Generative AI and financial crime: When deception outpaces control design
In early 2024, a finance worker joined what appeared to be a routine video call with the CFO and several senior colleagues. Every participant except the worker was a deepfake. By the time the fraud was uncovered, $25 million had been transferred to fraudulent accounts.
The tools that made that attack possible are now cheaper, faster, and more widely available than they were 18 months ago. In fact, Deloitte projects global fraud losses enabled by generative AI could reach $40 billion by 2027, up from approximately $12 billion in 2023.
You can see the issue here. Synthetic identities, voice cloning, and AI-assisted mule recruitment are fully operational. Yet most AML control frameworks were built around what financial crime looked like historically.
This blog looks at how generative tools are being weaponized across the financial crime lifecycle and what that means for detection.
| Key takeaways Generative AI has turned financial crime into an industrial process, enabling synthetic identities, voice cloning, and AI-assisted mule recruitment at scale. Traditional AML control frameworks built on historical data are failing because deception now evolves at machine speed. Detection requires network-level signal: regulators expect control evolution, and siloed institution models are structurally insufficient. Federated learning is the structural fix, allowing institutions to detect cross-institutional patterns invisible in isolation. |
Synthetic identities are now an industrial process
Synthetic identity fraud has existed for years. What’s changed is the production model. For instance, where fraudsters once manually combined real pieces of personally identifiable information from various sources, generative AI now automates the creation of fabricated identities at scale, drawing on hundreds of millions of records exposed in data breaches.
In fact, false identity cases rose 60% in 2024 compared to 2023 and now make up nearly 29% of all identity fraud cases. Synthetic identity document fraud surged 311% in North America in Q1 2025 alone.
The quality problem is just as significant as the volume problem. According to Experian, AI can now produce fake identity documents that are virtually identical to genuine ones, which means onboarding controls designed to catch human-level forgery are being tested by machine-speed, machine-quality fabrication.
Then, and only then, does the real challenge emerge. By 2025, AI fraud agents had appeared that combine generative AI, automation frameworks, and reinforcement learning, creating synthetic identities, interacting with verification systems in real time, and adjusting behaviour based on outcomes.
The bottom line: Standard KYC checks weren’t built for that.
Related reading: Scams at scale: Cybercrime, state actors, and the financial system
Voice cloning in high-value payment fraud
Worryingly, scammers need as little as 3 seconds of audio to create a voice clone with an 85% match to the original speaker. Source material can be easily scraped from earnings calls, webinars, or corporate podcasts. (Most senior executives have hours of publicly available audio.)
In 2024, a deepfake attack occurred every five minutes. Across surveyed companies, 49% reported experiencing audio and video deepfake fraud. Plus, deepfake files grew from 500,000 in 2023 to 8 million in 2025, with fraud attempts leveraging deepfake content climbing more than 2,000% over three years.
Of course, the financial exposure for banks is significant. More than 10% of banks have suffered deepfake losses above $1 million, with an average loss of $600,000 per incident. And that’s likely understated. The FBI’s 2025 Internet Crime Report recorded $893 million in losses attributed to AI-related scams, a figure the Bureau acknowledges is conservative, because most victims don’t recognise AI was involved.
The detection problem is partly human. One in four adults has experienced or knows someone affected by an AI voice cloning scam, with 70% unsure of their ability to distinguish cloned voices. Human verification was never a robust control. Now it’s close to no control at all!
This brings me to the next point. The same criminal networks running these attacks need somewhere to move the money afterwards, and generative AI is helping with that too.
AI is scaling mule recruitment
Mule networks are the infrastructure that moves and cleans criminal proceeds. Recruiting and managing them historically required time, local contacts, and human oversight. That’s changing.
The FCA reported that 226,957 bank accounts linked to suspected money mules were closed by 37 of the UK’s largest banks and payment companies in a single year. And the accounts involved aren’t the ones you’d expect to flag. According to RUSI’s August 2025 report, roughly 60% of identified mule accounts were older than one year, with 20% more than five years old. Aged accounts present lower risk scores under traditional monitoring rules, which is exactly why they’re being targeted.
This also means the nature of mule accounts is changing, and they now should not be viewed as a single account type. Some mule accounts may be opened using synthetic or fabricated identities, while others are genuine, aged accounts recruited, rented, compromised, or controlled by criminal groups.
The velocity of funds moving through these accounts compounds the problem. Nearly 28% of money moved through identified mule accounts left within 15 minutes, with a further 25% departing within an hour.
Meanwhile, the recruitment side is scaling fast. AI-generated scripts, personalized outreach, and automated follow-up mean the same criminal group can run operations across multiple platforms simultaneously.
“We are seeing the social engineering component of money laundering scale at a rate that challenges existing controls.”
In 2025, one in four respondents reported being targeted for money mule recruitment. And most targets had no idea what they were being recruited into.
Related reading: Why AI must accelerate AML investigations
Why AML controls struggle to keep up
Traditional fraud scripts were developed offline, refined through trial and error, then deployed at scale. That iteration cycle took time. Generative AI has compressed it to near-zero.
In fact, the FBI has warned that generative AI reduces the time and effort criminals must expend to deceive their targets, and can correct for human errors that might otherwise serve as warning signs of fraud. Language models generate contextually accurate communications that match the tone and style of a specific organisation. They produce dozens of variants simultaneously and optimize for what works.
BEC attackers are now using chat-generation tools to produce executive-impersonation communications with precise tone and contextual detail, then layering in voice cloning to place follow-up calls confirming wire transfers.
Here’s the deeper problem. Most AML transaction monitoring systems (including ML models) are trained on historical data. They detect deviations from patterns learned in the past. That works when criminal behaviour is relatively stable. It breaks down when the deception evolves faster than the training data.
By 2026, manual reviews, static rules, and delayed investigations are widely recognised as barriers to effective financial crime prevention:
- A synthetic identity is built to pass current verification checks.
- A voice clone is designed to clear current authentication thresholds.
- A mule recruitment script is optimised against current detection logic.
- A model trained six months ago may have zero exposure to methods being deployed against institutions today.
The institution-silo problem makes this worse.
A synthetic identity approach circumventing one bank’s onboarding controls is likely being used across multiple institutions simultaneously, but siloed models have no visibility into that.
What regulators expect and what detection requires
Regulators have made clear through guidance, examinations, and enforcement actions that automation does not reduce accountability and that, as AI becomes more sophisticated, oversight expectations increase.
Regulators are also deploying their own tools. In April 2025, the Bank for International Settlements deployed an AI-driven toolkit designed to enhance on-site supervision and strengthen decision-making. Compliance teams are benchmarked against peer institutions and are assessed by supervisors running advanced detection of their own.
So, what does detection actually require when the threat is adaptive?
One thing’s for sure. The answer isn’t a better single-institution model.
As criminal organisations diversify and operate across multiple banks, consortium data becomes essential, allowing institutions to spot patterns and connections that are invisible in isolation and to build profiles across hundreds of millions of entities and counterparties.
That’s the structural fix. Federated learning enables institutions to train on collective behavioral intelligence across the network without raw data ever leaving individual institutions.
With this in place, a synthetic identity appearing across three banks simultaneously becomes visible. And a mule account that looks low-risk in isolation exhibits a pattern that only emerges at network level.
“Banks leveraging AI-powered models have seen a 260% uplift in fraud detection rates compared to traditional methods, across analysis of 124 billion transactions.”
Consilient’s federated learning models do exactly this. It reveals cross-institutional behavioral patterns for synthetic identities, high-risk typologies, and anomalous activity that single-institution models structurally can’t see. The resulting 88% reduction in false positives and 3x efficiency gain reflect what becomes detectable when you have network-level signal.
Related reading: Federated learning is the AML breakthrough regulators and FIUs have been waiting for
Deception that learns needs detection that does too
Generative AI hasn’t changed the fundamentals of money laundering. Placement, layering, and integration still describe how illicit funds move through the financial system. What’s changed is the sophistication of the entry point and the speed at which criminal networks can iterate and adapt.
Controls designed for a static threat environment will always struggle with an adaptive one. That’s a structural mismatch, and it’s one that single-institution models, however well-built, can’t resolve on their own.
The next thing to think about is straightforward: was your detection framework built around what financial crime looks like today, or what it looked like when the model was last trained?
If your institution is working through that question, we’d be glad to show you what federated detection looks like in practice → Talk to us; we’d genuinely love to help.
