Author: Kiran Muthal, Senior Business Analyst – AML, Vyntra
Fraud was never a regulatory priority for Banks. It doesn’t have a dedicated compliance framework like AML. Normally, institutions manage it under broader operational risk obligations. However, in April 2026, FINMA has published its first guidance dedicated entirely to digital fraud after surveying 19 Swiss banks. The findings document structural gaps across governance, detection and monitoring. New technologies like AI, deepfakes and instant payments are making fraud detection increasingly difficult. Fraudsters are adopting these tools faster than most institutions can respond. The key question for every institution is whether its controls are advanced enough for today’s threat.
Governance is a Shared Responsibility
Technology platforms, risk assessment, investigation capabilities and operational processes all play a collective role in preventing fraud. FINMA has clearly stated that accountability must sit within the institution, with documented responsibilities and regular reporting to senior management.
Fraud and AML Cannot Work in Silos
Fraud and AML functions operate independently, using different systems, different rules and different reporting lines. Information is never shared between the departments. Hence, no department has a comprehensive view of customer behavior across all risk typologies as fraud signals and AML signals never interact to provide a larger context. The larger financial crime picture that would be obvious in a combined view remains invisible in a fragmented one. An integrated Fraud and AML view can provide a better context to investigators to identify, connect and act on risk before it becomes a loss.
Data Driven Thresholds are the Need of the Hour
Transaction monitoring thresholds across Swiss institutions are set at CHF 100,000 to 200,000 for retail clients. These thresholds are business decisions and not supported by data. They are set without any validation against actual transaction patterns or customer behavior, creating blind spots. FINMA has referred to this issue as unsophisticated. Fraud typologies like money muling, account takeover and authorized push payment fraud do not trigger high-value alerts. They move in smaller, faster, pattern-driven flows, structured precisely to stay below fixed limits. Current thresholds like CHF 100,000 will not identify these patterns. Thresholds should be set using statistical methods and validated against actual customer behavior. Retail clients, business accounts and newly opened digital accounts carry different risk profiles and fixed limits will not reflect that. After risk-appropriate thresholds are set, they need to be reviewed on a regular basis. Fraud patterns shift and thresholds that are not periodically tested against new data will drift out of relevance without anyone noticing.
Fraudulent Online Account Opening is a Growing Attack Surface
Criminal organizations are using deepfakes, video manipulation software and forged identity documents to open accounts illegally. Many of these accounts pass all due diligence checks at onboarding. Fraud is detected only when third parties take control or money is lost.
Alongside fraudulent account openings, individuals are being deceived into opening accounts themselves and handing over access. This has similar risks as fraudulent account openings, as a fraudster will have access to the financial system. Both of these typologies should be evaluated and treated in an integrated manner.
The Feedback Loop that Most Institutions are Missing
FINMA’s survey found that 26% of institutions have no horizon scanning process to identify emerging threats. Seven institutions analyze fraud campaign indicators only manually or on a case-by-case basis. Seven more lack standard response plans entirely. Most update those plans only after an incident has occurred.
Fraud controls have very similar patterns. Around 20% of institutions either lack key technical controls or do not review their effectiveness on any regular basis. Three institutions have no authentication controls at all, no geo-blocking, no IP risk rating, no device fingerprinting. A control calibrated against last year’s attack methods will not catch this year’s.
Fraud is continuously evolving. Fraudsters exploit emerging technologies, changing economic conditions and social anxieties to develop new fraud techniques, making old fraud typologies less relevant. Institutions should regularly review emerging threats, update detection rules as new patterns are identified, and close the loop between what is detected and how thresholds, controls and processes are adjusted. The minimum regulatory expectation from a bank is to have an automated Real-time detection system. However, currently it is used by only 12 of 19 institutions surveyed by FINMA. This creates a bigger risk of not even identifying the fraud losses in these institutions if not reported by customers or a third party.
The Standard FINMA has Set is Clear
FINMA has documented what is already happening across Swiss institutions. The gaps in governance, detection and monitoring are structural. As a compliance officer or Chief Risk Officer, the question is not whether your institution has fraud controls. It is whether those controls are effective and integrated with other systems for a larger context. Whether your thresholds reflect how your customers actually behave or are they purely based on a business judgement? Whether your detection logic was updated last quarter or last year. Fraud is evolving faster than most review cycles. The institutions that stay ahead are the ones treating fraud risk as a connected system and not a collection of inherited controls.
