure and resilient future for the UK financial services sector.

To learn more, visit our website

Come chat with us at the Building Societies conference or send us a message; we’d love to connect and continue the conversation in person. 

Get in touch: louise@relycomply.com