A snapshot of the state of financial crime in the United States

This is not theoretical. It is already visible across the industry. Losses continue to rise, sanctions lists are shifting, and enforcement activity is increasing in some areas while declining in others. Institutional capacity, particularly at the governance level, remains stretched thin.

The risk itself looks different now. It is no longer defined by isolated threat actors or clearly bounded categories. Instead, it is defined by intersection, by threats that overlap, reinforce one another, and manifest indirectly. They may emerge through third-party platforms, through customers, or through exposure chains that have yet to be fully examined.

What follows is a point-in-time reference, a present-state examination of where financial crime risk stands for U.S. banks and credit unions, based on published data, recent enforcement activity, and the connective tissue between them.

Fraud: Scale, industrialization, and immediate exposure

Fraud is the most immediate and financially material financial crime risk facing U.S. banks and credit unions. Practitioner surveys, consumer loss data, and enforcement attention converge on this conclusion.

The FBI’s own data shows almost $12.5 billion in fraud losses reported by U.S. consumers in the first three quarters of 2025. That’s a 25 percent increase year-over-year, with no signs of slowing.

The bulk of reported losses came from a familiar set of attack types: Investment scams, business email compromise, romance scams, and other confidence-based frauds. These aren’t new methods, but their scale and payoff continue to grow.

Victims aged 60 and older reported losses exceeding $4.8 billion in the same time period. Social engineering techniques, most notably from “pig-butchering” schemes in Southeast Asia, are becoming harder to detect, even for tech-literate consumers.

Institutions focused only on fraud volume are missing the deeper signal. The real risk lies in who’s being targeted, how trust is being manufactured, and the widening gap between detection infrastructure and attack sophistication. Recent data from Inscribe AI found that 60 percent of fraud now involves both identity falsification and document falsification, a nearly 20 percent increase year over year, opening financial institutions to downstream money laundering and sanctions evasion risk.

These headline figures understate institutional exposure. Fraud today is not primarily opportunistic or localized. It is increasingly industrialized, conducted by transnational organizations operating at scale. Over the past year, reporting has documented large scam compounds operating primarily out of Southeast Asia that have defrauded U.S. victims out of billions of dollars annually. These are not loose criminal groups. They operate as vertically integrated enterprises, combining recruitment, coercion, social engineering, identity exploitation, mule networks, and downstream laundering within a single structure.

The role of artificial intelligence in fraud isn’t hypothetical anymore. It’s already changed how social engineering works, and it’s scaling.

Phishing campaigns, synthetic identity creation, and impersonation schemes can now be produced cheaply, quickly, and convincingly. Generative AI removed the two biggest barriers: cost and skill. The only real limitation is imagination.

Deepfake audio and video are getting better by the month. They’re being used to imitate executives, relatives, colleagues, anyone a target might trust. In enough cases, that trust is all it takes.

Multiple U.S. law enforcement and financial intelligence agencies issued alerts in 2025 warning about this exact shift. AI-generated voice and image spoofing has already shown up in account takeovers, wire fraud, and payment redirection attacks. Treasury departments and older consumers are getting hit hardest, but the risk isn’t isolated.

The larger issue is structural. Traditional verification methods are breaking down. Voice recognition fails when the voice itself is synthetic, and visual confirmation offers little protection when the face is fabricated. Systems built around familiarity–tone, cadence, and appearance–no longer provide reliable safeguards. As a result, institutions are being forced to reconsider both what they verify and how they verify it.

For executives, this marks a shift in how fraud risk must be managed. The problem is no longer limited to detection and response. It extends to preserving trust in systems where identity can be manufactured at scale.

Payment speed has amplified these risks. Real-time payments shorten detection windows and change loss dynamics. Once funds move, they are quickly layered across accounts, jurisdictions, and intermediaries. Institutional exposure does not stop at consumer reimbursement and increasingly includes AML risk, sanctions exposure, and reputational damage.

Practitioner sentiment reflects these realities. In ACAMS’ 2026 Global AFC Threats Report, scams targeting individuals ranked as the highest current risk, ahead of cyber-enabled crime and sanctions evasion. This ranking is significant because it reflects where institutions are experiencing the greatest operational and financial strain today.

The broader implication is that fraud can no longer be treated as a narrow line-of-business issue. It is an enterprise-level risk that intersects directly with money laundering, sanctions exposure, and institutional trust.

Money laundering: Narcotics, cartels, and networked risk

In 2025, laundering risk continues to be dominated by narcotics trafficking. What has changed is the structure. The financial systems surrounding cartel operations are not merely large; they are layered, flexible, and increasingly resilient. It is no longer simply a matter of cash movement. The risk has become systemic.

U.S. agencies continue to flag drug trafficking as the top driver of illicit proceeds entering the financial system. The fentanyl trade has accelerated this dramatically. As its impact spread, the federal government shifted its framing: what was once treated as criminal activity is now treated as a national security threat.

Cartels based in Mexico, Colombia, Venezuela, and elsewhere are no longer primarily drug organizations; they’re financial engines. Their networks move money through trade invoice manipulation, shell companies, informal payment systems, and digital pathways. The architecture is deliberate and meant to last. They’re not merely optimizing for speed, they’re optimizing for endurance.

Sanctions enforcement has adapted. In 2025, the U.S. designated Venezuela’s Cartel de los Soles as a Specially Designated Global Terrorist entity. That same year, senior leaders from Tren de Aragua were sanctioned for laundering proceeds tied to narcotics, human trafficking, and related activity. These weren’t one-off actions, they reflect a broader pivot: sanctions tools are now being used to target operational criminal finance, not just geopolitical adversaries.

Terrorist financing is harder to isolate, but it’s embedded in the same infrastructure. ACAMS’ 2026 Global AFC Threats Report cites this directly. Many of the same methods used by cartels, layered transfers, front charities, and informal networks are also being used to move funds connected to militant or ideological groups. The systems overlap.

Geography only further complicates the picture. Conflicts in the Middle East, parts of Africa, and Eastern Europe have created long corridors of informal value movement. These routes don’t always look suspicious, and they often appear legitimate until flagged, if they’re flagged at all.

Most institutions aren’t built to detect this kind of risk in real time. And the ones that are? They’re starting to understand the problem isn’t scale, it’s distribution.

For financial institutions, this convergence is significant. Terrorist financing rarely appears as a discrete typology. It is more often embedded within legitimate activity, routed through intermediaries, or obscured by broader criminal flows. From a governance standpoint, this reinforces a central reality of 2025: illicit finance is increasingly networked, adaptive, and complex.

For banks and credit unions, laundering exposure increasingly arises indirectly. Funds tied to narcotics trafficking, terrorist financing, and organized crime may pass through institutions via customers, correspondent relationships, trade finance, payment intermediaries, and third-party processors without obvious transactional red flags. The risk is not a low-value activity. It is scale, sophistication, and networked behavior at the high end.

Institutional capacity has not kept pace. In ACAMS’ 2026 survey, 47 percent of respondents cited lack of skilled resources and inadequate training as a high or very high risk to effective financial crime operations. As laundering networks become more complex and cross-domain, the talent pool capable of identifying and responding to them remains constrained.

The convergence of fraud, narcotics trafficking, and sanctions evasion means AML risk today is fundamentally a governance challenge, not merely a monitoring challenge.

Sanctions: Cartels, national security, and high-severity exposure

Sanctions risk has become one of the most dynamic and unforgiving elements of the financial crime landscape. Unlike other domains, sanctions violations are binary and carry outsized legal and reputational consequences.

Sanctions data from 2025 reveals a clear shift in U.S. enforcement priorities. According to the Center for a New American Security’s ”Sanctions by the Numbers” report, sanctions activity targeting Russia declined sharply, with only 74 Russian persons added to the SDN list. In contrast, sanctions tied to Iran increased materially. The U.S. added 155 Iranian persons to the SDN list and designated 470 non-Iranian persons under Iran-related authorities, bringing the total Iran-linked designations to over 600.

Castellum.AI’s data sharpens this picture further. In 2025, 57 percent of Iran-related designations targeted entities located outside Iran, reflecting a deliberate strategy to disrupt global facilitation networks rather than domestic actors alone. This approach increases indirect exposure for financial institutions operating far from the primary target jurisdiction.

CNAS data also highlights a sharp increase in the velocity and signaling function of sanctions. In 2025, the Trump administration relied heavily on rapid designation cycles, public threats of designation, and conditional sanctions relief as tools to influence state behavior, rather than treating sanctions as static, long-term measures. CNAS documents multiple instances where sanctions were imposed, expanded, or publicly discussed as reversible in the context of negotiations, ceasefire discussions, or geopolitical positioning. For financial institutions, this approach increases compliance risk substantially.

Sanctions have also been applied more aggressively to narcotics-linked and cartel-associated networks. The Trump administration publicly framed major Mexican cartels as national security threats, including announcements designating certain cartel organizations as terrorist entities. Treasury actions followed, including sanctions against cartel leadership, facilitators, and financial intermediaries, as well as enforcement actions involving banks accused of facilitating cartel money laundering.

Mexico and Colombia remain central nodes in this risk environment. Cartel-linked laundering, trade-based schemes, and cross-border facilitation continue to draw enforcement attention. For U.S. banks and credit unions, this creates exposure even without direct relationships with sanctioned parties. Indirect exposure through customers, counterparties, trade finance, and payment flows is increasingly the focal point of supervisory concern.

Talent scarcity amplifies this risk. ACAMS ranks sanctions and export control evasion as the third-highest risk area, yet sanctions expertise remains one of the smallest subsets of the financial crime workforce. For many institutions, a single sanctions failure can carry consequences disproportionate to transaction volume.

Compounding this challenge is the dynamic nature of sanctions policy. Designations, removals, and licensing decisions can shift rapidly as sanctions are used as tools of economic statecraft rather than static policy instruments.

Crypto and fintech: Growth pressure meets risk reality

Crypto-enabled financial crime is not new. What has changed is its scale and relevance. It is no longer a fringe issue; it has become a policy-level concern.

Only 21 percent of U.S. banks are actively considering moving into crypto, while the remainder are either paused or holding back entirely. That hesitation is not inertia; it reflects calculation. Risk appetite is not uniform, and most institutions are signaling that clearly through their posture.

At the federal level, the tone has shifted. The passage of the GENIUS Act, the announcement of a national crypto reserve, and repeated public remarks from President Trump positioning the U.S. as the “crypto capital of the world” have changed the policy optics. Momentum is real, especially when layered with consumer demand and competitive pressure.

In 2025, Chainalysis reported $154 billion in illicit activity flowing through cryptocurrency, everything from fraud and laundering to sanctions evasion. TRM Labs estimates that 2.7 percent of all crypto liquidity exiting exchanges is linked to illicit activity. That doesn’t just signal volume, it raises questions about flow quality, risk exposure, and detection capacity across both crypto-native and traditional institutions.

This activity is driven primarily by nation-states and large organized criminal networks, not retail misuse. As a result, crypto risk intersects directly with sanctions enforcement, narcotics trafficking, and geopolitical priorities.

Fintech implementation has also continued to expand year over year. As innovation in AI and machine learning accelerates, the Federal Reserve, FDIC, and OCC have released joint statements highlighting that these partnerships, while often beneficial, introduce meaningful third-party risk exposure that institutions must actively manage.

For banks and credit unions, exposure exists even without offering emerging products. Illicit funds ultimately seek entry into the traditional financial system. Crypto and fintech do not replace existing risks; they amplify them.

Key Takeaways

Fraud remains the dominant risk. Not because of isolated actors, but because of scale. Activity is increasingly industrialized, coordinated, and driven by organized networks rather than episodic misconduct.

Narcotics trafficking and cartel-linked financial networks continue to drive money laundering activity and sanctions enforcement priorities. This has increased both the severity and complexity of institutional exposure, particularly where risks are indirect or embedded in counterparties.

Sanctions risk is becoming more targeted and less forgiving. Enforcement focus has shifted away from symbolic designations and toward facilitators, intermediaries, and networked activity. Institutions are increasingly exposed through association rather than intent.

Crypto and emerging financial payment systems operate as risk multipliers. They intersect with fraud, laundering, and sanctions risk, even for institutions without direct crypto exposure.

Institutional capacity has not kept pace. Talent shortages and training gaps are no longer secondary concerns. They represent a material governance risk in an environment defined by speed and convergence.

Financial crime risk entering 2026 is not defined by any single typology. It is shaped by convergence, acceleration, and concentration. Institutions that regularly reassess leadership understanding of this reality are better positioned than those relying on static risk frameworks.

The complexity and pace of today’s financial crime environment make one reality clear: Effective risk management is not possible without credible expertise in the room. Whether that expertise is internal or external is an institutional decision, but leadership cannot rely on periodic summaries or fragmented reporting alone.

Oversight must be informed by individuals who understand how fraud, laundering, sanctions, and emerging technologies intersect in real time.