In 2026, financial crime is as significant a threat as ever, and professionals in Fintech are concerned about FinCrime trends.
When surveyed about the year ahead, 75% of payments industry leaders cited financial crime as their top concern. A 2025 report from Kroll, found that more than 70% of UK business executives expect the risk to increase in the following 12 months.
For Fintechs the evolving risks associated with moving money, from fraud to money laundering, can present a significant threat.
During a recent panel discussion hosted by IFX Payments, experts from across the industry sought to provide a practical roadmap to help, focusing on compliance, governance and collaboration.
The threat landscape is murky, but prevention is possible. Whilst new technology has a role to play, humans working together to fight financial crime is as important as ever.
In this FinCrime trends guide for Fintechs, we look at four structural shifts to focus on.
1. Staying compliant is about ‘evolution, not revolution’
Regulations are constantly evolving to provide guardrails for consumers and businesses but from a regulatory standpoint, 2026 won’t be defined by dramatic reform.
As Maya Braine, Head of Financial Crime at Cosegic, noted during the discussion, “the overall trend for this year is evolution, not revolution. There’s nothing dramatically new on the horizon and most things have already been signposted. There are expected changes to UK Money Laundering Regulations, but HM Treasury has already published a consultation on that.”
The focus should be far less on whether a policy exists, and far more on whether a firm intervened early enough to prevent harm. Orna Boland, Director of Anti-Financial Crime/UK MLRO, IFX Payments framed it plainly:
“The questions from regulators or sponsor banks are no longer ‘did we comply with regulations?’, it’s ‘Could we have stopped it? Should it have been accepted? When you saw patterns, did you intervene?’”
It appears there is a growing shift from retrospective review to real-time accountability.
One of the most important observations from the panel was that fraud rarely arrives fully formed. It escalates over time.
“From 2025,” said Orna, “my learning is that fraud shows up before it looks serious. You need earlier detection thresholds and manual intervention sooner rather than later. Mule risk is not just an issue at onboarding. KYC lets people in the door, but behaviour changes over time.”
That behaviour might look like slight transaction shifts or subtle beneficiary changes. Individually, that activity may sit below thresholds. Collectively, they form typologies.
And where fraud repeats, the issue is rarely isolated.
“Fraud accountability follows data control and decision-making” said Orna. “If fraud keeps repeating, the issue isn’t the customer, it’s the control framework. Fraud prevention isn’t about getting it right every time. It’s about acting early enough to make a difference and recalibrating your systems as typologies evolve.”
Earlier detection thresholds, lower tolerance for emerging patterns, and more confident manual intervention are now markers of maturity.
In 2026, simply checking boxes when it comes to compliance is the baseline. A well-documented, lifecycle-aware approach to prevention is the standard.
2. AI is reshaping fraud – but weak governance will undermine it
Unsurprisingly, all our experts spoke on AI as a present reality of financial crime, for good or ill. It’s a justifiable concern.
Maya described a landscape where synthetic identities, deepfake liveness checks, voice cloning and document fabrication are no longer niche tactics. She referenced a report that found AI-enabled and synthetic identities account for 42% of cases of third-party identity fraud.
“That includes,” She said, “AI generating synthetic IDs, deepfake videos for liveness checks, voice cloning and document fabrication. Fraudsters can create false artefacts that pass ID verification tools.
“The risk is no longer just false acceptance at onboarding. It’s identity reuse and mutation over time. Once you’ve created a false identity, you can use it across multiple payment firms with small variations, and open accounts at scale.”
For Fintechs, the concern is not just the sophistication of individual attacks. It is the scale and repeatability. Not only this, but Maya pointed out that where much of the industry relies on a concentrated pool of IDV providers, vulnerabilities can quickly become systemic.
“You might have hundreds of payment firms, but they’re all using the same five IDV providers,” Maya observed. “If fraudsters get around one system, they can onboard across the ecosystem.
“[Payment] firms need to understand how their IDV tools work and challenge providers. Traditional document checks (proof of address [documents] like utility bills) are no longer enough. It’s so easy to fabricate those.”
At the same time, Fintechs are under pressure to adopt AI internally to improve transaction monitoring, reduce false positives and enhance customer experience. Josh Best, Director of Global Compliance and MLRO at Finseta, pointed out his company is “setting an internal risk appetite as to how comfortable we are with using AI, and then eventually looking at how we can use generative AI and agent models to supplement our existing resources.”
Despite this, throughout the discussion, participants repeatedly cautioned that adopting these tools without governance increases risk.
Orna’s warning was direct: “AI is only ever as good as the data that you feed into it.”
If data integrity, process discipline and risk appetite are unclear, AI amplifies weakness as easily as it enhances strength. Therefore, it’s essential the tools are tested and outputs reviewed. That’s where humans come in.
Josh echoed this, saying, “you can’t put a price on a good financial crime specialist. It takes a human touch to look at documentation and pick out a red flag immediately. That only comes through training and experience. So yes, I’m keen to explore AI, but equally keen to keep developing my team, training them, and ensuring they stay at the top of their game.”
The consensus was not anti-AI. The technology should enhance judgement, not replace it. In 2026, the strongest Fintechs will combine clean data, governed tooling and experienced human oversight, not pursue automation at the expense of explainability.
3. APP fraud, friendly fraud and ecosystem accountability
The other clear theme from our panel was APP fraud. APP reimbursement rules have altered the fraud landscape in the UK. While designed to protect consumers, they have also introduced some unwelcome consequences.
Josh described the emergence of so-called “friendly fraud” – scenarios where perpetrators and alleged victims collude to submit fictional APP claims. “We’re seeing perpetrators working with alleged victims to facilitate fictional APP fraud claims,” he explained. “They’ll make a payment as usual, then go to their sending bank and request that those funds be placed under an APP investigation and subsequently reimbursed. What this is doing is putting an unexpected financial burden on PSPs.”
“It becomes our problem to evidence collusion,” Josh said. For receiving PSPs in particular, the position can be difficult. Once the sending PSP has refunded a customer, the scope to challenge that outcome is often narrow and may favour payout over investigation. However, the responsibility shouldn’t necessarily fall solely on the head of payment firms.
The panel discussed the broader point of shared responsibility from multiple players in the payments chain.
Maya used a sporting analogy to capture the imbalance: “It’s like expecting a goalkeeper to block every shot while outfield players stop trying. Payment firms can’t stop APP fraud alone. There needs to be responsibility upstream.”
And it’s true that most APP scams originate ‘upstream’. To be specific, according to a 2025 report from UK Finance, 70% of APP Fraud cases originated online, and a further 16% were enabled by telecommunications. Payment firms actually sit downstream in the value chain. Until accountability and prevention are addressed earlier in that funnel, Fintechs will continue to absorb disproportionate responsibility.
Cross-sector collaboration, between financial institutions, platforms and regulators, is essential to meaningfully reduce APP fraud at scale.
4. Fraud, AML and cybersecurity have converged
Collaboration is not only relevant to different firms across the sector but also internally. Dale Michalowsky, Head of Information Security at IFX Payments, was keen to highlight this point. In fact, the view was that traditional boundaries between fraud, AML and cybersecurity no longer reflect operational reality.
“In today’s digital payments environment, cybercrime isn’t just a technology problem. It’s a financial crime problem,” said Dale. “The threat landscape is ever evolving, and as a cyber professional, I often see overlap. Criminals are no longer just hacking systems. They’re using cyber access to move, disguise, and launder money at speed.”
In practice, cyber incidents often act as the trigger event. Phishing leads to credential compromise. Credential compromise enables account takeover. Funds are moved, layered and dispersed across multiple payment rails, sometimes before AML systems register the anomaly.
Yet many firms still organise cyber and AML functions separately. Different reporting lines. Different tooling. Lack of communication.
Dale summarised the structural issue powerfully: “Individually we see risk. Collectively we see the entire attack chain. For example, we might see unusual login times, but [AML] would see atypical transaction timing. I might see IP geolocation mismatches, but [AML] will see high-risk jurisdiction activity etc.”
The fix is no longer seeing these two areas as separate risk domains. Without integrated visibility, response is delayed and signals are fragmented. Therefore, opportunities for early intervention can be missed.
Josh reinforced that integration must extend to leadership: “You can only build controls and mitigate risks when you have full visibility and full buy-in at leadership level.”
Encouragingly, sentiment is shifting. In a live poll during our panel discussion, 65% of participants prioritised improving cross-team collaboration over investing in new tools.
In 2026, the goal should be to bridge this divide.
In 2026 the FinCrime trends focus is integration before automation
FinCrime trends in 2026 will not be defined by who adopts the most technology, but by who builds the most resilient control framework. The firms that simplify before scaling, integrate before automating, and intervene before certainty will be the ones best positioned to manage evolving risk. Fraud will continue to grow in sophistication. The differentiator will be structural maturity and the willingness to act early.
The contents of this article do not constitute financial advice and are provided for general information purposes only. While the content is based on information believed to be accurate at the time of publication, no guarantee is provided. Links to third-party websites are included for convenience only, and IFX Payments holds no responsibility for the content, services, products, or materials on those sites.