I left Brussels with one strong impression: Europe’s fraud debate is finally starting to catch up with the reality of how modern scams actually work.
At the AML Intelligence Compliance Council roundtable at the European Parliament in June, the most striking thing was not simply the level of concern about fraud. It was how quickly the conversation moved upstream away from the authorised payment itself and toward the digital infrastructure that made the fraud possible in the first place.
That matters because for too long, fraud and anti-money laundering have been treated as neighbouring problems rather than the same criminal system viewed from different angles. Fraud has tended to sit in one part of the business, AML in another. Fraud is discussed in terms of customer loss, reimbursement and payment intervention. AML is discussed in terms of suspicious activity, transaction monitoring and the movement of illicit funds.
Those distinctions may make sense on an organisational chart. They make far less sense in the real world.
A fraudulent advert, a spoofed website, a romance scam, a fake investment opportunity or an impersonation attack does not stop being an AML issue simply because it begins as a fraud against a consumer. Nor does money laundering only begin once the victim has been deceived. The fraud and the laundering are part of the same chain. One creates the criminal proceeds; the other moves, hides and monetises them. In practice, they are often the same financial crime problem seen from two different points in time.
That was one of the clearest themes to emerge in Brussels. Fraud and money laundering are no longer adjacent problems. They are increasingly one problem with two faces.
The payment is the end of the scam, not the start
One of the most important points made during the roundtable was that by the time a customer authorises a fraudulent payment, the scam is already well advanced. The customer has already seen the advert, clicked the link, taken the call, trusted the brand, believed the story, or been manipulated into a false sense of urgency. The criminal has already done the hard part.
And yet much of the debate still centres on what happens at the point of payment: should the customer be refunded, how quickly, by whom, and under what standard of care?
Those are important questions. But they are downstream questions.
If the industry only intervenes at the point where a customer is about to move money, it is intervening at the final stage of a scam journey that may have started days or weeks earlier. At that point, the victim is often emotionally invested, embarrassed, frightened, manipulated or convinced they are doing the right thing. Banks can and should do more at that stage. But it is fanciful to pretend that the bank is seeing the start of the fraud. It is seeing the end of it.
That is why the current debate around reimbursement, while necessary, is too narrow. Reimbursement deals with harm after the event. It does not meaningfully address the infrastructure that created the harm in the first place. Europe cannot refund its way out of industrialised fraud.
The platform economy has become part of the fraud chain
This is the point the industry is still reluctant to confront with enough force. A huge proportion of modern fraud now begins in places that sit outside the bank’s perimeter: social media platforms, search advertising, messaging channels, app stores, email ecosystems and cloned websites built at speed and scale.
At the roundtable, a major bank noted that 66% of APP fraud now happens online, while customer reports of fraud are up 20% this year. Those are not marginal numbers. They tell us something important about where fraud is now being generated and scaled.
Fraudsters do not need branch access or a relationship manager. They need reach, credibility and a route to monetisation. The modern internet gives them all three.
That means platforms are no longer incidental to the fraud problem. In many cases, they are where the scam originates, where the victim is first reached, where false credibility is created, and where criminal campaigns are scaled. If that sounds uncomfortable, it should. Because it challenges a model in which banks remain the institutions most visibly accountable for losses that often began elsewhere.
I do not say that to absolve banks. Banks still have major responsibilities to detect mule accounts, intervene with customers, identify suspicious patterns and improve how they connect fraud intelligence with AML intelligence. But it is becoming harder to defend a world in which a fraudulent advert can be served repeatedly, a fake app can be distributed, or a cloned investment proposition can circulate online, yet the real pressure only begins once the customer reaches their banking app.
That is not a serious prevention model. It is a downstream clean-up model.
Platforms need to know their customers better
If banks are expected to know their customers, understand their risks and take responsibility for the channels through which money moves, it is becoming harder to argue that platforms should not face equivalent expectations for higher-risk advertisers, developers and commercial actors.
That does not mean every platform should be regulated like a bank. But it does mean the old “we are only the medium” defence is wearing thin.
For years, financial institutions have been expected to identify who they are dealing with, assess risk, monitor for suspicious behaviour and intervene when warning signs appear. Yet in parts of the digital economy, the barriers to advertising fraudulent investment opportunities, publishing scam applications or impersonating legitimate brands remain far too low. Reporting individual scam adverts after the event is not a strategy when criminals can replace them at industrial scale.
If a platform can target, rank, promote and monetise content at scale, then it can no longer present itself as a passive bystander when that same infrastructure is used to industrialise fraud. The policy debate is now moving toward a more difficult but necessary question: what does proportionate “know your customer” look like for platforms, and how far should responsibility extend where they could reasonably have seen the risk?
Fraud and AML teams need to stop acting like this is someone else’s problem
There is also a challenge much closer to home for financial institutions. If fraud and money laundering are converging in the real world, many firms are still structured as though they are not.
APP fraud, scam typologies, mule activity, transaction monitoring and suspicious activity reporting often remain adjacent but operationally separate disciplines. Fraud teams see the customer harm. AML teams see the flow of funds. Very few firms are genuinely organised around the full criminal chain.
That matters because the same network that persuades a victim to invest in a fake bond or transfer funds to a romance scammer is usually dependent on mule accounts, layering routes and cash-out mechanisms that sit squarely in AML territory. The fraud event and the laundering event are not parallel stories. They are the same story.
The more useful question is no longer whether a case belongs to fraud or AML. It is whether the institution can see the entire chain from scam origination to criminal monetisation — and whether its controls, governance and intelligence flows reflect that reality.
Europe needs a prevention model, not just a reimbursement model
If I had to reduce the Brussels discussion to one conclusion, it would be this: Europe is edging toward a new fraud model, but it has not fully admitted it yet.
That model would start from a simple premise: fraud prevention cannot be left to the final payment provider once the customer has already been manipulated. It has to begin earlier, at the point where scams are designed, distributed, advertised, hosted, messaged and scaled. It has to recognise that fraud and money laundering are intertwined. And it has to place responsibility across the ecosystem, not just at the point where the money finally moves.
That will be uncomfortable for everyone. Banks will argue – with some justification – that they are being asked to shoulder reimbursement obligations without meaningful control over the upstream channels where many scams begin. Platforms will resist being treated as if they have quasi-financial crime responsibilities. Regulators will have to grapple with questions of liability, data sharing and proportionality.
But the current model is not working well enough to justify complacency. Fraud losses continue to rise. Scam typologies continue to evolve. Criminals are already exploiting AI, automation and cross-platform anonymity at a pace that most institutions are nowhere near matching. And consumers are still being asked, implicitly or explicitly, to act as the last line of defence against increasingly sophisticated criminal campaigns.
The real question for Europe is not whether fraud victims should be reimbursed. Of course, many should. The real question is whether Europe is prepared to tackle the upstream infrastructure that allows those scams to be created, amplified and monetised at scale.
Until that happens, we will keep treating the payment as the problem, when in reality it is only the final symptom of a much bigger one.
Darren Temple is a financial crime and compliance leader with expertise across AML, fraud, sanctions and regulatory risk. He advises organisations on the evolving intersection of financial crime, technology, controls and operational resilience.

