필사 모드: AI Fraud Detection & Anti-Money Laundering (AML) 2026 Deep Dive — Sardine, Unit21, Hawk AI, ComplyAdvantage, Sumsub, Persona, Alloy, Featurespace, Feedzai, NICE Actimize, Quantexa, Chainalysis Field Guide

Prologue — The Year Fraud Redrew the Industry

On February 5, 2024, a finance employee at the Hong Kong office of UK engineering firm Arup transferred USD 25 million in 15 separate payments after a video conference attended by their CFO and several other executives. Every participant in the call was a deepfake. The real CFO was sitting in London.

When Hong Kong police disclosed the incident in May, the global security and finance community converged on the same conclusion.

- Generative AI cut the cost of fraud by an order of magnitude.

- Static document checks are no longer enough for KYC and AML.

- "Deepfake detection" is no longer a research topic — it is a required step in the payment flow.

Around the same time, other crises hit simultaneously.

- **North Korea’s Lazarus group** — stole USD 1.4B from crypto exchanges in 2024 per Chainalysis tracking.

- **Pig-butchering scams** — the FBI’s 2024 Internet Crime Report estimated losses around USD 5B.

- **Synthetic identities** — the US FTC ranked them the No. 1 form of credit card fraud in 2024.

The AI fraud and AML industry boomed in response. Visa announced a roughly USD 1B acquisition of Featurespace in September 2024, the EU AML Authority (AMLA) formally launched in Frankfurt, Korea’s FIU (Financial Intelligence Unit) added AI transaction monitoring requirements to the 2025 Specified Financial Information Act amendments, and Japan’s Mitsubishi UFJ Bank started a Hawk AI pilot in 2024.

This guide consolidates 70+ tools and regulations in one pass — modern fintech platforms, KYC, legacy AML, crypto, card payments, and deepfake detection.

1. Four 2024-2026 Shocks That Reshaped Fraud

A timeline of the events that bent the curve.

- **July 2023** — US FedNow instant payments launched. A 24/7 real-time settlement environment compressed fraud response windows to minutes.

- **February 2024** — Arup Hong Kong deepfake video call drains USD 25M.

- **September 2024** — Visa announces it will acquire Featurespace (the ARIC platform) for around USD 1B.

- **November 2024** — Forter acquires Sentinels, a Dutch AML startup. Payment fraud and AML fuse.

- **January 2025** — EU AML Authority (AMLA) goes operational in Frankfurt.

- **April 2025** — US FinCEN releases draft model risk management guidance for AI transaction monitoring.

- **August 2025** — Korea’s FSC strengthens AML duties on virtual asset service providers (VASPs) under amended Specified Financial Information Act enforcement decree.

- **January 2026** — EU 6AMLD fully in force; MiCA travel rule kicks in for EU crypto markets.

The message of these eight events is one thing. **Fraud response in 2026 is no longer static rules — it is AI models, graphs, and deepfake detection running in concert.**

2. Fraud vs AML — What Is the Difference

They look similar but operate on different axes.

- **Fraud detection** — payments, account takeovers, and identity theft the customer did not consent to. The victim is the customer. Examples: card fraud, account takeover (ATO), authorized push payment (APP) fraud, refund fraud.

- **AML** — the user intentionally obscures the origin of funds. The victim is society. Examples: drug, terror, and trafficking money laundering.

Regulation differs too.

- Fraud lives mostly under PCI DSS, EMV 3DS, PSD2 SCA (EU).

- AML lives under FATF Recommendations, US BSA, EU 6AMLD, Korea’s Specified Financial Information Act, Japan’s Act on Prevention of Transfer of Criminal Proceeds.

Platform-wise, the two are converging. Sardine, Unit21, Hawk AI, Feedzai, and Featurespace all market themselves as "Fraud + AML integrated platforms" because pulling both signal classes from the same transaction stream is more efficient.

[Fraud vs AML signal differences]

Fraud

- Behavioral anomalies (unusual time, device, geo)

- Card / account identity mismatch

- Velocity anomalies

- Amount anomalies vs baseline

AML

- Pattern anomalies (stratification, smurfing, layering)

- High-risk jurisdiction / sanctioned counterparties

- PEP (Politically Exposed Persons) transactions

- Cash / crypto conversion patterns

- Unusual corporate structures (shell companies)

3. Why AI — The Limits of Rules

The reasons AI/ML adoption accelerated in fraud and AML.

- **False positive problem** — traditional rule-based AML systems hit 95-98 percent false positive rates. Each SAR (Suspicious Activity Report) eats 4-8 analyst hours on average.

- **Adapting to new patterns** — criminals continuously evolve around rules. ML learns unlabeled anomalies.

- **Graph analytics** — money flows are graphs. Graph neural networks (GNNs) catch multi-hop laundering patterns rules miss.

- **NLP for SAR writing** — the analyst’s biggest burden is writing the SAR narrative. Generative AI drafts; humans review.

- **Deepfake response** — static KYC documents take five minutes to forge with GenAI. Live video and voice verification become required.

The core point: AI does not replace analysts. **It improves the quality of the queue analysts see.** US FinCEN’s 2025 guidance also emphasizes model risk management (MRM) and explainability (XAI).

4. Sardine — Fraud + AML for Modern Fintech

**Sardine** (sardine.ai) was founded in 2020 by Soups Ranjan (former Head of Fraud at Coinbase), Aditya Goel, and Jose Marques.

- **Positioning** — single platform for fraud, AML, and compliance for fintechs, crypto exchanges, and neobanks.

- **Device intelligence** — keystroke patterns, device fingerprints, behavioral biometrics.

- **Transaction monitoring** — real-time rules plus ML scoring.

- **Case management** — analyst workflow integration.

- **Disclosed customers (partial)** — pre-FTX Coinbase, Brex, Visa, Ramp, and others.

The differentiator is design philosophy: **catch fraud signals at the moment of payment, then reuse the same signals for AML rules.** Sardine raised about USD 70M in Series B and added a Series C in 2024. Fast API onboarding and fintech-friendly pricing drove rapid US, EU, and Asia fintech adoption.

5. Unit21 — Fraud + Compliance Ops Platform

**Unit21** (unit21.ai) was founded in 2018 by Trisha Kothari and Clarence Chio, a Y Combinator alum.

- **No-code rules engine** — analysts can write and test rules directly in the UI.

- **Case management** — including a SAR drafting pipeline.

- **Graph visualization** — funds flows and connected accounts as nodes and edges.

- **Disclosed customers (partial)** — Chime, Coinbase, GoPay, Intuit, Lithic.

Unit21’s strength is a UI built "by analysts for analysts," a reflection of Kothari’s own time running fraud ops at Affirm. Series C raised about USD 45M in 2024.

Where legacy enterprise solutions like NICE Actimize and SAS run 5-10 year deployment cycles, Unit21 targets 3-6 months to production.

6. Hawk AI — Munich-Born Transaction Monitoring

**Hawk AI** (hawk.ai) was founded in 2018 in Munich, Germany, by Tobias Schweiger and Wolfgang Berner.

- **Positioning** — transaction monitoring plus sanctions screening plus KYC risk scoring in one stack.

- **Explainable ML** — XAI first, aligned with EU regulatory expectations.

- **Cloud native** — Google Cloud infrastructure.

- **Disclosed customers (partial)** — Mambu, Visma, Ratepay, North American Banking Company, and **Mitsubishi UFJ Bank** (2024 pilot).

Hawk AI’s architecture is squarely aimed at EU 6AMLD and the upcoming 7AMLD. The 2024 Series C raised USD 56M, led by Sands Capital. The Mitsubishi UFJ pilot is its flagship Asia entry.

7. ComplyAdvantage — Sanctions, Adverse Media, AML

**ComplyAdvantage** (complyadvantage.com) was founded in London in 2014 by Charles Delingpole.

- **Sanctions screening** — OFAC, EU, UN, UK HMT, and 30+ jurisdictions.

- **PEP database** — politically exposed persons.

- **Adverse media** — global news mining for risk subjects via NLP.

- **Transaction monitoring** — rules and ML.

- **Disclosed customers (partial)** — Affirm, Coinbase, Allianz, Curve.

The differentiator is **NLP-driven classification of global adverse media at scale**, mining millions of news items daily and matching them to risk subjects. Goldman Sachs led the 2022 Series D for USD 70M.

Korea and Japan footprints are limited, but global fintechs frequently standardize on ComplyAdvantage.

8. Featurespace — The ARIC Engine Visa Bought

**Featurespace** (featurespace.com) was founded in 2008 in Cambridge, UK, by David Excell out of the University of Cambridge engineering department.

- **ARIC Risk Hub** — real-time behavioral analytics engine.

- **Adaptive Behavioral Analytics** — dynamically learns a normal behavior profile per user.

- **Customers** — HSBC, NatWest, RBS, TSYS, Worldpay, and others.

- **September 2024** — Visa announces an approximately USD 1B acquisition; closed in 2025.

Visa’s acquisition sends a clear industry signal. **Card networks are bringing fraud AI in-house.** Mastercard had already acquired Brighterion in 2017 and bought Recorded Future for USD 3B in 2024 to bulk up its fraud intelligence.

9. Feedzai — Portugal’s Integrated Risk Platform

**Feedzai** (feedzai.com) was founded in Coimbra, Portugal in 2011 by Nuno Sebastião, Paulo Marques, and Pedro Bizarro.

- **ML-driven fraud detection** — payments, account opening, AML.

- **Global customers** — Citi, Mashreq, Standard Chartered, Lloyds Banking Group, ICBC.

- **2021** — Series D raised USD 200M led by KKR at roughly USD 1.6B valuation.

- **OpenML Engine** — lets data scientists deploy custom models.

Feedzai targets large global banks head-on as the modern alternative to NICE Actimize, SAS, and Oracle FCCM.

10. Quantexa — Entity Resolution Champion

**Quantexa** (quantexa.com) was founded in London in 2016 by Vishal Marria.

- **Entity resolution** — identifies the same person or legal entity across disparate data sources.

- **Contextual Decision Intelligence (CDI)** — graph plus ML.

- **Customers** — HSBC, Standard Chartered, BNY Mellon, Vodafone.

- **2023** — Series E raised USD 129M at roughly USD 1.8B valuation.

The essence of money laundering is hiding identity behind legal entities. Quantexa’s edge is stitching together company registries, news, and internal data across dozens of countries to expose the ultimate beneficial owner (UBO). Demand has surged alongside EU AMLR’s UBO registry mandates.

11. Sentinels (Forter Acquired) — Fraud + AML Convergence

**Sentinels** (sentinels.ai) is a Dutch AML startup founded in Amsterdam in 2019. Payments fraud specialist **Forter** acquired it in November 2024.

- **Transaction monitoring** — rules plus ML, EU regulatory friendly.

- **Customers** — Mollie, bunq, and other EU fintechs.

- **Deal impact** — Forter’s card and payment fraud data combines with Sentinels’ AML transaction data. The first major case of e-commerce payment fraud and AML running on one platform.

The deal is a clear signal. **The line between fraud and AML is collapsing fast.**

12. Sumsub — Global Identity Verification Standard

**Sumsub** (sumsub.com) was founded in 2015 by Andrew Sever, Jacob Sever, and Peter Sever, headquartered in London.

- **Global ID verification** — IDs and passports across 200+ jurisdictions.

- **Liveness checks** — selfie plus video to confirm a real human.

- **Built-in AML screening** — sanctions and PEP.

- **KYB (Know Your Business)** — corporate verification.

- **Travel rule** — module for virtual asset service providers.

- **Customers** — Bitpanda, Wirex, Pasha Bank, Bybit, and 1,500+ others.

Sumsub’s distinctive value is bundling liveness, document OCR, and AML screening in a single SDK. Korea and Japan expansion is active — Korean crypto exchanges including Bithumb have partial deployments.

13. Persona — Onboarding + Verification Orchestration

**Persona** (withpersona.com) was founded in San Francisco in 2018 by Rick Song and Charles Yeh.

- **Flexible KYC workflows** — building blocks let teams design identity flows visually.

- **Instant links** — multi-step verification via a single link.

- **AML database integration** — Refinitiv, ComplyAdvantage, and other external data.

- **Customers** — BlockFi (formerly), Robinhood, Square, OpenAI, Mercury Bank.

Persona’s strength: **compliance teams can edit workflows without writing code.** Series D in 2022 raised USD 150M at roughly USD 1.5B valuation.

14. Alloy — KYC Orchestration Hub

**Alloy** (alloy.com) was founded in New York in 2015 by Tommy Nicholas, Laura Spiekerman, and Charles Hearn.

- **Orchestration layer** — single API across 60+ data sources, including Socure, LexisNexis, and Sentilink.

- **Decision engine** — rules plus ML for auto-approve/deny/review.

- **Customers** — Ramp, HMBradley, Plaid, Marqeta, Ally Bank, **Brex**.

Alloy’s positioning is different from peer KYC vendors. Alloy itself does not perform KYC — it **orchestrates and routes across many KYC data sources**. Some call it "the Plaid of KYC." Series C in 2022 raised USD 100M at roughly USD 1.5B valuation.

15. Onfido, Jumio, Veriff — The Document + Selfie Trio

The three global heavyweights of document plus selfie verification.

- **Onfido** (onfido.com) — founded London 2012. **Entrust** acquired it in April 2024. Customers include Revolut, Bunq, Bitstamp. Strong AI liveness.

- **Jumio** (jumio.com) — founded 2010, US-based. Documents from 200+ jurisdictions. Heavy on enterprise customers like United Airlines and HSBC.

- **Veriff** (veriff.com) — founded 2015 in Tallinn, Estonia, by Kaarel Kotkas. Wise, Bolt, and Deel are flagship European fintech customers. Series C in 2022 raised USD 100M.

All three center on liveness (proving a real person is present) plus document verification. Liveness v2 or v3 deepfake-resistant releases shipped from 2024 onward.

16. Trulioo, Socure, iProov — Global, US, Biometric

Three complementary categories.

- **Trulioo** (trulioo.com) — founded Vancouver 2011. Specializes in **global ID verification** with data sources in 195 countries. Series D in 2021 raised USD 394M at roughly USD 1.6B valuation.

- **Socure** (socure.com) — founded US 2012. Strong on **synthetic identity detection**. Acquired PHEMI and Sentilink. One of the top US KYC vendors by market share.

- **iProov** (iproov.com) — founded London 2011. **Pure-play face liveness** with the Genuine Presence Assurance patent. Adopted by UK Home Office and Singapore SingPass.

Other relevant names: **Yoti** (UK, digital ID and age verification), **FaceTec** (US, 3D face liveness), and **Daon** (US/Ireland, multimodal biometrics).

17. Legacy + Enterprise AML — NICE Actimize, SAS, Oracle FCCM

The large global bank market is still dominated by four legacy incumbents.

- **NICE Actimize** (niceactimize.com) — NICE subsidiary in Israel. Full-stack AML, fraud, market abuse, and communication surveillance. Used by most top 50 global banks.

- **SAS AML** (sas.com) — the AML module from US-based SAS Institute. Strong statistics heritage. Migrating to SAS Viya 4 cloud native starting 2024.

- **Oracle FCCM** (Financial Crime and Compliance Management) — Oracle subsidiary built on Mantas.

- **Fiserv** — US, in-house AML plus card fraud modules.

Also in the conversation: **NetReveal (BAE Systems Applied Intelligence)**, **FICO Tonbeller** (Siron), **LexisNexis Risk Solutions**, and **Refinitiv World-Check** (LSEG). Deployment cycles are long (5-10 years) and license costs start in the millions of USD.

18. Chainalysis, TRM Labs, Elliptic — Crypto AML Trio

The more crypto institutionalizes, the more blockchain analytics explodes.

- **Chainalysis** (chainalysis.com) — founded NYC 2014 by Michael Gronager and Jonathan Levin. **No. 1 in crypto AML market share.** Government customers include the US IRS, FBI, and Korean prosecutors. Series F in 2022 raised USD 170M at roughly USD 8.6B valuation.

- **TRM Labs** (trmlabs.com) — founded SF 2018 by Esteban Castaño and Rahul Raina. Government and bank focus.

- **Elliptic** (elliptic.co) — founded London 2013 by James Smith. Strong with VASPs and fintechs.

- **Crystal Blockchain** — Bitfury subsidiary, strong in Eastern Europe.

- **Solidus Labs** — specializes in market manipulation and fraud detection.

The biggest 2024 moment: **tracking North Korea Lazarus’ USD 1.4B in stolen funds.** Chainalysis and TRM Labs jointly visualized flows, leading to OFAC sanctions actions.

19. Card + Payment Fraud — Stripe, Adyen, Riskified, Forter, Signifyd, Sift, Kount

Tools built for payment processors and e-commerce.

- **Stripe Radar** (stripe.com/radar) — embedded ML for Stripe users, nearly free to existing Stripe customers. Includes chargeback protection.

- **Adyen RevenueProtect** — similar embedded model from another processor.

- **Riskified** (riskified.com) — founded Israel 2013. E-commerce with chargeback guarantees.

- **Forter** (forter.com) — founded Israel 2013. E-commerce. Bought Sentinels in 2024 to enter AML.

- **Signifyd** (signifyd.com) — founded US 2011. Similar chargeback guarantee model.

- **Sift** (sift.com) — founded US 2011. ML fraud plus content moderation.

- **Kount** — founded US 2007. Equifax acquired it in 2021.

Chargeback guarantees let e-commerce outsource fraud risk. Synthetic identity fraud rose in 2024, so verification rigor at these vendors rose with it.

20. Deepfake + Voice Fraud — Pindrop, Daon, Reality Defender, Sensity, Truepic

The fastest-growing category after the Arup incident.

- **Pindrop** (pindrop.com) — founded Atlanta 2011. **Specialist in call center voice biometrics** with the Phoneprinting patent. Added deepfake voice detection modules in 2024.

- **Daon** — multimodal biometrics: voice, face, fingerprint.

- **Reality Defender** (realitydefender.com) — founded US 2021. **Purpose-built for deepfake video, voice, and image detection.** Series A in 2024 raised USD 15M.

- **Sensity AI** (sensity.ai) — founded Amsterdam 2018. Deepfake intelligence plus detection.

- **Truepic** (truepic.com) — founded US 2015. C2PA-based (Coalition for Content Provenance and Authenticity) content provenance verification.

Call center fraud surged in 2024-2025. Per Pindrop’s report, AI voice synthesis attempts against contact centers grew roughly 4x in 2024 alone.

21. Synthetic Identity — TransUnion, Experian, LexisNexis, Equifax

In the US, synthetic identity is among the largest threats.

- **Synthetic identity** — fraud built by combining a real person’s SSN with a fake name and date of birth to construct credit history.

- **US FTC 2024 report** — the No. 1 credit card fraud type.

- **Annual losses** — estimated at around USD 5B.

Defensive tools:

- **TransUnion TruEmpower / TruValidate** — bureau-data driven.

- **Experian CrossCore** — multi-source risk evaluation platform.

- **LexisNexis ThreatMetrix** — digital identity plus device intelligence.

- **Equifax ID** — bureau-data ID verification.

- **SentiLink** (founded 2017) — synthetic identity detection specialist. Visa and JPMorgan Chase are customers.

The key capability is **verifying identity consistency across time.** A synthetic identity shares an SSN with a real person but disagrees with their other data points.

22. Instant Payment Fraud — FedNow, UK Faster Payments, EU SCT Inst, Korea, Japan

As 24/7 instant payments become the norm, fraud response windows shrink to minutes.

- **US FedNow** — launched July 2023. The 24/7 instant payment rail run by the Federal Reserve.

- **UK Faster Payments** — live since 2008. Standard across UK banks today.

- **EU SCT Inst (SEPA Instant Credit Transfer)** — live since 2017. From January 2025, mandatory across EU/EEA banks under the Instant Payments Regulation.

- **Korea instant transfer** — based on the Bank of Korea’s BOK-Wire+ and KFTC’s systems. Real-time transfers have been standard for roughly 30 years.

- **Japan Zengin System** — upgraded in 2023 to expand to 24-hour weekday operation in October.

- **Japan ZEDI (Zengin EDI System)** — launched 2018 to attach electronic data interchange to transfers.

The AML challenge with instant payments: **transfers cannot be reversed.** If you cannot determine fraud in five seconds, the money is gone permanently. Hawk AI, Featurespace, and peers stress real-time models tuned to this five-second window.

23. Regulatory Frameworks — FATF, BSA, EU AMLA, Korea, Japan

The core regimes by region.

**Global**

- **FATF (Financial Action Task Force)** — established by the G7 in 1989. The global AML/CFT standard. 40 Recommendations.

- **FATF Travel Rule** — Recommendation 15 was amended in 2019, requiring originator and beneficiary information for virtual asset transfers above USD 1,000.

**United States**

- **BSA (Bank Secrecy Act, 1970)** — the AML constitution.

- **USA PATRIOT Act (2001)** — post-9/11 strengthening.

- **AML Act of 2020** — first major BSA overhaul in 50 years. Expanded FinCEN authority.

- **CTA (Corporate Transparency Act, 2021)** — UBO registry mandate. Enforced from 2024.

**European Union**

- **6AMLD (6th Anti-Money Laundering Directive)** — adopted 2018, in force 2020.

- **AML Package 2024** — passed May 2024. Bundle of AMLR (Regulation), AMLD6, and AMLA (Authority).

- **EU AML Authority (AMLA)** — established 2024, Frankfurt headquarters operational from 2025.

- **MiCA (Markets in Crypto-Assets Regulation)** — fully in force December 30, 2024. Includes the crypto travel rule.

**EU payment regulation**

- **PSD2 (2018)** — strong customer authentication (SCA) mandate.

- **PSD3 (draft)** — under EU Parliament review in 2025. Stronger fraud liability allocation.

**Korea**

- **Specified Financial Information Act (Tukgeumbeop)** — in force March 2021. VASP registration. The 2025 enforcement decree amendment strengthened AI transaction monitoring requirements.

- **FIU (Financial Intelligence Unit)** — Korea’s FIU, under the Financial Services Commission.

- **Act on Reporting and Use of Specific Financial Transaction Information** — original 2001 law.

**Japan**

- **Act on Prevention of Transfer of Criminal Proceeds** — in force 2008. The AML/CFT base law.

- **JAFIC (Japan Financial Intelligence Center)** — Japan’s FIU, under the National Police Agency.

- **Payment Services Act** — virtual asset service provider registration.

- **November 2024** — Japan FSA updated AML guidelines, emphasizing AI transaction monitoring and the travel rule.

24. Korea Fraud + AML Stack

The Korean market blends card issuer in-house FDS, internet-only banks, and government systems.

- **NICE Information Service** — Korea’s first-generation FDS vendor. NICE D&B, NICE Investors Service, and group entities serve card issuers, VAN operators, and easy-pay platforms.

- **KB Kookmin Card FDS** — internally developed. Real-time card transaction fraud detection.

- **Shinhan Card ARP (Anti-fraud Risk Platform)** — internal stack combined with AI models.

- **Samsung SDS Brity FDS** — group-wide solution.

- **NHN KCP FDS** — easy-pay processor.

- **Toss Payments FDS** — Toss group.

- **Kakao Bank, K Bank, Toss Bank** — the three internet-only banks. Each runs its own FDS. Toss Bank announced reinforced synthetic identity fraud measures in 2024.

- **FSI (Financial Security Institute)** — government-affiliated. Shares CSAM, voice phishing, and fraud response intelligence.

- **FSS plus KISA** — joint operation for voice phishing response.

Korea’s voice phishing losses are estimated around KRW 550B annually in 2024. From 2024-2025 the government strengthened a joint response system spanning telcos, banks, and easy-pay providers.

25. Japan Fraud + AML Stack

The Japanese market blends SIer-led platforms with megabank adoption of global tooling.

- **NTT DATA AML solutions** — adopted across several megabanks.

- **Fujitsu FRAUDIS** — fraud detection package.

- **NEC Active Fraud Manager** — NEC’s financial-sector offering.

- **Mitsubishi UFJ + Hawk AI** — 2024 pilot announcement. The first time a Japanese megabank adopted a modern global AML tool.

- **Mizuho + AML AI** — mixed in-house and external builds.

- **SMBC** — running Quantexa evaluations among others.

- **Rakuten Card / Mercari FDS** — card and platform fraud response.

- **JAFIC** — Japan’s FIU under the National Police Agency.

Japan received a "Largely Compliant" rating in the FATF mutual evaluation in August 2024, with extra strengthening flagged in the virtual asset domain. From 2025 the FSA explicitly added AI transaction monitoring to its guidelines.

26. Major 2024 Fraud + AML Incidents

Representative cases.

- **February 2024 — Arup Hong Kong deepfake.** Entire video conference faked. USD 25M loss.

- **2024 — North Korea Lazarus group USD 1.4B.** DMM Bitcoin (Japan) and other exchanges breached.

- **May 2024 — DMM Bitcoin hack.** About 4,800 BTC (around JPY 30.5B) stolen. Attributed to Lazarus.

- **2024 — FBI Pig Butchering report.** Roughly USD 5B annually.

- **December 2024 — TD Bank AML penalty.** US OCC and FinCEN fined TD Bank USD 3B for failing to stop Mexican cartel money laundering.

- **January 2025 — Korea’s K Bank voice phishing response.** AI-based suspicious transaction blocking strengthened.

The common thread: **AI was weaponized by attackers and operationalized by defenders simultaneously.**

27. AI for AML — GNN, NLP, Generative AI

AI techniques applied across AML operations.

- **Graph neural networks (GNN)** — model fund flows as nodes and edges. JPMorgan PaymentNet AI and Quantexa CDI take similar approaches.

- **NLP for adverse media** — ComplyAdvantage and RDC mine millions of news items per day for risk keywords.

- **Generative AI for SAR drafts** — Unit21 and Hawk AI added features in 2024-2025. SAR drafting time drops 50-80 percent.

- **LLM-based case summaries** — natural language case context for analysts.

- **Synthetic training data** — fraud patterns are rare, so generated data trains ML models.

- **Federated learning** — share models, not data, across banks. Promising for sharing fraud patterns.

The EU AI Act classifies AML AI as a "high-risk AI system," requiring explainability, model risk management, and audit logs.

28. Vendor Selection Guide — Who Should Pick What

- **Modern fintech / neobank / Web3 exchange** — Sardine, Unit21, Hawk AI plus Sumsub and Alloy.

- **EU banks** — Hawk AI, Featurespace, ComplyAdvantage. Aligned with 6AMLD and AMLA.

- **Top 50 global banks** — NICE Actimize, SAS, Oracle FCCM, Quantexa, Feedzai.

- **E-commerce / marketplaces** — Stripe Radar, Adyen RevenueProtect, Riskified, Forter, Signifyd, Sift.

- **Call centers / voice authentication** — Pindrop, Daon, Reality Defender.

- **Crypto exchanges / VASPs** — Chainalysis, TRM Labs, Elliptic plus travel rule solutions (Sumsub Travel Rule, Notabene, TRP Labs).

- **Deepfake-heavy environments** — Reality Defender plus iProov liveness plus Pindrop voice.

- **Synthetic identity defense** — Socure, SentiLink, LexisNexis ThreatMetrix.

- **Korean fintechs** — NICE Information Service, Toss Payments FDS, in-house plus Sumsub/Persona as supplements.

- **Japanese megabanks** — NTT DATA plus global tooling (Hawk AI, Quantexa) in combination.

29. Five-Year Outlook — Where We Are Headed

Five trends.

- **Deepfake response goes standard** — C2PA provenance, liveness v3, and behavioral biometrics become default in payment SDKs.

- **Instant payments + AI fraud detection converge** — five-second-window inference becomes standard across the EU, US, and Asia.

- **Mandatory model risk management (MRM)** — US FinCEN, EU AI Act, and Korea’s FSC codify AI AML governance duties.

- **Crypto AML and traditional AML merge** — Chainalysis absorbs traditional bank transaction data; NICE Actimize beefs up crypto modules.

- **Federated learning + cross-bank data sharing** — UK FCA Sandbox and Singapore MAS COSMIC expand.

30. Conclusion — AI Is Both Weapon and Shield

The 2026 fraud industry lives with two truths at once.

- **Attack surface expansion** — generative AI cut the cost of deepfakes, synthetic identities, and refined phishing by an order of magnitude.

- **Defense surface expansion** — the same AI techniques power behavioral biometrics, GNNs, and generative SAR drafting.

The core message: **fraud response is no longer a compliance back office — it is a core function deeply integrated with product, payment, and UX.** The 2026 fintech edge is the balance between determining fraud within five seconds and minimizing friction for legitimate users.

Analysts, developers, and compliance leads now look at the same data with the same tools. You do not need to know 70 tools — you do need to know exactly where your business sits.

References

- Arup deepfake fraud (BBC, 2024-05-17) — bbc.com/news/world-asia-china-67519007

- Visa announces Featurespace acquisition (Visa Newsroom, 2024-09-26) — investor.visa.com

- Chainalysis Crypto Crime Report 2025 — chainalysis.com/reports

- FBI Internet Crime Report 2024 — ic3.gov

- EU AML Package 2024 official publication — finance.ec.europa.eu

- EU MiCA Regulation — eur-lex.europa.eu

- US FinCEN Model Risk Management Guidance 2025 draft — fincen.gov

- FATF Travel Rule (Recommendation 15) — fatf-gafi.org

- Sardine — sardine.ai

- Unit21 — unit21.ai

- Hawk AI — hawk.ai

- ComplyAdvantage — complyadvantage.com

- Featurespace — featurespace.com

- Feedzai — feedzai.com

- Quantexa — quantexa.com

- Sumsub — sumsub.com

- Persona — withpersona.com

- Alloy — alloy.com

- Onfido (Entrust) — onfido.com

- Jumio — jumio.com

- Veriff — veriff.com

- Trulioo — trulioo.com

- Socure — socure.com

- iProov — iproov.com

- Pindrop — pindrop.com

- Reality Defender — realitydefender.com

- Sensity AI — sensity.ai

- Truepic — truepic.com

- NICE Actimize — niceactimize.com

- SAS AML — sas.com

- Oracle FCCM — oracle.com/financial-services

- Chainalysis — chainalysis.com

- TRM Labs — trmlabs.com

- Elliptic — elliptic.co

- Korea FIU — kofiu.go.kr

- Japan JAFIC — npa.go.jp/sosikihanzai/jafic

- Korea Financial Security Institute (FSI) — fsec.or.kr

- Korea KISA — kisa.or.kr

- Japan FSA AML guidelines — fsa.go.jp

- TD Bank AML USD 3B penalty (US DOJ 2024-10-10) — justice.gov

- DMM Bitcoin hack (2024-05-31) — coinpost.jp