AML and the money behind child exploitation: An industry imperative
This is a difficult topic, but an important one. One that is rarely addressed directly in our industry. Its purpose of this piece is to make you pause and reflect on why what we do goes beyond compliance.
What we do as AML and financial crime professionals is fundamental to the functioning of the financial system. But how often do we stop and reflect on what sits behind alerts, SARs, and performance metrics? Behind them are serious and organized crimes, sustained through the very system we are tasked with protecting.
Recently, I listened to a political podcast where guests from the International Justice Mission discussed the scale of child sexual exploitation online. Not as a policy issue. Not as a headline. But as a global market. As something monetized, structured, and sustained by payments.
Even naming it directly feels uncomfortable. It is the kind of topic people lower their voice for, often folded into broader terms like “human trafficking” or “illicit content.” But it needs to be understood clearly for what it is: the exploitation of children, sustained through financial flows.
The scale is significant:
- 🟣The Philippines, one of the major source markets, research estimates that half a million children were exploited to produce online abuse material in a single year.
- 🟣In some cases, offenders pay about $15 for live imagery. Less than the cost of a takeaway meal to participate.
- 🟣Around 105 million abuse media files were identified globally in a single year.
- 🟣Demand is largely driven by offenders in high-income Western economies, including the UK, US, Australia, Canada and parts of Europe.
And this is reflected in estimates from the Financial Action Task Force (FATF), the global AML standard-setter, which estimates that 300 million children globally are affected by online sexual exploitation each year.
This is a sustained, monetized system operating through the financial system.
Our role often provides the first indication of activity that may otherwise remain hidden. A pattern, once identified and followed, can contribute to exposing networks and disrupting harm. Even small signals can matter.
A low-value transaction may pass through controls without immediate concern. It may resemble everyday consumer behavior. But in certain contexts, those same transactions form part of a wider pattern of monetization.
Viewed through a financial crime lens, one point becomes unavoidable: the exploitation of children operates as a structured, revenue-generating market, moving through regulated financial infrastructure.
From time to time, public attention returns, most recently with renewed scrutiny of financial networks linked to the Epstein case. Headlines fade. But the activity does not.
If AML is about following the money, it cannot ignore where some of that money leads. Yet this category is rarely addressed directly in industry discussion. It appears in risk assessments. It sits in typology lists. Transactions continue to clear.
Child sexual exploitation is a sustained criminal market operating through the infrastructure that AML teams are mandated to oversee.
That is the starting point.
Child exploitation is a core AML risk
One reason this rarely surfaces in AML discussions is that it is often treated as niche, or as something handled elsewhere.
Conversations about human trafficking can become highly structured and procedural, focused on typologies and logistics rather than underlying harm. The terminology describes the mechanism, but can create distance from the reality it represents.
At its core, what the term actually refers to is:
- ➡Enslavement
- ➡Sexual exploitation
- ➡Coercive control
- ➡Rape for profit
- ➡Forced labour under threat and violence
In reality, child sexual exploitation operates as an organized, networked, revenue-generating market. It spans jurisdictions, adapts quickly to platform controls, and generates sustained revenue streams through the financial system.
Payments move through peer-to-peer apps, card rails, subscription platforms, digital wallets, prepaid instruments, and third-party payment providers (TPPPs). Many are low in value. Many recur. Many cross borders. In isolation, they appear ordinary.
And that’s why the activity does not announce itself.
A bank may see a transfer to a payment processor. The processor may see a settlement on a platform. The platform may see end-user behavior. No single participant sees the full economic chain.
As with other forms of financial crime, AML failure in this area has direct real-world consequences.
Digital infrastructure has also increased scale and accessibility, allowing this activity to grow and adapt over time.
| Child exploitation & financial indicators 🟣20.5 million reports of suspected child sexual exploitation (2024), submitted to NCMEC’s CyberTipline. 🟣Nearly 100 financial sextortion reports per day (2025), cases involving coercion and payment demands. 🟣77% increase in online enticement reports (H1 2025 vs H1 2024) ~292,000 to ~518,000 reports to NCMEC’s CyberTipline. 🟣Sharp rise in AI-linked exploitation reports (H1 2025 vs H1 2024) ~6,800 to ~440,000 in the same period. |
Why this rarely surfaces directly in AML conversations
Child sexual exploitation is not absent from AML frameworks. It is present, but not always explicitly named.
Instead, it is typically classified within broader categories such as human trafficking. These classifications provide regulatory structure and allow institutions to organize risk into defined typologies within control frameworks.
Classification shapes perception. Language aligned to regulatory compliance is designed to be precise, neutral, and administratively usable. It describes mechanisms, transaction patterns, and typologies, but it can create distance from the underlying reality.
As a result, the crime becomes visible as a category, but less visible in operational focus.
Board reports refer to trafficking typologies. Risk assessments refer to exploitation indicators. Policies refer to predicate offences. Each is accurate. Each is necessary. However, they do not always reflect the full context of the underlying activity.
When activity is absorbed into regulatory taxonomy, it becomes part of the control environment rather than something examined in isolation. It enables a clear and reportable statistical view.
However, classification alone does not reduce the underlying activity.
When it is consistently grouped into broader categories, it risks being treated as one risk among many, rather than a distinct and material exposure.
The system is moving faster than our safeguards
The financial system does not look the way it did 10 years ago.
Payments are faster. Settlement is near-instant. Cross-border movement is routine. Digital wallets and alternative rails expand access points. Third-party payment providers now sit at the centre of payment flows, aggregating merchants, abstracting end customers, and intermediating transactions at global scale.
The same infrastructure can also be leveraged by exploitation networks.
As highlighted in FATF’s recent report on online child sexual exploitation, these networks rely on the structural characteristics of the modern payment system:
- ➡Small, frequent payments that disappear into consumer noise
- ➡Cross-border routing that fractures investigative visibility
- ➡Intermediated platforms where no single entity sees the full picture
- ➡Transaction velocity that outpaces manual review and static rule-based controls
Third-party processors introduce additional layers between origin and beneficiary, creating distance between activity and its underlying purpose.
Responsibility does not disappear in that structure. It becomes distributed. As visibility fragments, detection depends on recognizing weak, distributed signals rather than isolated anomalies.
Systems designed for speed and scale require detection capabilities calibrated to those same conditions.
Compliance is the foundation. Not the full objective.
Supervisors expect financial institutions to monitor for indicators linked to exploitation and trafficking. Policies reference it. Risk assessments account for it. Suspicious activity reports are filed when patterns warrant escalation.
These controls are essential. They create structure, accountability, and governance. They provide a piece of the puzzle.
However, the effectiveness of those controls is ultimately linked to whether they interrupt the movement of funds associated with this activity.
When monetization continues without interruption, the activity persists.
Compliance measures the presence of control. Disruption reflects whether those controls are having a practical effect.
The financial system does not sit separate from this activity. It forms part of the flow of funds through which it operates.
And when that flow is disrupted, outcomes can change.
Stripping away the veil
No single transaction reveals what it ultimately funds. No single institution sees the full picture. Detection depends on recognising patterns that emerge across time, entities, and networks.
This makes the responsibility more complex. It also reinforces its importance.
AML is often framed in terms of regulatory expectation, enforcement risk, and reputational protection. These are legitimate concerns. They support governance discipline and institutional focus.
However, child exploitation reduces much of that abstraction.
It highlights that financial systems enable economic activity, and where that activity funds exploitation, financial systems form part of the infrastructure through which it operates.
When money moves, the activity continues.
And when that flow is disrupted, outcomes can change.
Because somewhere within the flow of ordinary payments, patterns can emerge that point to something more serious.
And whether that thread is recognized, followed, and acted upon may determine whether harm to children around the world continues, or whether it is finally brought into the light.
