The RegTech Pulse

2026 Top Trends: How Cyberthreats are Reshaping Financial Crime

LexisNexis Risk Solutions

Share episode

Use Left/Right to seek, Home/End to jump to start or end. Hold shift to jump forward or backward.

0:00 | 17:34

Regulators are increasingly coordinating cyber-related sanctions programs, in response to the rising threat of cybercrime. in this episode, Pratik Choudhary and Vincent Gaudel from LexisNexis Risk Solutions explore the rise in malign digital activities, the effects on society and how financial institutions can fight back.

Links:

Financial Crime Compliance Trends to Watch in 2026 infographic

LexisNexis® Risk Solutions Global Cybercrime Report

LexisNexis Risk Solutions website

DISCLAIMER: The information provided in this podcast is for informational purposes only and is not intended to and shall not be used as legal advice.  The views and opinions expressed in this podcast are solely those of the speakers and do not necessarily reflect the views or positions of LexisNexis Risk Solutions. LexisNexis Risk Solutions does not warrant that the information provided in this podcast is accurate or error-free.

SPEAKER_00

Hi everybody, welcome to the RegTech Pulse Podcast, where industry experts discuss the latest trends in financial crime compliance. I'm your host, Prateek Chowdhury, and today we're continuing our series on the top five trends in financial crime compliance in 2026. In this episode, we're diving into the topic of cyber threats and cyber sanctions and how these are reshaping the world. I'm joined by our resident compliance expert, Vincent Caudell. Vincent, thanks for joining.

SPEAKER_01

Thanks, Pratik. It's a pleasure to be discussing this important topic with you today.

Cybercrime Enters The Sanctions Lens

SPEAKER_00

Absolutely. Looking forward to today's discussion. Vincent, you might be surprised to see cyber in the context of compliance, right? It's something that we on the fraud side have been tracking for a while. I mean, the risk of cyber threat, the risk of scams, the risk of account takeovers is something you know that's been out in the world for the last 20, 30, 40 years. Can you introduce the topic of cyber threats in relation to financial crime compliance? How does this fit?

SPEAKER_01

Yeah, thanks for the question. And yeah, indeed, that was a key observation from the latest sanctions data. Everybody's aware of the headlines around Russian sanctions, Iran sanctions, etc. But there is, uh if you look at the thematic sanctions, the global sanctions that look at global issues, you see uh a growth in sanctions related to cybercrime. That's together with a repeated tendency across jurisdiction to highlight fraud and the cyber-enabled uh scams coming on top of the predicate crimes across jurisdiction. You can clearly see that really cybercrime is growing very fast. And so, even in the sanctions world, we are starting to see a clear trend and a clear uptake in sanctions related to cybercrime. What stands out really is that, yeah, indeed, now cyber threats are no longer just a technological issue. They really sit at the intersection of fraud, of financial crime, and now sanctions. And so it's a shift because of the scale, right? So cybercrime activity has grown huge, it has grown so large, so organized, and so cross-border that now what you see ultimately is that it's being treated as a national security and economic threat at the highest level by uh regulatory bodies. Right? So that was a clear trend. And that's why we put that in our top trends for FCC for 2026. And it's really uh what stands out when you look at the actual designations and the actual targets that are being added in the sanctions list, it's really the organized aspects to it. It's no longer just isolated fraudster, you see those uh organized crime groups often operating across jurisdiction that conduct those uh large-scale uh scams. And I think on the fraud side, that's something you monitor for quite a long time, right? You monitor those the scale, the typologies. That's old news for you guys.

Organized Scam Economies And Human Costs

SPEAKER_00

Yeah, it's old news, but it's still very, very relevant, right? As you say, the scale is something that is truly scary. Cost of cybercrime projected to reach about$15.6 trillion by 2029. And on current trends, if you look at it, Vincent, that's the third largest economy in the world. Just think about how much of that money we're losing, just ordinary people like you and I are losing to fraudsters, to you know, to these financial crime gangs, essentially, is what they are, and organizations. You touched scale, and I I I want to touch on it for our fraud side as well. You know, when we think about fraudsters or when we used to think about fraudsters, they used to be that picture of someone sitting in their basement and in a dark hoodie hacking and trying to get some access to an account, access to money. Nowadays it's not like that at all. Nowadays it's an organization. I always like to think about fraudsters as a big tier one bank. You know, they've got the capacity, they've got the scale, they've got the multiple departments, different departments. One department is customer service, for example, one department is sales, one department is product, finding out what's the best new AI product to use for fraud. They're essentially big tier one banks, but without the compliance department. Exactly that. Without the compliance department, with the ability to be agile enough to do all of these frauds on scale in real time. I mean, that's what's so scary about cyber threats nowadays.

SPEAKER_01

Yeah, just to add to that, what struck me, and I think it has been going on for a few years now, to be fair, but the workforce that is actually running those scams for organized crime groups, they are actually victims as well. You also have large-scale human trafficking activities, uh severe human rights abuses that are also involved. So the victims are not only on the defrauded individual side, it's really also on the on the side of the fraudster, so to speak. So some of them are victims of those organized crime groups. So it's really um that's what is really uh alarming about these um this explosion in large-scale scams, is that it's really is um at the crossroads of so many illicit activities, so many typologies, the clear concern, I think, globally.

Why Governments Use Cyber Sanctions

SPEAKER_00

Yeah, I think you're right, Vincent, uh, regarding the mule networks. For example, in the UK, we've seen a 65% year-on-year increase in mule-related reports. And that's for fraudsters and nefarious actors actually taking advantage of the economic conditions and the need for people, vulnerable people, to get access to quick money. So what they do is, you know, for£100,£200 to say, hey, can you make an account? All you need to do is transfer this small amount of money to the next account. That's all you need to do for£200, right? And for someone who is desperate for money, that counts towards a lot. Now let's come to the regulators stepping in. Why are cyber sanctions becoming such a big part of the response?

SPEAKER_01

Well, I guess it's a response that is trying to meet the magnitude of the threats. And just to be clear, so cyber related sanctions are not really new, but what's really interesting to look at is the range of uh typologies that they seek to disrupt. It really started, and I think it's still largely the case for the EU uh cyber sanctions, it's primarily uh related to um cyber attacks that target critical infrastructure. We're talking about attacks on hospitals and uh yeah, really public infrastructure that really disrupt um uh state institutions. But in terms of the latest development, and that's really particular to the UK and US sanctions on cyber, you see those sanctions increasingly targeting those organized crime groups that operate out of Southeast Asia that commit those uh large-scale fraud schemes, actually. But it's really, yeah, the really the cyberspace is almost like a battlefield. You see all a range of illicit activities being conducted, and ultimately, I think that's also uh why it's addressed ultimately through sanctions, it ends up in really diminishing the trust that we have in those digital services. Because you you're constantly doubting about yeah, is that phone call legitimate? Should I click that link? Should I, you know, you doubt constantly, and ultimately it kind of slows down the adoption, it slows down the all of the benefits that we can get from the digital economy. So that's also part of the concern, I think, to just to secure the cyberspace and yeah, just to fight back on those uh actors. Maybe we we took a little bit too long to really clearly assess the scale of the threats, uh, because yeah, you've talked about some numbers that that really should get us thinking. But yeah, my view is that sanctions are the ultimate uh part of the response. Like you fail to prevent the commission of those large-scale uh scams, etc. At least let's try to cut access to the funds, let's try to recover the proceeds from those scams. But yeah, ideally I think we should look for solutions to get ahead of the curve and prevents the commission of the crime, like in the first place, and detects the laundering of the proceeds. Those are other components that should not be uh overlooked, definitely.

SPEAKER_00

Correct, yeah, from a legislative standpoint and fraud, PSD2, which came out a few years ago, right, was looking at uh card not present fraud. PSD3, which will uh be enforced soon, looks at scams. So as previously where scams and fraud affected mostly the the individual, PSR and PSD3 is making it now a problem for the Institutes for the Financial Institutes. Just in the UK, you have to Bank A and Bank B, so your bank and the beneficiary bank, if a scam happens, then they both have to pay back 50-50 liability. Europe won't go as far for now, but PSD3 will mean the banks will have to pay back liability. So that's where, for a fraud front, that's where regulation is currently going. And it's interesting to see when it's affecting industries, when it's affecting companies, that's when regulators put their foot down.

SPEAKER_01

Yeah, and you know, from an FCC standpoint, again, I think actually the financial institutions, the financial sector as a whole, is in a unique position when it comes to fraud. Because ultimately, if they are successful in preventing the money to leave the account, that means they are preventing the very crime from being committed. So step one, really uh like secure the onboarding, make sure you detect synthetic IDs, you make sure you you have a real person in front of you, and that person is who they pretend they are, etc. But then, yeah, you need to secure the initiation of payments, you need to detect payment patterns that differ from uh the profile of your customer. All of those controls they are highly relevant and are actually required for anti-money laundering purposes. So, yeah, it's really uh two sides of the same coin. Like the fraud prevention mechanism, money laundering prevention mechanism, they're all part of the same uh logic.

Synthetic IDs Surge In Fraud Data

SPEAKER_00

Yeah, no, I agree. It's spotting scams and fraud earlier in that customer lifecycle is very important, especially with synthetic IDs now on the rise. So we just recently launched our cybercrime report for 2026, and one of the highest forms of classifications of fraud was synthetic IDs, right? These are data leaks that uh you get online, for example, and then you create a Frankenstein of an identity. Shared first name, last name from somebody, address from somebody else, uh, information from another entity. You put this all together and you try and access essentially quick loans. You're trying to access a device, for example, or create a bank account that shouldn't be created, or the need for quick money. So that's something we need to, as an industry, do a better job of finding out right at the start rather than when the money is transferred.

SPEAKER_01

And on that particular typology on synthetic ID, is that something that we are seeing as a growing uh typology, actually? It's not entirely new, uh, but uh how fast is it growing?

SPEAKER_00

Yeah, absolutely. You're right, it's not new, it's been happening for a while. So in our fraud report, we analyzed about uh 116 billion transactions in the year. And from this year to last year, if you compare the fraud categories, more than a third of all frauds are first-party fraud. Um and synthetic ID theft grew significantly from 1.4% to 11% year on year. So you see how much that synthetic ID theft has has really attacked lenders, has attacked the telcos, has attacked the banks. And scams and third-party accounts take overs are still predominant methods of attacks, but really the synthetic ID theft from 1.4% to 11%, that's truly shocking.

Detecting Synthetic IDs And Bots

SPEAKER_01

Yeah, it's uh pretty alarming again. But yeah, and so if we think about the capabilities, like I'll take it that with uh AI, with the the the range of uh data that is available in the dark web, etc., it's uh there is no shortage of uh of uh data to work with. But what can we put in front of those uh synthetic IDs? Like how are we doing in terms of capabilities to detect them?

SPEAKER_00

That's a good question. So it's all about spotting odd behavior, anomalous behavior, right? So identifying what does normal look like for a certain entity, for a digital identity, identifying what normal looks like for a uh a group of people, and then finding out actually what does abnormal look like. Now, that abnormal could be geolocation mismatch, true IP mismatch, right? Um, what we can do there is peer some proxies to identify actually this is not where the transaction is coming from, or not where the new account opening is coming from. We could do behavioral intelligence analysis to see what is the usual behavior in terms of the battery life, in terms of how an individual is behaving with their phone or their device. Does this look off, right? Are there automated bots in here as well? Automated bots is another one that's grown a substantial amount. Now, automated bots are becoming essentially too perfect. Fraudsters have figured out a way to emulate or try to emulate human-like behavior when it comes to bots, right? When it comes to logging in or creating new accounts. Using our machine learning techniques, we can actually spot what is good human behavior, what is actually human behavior, versus what is bot behavior. Because the bot always leaves traces, always leaves information that we gather on a very minute level so that we can understand actually this is a genuine transaction or not. So that's something else that we do, right, from a not only a human-initiated fraud point of view, but from an automated bot point of view, which is also growing.

Breaking Silos Between Fraud And AML

SPEAKER_01

I think uh it's really interesting. And also uh I think the potential with all the data points that you have described is really encouraging in a way. But just wanted to react from an STC standpoint. A lot of what you described is actually about AML, like detecting inconsistency between a normal human behavior and a boat, or something that you know your customer should be doing and something that it is actually doing. All of that logic is about it's essentially what we do on the AML side as well, like detecting something that stands out from the ordinary, right? So I think you just made the case that we need to continue breaking down the silos between the fraud area and uh financial crime and compliance. The regulators are doing that for us, right? They are putting together all of those components. Now they are leveraging sanctions and foreign policy instruments against cybercrime and against scams and large-scale fraud schemes. So, yeah, the case is made. It's really crystal clear.

SPEAKER_00

Yeah, like you said, two sides of the same coin. When I talk to a lot of my customers and when I travel around the Nordics to meet banking customers, banking individuals, when I talk about money mules, for example, for fraud, uh they say, hey, hold on, can we bring in our financial crime compliance people as well? And this is something they'd be interested in, right? So, how do we take care of fraud and financial crime AML actually across the entire customer journey and giving them a whole 360 view of what their customer, what their real customer does, and then what a harmful actor does from a both fraud side and an AML side as well. So I see that more and more, especially this year, where fraud teams are bringing in their AML counterparts to actually say, hey, does this solution work for both of us?

SPEAKER_01

That's great because I think at the end of the day, like on the FCC side, the big um challenge or objective is about effectiveness. It's about kind of shifting the narrative. It's not just a compliance question, it's not just about implementing policies and procedures, it's not about like making things that look right on paper. It's about effectively preventing and detecting what needs to be. And so I think it makes a lot of sense to be around the same table, the fraud folks and the FCC guys, so that you can cooperate on describing those abnormal patterns, those inconsistencies that need to be detected. See the type of data points that you have available on the fraud side, the types of things that you are already able to monitor. And yeah, work with those data points to work out relevant scenarios to detect money laundering attempts, sanctions evasion attempts as well. But yeah, really uh combine expertise for the greater good, for the greater effectiveness of preventing and detecting official crime, including fraud.

Closing Thoughts And Resources

SPEAKER_00

Yeah, I could not have said that better myself, and we see that in the field, so that's really good to hear from your perspective as well. Vincent, thank you so much for joining me. I hope uh you had a good uh discussion with me today. And for our listeners, if you want to download our top trends infographic, we'll include a link in the show notes. If you want to learn more about how we help organizations like yours fight cybercrime and sanction evasions, visit risk.lexisnexus.com. Thanks everybody, and stay tuned for the next episode.

Head Shot

Julia Thorn

Host
Head Shot

Pratik Choudhary

Guest
Head Shot

Vincent Gaudel

Guest