TrustSphere
 

Reimbursement reform has changed the economics of Authorised Push Payment fraud, but it has not changed the underlying scam. With sending and receiving banks now sharing liability across an expanding set of jurisdictions, the strategic question for fraud leaders is no longer whether to reimburse — it is how to disrupt scams in real time before the money moves.

The Wolfsberg Group's 2026 refresh of its core principles signals the most substantive evolution in correspondent banking guidance in several years. The update consolidates lessons from recent enforcement actions, recognises the operational reality of cross-border payment modernisation, and pushes member banks toward more risk-sensitive, data-driven due diligence. The implications extend well beyond the thirteen Wolfsberg members. Because non-member banks typically adopt Wolf

The sanctions designation of Tornado Cash was supposed to be a turning point in the fight against on-chain money laundering. In practice, it accelerated the diversification of obfuscation techniques rather than eliminating them. The mixer ecosystem of 2026 looks materially different from that of 2022, and compliance teams need an updated mental model. Criminals have adapted in four directions: decentralised alternatives, cross-chain bridges, privacy-preserving layer-2 protoco

The collapse of NFT trading volumes from their 2021 peak has produced the mistaken impression that NFTs are no longer a material AML concern. In reality, the typology has matured, diversified into gaming platforms and in-app economies, and continues to attract criminal proceeds at meaningful scale. Regulatory frameworks in most jurisdictions lag the sophistication of these laundering techniques. For compliance teams at financial institutions, platforms and regulators, the gap

The Economic Crime and Corporate Transparency Act has now been in force long enough to assess its real-world impact. The reforms to Companies House, the failure-to-prevent fraud offence, and the expanded identity verification requirements represented the UK's most ambitious anti-economic-crime reform package in decades. Two years on, the picture is mixed. Transparency has improved in measurable ways. Enforcement capacity has expanded. But structural weaknesses in verification

The first half of 2026 has produced some of the largest sanctions enforcement actions on record. Regulators on both sides of the Atlantic have moved decisively against institutions whose screening controls failed to keep pace with the rapid expansion of sanctions perimeters since 2022. The pattern of failure is remarkably consistent. It is rarely the absence of a screening tool that drives enforcement. It is almost always the quality of the data feeding that tool, the calibra

Hong Kong's Stablecoin Ordinance has moved the territory from permissive experimentation to one of the world's most detailed regulatory regimes for fiat-referenced stablecoin issuance. The HKMA now licenses issuers, sets reserve and redemption standards, and imposes direct financial crime obligations on a new class of regulated entity. For global banks, payment providers and fintechs with Asia-Pacific operations, the ordinance is not merely a local compliance exercise. It cre

Handling politically exposed persons in emerging markets remains one of the most nuanced challenges in financial crime compliance. List-based PEP screening tools have become commoditised, yet enforcement actions continue to highlight cases where screening was technically completed but the underlying risk was not meaningfully assessed. The gap is not the technology. The gap is the interpretive judgment that connects a name match to an understanding of the political, legal and

Ransomware has long been treated as a cyber problem with a financial crime tail. That framing is no longer tenable. With ransom payments increasingly routed through regulated financial institutions, sanctions exposures embedded in the threat-actor ecosystem, and disclosure rules tightening on both sides of the Atlantic, ransomware now sits squarely on the AML and sanctions risk register.

The UK's mandatory APP-scam reimbursement regime has been in force since October 2024, and the scheme data is finally giving us a clean picture of what works at the point of payment and what does not. The headline finding is straightforward — Confirmation of Payee, in its first-generation form, was a useful but porous control, and the 50/50 reimbursement liability split between sending and receiving PSPs has placed real economic pressure on both sides to do better. Confirmati