Notifications
Clear all
Topic starter
10/06/2026 10:40 pm
TL;DR: Financial crime in APAC is converging across fraud, money laundering, and mule-account abuse, with defenders from Coinbase Singapore, Mastercard, and ACAMS warning that criminals move funds across borders faster than banks can coordinate response, according to SumSub's WTF? Summit discussion. For identity teams, the lesson is that governance, monitoring, and data-sharing latency now shape financial risk as much as transaction controls.
NHIMG editorial — based on content published by SumSub: the WTF? Summit discussion on APAC financial crime convergence
Questions worth separating out
Q: How should financial services teams detect mule-account abuse before funds disappear?
A: Focus on account behavior, not only payment outcomes.
Q: Why do fraud and AML teams need to work from the same identity signals?
A: Because attackers use one identity path to achieve both fraud and laundering.
Q: What do organisations get wrong about deepfakes in financial onboarding?
A: They treat deepfakes as a narrow verification problem instead of a trust-model problem.
Practitioner guidance
- Unify fraud and AML signal review Build a shared queue for suspicious identity, transaction, and account-behavior events so fraud and compliance teams see the same evidence before a transfer is complete.
- Tighten mule-account detection Flag rapid funding, rapid forwarding, and repeated small-value movement patterns as account-level risk indicators, especially when multiple accounts behave as a coordinated cluster.
- Harden high-risk human journeys Use layered identity verification for onboarding, recovery, and approval workflows so no single deepfake-prone signal can authorize account access or payment changes.
What's in the full analysis
SumSub's full article covers the operational detail this post intentionally leaves for the source:
- First-hand discussion of how Coinbase Singapore, Mastercard, and ACAMS are separating fraud response from laundering response in practice
- The specific role of Singapore's digital asset posture in shaping regional response expectations
- How compliance teams are adapting their operating model for faster escalation and evidence sharing
- Recorded summit conversation context that shows where the industry is aligning on 2026 priorities
👉 Read SumSub's WTF? Summit discussion on APAC financial crime convergence →
APAC financial crime convergence: what it means for IAM teams?
Explore further
11/06/2026 2:47 am
Fraud and laundering are now one identity problem, not two separate crime categories. The article's central warning is that defenders are still organised around old functional boundaries while attackers are not. Fraud teams, AML teams, and identity teams each see part of the picture, but the criminal workflow spans them all. Practitioners should treat account trust, transaction velocity, and behavioral anomalies as one coordinated control surface.
A few things that frame the scale:
- Organisations maintain an average of 6 distinct secrets manager instances, creating fragmentation that undermines centralised control, according to The State of Secrets in AppSec.
- 43% of security professionals are concerned about AI systems learning and reproducing sensitive information patterns from codebases.
A question worth separating out:
Q: Who is accountable when mule accounts are used to launder stolen funds?
A: Accountability is shared across the institution that opened the account, the team that monitored it, and the counterparties that accepted its activity signals. In practice, the failure is usually a lifecycle gap, a response gap, and a coordination gap happening together. The organisation that can act fastest on evidence usually has the best chance of limiting loss.
👉 Read our full editorial: APAC financial crime now merges fraud, laundering, and identity risk
