M2P Fintech
Fintech is evolving every day. That's why you need our newsletter! Get the latest fintech news, views, insights, directly to your inbox every fortnight for FREE!
A Structural Shift in Financial Crime
Digital fraud is no longer an isolated operational risk—it has evolved into a systemic threat reshaping the global financial ecosystem. From AI-generated deepfakes to coordinated money muling networks, fraudsters are leveraging the same technologies that underpin modern banking innovation. Regulators, in turn, are responding with sharper expectations around governance, resilience, and technological sophistication.
At the center of this shift is the Swiss Financial Market Supervisory Authority (FINMA), whose Supervisory Communication 02/2026 provides a revealing snapshot of how even mature financial systems are struggling to keep pace. Based on a survey of 19 Swiss banks, the findings highlight critical structural gaps—while also offering a blueprint aligned with broader global regulatory movements such as the EU’s Digital Operational Resilience Act (DORA) and the UK FCA’s financial crime priorities.
This blog distills these findings, connects them with international regulatory expectations, and outlines how institutions can build a future-ready fraud risk framework.
FINMA’s Findings: Where Swiss Banks Are Falling Short
FINMA’s analysis highlights a consistent pattern: institutions are reacting to fraud rather than anticipating it.
1. Governance and Operational Risk Gaps
A fundamental weakness lies in governance maturity:
42% of surveyed banks lacked a formal digital fraud policy
Some institutions had no fraud steering committees, while others operated with informal or undocumented structures
Limited board visibility, with only around half consistently reporting key fraud metrics
Fragmented response frameworks, including absence of standardized incident response plans in several banks
Minimal horizon scanning capabilities, leading to poor anticipation of emerging threats
These issues collectively signal a lack of ownership, accountability, and strategic alignment—core tenets expected under FINMA’s principles-based framework and Circular 2017/1.
2. Fraudulent Online Account Usage
The rapid expansion of digital onboarding has introduced new vulnerabilities:
Synthetic identities and forged documentation are increasingly used to open accounts
Deepfakes and manipulated video content are bypassing traditional verification systems
Social engineering is enabling criminals to exploit legitimate users as money mules
This shift blurs the line between legitimate and fraudulent activity, rendering traditional KYC processes insufficient when used in isolation.
3. AML and Transaction Monitoring Weaknesses
The survey also exposed structural issues in AML systems:
Many banks rely on high static thresholds (CHF 100,000–200,000), which fail to detect low-value, high-frequency fraud
Scenario-based monitoring is underutilized, limiting the ability to detect behavioral anomalies
KYC data is not effectively integrated into monitoring engines
Significant variation in suspicious activity reporting, indicating inconsistent control effectiveness
FINMA emphasized that fraud prevention and AML must operate as a unified system, not parallel silos.
FINMA’s Strategic Direction: From Compliance to Capability
Rather than introducing prescriptive rules, FINMA has clarified expectations around outcomes:
Key Recommendations
Establish formal governance structures with clear ownership and accountability
Adopt proactive detection mechanisms, including horizon scanning
Strengthen online onboarding controls, especially against synthetic identity fraud
Transition to dynamic, scenario-driven monitoring models
Improve integration of AML and fraud analytics
Enhance employee and customer awareness programs
In essence, FINMA is pushing institutions toward resilience-driven risk management, where technology, governance, and culture operate as a unified defense system.
The Global Lens: Converging Regulatory Expectations
The direction set by FINMA closely aligns with broader global regulatory trends.
European Union: DORA and EBA
The EU’s Digital Operational Resilience Act (DORA) reframes digital risk as a board-level accountability issue. Key elements include:
Comprehensive ICT risk management frameworks
Mandatory resilience testing and incident reporting
Strong third-party risk governance
Integration of fraud risk into operational resilience
The EBA further emphasizes fraud data reporting, scenario-based monitoring, and strong customer authentication (SCA).
United Kingdom: FCA’s Risk-Based Supervision
The FCA takes a data-driven, collaborative approach, focusing on:
Detection and disruption of money muling networks
Real-time monitoring enhancements
Improved information sharing across institutions
Use of advanced analytics to identify emerging fraud typologies
Common Global Themes
Across jurisdictions, several principles are converging:
Board-level accountability for fraud risk
Integration of AML, fraud, and cyber functions
Advanced analytics as a supervisory expectation
Customer-centric security (not just compliance-driven)
Technology as a Strategic Enabler
To meet rising regulatory expectations, financial institutions are rapidly adopting advanced technologies.
1. AI and Machine Learning
AI is transforming fraud detection from static rule-based systems into adaptive models:
Real-time anomaly detection across transactions
Predictive modeling to anticipate fraud patterns
Network analysis to uncover hidden relationships
These capabilities are essential for identifying complex fraud schemes like money muling.
2. Network (Graph) Analytics
Traditional monitoring analyzes transactions in isolation. Network analytics instead maps relationships:
Community detection reveals coordinated fraud rings
Path analysis tracks movement of illicit funds
Centrality metrics identify key actors within networks
This approach is critical for detecting organized fraud ecosystems.
3. Behavioral Biometrics
Behavioral biometrics introduces continuous authentication, reducing reliance on static credentials:
Typing rhythm and keystroke dynamics
Mouse movements and touchscreen behavior
Device handling and interaction patterns
By building unique behavioral profiles, these systems can detect account takeovers—even when credentials appear valid.
4. Advanced Identity Verification
To counter deepfakes and synthetic identities, institutions are deploying:
Liveness detection to verify real-time presence
AI-powered facial recognition
Document authenticity validation tools
These controls are becoming essential in digital onboarding.
Building a Robust Governance Framework
Technology alone cannot address digital fraud. A structured governance framework is critical.
The Fraud Steering Committee
At the core should be a cross-functional Fraud Steering Committee:
Composition:
Risk, Compliance, IT, Legal, Operations, Internal Audit
Mandate:
Define fraud strategy and risk appetite
Oversee risk assessments and controls
Monitor performance metrics
Escalate critical risks to the board
Three Lines of Defense
A clear operating model ensures accountability:
First Line: Business units own fraud risks
Second Line: Risk and compliance provide oversight
Third Line: Internal audit validates effectiveness
Key Metrics for Oversight
Senior management requires structured reporting:
Fraud detection rate
False positive rate
Net fraud losses
Incident response time
Customer impact indicators
Dashboards should enable real-time risk visibility.
From Rules to Intelligence: Transitioning to AI-Driven Fraud Management
Modern fraud demands a shift from static controls to adaptive intelligence.
Implementation Roadmap
Phase 1: Data Foundation
Consolidate transaction, customer, and behavioral data
Ensure data quality and governance
Phase 2: Advanced Analytics
Introduce network analysis models
Develop anomaly detection capabilities
Phase 3: AI Deployment
Train supervised and unsupervised models
Run parallel testing with legacy systems
Phase 4: Optimization
Continuous monitoring and retraining
Feedback loops from investigators
Ensuring Trust: Validation and Compliance
Regulators increasingly expect not just effectiveness, but also transparency and fairness.
Key Validation Components:
Model Risk Management (MRM): Lifecycle validation of models
Explainable AI (XAI): Clear reasoning behind decisions
Bias Testing: Ensuring fairness across customer segments
Human Oversight: Manual review for critical decisions
This ensures alignment with regulatory scrutiny across jurisdictions.
Harmonizing Global Regulations: A Strategic Imperative
For multinational institutions, aligning FINMA’s principles with prescriptive regimes requires a layered approach:
Strategic Steps
Develop a global baseline framework based on the highest regulatory standard
Conduct regulatory mapping and gap analysis
Apply risk-based controls tailored by jurisdiction
Standardize outsourcing governance (aligned with FINMA 2018/3)
Use RegTech tools to monitor regulatory updates
This approach ensures both consistency and local compliance.
The M2P Advantage: Turning Regulatory Pressure into Strategic Readiness
As digital fraud becomes more sophisticated and regulatory expectations intensify, financial institutions face a dual challenge: staying compliant while staying ahead. This is where M2P’s Financial Risk Management (FRM) platform delivers measurable impact.
M2P’s FRM (AML & Fraud) suite is purpose-built to align with evolving global regulatory frameworks—including FINMA’s principles-based approach, DORA’s operational resilience mandates, and FCA’s risk-based supervision—while embedding innovation at the core.
Built for Compliance, Engineered for Intelligence
M2P’s platform directly addresses the gaps identified in FINMA’s 02/2026 findings:
1. Governance-Ready Frameworks
Pre-configured workflows aligned with the three lines of defense model
Real-time dashboards enabling board-level visibility into fraud risk KPIs
Embedded governance structures supporting fraud steering committees and escalation protocols
2. AI-Driven AML and Fraud Detection
Transition from static thresholds to dynamic, scenario-based monitoring
Hybrid AI models (supervised + unsupervised) detecting both known and emerging fraud typologies
Continuous learning systems that adapt to evolving fraud patterns
3. Advanced Network Intelligence for Money Muling
Integrated graph analytics to uncover hidden relationships and mule networks
Detection of complex fraud structures through:
Community clustering
Transaction path tracing
Identification of high-risk intermediary nodes
4. Behavioral Biometrics & Continuous Authentication
Passive monitoring of user behavior (typing cadence, device interaction)
Real-time anomaly detection to prevent account takeover and social engineering attacks
Automated step-up authentication triggered by risk scoring
5. Enhanced Digital Onboarding Protection
AI-enabled deepfake and liveness detection capabilities
Fraud-resistant onboarding journeys aligned with regulatory expectations
Integration of KYC data into fraud and AML monitoring systems
6. Explainable, Auditable AI
Explainable AI (XAI) frameworks using SHAP/LIME methodologies
Built-in model validation and bias detection mechanisms
Full transparency for regulators, audit teams, and internal stakeholders
A Unified Approach Across Jurisdictions
M2P’s FRM platform is designed for global scale:
Supports harmonization between principles-based (FINMA) and rules-based (EU, UK) regimes
Enables a “highest common denominator” control framework across geographies
Built-in adaptability for local regulatory customization without fragmenting global controls
This ensures institutions can operate with consistency, efficiency, and audit readiness—even in the most complex regulatory environments.
Digital fraud is no longer a future risk—it is a present and accelerating threat. Regulators have made their expectations clear: resilience must be embedded, intelligence must be continuous, and governance must be accountable.
M2P empowers financial institutions to move beyond compliance checklists and build future-ready fraud defense ecosystems.
👉Partner with M2P to transform fraud risk management into a strategic advantage.