Why static AML models can’t stop AI-driven fraud

AML

In early 2024, a finance employee dialled into what looked like an ordinary video meeting with the CFO and several senior colleagues. In reality, every other participant on the call was a deepfake. Before the scheme was discovered, $25m had been wired to fraudulent accounts.

According to Consilient, The technology behind that attack has since become cheaper, quicker and far more accessible. Deloitte forecasts that global fraud losses driven by generative AI could climb to $40bn by 2027, up from roughly $12bn in 2023.

Consilient recently discussed generative AI and financial crime, and the topic of what happens when deception outpaces control design.

Synthetic identities, voice cloning and AI-assisted mule recruitment are already fully operational, yet most AML control frameworks were designed around what financial crime looked like in the past.

Synthetic identities become an industrial process

Synthetic identity fraud is not new, but the production model is. Where criminals once stitched together stolen personal data by hand, generative AI now automates the fabrication of identities at scale, drawing on hundreds of millions of breached records. False identity cases jumped 60% in 2024 versus 2023, accounting for nearly 29% of all identity fraud, while synthetic identity document fraud surged 311% in North America in Q1 2025 alone.

Quality is as concerning as quantity. Experian notes that AI can now generate fake identity documents virtually indistinguishable from genuine ones, meaning onboarding controls built to catch human-level forgery are facing machine-speed, machine-quality fabrication. By 2025, AI fraud agents had emerged combining generative AI, automation frameworks and reinforcement learning, capable of creating synthetic identities, interacting with verification systems in real time and adjusting behaviour based on outcomes. Standard KYC checks were never built for that.

Voice cloning hits high-value payments

Scammers need as little as three seconds of audio to build a voice clone with an 85% match to the original speaker, and source material is easily scraped from earnings calls, webinars or podcasts. In 2024, a deepfake attack occurred every five minutes, with 49% of surveyed companies reporting audio and video deepfake fraud. Deepfake files ballooned from 500,000 in 2023 to 8 million in 2025, with fraud attempts using such content up more than 2,000% over three years.

The financial exposure is stark. More than 10% of banks have suffered deepfake losses above $1m, averaging $600,000 per incident, while the FBI’s 2025 Internet Crime Report logged $893m in losses tied to AI-related scams, a figure the Bureau concedes is conservative. With 70% of adults unsure they could distinguish a cloned voice, human verification has gone from weak control to almost no control at all.

AI is scaling mule recruitment

Mule networks move and clean criminal proceeds, and generative AI is transforming their recruitment. The FCA reported that 226,957 suspected mule accounts were closed by 37 of the UK’s largest banks and payment firms in a single year. Crucially, RUSI’s August 2025 report found roughly 60% of identified mule accounts were more than a year old, and 20% older than five years, meaning they carried lower risk scores under traditional monitoring rules. Velocity compounds the problem: nearly 28% of money moved through identified mule accounts left within 15 minutes.

Security Brief said, “We are seeing the social engineering component of money laundering scale at a rate that challenges existing controls.”

In 2025, one in four respondents reported being targeted for mule recruitment, most without realising it.

Why AML controls struggle

The FBI has warned that generative AI slashes the time criminals need to deceive targets and corrects the human errors that once served as warning signs. The deeper issue is structural: most AML transaction monitoring systems are trained on historical data and detect deviations from past patterns. That breaks down when deception evolves faster than the training data. A synthetic identity is built to pass current verification, a voice clone to clear current authentication, a mule script optimised against current detection logic. Siloed institution-level models make matters worse, as the same synthetic identity is likely being deployed across multiple banks simultaneously with no shared visibility.

What detection now requires

Regulators have made clear that automation does not dilute accountability, and they are deploying their own tools, with the Bank for International Settlements rolling out an AI-driven supervisory toolkit in April 2025. The structural fix lies in consortium data and federated learning, which lets institutions train on collective behavioural intelligence without raw data leaving individual firms. A synthetic identity appearing across three banks becomes visible, and a mule account that looks benign in isolation reveals a network-level pattern.

Consilient’s federated learning models do exactly this, surfacing cross-institutional patterns single-institution models structurally cannot see, delivering an 88% reduction in false positives and a 3x efficiency gain. As one finding put it: “Banks leveraging AI-powered models have seen a 260% uplift in fraud detection rates compared to traditional methods, across analysis of 124 billion transactions.”

Generative AI has not changed the fundamentals of laundering, but controls built for a static threat will always struggle against an adaptive one. The question for every institution is simple: was your detection framework built around what financial crime looks like today, or what it looked like when the model was last trained?

Read the full Consilient post here. 

Read the daily FinTech news

Copyright © 2026 FinTech Global

Enjoying the stories?

Subscribe to our daily FinTech newsletter and get the latest industry news & research

Investors

The following investor(s) were tagged in this article.