FATF Horizon Scan: AI & Deepfakes — Impacts on AML/CFT/CPF

Synthetic audio, video, or images allow criminals to convincingly impersonate individuals—defeating KYC, remote onboarding, biometric verification, and liveness checks. FATF highlights impersonation of senior staff in real-time scams, pressuring staff to authorise payments, often with devastating consequences.

‍

Criminals now use AI to execute complex, high-volume laundering schemes—patterning transactions in ways that traditional rules-based systems can’t detect. Autonomous AI agents may orchestrate these flows without human supervision.

‍

Fraud detection tech hasn’t kept pace with generative AI. Deepfakes can pass through liveness and biometric checks and only trigger alarms later—creating a dangerous window for fund diversion.

‍

Deepfake onboarding and cross-border transactions often route through jurisdictions with inconsistent AML regulations or weaker digital ID frameworks, making tracing and enforcement more difficult.

‍

The FATF emphasises using AI also for compliance. This includes deployment of anomaly detection systems, biometrics verification, deepfake detection, and automated screening—turning AI into part of the solution.

‍

FATF signals that supervisors will intensify scrutiny of AI-specific AML/CFT controls. Firms should create structured AI risk governance frameworks—defining ownership, risk appetite, monitoring and assurance processes.

‍

Effective defence requires collaboration: FATF recommends mechanisms for sharing intelligence on emerging AI-enabled threats, enabling institutions and authorities to respond quickly.

Map out where AI-deepfake risk intersects with your operations—onboarding, authentication, payment authorisation—and evaluate control effectiveness under worst-case scenarios.

‍

Invest in or pilot advanced tools that can detect synthesised media in real time and integrate AI-driven transaction monitoring.

‍

Enhance multi-factor onboarding protocols, including human validation steps and robust challenge-response checks to back up automated systems.

‍

Establish clear internal AI risk ownership structures, with board-level oversight and regular independent assurance.

‍

Educate staff - especially front-line teams - on deepfake and AI-facilitated fraud typologies, with regular simulations to maintain vigilance.

‍

Engage with regulators, law enforcement, peers, fintechs, and vendors to share insights and seek synergies around AI threat intelligence and mitigation.

‍

Anticipate deep-dive scrutiny during AML/CFT assessments; document risk assessments, AI control architecture, and technology trail to demonstrate preparedness.

‍