Evolving AML/CFT threats: What to watch for in 2026

Here are some of the most pressing AML/CFT threats facing financial institutions in 2026:

• Deepfakes: Advancements in AI have made it easier than ever to create realistic fake audio and video content. Criminals are using these tools to impersonate executives, government officials, or even clients to defraud financial institutions. A convincing deepfake video call or voice message can be used to authorize fraudulent wire transfers, bypass identity verification, or pressure staff into releasing funds.
• Sextortion: This scheme preys on its victim’s fear and embarrassment. Criminals use social media, email, or dating apps to trick victims, both young and old, into sharing compromising photos or information. Once they have it, the criminals demand payment, often through wire transfers, prepaid cards, or cryptocurrency, to keep the material private. These cases are not only emotionally devastating for victims but also create opportunities for money laundering as criminals move the proceeds through layered accounts.
• Pig butchering scams: Despite the unusual name, this fraud has become alarmingly common. Fraudsters build trust with victims over weeks or even months, often through dating sites or messaging apps. Once a relationship is established, they persuade victims to invest in fake cryptocurrency platforms or other fraudulent opportunities. The “investment” usually shows early gains to keep the victim engaged, but eventually the funds disappear. These scams can result in significant financial losses, and the stolen funds are frequently laundered through complex networks of accounts and digital assets.
• Cartels as terrorist organizations: Drug cartels' growing ties to violence, corruption, and transnational networks have prompted new attention from U.S. authorities. The Office of Foreign Assets Control (OFAC) continues to designate major cartels and their leaders under the Foreign Narcotics Kingpin Designation Act (Kingpin Act), freezing assets and prohibiting U.S. persons from engaging in transactions with them. Policymakers have pushed for even stronger measures, classifying certain cartels as Foreign Terrorist Organizations (FTOs), most notably those based in Venezuela. While not all cartels have been officially designated as FTOs, this shift signals a higher level of scrutiny and a stronger expectation for financial institutions to identify and report cartel-linked activity. For compliance teams, these developments create new challenges. Transactions tied to drug trafficking, precursor chemicals, or regions under cartel control may carry both sanctions and terrorism-financing risks. Institutions with customers or counterparties in high-risk geographies, especially near the U.S.–Mexico border, should ensure their sanctions screening systems and risk assessments reflect OFAC’s Kingpin Act designations and any related advisories from FinCEN.
• Chinese money laundering organizations: FinCEN has issued an advisory on these organizations’ methods and red flags to look for. These highly sophisticated networks often operate globally, using networks of shell companies, trade-based money laundering, and professional money laundering organizations to disguise the origin of illicit funds. In recent years, these groups have also leveraged cryptocurrency exchanges, underground banking systems, and casinos to move funds tied to fraud, drug trafficking, and human smuggling. FinCEN has highlighted how Chinese syndicates play a central role in laundering proceeds from the fentanyl trade. Due to their scale and cross-border reach, these organizations pose a significant AML/CFT emerging threat to community financial institutions that may unknowingly process their transactions. Financial institutions should monitor for FinCEN-identified red flags, including unusual cross-border transactions, shell or front companies with unclear purposes, and cryptocurrency activity linked to known laundering hubs. Watch for transactions connected to high-risk industries, such as chemicals, casinos, or import/export businesses.
• Crypto theft and state-linked activity: This threat refers to organized, state-sponsored cybercrime groups, most notably those from North Korea, which conduct large-scale thefts of cryptocurrency to fund their government’s activities. These groups target decentralized finance (DeFi) platforms, cryptocurrency exchanges, and even individuals with weak security controls. When successful, they steal millions, sometimes hundreds of millions, of dollars’ worth of digital assets. The stolen crypto is then laundered through complex chains of wallets, mixers, and exchanges to obscure its origin before it’s converted to usable currency. Because these transactions occur outside the traditional banking system, they often evade standard AML monitoring. The U.S. Treasury Department has warned that this type of activity not only threatens financial stability but also contributes to sanctions evasion and the development of weapons. For financial institutions, heightened vigilance around crypto-related transactions, unfamiliar counterparties, and sudden large transfers remains critical to identifying potential links to these state-backed theft operations.
• Human trafficking and human smuggling: Despite growing awareness and stronger regulations, human trafficking and human smuggling remain persistent and profitable crimes, leading FinCEN to designate these crimes together as one of the FinCEN National Priorities. Traffickers and smugglers continue to adapt their methods, using legitimate-looking businesses, such as restaurants, nail salons, cleaning services, or agriculture operations, to disguise the movement of illicit funds. FinCEN’s advisories note that these networks often rely on funnel accounts, cash-intensive businesses, and layered transactions to move proceeds through the U.S. financial system. According to FinCEN (Advisory FIN-2020-A008), financial institutions play a critical role in identifying and reporting these crimes. Traffickers and smugglers may co-mingle funds with lawful business revenue or use third parties to conduct transactions that appear routine. International wires, small-dollar deposits across multiple branches, and frequent payments to transportation or travel-related companies can all be indicators of activity tied to human exploitation. FinCEN also highlights that human smuggling operations frequently overlap with other financial crimes, such as drug trafficking or document fraud. These networks are fast-moving, transnational, and adept at exploiting gaps in monitoring systems, especially when institutions lack coordinated detection or updated risk models.