Experts Call for Regulatory Overhaul to Combat AI-Driven Financial Fraud

Fraud-fighting professionals are urging federal regulators to overhaul outdated rules and foster cross-sector collaboration to combat the rising threat of AI-driven online fraud. During a recent virtual panel, industry leaders argued that current laws prevent banks from effectively sharing data with telecommunications and social media companies, leaving the financial system vulnerable to sophisticated criminal networks.

Background and Context

The discussion, titled Attacking Fraud in the AI Age, was hosted jointly by Payments Dive and Banking Dive. Panelists highlighted how fraud actors are increasingly leveraging artificial intelligence to innovate their schemes, outpacing the defensive capabilities of individual institutions. The experts emphasized that a siloed approach is no longer viable and pointed to international models where cooperation between sectors has successfully mitigated similar risks.

Key Figures and Entities

Donna Turner, a consultant at Risk Insight Solutions and former chief operating officer of Early Warning Services—the bank-owned parent of Zelle and Paze—noted that other nations have provided "some good lessons learned" through cross-sector strategies. "We got to get there through a cross-sector approach to this," Turner told attendees.

Paul Benda, executive vice president of risk, fraud, and cybersecurity for the American Bankers Association, argued for the integration of data streams from outside the financial industry. "If we really want to prevent this, we have to get the signals from the telecoms, from the social media companies, into the banks," Benda said. He advocated for sharing account data back and forth to trace and block funds flowing to fraudulent accounts.

Other panelists included Mark Kwapiszeski, executive chief information officer at PNC Bank, and David Maimon, head of fraud insights at SentiLink, a fraud and risk solutions firm. Kwapiszeski suggested that using AI across institutions could reveal the structure of criminal networks, allowing authorities to "take down certain parts of it" so the entire enterprise collapses.

Legal and Financial Mechanisms

A central theme of the panel was the inadequacy of the current legal framework, specifically the Bank Secrecy Act (BSA). While the BSA provides a "safe harbor" that protects banks from liability when sharing data related to money laundering or terrorism, panelists argued it is ill-suited for preventing real-time fraud.

Turner contended that financial institutions need a modernized safe harbor provision to encourage enhanced coordination. Benda echoed this, noting that the BSA’s timelines are designed for reporting after the fact rather than prevention. Furthermore, the current act only covers financial institutions, excluding telecoms and social media platforms. "It’s never going to be a functional tool in preventing fraud," Benda said of the existing limitations.

International Implications and Policy Response

The push for regulatory reform coincides with renewed federal attention to cybercrime. Last week, President Donald Trump issued an executive order on cybercrime, mandating a federal review within 60 days of tools available to combat "transnational criminal organizations." The order also calls for an "action plan" within 120 days to "prevent, disrupt, investigate, and dismantle" groups perpetrating online fraud.

In addition to the executive order, the administration is moving to strengthen enforcement. Trump has nominated Colin McDonald, a Justice Department attorney, to lead a new national fraud enforcement division. McDonald is currently awaiting a Senate vote on his confirmation. These policy developments indicate a shift toward treating online financial fraud as a critical national security issue requiring a unified response across government and private sectors.

Sources

This report draws on statements made during the Attacking Fraud in the AI Age panel hosted by Payments Dive and Banking Dive, as well as public documents regarding the Bank Secrecy Act and the White House executive order on cybercrime.