Fraud and Financial Crime: 2023 Regulatory Challenges

Insights on regulatory focus, interplay with consumer protection, and evolving risks

"With the ever-changing environment—regulatory, geopolitical, economic, financial crime, innovation—fintech and payments companies need to ensure they are protecting their customers by combating fraud, money laundering, and related financial crimes on their platforms. Companies should consider ways to responsibly leverage technology and data to monitor activity, coupled with a deep focus on customer experience—being proactive and identifying trends, and instilling a strong culture of doing the right thing."  —Fiachre O’Neill, Chief Risk & Compliance Officer, PayPal


Explore here insights on Fraud and Financial Crime from the KPMG report Ten key regulatory challenges of 2023.


Regulatory focus

Fraud and Financial crime are on-going risks that financial service providers consistently work to mitigate. Evolving technological developments, geopolitical events, and interconnected and interdependent financial networks may increase these risks, exposures and complexity – particularly as perpetrators become increasingly more sophisticated. Regulators will continue to be concerned around such areas as terrorist financing, beneficial ownership, sanctions/tax evasion, consumer scams, and potential compliance violations.

Continued areas of regulatory focus include:

  • Anti-Money Laundering and Counter-Terrorist Financing (AML/CFT) frameworks and risk mitigants to prevent illicit exploitation of access to the U.S. financial system (e.g., shell companies, all-cash real estate purchases).
  • Fraud models, operations, and investigation processes.
  • Insider corruption (e.g., employee misconduct, vendor/third party misconduct).
  • Cybercrime and robust cybersecurity risk management.

New areas of expanded regulations will include:

  • Crypto and digital assets: 
    • Regulators will look to combat threats and vulnerabilities posed by digital assets and strengthen the financial safeguards. Investigations and enforcement will lead to more actions of non-compliance with existing regulations (e.g., illegally offered crypto asset derivatives products, false statements about stablecoin assets, fraud and market manipulation, red flag indicators of sanctions evasion attempts using digital assets). 
  • Increased attention to AML for NFT and DeFi: 
    • With the rapid growth of NFTs and DeFi platforms, regulators indicate there is an elevated risk of money laundering and terror financing. Current AML regulations are being expanded to include assessing CDD and suspicious activity reporting related to NFTs and DeFi platforms.
  • Sanctions and price cap compliance: 
    • Continued geopolitical discordance will result in continued focus on sanctions and price cap compliance, including virtual currency mining, dark net markets, and bans on a broad range of services to sanctioned entities/countries (e.g., trade finance, banking, brokering, and insurance).  
  • Final rules on beneficial ownership information reporting and analysis (e.g., due diligence, SAR filings, and anti-corruption compliance programs).
  • Further discussion on the potential liability with P2P responsibilities, fraud, and losses. 


Interplay with consumer protection

While regulators recognize the fraud controls needed to manage potential losses and identify suspicious activity, they will remain focused on potential violations of consumer compliance regulations, the fair processing and treatment of consumer complaints, claims, and disputes, and the clarity of consumer communication throughout the process. 

Regulators will continue to assess companies in such areas as: 

  • Use of account holds and freezes in connection with the application of Reg E, EFTA, and UDAAP>
  • Model development and validation utilized, including analysis of disparities and anti-bias.
  • Payment sender/receiver authentication procedures (e.g., electronic funds transfers including P2P payments).
  • Oversight and monitoring of synthetic identity fraud.

To better protect vulnerable populations (e.g., elderly, servicemembers, low- and moderate-income) that are often targets of fraud, regulators expect companies to:

  • Implement risk programs that identify and mitigate fraud/scams directed to elderly, military, and other vulnerable groups.
  • Conduct analysis of outcomes and models across consumer segments.


Evolving risks

Regulators face the challenge of mitigating complex and evolving risks that may threaten or have been identified by the Administration as issues of national security. Areas of national security risks consistent with FinCen's AML/ CFT priorities, include:

  • Domestic and international terrorist financing
  • Increased focus on OFAC and Sanctions
  • Transnational criminal organizations
  • Drug and human trafficking, smuggling
  • Proliferation financing
  • Synthetic identity fraud (also impacting consumers)

It is important to recognize that fraud and financial crime management is directly within the Governance (“G”) factor of ESG. Companies and their boards will be expected by regulators to enhance these risk and compliance frameworks for effective oversight and governance in areas such as:

  • Anti-bribery and corruption
  • Competitive behavior
  • Lobbying/political involvement
  • Code of conduct, compliance with evolving and expanding rules and regulations




Call to action: Fraud and Financial Crime

☑ Add analytics and automation to client onboarding

☑ Eliminate antiquated technology

☑ Establish a mature conduct risk program

☑ Strengthen controls in regulatory focal areas (FinCEN priorities) 




Ten Key Regulatory Challenges of 2023

Read our report for client perspectives, regulatory recaps, and actionable steps to help mitigate risk.

Connect with us

Amy S. Matsuo

Amy S. Matsuo

Principal and National Leader, Regulatory Insights, KPMG US

+1 919-244-0266
John Caruso

John Caruso

Principal, Forensic, KPMG US

+1 212-954-6831

Explore all: Ten Key Regulatory Challenges of 2023

Subscribe to our mailing list to receive our Regulatory Alerts and Points of View.