Fraud, cyber and compliance silos are widening financial crime gaps

At a glance

What this is: This discussion argues that fragmented fraud, cyber and compliance operations leave exploitable gaps that criminals are already abusing at scale.

Why it matters: It matters because identity, access and financial-crime controls fail when they are managed in silos, especially where humans, workflows and AI-enabled operations intersect.

👉 Read SumSub's discussion on fraud, cyber and compliance silos in financial crime

Context

Financial crime control breaks down when the organisations responsible for detection, investigation and compliance do not share the same risk picture. In practice, that means the same identity, transaction or device signal can be visible in one team’s toolset and invisible in another’s, which is exactly the gap attackers exploit.

The article frames this as an operating-model problem rather than a single technology failure. For IAM and governance leaders, the lesson is that cross-team coordination is part of the control surface, because fragmented access, evidence and escalation paths create blind spots in both prevention and response.

Key questions

Q: How should financial institutions break down fraud, cyber and compliance silos?

A: They should start by aligning identity, case and escalation data across the three functions. The goal is not shared dashboards alone, but a shared decision path so the same event can trigger investigation, containment and reporting without rework. If each team sees a different version of the truth, criminals will continue to exploit the seams between them.

Q: Why do siloed fraud operations create more risk than separate teams seem to suggest?

A: Because attackers do not need to defeat every control, only the gaps between controls. When fraud, cyber and compliance functions work independently, evidence is delayed, duplicated or lost between handoffs. That creates blind spots in both prevention and response, especially when identity signals are split across tools and owners.

Q: How can teams tell whether AI is helping financial crime operations?

A: AI is helping when it shortens case triage time, improves signal correlation and increases the quality of analyst decisions without hiding why a case was prioritised. If teams cannot explain, review or override AI-driven recommendations, the tool is creating governance risk rather than operational value. The test is decision quality, not automation volume.

Q: Who is accountable when fraud, cyber and compliance teams miss the same threat?

A: Accountability should sit with the operating model owner who defines how evidence, escalation and reporting move across departments. When a case fails because no team owned the handoff, the problem is structural. Financial institutions need a single governance path for suspicious events, even if multiple teams contribute controls.

Technical breakdown

Fraud detection gaps created by siloed identity and risk data

Fraud controls become weaker when identity evidence, transaction monitoring and cyber telemetry live in separate workflows. A signal that looks low-risk in one system may be high-risk when correlated with account behaviour, device context or compliance history. This is not just a data-integration issue. It is an authorisation and escalation problem, because the organisation cannot act on what it cannot connect across teams. The result is delayed intervention, inconsistent case handling and missed patterns that only emerge when multiple signals are viewed together.

Practical implication: unify investigation data and escalation paths so fraud, cyber and compliance teams can act on the same evidence set.

AI in financial crime operations: shield, weapon and governance pressure

AI appears in the article as both a defensive tool and an attacker advantage, which is the right way to frame the problem. On the defensive side, AI can help triage, correlate and prioritise cases faster than manual review. On the offensive side, criminals can use it to scale deception, automate social engineering and reduce the cost of experimentation. The governance challenge is not whether AI is useful, but whether teams have the skills, controls and accountability to use it without creating new blind spots or over-trusting its outputs.

Practical implication: govern AI use in fraud operations with explicit ownership, review thresholds and model-risk oversight.

Cross-border fraud response depends on internal collaboration first

The article links cross-border data-sharing limits in ASEAN to a broader operating reality: organisations that cannot share threat context internally will struggle to share it externally. Internal silos prevent consistent case creation, duplicate effort and weaken the quality of the evidence that eventually reaches regulators, partners or law enforcement. That makes internal governance the precondition for external collaboration. If departments cannot align on what a suspicious identity, payment or device event means, they will not produce reliable intelligence for anyone else.

Practical implication: standardise case taxonomy and evidence handling before attempting inter-organisational threat sharing.

Breaches seen in the wild

• Cisco DevHub NHI breach — IntelBroker exploited exposed Cisco credentials, API tokens and keys in DevHub.
• Zacks Investment Research breach — Zacks breach exposed 12M customer records including credentials.

Read our 52 NHI Breaches Analysis report for a comprehensive view of breaches impacting Non-Human Identities including AI Agents.

NHI Mgmt Group analysis

Siloed financial-crime operations create an identity governance failure, not just a process gap. When fraud, cyber and compliance teams hold different views of the same user, account or transaction, the organisation loses a consistent control plane. The article’s core warning is that criminals are not defeating each tool separately; they are exploiting the handoff between them. Practitioners should treat inter-team fragmentation as a governance defect with direct security consequences.

Cross-functional evidence sharing is now part of financial identity control. If suspicious behaviour can be detected in one team but not actioned in another, access decisions, investigations and reporting become detached from each other. That breaks the chain from signal to containment. The practical conclusion is that financial institutions need common escalation logic, not just more monitoring products.

AI skills gaps inside compliance teams are becoming an operational risk surface. The article makes clear that AI is no longer peripheral to fraud operations, because defenders are expected to use it while attackers already do. When teams lack the skill to evaluate AI outputs, the organisation either underuses useful automation or over-trusts weak outputs. Practitioners should read this as a capability and governance deficit, not a training side note.

ASEAN data-sharing limits expose a broader lesson about control locality. Cross-border rules matter, but so does the internal ability to classify, retain and share evidence in a consistent way before it leaves the organisation. A fragmented operating model weakens every downstream collaboration effort. The field implication is that effective financial crime defence now depends on identity, data and case governance being aligned across departments.

From our research:

• 79% of organisations have experienced secrets leaks, with 77% of these incidents resulting in tangible damage, according to the Ultimate Guide to NHIs.
• Only 20% have formal processes for offboarding and revoking API keys, which shows how often identity governance still stops at the handoff point.
• That lifecycle gap is why practitioners should also review Ultimate Guide to NHIs , Lifecycle Processes for Managing NHIs when tightening cross-team control paths.

What this signals

Cross-functional fraud governance is increasingly an identity governance issue. When departments maintain separate views of the same person, account or device, the organisation cannot produce a reliable trust decision. That creates a structural control gap that no single product can close, which is why IAM, fraud and compliance leaders need a shared operating model rather than disconnected tooling.

The next maturity step is not more alerts, but better handoffs. Organisations that can standardise evidence, ownership and escalation across internal teams will be better placed to extend those practices to external partners, regulators and cross-border response networks.

For practitioners

• Map shared fraud-cyber-compliance control points Identify where identity, transaction and device signals are reviewed separately, then define the exact handoff points where one team must be able to escalate into another team’s workflow without re-entering the case.
• Create a common suspicious-activity taxonomy Use one set of severity levels, evidence fields and disposition rules across fraud, cyber and compliance so teams describe the same event the same way before they attempt cross-border sharing.
• Assign explicit ownership for AI-assisted triage Document who approves model use, who reviews disputed outputs and who is responsible when AI-driven prioritisation changes a case outcome or regulatory filing.
• Test internal collaboration before external sharing Run tabletop exercises that force departments to move one case from detection to investigation to reporting using only the organisation’s real internal processes and datasets.

Key takeaways

• Fraudsters exploit organisational seams, so siloed fraud, cyber and compliance functions create real control gaps.
• AI changes both attack and defence dynamics, but it only helps when teams can govern how outputs are reviewed and acted on.
• Cross-border cooperation depends on internal alignment first, because fragmented evidence handling weakens every downstream response.

Key terms

• Siloed Financial-Crime Governance: A fragmented operating model where fraud, cyber and compliance teams each manage their own tools, data and decisions. The result is inconsistent evidence handling and delayed action. In practice, the organisation loses the ability to treat suspicious behaviour as one coordinated identity and risk problem.
• Control Handoff: The point where responsibility for a case, signal or decision moves from one team or system to another. Handoffs are where important context is often lost, especially when teams use different taxonomies or escalation criteria. Strong governance makes the handoff explicit, auditable and reversible.
• AI-Assisted Triage: The use of machine-driven prioritisation to sort, rank or route suspicious cases for human review. It can improve speed and consistency, but only if analysts can understand, challenge and override the recommendation. Without governance, it becomes a hidden decision layer inside the investigation process.

Deepen your knowledge

Fraud, cyber and compliance governance are core topics in our NHI Foundation Level course, the industry's only accredited NHI security programme. If your organisation is dealing with identity and case-management fragmentation, it is worth exploring.

This post draws on content published by SumSub: a live WTF? Summit discussion on fraud, cyber and compliance silos in financial crime. Read the original.