top of page
Search

APP Fraud as an AML Problem: How Instant Payments Are Forcing a Compliance Revolution

  • Writer: TrustSphere Network
    TrustSphere Network
  • May 15
  • 4 min read

The $5 Billion Problem That AML Was Not Built to Solve


Authorised push payment fraud has become the defining financial crime challenge of the instant payments era. APP fraud — in which victims are psychologically manipulated into authorising transfers to accounts controlled by fraudsters — now accounts for 75 percent of digital banking fraud value globally, according to ACI Worldwide's analysis. Losses are expected to reach $5.25 billion across the US, UK, and India alone by 2026, driven by the triple accelerant of AI-generated social engineering, instant payment rails that make recovery virtually impossible, and sophisticated money mule networks that disperse funds within seconds of receipt.

What makes APP fraud particularly challenging for financial institutions is that it exploits the authorisation framework that underlies all legitimate payment activity. The customer pressed send. The bank processed the instruction. From a conventional AML perspective, the payment looked clean. It is only in the downstream movement of funds — through mule accounts, rapid cash-out, crypto conversion, or international remittance — that the criminal pattern becomes visible. By that point, it is too late.


AMLD6 Changes the Compliance Calculus


The EU's Sixth Anti-Money Laundering Directive formally designates fraud as a predicate offence for money laundering, with direct implications for how institutions must approach APP fraud in their AML compliance frameworks. Under AMLD6, the proceeds of APP fraud are money laundering proceeds from the moment they enter the receiving account. This means that receiving institutions — not just sending institutions — have transaction monitoring and SAR filing obligations in relation to mule account activity.

For EU fintechs and banks that have historically operated a sharp compliance division between fraud prevention (a customer protection function) and AML (a regulatory compliance function), AMLD6 requires a fundamental restructuring. Fraud signals — including APP fraud victim reports, confirmed mule account indicators, and cross-industry intelligence — must feed into AML monitoring workflows. SAR filing criteria must explicitly address fraud proceeds. And customer risk assessments must incorporate the risk of mule account usage.

The UK's Payment Systems Regulator has taken a parallel approach through its mandatory APP fraud reimbursement regime, requiring PSPs to reimburse eligible APP fraud victims and creating strong financial incentives for banks to invest in detection and prevention. The PSR framework also requires bilateral data sharing between sending and receiving institutions on confirmed fraud cases — a form of mandated information sharing that has historically been resisted on legal grounds.


The Mule Account Detection Challenge


Money mule accounts — accounts used to receive and forward fraud proceeds — are the critical infrastructure of APP fraud networks. They come in three varieties: complicit mules who knowingly participate for payment; unwitting mules who are recruited through romance scams, job fraud, or social engineering; and synthetic identity mule accounts created specifically to receive fraud proceeds. Each presents a different detection challenge.

Complicit and unwitting mules can often be identified through behavioural analytics: accounts that receive large, unexpected credits shortly after opening, that immediately disperse funds to multiple recipients across different jurisdictions, that show unusual velocity patterns relative to the customer's stated profile, or that share device, network, or address characteristics with other flagged accounts. Graph-based analysis — mapping relationships between accounts, devices, and counterparties — is increasingly essential for identifying mule network clusters that individual account-level monitoring misses.

Synthetic identity mule accounts are harder: they passed KYC at onboarding, carry initial credibility, and may be held in a 'credit building' phase for months before being activated for fraud receipt. Detection requires the kind of cross-portfolio, cross-channel analysis that connects KYC signals with transaction patterns and device intelligence.


The Technology Response: FRAML Integration


The convergence of fraud and AML monitoring — often called FRAML — is no longer a theoretical aspiration. It is a regulatory necessity. Institutions that maintain separate fraud and AML detection stacks, with different data feeds, different alert queues, and different investigation teams, are operating with significant blind spots. A transaction that appears normal from a fraud perspective may carry AML red flags, and vice versa. The connections between fraud typologies and money laundering patterns are best visible when both data streams are analysed together.

Leading institutions in 2026 are building or procuring integrated FRAML platforms that unify transaction monitoring, customer risk assessment, case management, and reporting across fraud and AML domains. The technology investment case is straightforward: a single integrated platform reduces false positives through richer contextual analysis, reduces the cost of duplicate investigation processes, and supports the cross-domain intelligence that AMLD6 and equivalent frameworks now require.


What Compliance Leaders Must Prioritise


In the near term, compliance leaders should focus on three priorities. First, MAP the current gap between fraud and AML data flows — identify where fraud signals are generated but not fed into AML monitoring, and vice versa. Second, REVIEW SAR filing criteria to ensure that APP fraud proceeds are being identified and reported consistent with AMLD6 and national implementation requirements. Third, INVEST in mule account detection capabilities, specifically graph-based analysis and cross-institution data sharing — the PSR's mandatory data sharing requirements in the UK provide a model that regulators in other jurisdictions are watching closely.

Instant payments will not slow down. The instant payment infrastructure — FedNow in the US, PIX in Brazil, UPI in India, Faster Payments in the UK — is becoming the backbone of consumer and business payment activity globally. Financial crime compliance must evolve at the same speed, or faster.

TrustSphere helps financial institutions design and deploy intelligent fraud and financial crime detection solutions. Visit www.trustsphere.ai

 
 
 

Comments

Recommended by TrustSphere

Atfinity


 

Izengard


 

Trefis


 

Noto360



 

Thetaray


 


Regulation Asia


 


FCC Analytics

 

Futurum



 



Darwinium


 

Arkose Labs


 

SumSub



 

FinanceX



 

FullArmor



 

Clari5



 

© 2024 TrustSphere.ai. All Rights Reserved.

hello@trustsphere.ai

  • LinkedIn

AML Watcher


 

Relevance.ai



 

LevelFive



 

Disclaimer for TRUSTSPHERE.AI

The content provided on the TRUSTSPHEREAI website is intended for informational purposes only. While we strive to provide accurate and up-to-date information, the data and insights presented are generated from a contributory network and consolidated largely through artificial intelligence. As such, the information may not be comprehensive, and we do not guarantee the accuracy, reliability, or completeness of any content.  Users are advised that important decisions should not be made based solely on the information provided on this website. We encourage users to seek professional advice and conduct their own research prior to making any significant decisions.  TruststSphere Partners is a consulting business. For a comprehensive review, analysis, or support on Technology Assessment, Strategy, or go-to-market strategies, please contact us to discuss a customized engagement project.   TRUSTSPHERE.AI, its affiliates, and contributors shall not be liable for any loss or damage arising from the use of or reliance on the information provided on this website. By using this site, you acknowledge and accept these terms.   If you have further questions,  require clarifications, or requests for removal or content or changes please feel free to reach out to us directly.  we can be reached at hello@trustsphere.ai

bottom of page