When Compliance Is a Dirty Word: Why More Authorities Are Taking Direct Action on Fraud and Scams

Insights
Written By Saiesha Pitroda

By Dr. Kimmo Soramäki (Founder & CEO)

Last week, I had the privilege of joining central bank governors, supervisors, and policymakers at the AFI Global Policy Forum, where I led a masterclass on fraud and scams and participated in a high-level panel with esteemed colleagues from Bank of Tanzania, Bank of Ghana and Innovations for Poverty Action (IPA). 

Fraud and scams are rising at an alarming rate, threatening consumer trust and financial system integrity. On the margins of the Forum, I spoke with leaders from across the globe. The message was consistent: existing models of regulation and compliance are not equipped (and arguably, not designed) to meet the scale and speed of today’s fraud threat.


When Compliance Isn’t Enough

In most jurisdictions, the responsibility for fraud prevention falls squarely on the shoulders of banks and financial institutions. While compliance with regulations, particularly those linked to AML/CFT,—is critical, the system is fundamentally limited.

Compliance, by design, seeks conformance with regulation. It does not necessarily seek to decrease fraud or money laundering behavior. Most compliance programmes do not measure how many scams were prevented or how much consumer harm was mitigated. Instead, they focus on reporting thresholds, documentation, and audit trails.

This compliance-oriented approach often frustrates operational responses due to legal ambiguities, data silos, and coordination gaps between institutions. As one central bank official told me last week, “everyone is acting correctly, but the fraudsters are still winning.”

 

Authorities Are Stepping In

Recognising the limitations of institution-level compliance, a growing number of jurisdictions are adopting a national, authority-led response to fraud and scams. Over the past 18 months, we have seen the emergence of Anti-Scam Centres in Malaysia (National Scam Response Centre, NSRC), Australia (Scamwatch and AFCX), Singapore (ScamShield and NCPC) and Indonesia (OJK and BI-led initiatives).

These centres represent a new approach. One that is proactive, outcome-oriented, data-driven, and collaborative.

Malaysia’s model is particularly noteworthy. Since the launch of the National Fraud Portal (NFP) in April 2024, the country has multiplied by more than 50 times the amount of scam-related funds that are successfully frozen. Investigations that used to take days are now resolved in under 30 minutes. And more than 48 financial institutions are now linked into a unified platform operated by Bank Negara Malaysia and Payments Network Malaysia (PayNet), enabling real-time tracing and freezing of fraudulent transactions.

 

From Compliance to National Infrastructure

The key to these successes lies in shifting from individual compliance to collective infrastructure. Rather than asking every institution to develop its own detection, tracing, and reporting systems, countries are now building shared utilities that support all stakeholders:

  • Law enforcement, to intervene and prosecute 

  • Financial Institutions, to trace and freeze suspicious funds

  • Supervisors, to monitor systemic patterns and benchmark supervised entities

  • Consumers, to report scams quickly and effectively and get their money back

FNA and Proto have recently partnered to develop a national-scale solution that combines AI-powered complaint intake with real-time tracing and freezing of fraudulent funds. FNA and Proto solutions are, respectively, already live in Malaysia, Rwanda, and the Philippines to name a few.

At the front end, Proto enables multilingual, AI-based fraud reporting across messaging apps, SMS, and websites (even in low-connectivity areas). At the back end, FNA’s Money Trails platform automatically reconstructs the fund flow across institutions, identifies mule accounts, and enables collaborative action across banks and payment systems within seconds.

This integrated solution was recently shortlisted for the 2025 G20 TechSprint, led by the BIS Innovation Hub and the Reserve Bank of South Africa. It will be presented at the G20 Summit in Johannesburg this November as a model for scalable, cross-border fraud mitigation infrastructure.


Leadership Is Required

The transition from fragmented compliance to unified national response does not happen automatically. It requires clear leadership from central banks and supervisors.

It requires:

  • A legal mandate for data sharing under strict safeguards

  • A neutral operator (often the central bank or payments system)

  • Secure infrastructure that respects data sovereignty

  • The use of AI and automation to enable action at speed

Above all, it requires a change in mindset. One that sees fraud and scams not just as a compliance issue, but as a public safety and financial stability risk that needs to be proactively safeguarded.

 

The Road Ahead

Fraud and scams are evolving faster than most regulatory frameworks. Criminals are already using AI to create deepfakes, socially engineer victims, and move funds at speeds that outpace traditional monitoring. If we rely solely on traditional compliance models, we will always be one step behind.

Now is the time for authorities to take a more proactive role in orchestrating coordinated, technology-enabled national responses. The results from early adopters are clear: shared infrastructure works. It reduces losses, restores trust, and gives institutions the tools they need to counter and prevent fraud and scams, not just comply.

 

See more: A Blueprint for Building National Anti-Scam Utilities at FNA National Anti-Scam Center Resource Library

Saiesha Pitroda
Previous

The Future of Suptech: From Compliance to Infrastructure
Next

Meet the FNA Team at Sibos