The Next Financial Crime Wave Won't Look Like Crime

There was a time when seeing something with your own eyes meant something. A voice on the phone carried weight. A face on a screen implied presence. A signature meant identity.

Imagine receiving a FaceTime call from someone you love. Everything appears authentic — the face, the voice, the emotion, the urgency. In another era, that would have been enough. Today, it may not be.

That foundation is shifting — quietly.

Over the past year, there have already been cases where employees transferred millions after joining what they believed were legitimate video calls, only to later discover the executives they were speaking to were never there. The voices were convincing. The faces looked right. But none of it was real.

In one of the clearest examples, authorities in Hong Kong reported that an employee at a multinational firm transferred roughly $25 million after joining what appeared to be a legitimate video meeting with senior executives and colleagues. The people on the call looked real. The interaction felt real. The authority felt real. But it was a deception event built on synthetic trust. That case matters because it shows the threat is no longer limited to fake emails or suspicious messages. It can now arrive wearing the appearance of normal institutional communication.

This is not a future problem. It's already here, and it's moving faster than most institutions are prepared to handle.

When Fraud No Longer Looks Wrong

For years, financial crime programs have been built around one core idea: identify what looks wrong. That approach worked because fraud used to create friction. It left inconsistencies, small breaks in the pattern that trained systems and experienced professionals could detect.

Now that's changing. What happens when fraud no longer looks wrong? What happens when it blends in so well that it passes through normal processes without resistance?

When the email reads perfectly. When the voice matches. When the identity clears initial checks without raising concern, the signal hasn't disappeared. It's just harder to separate from everything else.

Authenticity Itself Is Changing

Artificial intelligence is not just improving efficiency — it is reshaping authenticity itself.

Deepfakes, synthetic identities, voice replication, and behavioral mimicry are no longer experimental concepts. They are tools, and they are becoming more accessible.

Individually, each advancement is impressive. Together, they introduce a level of risk that challenges how institutions define what is real.

For decades, there has been an underlying assumption that with enough diligence, the real can be separated from the fraudulent. That assumption deserves to be reexamined.

From Fraud to Structure

This is where the issue moves beyond fraud and into structure. Most control environments are built to confirm information. They validate identity, documentation, and expected behavior. But when false inputs can pass those validations, the model begins to strain.

The challenge is no longer just identifying what is wrong. It is recognizing when something appears right for the wrong reasons.

That is a much more difficult problem to solve, and at that point, the conversation shifts to judgment.

The Return of Judgment

Not instinct alone, but developed judgment — the kind that allows someone to pause, question, and look deeper even when everything appears aligned on the surface.

Some of the most significant failures in financial crime prevention have not come from a lack of tools. They have come from moments where something could have been challenged and wasn't.

Signals existed, but they didn't fit expectations. The environment changed, but the thinking behind the controls stayed the same.

The Speed of Change

What makes this moment different is the speed of change.

Technology will continue to improve. Verification tools will get better. Monitoring systems will become more advanced. All of that is necessary, but it won't be enough on its own.

Because this is not just a technology problem. It's a governance challenge. It's about whether institutions are willing to evolve how they think about risk, not just how they measure it.

The Next Wave

The next wave of financial crime won't announce itself clearly.

It won't arrive through obvious red flags or easily identifiable bad actors. It will move through normal workflows, approved processes, and interactions that appear legitimate at every step.

That is what makes it dangerous. The institutions that adapt will not simply layer on more controls.

They will rethink what control actually means. They will build environments where verification is continuous and where professionals are encouraged to question outcomes — not just follow process. They will recognize that skepticism, when applied correctly, is not resistance — it is discipline.

Where Real Risk Management Lives

This is where real risk management lives — not in the obvious cases, but in the moments where everything appears to be in order and someone decides to take a closer look anyway.

While working through these ideas, one principle continued to surface — something that ultimately shaped much of what I wrote in Risk Ready: the most serious threats rarely present themselves as threats at all.

They present as normal. Familiar. Approved.

Until they're not.

The next financial crime wave won't look like crime. It will look like business as usual.

And the question institutions will need to answer is no longer just "Is this suspicious?" It's something more difficult:

"Are we certain this is real?"