Game Changer -Compliance Functions in Need of a Technological Overhaul
McKinsey in its latest compliance benchmarking survey found that compliance function at financial institutions has reached “an inflection point” and current compliance standards are in an “inchoate state”. The firm has suggested five critical actions to be undertaken by banks to make their compliance risk management more efficient and effective at this time of intensified regulatory pressures, heightened competition and squeezed costs. They are: getting the fundamentals (such as controls, key risk indicators (KRIs), integration with enterprise risk management (ERM) and regulatory applicability) right, strengthening risk ownership in the first line, streamlining compliance processes, adopting a dynamic tech-enabled approach to risk management and building compliance talent. Here, we would like to focus on the fourth point – applying tech to manage compliance risk – and then provide insights into how modern technologies such as artificial intelligence and machine learning can help banks reach their compliance goals.
Survey Findings
McKinsey launched compliance benchmarking effort in 2017, with 22 leading institutions across the globe. It surveyed 24 leading institutions, including both global systemically important banks (G-SIBs) and non-G-SIBs, in 2018. Based on the findings, it released a report that also included insights from its discussions with executives at the banks. Key findings of the survey are:
- Slow growth in compliance spending: Compliance spend growth seems to have peaked now. For the 2015-17 period, only 25% of the sample size saw an increase in spends. Three-quarters of the banks surveyed expect compliance costs either to stay still or fall in the coming year.
- Size and effectiveness of compliance functions are not yet in balance: McKinsey says that compliance has yet to establish a recognized, sustainable balance between size and effectiveness as the proportional size and budgets of compliance functions are found to vary significantly from bank to bank.
- Assessment of compliance maturity: Banks were asked to assess compliance maturity in five areas: foundational capabilities, core policies and oversight, critical business and management processes, personnel, and control systems. Most banks scored low in areas relating to control systems, including automation, monitoring and assessment, reporting and management information systems and analytics.
- Automation and analytics remain a challenge: Banks were found to have a sense of frustration that much of the investment in technology was going into end-user tools that required constant attention or quickly became obsolete. The absence of a technology strategy or perspective on how to drive digital change in compliance was another source of frustration.
- Spending more on technology does not guarantee maturity: “The scale of a bank’s spending on technology is not a reliable indicator of the level of maturity attained in the application of technology in compliance,” says the report.
The Role of Tech in Compliance
Rising compliance demands have forced banks to expand their compliance functions significantly. Now, banks are seeking greater efficiency and effectiveness out of their compliance functions. McKinsey says that “compliance functions are in need of a technological overhaul to enhance systems and tools in management information, reporting, monitoring, and assessment. Adopting next-generation governance, risk, and control solutions is one option.” It added that banks have already adopted advanced analytics in areas such as transaction monitoring, trade and communications surveillance, and monitoring and testing. It also pointed out other key success factors such as a two-tier IT structure, a dedicated data lake, and a cross-functional and agile way of working for a next-gen solution to be helpful.
How can machine learning help build an effective compliance program?
Machine learning is a modern technology which can alter the operational status-quo of many industries, especially the BFSI sector. With machine learning, we can create machines that can keep improving its performance without human intervention to do the desired tasks. Compliance analysts’ decision-making abilities cannot be replaced by systems as such decisions involve significant operational, financial and reputational risk. However, machine learning can help them make their jobs easier by pointing out what is good (compliant) and what is bad (non-compliant) behaviour based on prior examples fed into the system while eliminating low-level, repeatable, manual processes. The technology can also help detect anomalies or aberrations from normal behaviour, and increase the detection rate of the compliance system. In a typical non-machine learning environment, compliance staff look into previous alerts for anomalies and trends. They also look for emerging suspicious patterns and make adjustments (often minor) based on their expertise in an effort to reduce false alerts while ensuring they are well within their risk tolerance threshold. This approach is cumbersome, time-consuming and prone to misses. In contrast, a machine learning environment has supervised algorithms that can be trained on prior alerted activity to fine-tune rules to reduce the number of false alerts. Supervised algorithms are modelled to compare existing rules and investigatory results to make the required changes to the compliance framework. In addition, some machine learning models use unsupervised algorithms that can identify new patterns and typologies unbiased by existing rules. For example, an unsupervised model can identify a number of transactions between two parties which were done in amounts and frequencies of unusual nature, even if no existing rule would have identified the same.
The main benefits of employing machine learning in compliance are given below:
- Automated compliance: With machine learning, compliance teams can build fully machine-executable functions that will take most of the manual processing responsibilities away from the team. At present, the compliance personnel are spending more than 60% of their valuable working hours on these manual processes. With automation in place, compliance staff can dedicate most of their time to solve issues that require greater attention.
- Better communication tools: Internal and external auditing and reporting become easier with machine learning as it provides tools to produce reports catering to management and regulatory demands.
- Detection of suspicious behaviour: Self-learning algorithms can better detect aberrations in the normal course of flow such as fraudulent activities and financial irregularities.
- A holistic view of the compliance function: Chief compliance officers can exert greater control over the compliance function with the support of machine learning. This can indirectly help in business intelligence, behaviour pattern scrutiny and strategic decision support.
In a nutshell, machine learning can provide compliance officers with ‘superpowers’ and significant operational and financial benefits to organisations that make use of the technology. Even if at a nascent stage, with lots of research and testing going on, the technology has the potential to reshape the entire compliance landscape for the better.
Experience the most intelligent AML and fraud prevention platform
Experience the most intelligent AML and fraud prevention platform
Experience the most intelligent AML and fraud prevention platform
Top AML Scenarios in ASEAN

The Role of AML Software in Compliance


We’ve received your details and our team will be in touch shortly.
Ready to Streamline Your Anti-Financial Crime Compliance?
Our Thought Leadership Guides
Busted in Bangsar South: Inside Malaysia’s Largest Scam Call Centre Raid
In August 2025, Malaysian police stormed a five-storey office in Bangsar South, Kuala Lumpur, arresting more than 400 people linked to what is now called the country’s largest scam call centre operation.
The raid made headlines worldwide, not only for its scale but also because of its alleged link to Doo Group, a Singapore-based fintech that sponsors English football giant Manchester United. The case has cast a harsh spotlight on the industrial scale of financial crime in Southeast Asia and the reputational risks it poses for both financial institutions and global brands.

Background of the Scam
The dramatic raid took place on 26 August 2025, when Malaysian authorities swept into a commercial tower in Bangsar South, a thriving business district in Kuala Lumpur. Inside, they discovered a massive call centre allegedly set up to defraud victims across multiple countries.
Over 400 individuals were arrested. Videos of employees being escorted into police vans quickly went viral, symbolising the scale and industrial nature of the operation.
Initial reports linked the call centre to Doo Group, a global financial services provider with operations across Singapore, Hong Kong, London, Sydney, and Dubai. While the company has insisted that its operations remain unaffected and that it is cooperating fully with investigators, the reputational damage was already significant.
The Bangsar South raid is part of Malaysia’s wider anti-scam campaign. By mid-2025, authorities had arrested over 11,800 suspects in similar cases, with financial losses amounting to RM 1.5 billion (USD 355 million). The Bangsar South case, however, stands out because of its size, its international profile, and its link to a company with a global brand presence.
What the Case Revealed
The raid revealed troubling insights into how financial crime networks operate in the region:
1. Industrialised Fraud
A workforce of over 400 suggests this was not a small, fly-by-night scam but a structured enterprise. Staff were reportedly trained to follow scripts, handle objections, and target victims methodically, mirroring the efficiency of legitimate customer service operations.
2. Global Targeting
Reports indicate the call centre targeted victims not just in Malaysia but also overseas, raising questions about how funds were laundered across borders. The multilingual capabilities of employees further suggest international reach.
3. Reputation at Risk
The alleged connection to Doo Group highlights how reputable financial companies can be pulled into fraud narratives. Even if not directly complicit, the association underscores how thin the line can be between legitimate fintech operations and the shadow economy.
4. Oversight Gaps
The case also points to challenges regulators face in monitoring sprawling call centre operations and cross-border financial flows. By the time raids occur, thousands of victims may already have been defrauded.
Impact on Financial Institutions and Corporates
The Bangsar South raid is not just a law enforcement victory. It is a warning signal for the financial industry.
1. Reputational Fallout
When a Manchester United sponsor is linked to scams, it is not just the company that suffers. Brand trust in fintech, sports, and banking becomes collateral damage. This raises the stakes for due diligence in sponsorships and partnerships.
2. Investor and Customer Confidence
Digital finance thrives on trust. When fintechs are tied to scandals, investors hesitate and customers second-guess their safety. The Bangsar South case risks dampening enthusiasm for fintech adoption in Malaysia and the wider region.
3. Operational Risks for Banks
For financial institutions, call centre scams translate into suspicious transaction flows, mule account proliferation, and higher compliance costs. Traditional transaction monitoring often struggles to flag layered, cross-border flows connected to scams of this scale.
4. Regional Implications
Malaysia’s crackdown shows commendable resolve, but it also exposes the country as a hub for organised scam activity. This dual image, both a problem centre and an enforcement leader, will shape how regional regulators approach financial crime.

Lessons Learned from the Scam
- Scale ≠ Legitimacy
A large workforce and polished infrastructure do not guarantee a legitimate business. Regulators and partners must look beyond appearances. - Due Diligence is Non-Negotiable
Global brands and institutions need deeper checks before partnerships. A sponsorship or corporate tie-up can quickly become a reputational liability. - Regulatory Vigilance Matters
The Bangsar South raid shows what decisive enforcement looks like, but it also reveals how long such scams can operate before being stopped. - Cross-Border Cooperation is Critical
Victims were likely spread across multiple jurisdictions. Without international collaboration, enforcement remains reactive. - Public Awareness is Essential
Scam call centres thrive because victims are unaware. Public education campaigns must go hand-in-hand with enforcement.
The Role of Technology in Prevention
Conventional compliance methods, such as simple blacklist checks or static rules, are no match for scam call centres operating at an industrial scale. To counter them, financial institutions need adaptive, intelligence-driven defences.
This is where Tookitaki’s FinCense and the AFC Ecosystem come in:
- Typology-Driven Detection
FinCense continuously updates detection logic based on real scam scenarios contributed by 200+ global financial crime experts in the AFC Ecosystem. This means emerging call centre scam patterns can be identified faster. - Agentic AI
At the heart of FinCense is an Agentic AI framework, a network of intelligent agents that not only detect suspicious activity but also explain every decision in plain language. This reduces investigation time and builds regulator confidence. - Federated Learning
Through federated learning, FinCense enables banks to share insights on scam flows and mule account behaviours without compromising sensitive data. It is collective intelligence at scale. - Smart Case Disposition
When alerts are triggered, FinCense’s Agentic AI generates natural-language summaries, helping investigators prioritise critical cases quickly and accurately.
Moving Forward: The Future of Scam Call Centres
The Bangsar South raid may have shut down one operation, but the fight against scam call centres is far from over. As enforcement improves, fraudsters will adopt AI-driven tools, deepfake impersonations, and more sophisticated laundering methods.
For financial institutions, the path forward is clear:
- Strengthen collaboration with regulators and peers to track cross-border scam flows.
- Invest in adaptive technology like FinCense to stay ahead of criminal innovation.
- Educate customers relentlessly about new fraud tactics.
The raid was a victory, but it was also a warning.
If one call centre with 400 employees can operate in plain sight, imagine how many others remain hidden. The only safe strategy for financial institutions is to stay one step ahead with collaboration, intelligence, and next-generation technology.

Inside the New Payments Platform (NPP): How Australia’s Real-Time Payments Are Changing Finance and Fraud
Australia’s real-time payments revolution is reshaping finance, but it also brings new risks and compliance challenges.
Imagine sending money to a friend, paying a bill, or receiving your salary in seconds, no matter the day or hour. That vision became reality in Australia with the launch of the New Payments Platform (NPP) in 2018. Since then, the NPP has transformed how Australians transact, powering faster, smarter, and more flexible payments.
But while the benefits are undeniable, the NPP has also introduced fresh risks. Fraudsters and money launderers now exploit the speed of real-time payments, forcing banks, fintechs, and regulators to rethink how they approach compliance. In this blog, we take a deep look at the NPP, exploring its origins, features, benefits, risks, and what the future holds.

What is the New Payments Platform (NPP)?
The NPP is Australia’s real-time payments infrastructure, designed to allow funds to be transferred between bank accounts in seconds. Unlike traditional bank transfers, which could take hours or days, the NPP settles payments instantly, around the clock, 365 days a year.
A Collaborative Effort
The NPP was launched in February 2018 as a collaborative initiative between the Reserve Bank of Australia (RBA), major banks, and key financial institutions. It was developed to modernise Australia’s payments infrastructure and to match the expectations of a digital-first economy.
Core Components of the NPP
- Fast Settlement Service (FSS): Operated by the RBA, this ensures transactions settle instantly across participating banks.
- Overlay Services: Products built on top of the NPP to offer tailored use cases, such as Osko by BPAY for fast peer-to-peer payments.
- PayID: A feature that allows customers to link easy identifiers such as email addresses or phone numbers to bank accounts for faster payments.
- ISO 20022 Data Standard: Enables rich data to travel with payments, improving transparency and reporting.
The NPP is not just a new payment rail. It is an entirely new ecosystem designed to support innovation, competition, and efficiency.
Key Features of the NPP
- Speed: Transactions settle in less than 60 seconds.
- Availability: Operates 24/7/365, unlike traditional settlement systems.
- Rich Data: ISO 20022 messaging allows businesses to include detailed payment references.
- Flexibility: Overlay services enable innovative new use cases, from consumer-to-business payments to government disbursements.
- Ease of Use: PayID removes the need for remembering BSB and account numbers.
Benefits of the NPP for Australia
1. Consumer Convenience
Everyday Australians can send and receive money instantly. Whether splitting a dinner bill or paying rent, transactions are seamless and fast.
2. Business Efficiency
Businesses benefit from faster supplier payments, real-time payroll, and improved cash flow management. For SMEs, this reduces dependency on costly credit.
3. Government Services
Government agencies can issue refunds, grants, and welfare payments in real time, improving citizen experience and efficiency.
4. Financial Inclusion and Innovation
The NPP creates opportunities for fintechs to build new payment products and services, driving competition and giving consumers more choice.
5. Enhanced Transparency
The rich data standards improve reconciliation and reduce errors, saving time and cost for businesses.
The Risks and Challenges of Real-Time Payments
As with any innovation, the NPP comes with challenges. The very features that make it attractive to consumers also make it attractive to fraudsters and money launderers.
1. Authorised Push Payment (APP) Scams
Fraudsters use social engineering to trick customers into sending money themselves. Because NPP payments are instant, victims often cannot recover funds once transferred.
2. Money Mule Networks
Criminals exploit mule accounts to move illicit funds quickly. Dormant accounts or those opened with synthetic identities are often used as conduits.
3. Increased Operational Pressure
Compliance teams that once had hours to review suspicious transactions now have seconds. This shift requires entirely new approaches to monitoring.
4. False Positives and Noise
Traditional systems generate vast numbers of false positives, which overwhelm investigators. With NPP volumes growing, this problem is magnified.
5. Cyber and Identity Risks
Fraudsters use phishing, malware, and stolen credentials to take over accounts and push funds instantly.

Regulatory and Industry Response
Australian regulators have moved swiftly to address these risks.
- AUSTRAC: Expects banks and payment providers to implement effective real-time monitoring and suspicious matter reporting tailored to NPP risks.
- ASIC: Focuses on consumer protection and ensuring victims of scams are treated fairly.
- Industry Initiatives: The Australian Banking Association has been working on scam-reporting frameworks and shared fraud detection systems across banks.
- Government Action: Proposals to make banks reimburse scam victims are under consideration, following models in the UK.
The message is clear: institutions must invest in smarter compliance and fraud prevention tools.
Fraud and AML in the NPP Era
Why Legacy Systems Fall Short
Legacy monitoring systems were built for batch processing. They cannot keep up with the millisecond-level requirements of real-time payments. By the time a suspicious transaction is flagged, the funds are gone.
What Next-Gen Solutions Look Like
Modern systems use AI and machine learning to:
- Detect anomalies in real time.
- Link suspicious activity across accounts, devices, and geographies.
- Reduce false positives by learning from investigator feedback.
- Provide regulator-ready explanations for every alert.
Key Fraud Red Flags in NPP Transactions
- Large transfers to newly created accounts.
- Multiple small payments designed to avoid thresholds.
- Sudden changes in device or login behaviour.
- Beneficiaries in high-risk jurisdictions.
- Rapid pass-through activity with no balance retention.
Spotlight on Technology: Tookitaki’s Role
As the risks around NPP accelerate, technology providers are stepping up. Tookitaki’s FinCense is purpose-built for the demands of real-time payments.
How FinCense Helps
- Real-Time Monitoring: Detects suspicious activity in milliseconds.
- Agentic AI: Continuously adapts to new scam typologies, reducing false positives.
- Federated Intelligence: Accesses insights from the AFC Ecosystem, a global compliance community, while preserving privacy.
- FinMate AI Copilot: Assists investigators with summaries, recommendations, and regulator-ready narratives.
- AUSTRAC-Ready Compliance: Built-in reporting for SMRs, TTRs, and detailed audit trails.
Local Adoption
FinCense is already being used by community-owned banks like Regional Australia Bank and Beyond Bank. These partnerships demonstrate that even mid-sized institutions can meet AUSTRAC’s expectations while delivering excellent customer experiences.
The Future of NPP in Australia
The NPP is still evolving. Several developments will shape its future:
1. PayTo Expansion
PayTo, a digital alternative to direct debit, is gaining traction. It allows consumers to authorise payments directly from their accounts, offering flexibility but also new fraud vectors.
2. Cross-Border Potential
Future integration with Asia-Pacific payment systems could expand NPP beyond Australia, increasing both opportunities and risks.
3. Smarter Fraud Typologies
Criminals are already exploring ways to exploit deepfake technology, synthetic identities, and AI-driven scams. Fraud prevention must evolve just as quickly.
4. Industry Collaboration
Expect stronger cooperation between banks, fintechs, regulators, and technology vendors. Shared fraud databases and federated intelligence models will be crucial.
Conclusion
The New Payments Platform has reshaped Australia’s payments landscape. It delivers speed, convenience, and innovation that benefit consumers, businesses, and government agencies. But with opportunity comes risk.
Fraudsters have been quick to exploit the instant nature of NPP, forcing institutions to rethink how they detect and prevent financial crime. The solution lies in real-time, AI-powered monitoring platforms that adapt to new typologies and reduce compliance costs.
For Australian institutions, the NPP is more than a payment rail. It is the foundation of a new financial ecosystem. The winners will be those who embrace innovation, partner with the right AML vendors, and build trust through smarter compliance.
Pro tip: If your institution still relies on batch monitoring, you are already behind. Now is the time to modernise and future-proof your compliance with intelligent fraud and AML platforms.

Locked on Video: Inside India’s Chilling Digital Arrest Scam
It began with a phone call. A senior citizen in Navi Mumbai answered a number that appeared to belong to the police. Within hours, she was trapped on a video call with men in uniforms, accused of laundering money for terrorists. Terrified, she wired ₹21 lakh into what she believed was a government-controlled account.
She was not alone. In August 2025, cases of “digital arrest” scams surged across India. An elderly couple in Madhya Pradesh drained nearly ₹50 lakh of their life savings after spending 13 days under constant video surveillance by fraudsters posing as investigators. In Rajkot, criminals used the pretext of a real anti-terror operation to extort money from a student.
These scams are not crude phishing attempts. They are meticulously staged psychological operations, exploiting people’s deepest fears of authority and social disgrace. Victims are not tricked into handing over passwords. They are coerced, minute by minute, into making transfers themselves. The results are devastating, both for individuals and the wider financial system.

Background of the Scam
The anatomy of a digital arrest scam follows a chillingly consistent script.
1. The Call of Fear
Fraudsters begin with a phone call, often masked to resemble an official number. The caller claims the victim’s details have surfaced in a serious crime: drug trafficking, terror financing, or money laundering. The consequences are presented as immediate arrest, frozen accounts, or ruined reputations.
2. Escalation to Video
To heighten credibility, the fraudster insists on switching to a video call. Victims are connected to people wearing uniforms, holding forged identity cards, or even sitting before backdrops resembling police stations and courtrooms.
3. Isolation and Control
Once on video, the victim is told they cannot disconnect. In some cases, they are monitored round the clock, ordered not to use their phone for any purpose other than the call. Contact with family or friends is prohibited, under the guise of “confidential investigations.”
4. The Transfer of Funds
The victim is then directed to transfer money into so-called “secure accounts” to prove their innocence or pay bail. These accounts are controlled by criminals and serve as the first layer in complex laundering networks. Victims, believing they are cooperating with the law, empty fixed deposits, break retirement savings, and transfer sums that can take a lifetime to earn.
The method blends social engineering with coercive control. It is not the theft of data, but the hijacking of human behaviour.
What the Case Revealed
The 2025 wave of digital arrest scams in India exposed three critical truths about modern fraud.
1. Video Calls Are No Longer a Guarantee of Authenticity
For years, people considered video more secure than phone calls or emails. If you could see someone’s face, the assumption was that they were genuine. These scams demolished that trust. Fraudsters showed that live video, like written messages, can be staged, manipulated, and weaponised.
2. Authority Bias is a Fraudster’s Greatest Weapon
Humans are hardwired to respect authority, especially law enforcement. By impersonating police or investigators, criminals bypass the victim’s critical reasoning. Fear of prison or social disgrace outweighs logical checks.
3. Coercion Multiplies the Damage
Unlike phishing or one-time deceptions, digital arrests involve prolonged psychological manipulation. Victims are kept online for days, bombarded with threats and false evidence. Under this pressure, even cautious individuals break down. The results are not minor losses, but catastrophic financial wipe-outs.
4. Organised Networks Are Behind the Scenes
The professionalism and scale suggest syndicates, not lone operators. From forged documents to layered mule accounts, the fraud points to criminal hubs capable of running scripted operations across borders.
Impact on Financial Institutions and Corporates
Though victims are individuals, the implications extend far into the financial and corporate world.
1. Reputational Risk
When victims lose life savings through accounts within the banking system, they often blame their bank as much as the fraudster. Even if technically blameless, institutions suffer a hit to public trust.
2. Pressure on Fraud Systems
Digital arrest scams exploit authorised transactions. Victims themselves make the transfers. Traditional detection tools that focus on unauthorised access or password breaches cannot easily flag these cases.
3. Global Movement of Funds
Money from scams rarely stays local. Transfers are routed across borders within hours, layered through mule accounts, e-wallets, and fintech platforms. This complicates recovery and exposes gaps in international coordination.
4. Corporate Vulnerability
The threat is not limited to retirees or individuals. In Singapore earlier this year, a finance director was tricked into wiring half a million dollars during a deepfake board call. Digital arrest tactics could just as easily target corporate employees handling high-value transactions.
5. Regulatory Expectations
As scams multiply, regulators are pressing institutions to demonstrate stronger customer protections, more resilient monitoring, and greater collaboration. Failure to act risks not only reputational damage but also regulatory penalties.

Lessons Learned from the Scam
For Individuals
- Treat unsolicited calls from law enforcement with suspicion. Real investigations do not begin on the phone.
- Verify independently by calling the published numbers of agencies.
- Watch for signs of manipulation, such as demands for secrecy or threats of immediate arrest.
- Educate vulnerable groups, particularly senior citizens, about how these scams operate.
For Corporates
- Train employees, especially those in finance roles, to recognise coercion tactics.
- Require secondary verification for urgent, high-value transfers, especially when directed to new accounts.
- Encourage a speak-up culture where staff can challenge suspicious instructions without fear of reprimand.
For Financial Institutions
- Monitor for mule account activity. Unexplained inflows followed by rapid withdrawals are a red flag.
- Run customer awareness campaigns, explaining how digital arrest scams work.
- Share intelligence with peers and regulators to prevent repeat incidents across institutions.
The Role of Technology in Prevention
Digital arrest scams prove that traditional safeguards are insufficient. Fraudsters are not stealing credentials but manipulating behaviour. Prevention requires smarter, adaptive systems.
1. Behavioural Monitoring
Transactions made under duress often differ from normal patterns. Advanced analytics can detect anomalies, such as sudden large transfers from accounts with low historical activity.
2. Typology-Driven Detection
Platforms like Tookitaki’s FinCense leverage the AFC Ecosystem to encode real-world scam scenarios into detection logic. As digital arrest typologies are identified, they can be integrated quickly to improve monitoring.
3. AI-Powered Simulations
Institutions can run simulations of coercion-based scams to test whether their processes would withstand them. These exercises reveal gaps in escalation and verification controls.
4. Federated Learning for Collective Defence
With federated learning, insights from one bank can be shared across many without exposing sensitive data. If one institution sees a pattern in digital arrest cases, others can benefit almost instantly.
5. Smarter Alert Management
Agentic AI can review and narrate the context of alerts, allowing investigators to understand whether unusual activity stems from duress. This speeds up response times and prevents irreversible losses.
Conclusion
The digital arrest scam is not just a fraud. It is a form of psychological captivity, where victims are imprisoned through fear on their own devices. In 2025, India saw a surge of such cases, stripping people of their savings and shaking trust in digital communications.
The message is clear: scams no longer rely on technical breaches. They rely on exploiting human trust. For individuals, the defence is awareness and verification. For corporates, it is embedding strong protocols and encouraging a culture of questioning. For financial institutions, the challenge is profound. They must detect authorised transfers made under coercion, collaborate across borders, and deploy AI-powered defences that learn as fast as the criminals do.
If 2024 was the year of deepfake deception, 2025 is becoming the year of coercion-based fraud. The industry’s response will determine whether scams like digital arrests remain isolated tragedies or become a systemic crisis. Protecting trust is no longer optional. It is the frontline of financial crime prevention.

Busted in Bangsar South: Inside Malaysia’s Largest Scam Call Centre Raid
In August 2025, Malaysian police stormed a five-storey office in Bangsar South, Kuala Lumpur, arresting more than 400 people linked to what is now called the country’s largest scam call centre operation.
The raid made headlines worldwide, not only for its scale but also because of its alleged link to Doo Group, a Singapore-based fintech that sponsors English football giant Manchester United. The case has cast a harsh spotlight on the industrial scale of financial crime in Southeast Asia and the reputational risks it poses for both financial institutions and global brands.

Background of the Scam
The dramatic raid took place on 26 August 2025, when Malaysian authorities swept into a commercial tower in Bangsar South, a thriving business district in Kuala Lumpur. Inside, they discovered a massive call centre allegedly set up to defraud victims across multiple countries.
Over 400 individuals were arrested. Videos of employees being escorted into police vans quickly went viral, symbolising the scale and industrial nature of the operation.
Initial reports linked the call centre to Doo Group, a global financial services provider with operations across Singapore, Hong Kong, London, Sydney, and Dubai. While the company has insisted that its operations remain unaffected and that it is cooperating fully with investigators, the reputational damage was already significant.
The Bangsar South raid is part of Malaysia’s wider anti-scam campaign. By mid-2025, authorities had arrested over 11,800 suspects in similar cases, with financial losses amounting to RM 1.5 billion (USD 355 million). The Bangsar South case, however, stands out because of its size, its international profile, and its link to a company with a global brand presence.
What the Case Revealed
The raid revealed troubling insights into how financial crime networks operate in the region:
1. Industrialised Fraud
A workforce of over 400 suggests this was not a small, fly-by-night scam but a structured enterprise. Staff were reportedly trained to follow scripts, handle objections, and target victims methodically, mirroring the efficiency of legitimate customer service operations.
2. Global Targeting
Reports indicate the call centre targeted victims not just in Malaysia but also overseas, raising questions about how funds were laundered across borders. The multilingual capabilities of employees further suggest international reach.
3. Reputation at Risk
The alleged connection to Doo Group highlights how reputable financial companies can be pulled into fraud narratives. Even if not directly complicit, the association underscores how thin the line can be between legitimate fintech operations and the shadow economy.
4. Oversight Gaps
The case also points to challenges regulators face in monitoring sprawling call centre operations and cross-border financial flows. By the time raids occur, thousands of victims may already have been defrauded.
Impact on Financial Institutions and Corporates
The Bangsar South raid is not just a law enforcement victory. It is a warning signal for the financial industry.
1. Reputational Fallout
When a Manchester United sponsor is linked to scams, it is not just the company that suffers. Brand trust in fintech, sports, and banking becomes collateral damage. This raises the stakes for due diligence in sponsorships and partnerships.
2. Investor and Customer Confidence
Digital finance thrives on trust. When fintechs are tied to scandals, investors hesitate and customers second-guess their safety. The Bangsar South case risks dampening enthusiasm for fintech adoption in Malaysia and the wider region.
3. Operational Risks for Banks
For financial institutions, call centre scams translate into suspicious transaction flows, mule account proliferation, and higher compliance costs. Traditional transaction monitoring often struggles to flag layered, cross-border flows connected to scams of this scale.
4. Regional Implications
Malaysia’s crackdown shows commendable resolve, but it also exposes the country as a hub for organised scam activity. This dual image, both a problem centre and an enforcement leader, will shape how regional regulators approach financial crime.

Lessons Learned from the Scam
- Scale ≠ Legitimacy
A large workforce and polished infrastructure do not guarantee a legitimate business. Regulators and partners must look beyond appearances. - Due Diligence is Non-Negotiable
Global brands and institutions need deeper checks before partnerships. A sponsorship or corporate tie-up can quickly become a reputational liability. - Regulatory Vigilance Matters
The Bangsar South raid shows what decisive enforcement looks like, but it also reveals how long such scams can operate before being stopped. - Cross-Border Cooperation is Critical
Victims were likely spread across multiple jurisdictions. Without international collaboration, enforcement remains reactive. - Public Awareness is Essential
Scam call centres thrive because victims are unaware. Public education campaigns must go hand-in-hand with enforcement.
The Role of Technology in Prevention
Conventional compliance methods, such as simple blacklist checks or static rules, are no match for scam call centres operating at an industrial scale. To counter them, financial institutions need adaptive, intelligence-driven defences.
This is where Tookitaki’s FinCense and the AFC Ecosystem come in:
- Typology-Driven Detection
FinCense continuously updates detection logic based on real scam scenarios contributed by 200+ global financial crime experts in the AFC Ecosystem. This means emerging call centre scam patterns can be identified faster. - Agentic AI
At the heart of FinCense is an Agentic AI framework, a network of intelligent agents that not only detect suspicious activity but also explain every decision in plain language. This reduces investigation time and builds regulator confidence. - Federated Learning
Through federated learning, FinCense enables banks to share insights on scam flows and mule account behaviours without compromising sensitive data. It is collective intelligence at scale. - Smart Case Disposition
When alerts are triggered, FinCense’s Agentic AI generates natural-language summaries, helping investigators prioritise critical cases quickly and accurately.
Moving Forward: The Future of Scam Call Centres
The Bangsar South raid may have shut down one operation, but the fight against scam call centres is far from over. As enforcement improves, fraudsters will adopt AI-driven tools, deepfake impersonations, and more sophisticated laundering methods.
For financial institutions, the path forward is clear:
- Strengthen collaboration with regulators and peers to track cross-border scam flows.
- Invest in adaptive technology like FinCense to stay ahead of criminal innovation.
- Educate customers relentlessly about new fraud tactics.
The raid was a victory, but it was also a warning.
If one call centre with 400 employees can operate in plain sight, imagine how many others remain hidden. The only safe strategy for financial institutions is to stay one step ahead with collaboration, intelligence, and next-generation technology.

Locked on Video: Inside India’s Chilling Digital Arrest Scam
It began with a phone call. A senior citizen in Navi Mumbai answered a number that appeared to belong to the police. Within hours, she was trapped on a video call with men in uniforms, accused of laundering money for terrorists. Terrified, she wired ₹21 lakh into what she believed was a government-controlled account.
She was not alone. In August 2025, cases of “digital arrest” scams surged across India. An elderly couple in Madhya Pradesh drained nearly ₹50 lakh of their life savings after spending 13 days under constant video surveillance by fraudsters posing as investigators. In Rajkot, criminals used the pretext of a real anti-terror operation to extort money from a student.
These scams are not crude phishing attempts. They are meticulously staged psychological operations, exploiting people’s deepest fears of authority and social disgrace. Victims are not tricked into handing over passwords. They are coerced, minute by minute, into making transfers themselves. The results are devastating, both for individuals and the wider financial system.

Background of the Scam
The anatomy of a digital arrest scam follows a chillingly consistent script.
1. The Call of Fear
Fraudsters begin with a phone call, often masked to resemble an official number. The caller claims the victim’s details have surfaced in a serious crime: drug trafficking, terror financing, or money laundering. The consequences are presented as immediate arrest, frozen accounts, or ruined reputations.
2. Escalation to Video
To heighten credibility, the fraudster insists on switching to a video call. Victims are connected to people wearing uniforms, holding forged identity cards, or even sitting before backdrops resembling police stations and courtrooms.
3. Isolation and Control
Once on video, the victim is told they cannot disconnect. In some cases, they are monitored round the clock, ordered not to use their phone for any purpose other than the call. Contact with family or friends is prohibited, under the guise of “confidential investigations.”
4. The Transfer of Funds
The victim is then directed to transfer money into so-called “secure accounts” to prove their innocence or pay bail. These accounts are controlled by criminals and serve as the first layer in complex laundering networks. Victims, believing they are cooperating with the law, empty fixed deposits, break retirement savings, and transfer sums that can take a lifetime to earn.
The method blends social engineering with coercive control. It is not the theft of data, but the hijacking of human behaviour.
What the Case Revealed
The 2025 wave of digital arrest scams in India exposed three critical truths about modern fraud.
1. Video Calls Are No Longer a Guarantee of Authenticity
For years, people considered video more secure than phone calls or emails. If you could see someone’s face, the assumption was that they were genuine. These scams demolished that trust. Fraudsters showed that live video, like written messages, can be staged, manipulated, and weaponised.
2. Authority Bias is a Fraudster’s Greatest Weapon
Humans are hardwired to respect authority, especially law enforcement. By impersonating police or investigators, criminals bypass the victim’s critical reasoning. Fear of prison or social disgrace outweighs logical checks.
3. Coercion Multiplies the Damage
Unlike phishing or one-time deceptions, digital arrests involve prolonged psychological manipulation. Victims are kept online for days, bombarded with threats and false evidence. Under this pressure, even cautious individuals break down. The results are not minor losses, but catastrophic financial wipe-outs.
4. Organised Networks Are Behind the Scenes
The professionalism and scale suggest syndicates, not lone operators. From forged documents to layered mule accounts, the fraud points to criminal hubs capable of running scripted operations across borders.
Impact on Financial Institutions and Corporates
Though victims are individuals, the implications extend far into the financial and corporate world.
1. Reputational Risk
When victims lose life savings through accounts within the banking system, they often blame their bank as much as the fraudster. Even if technically blameless, institutions suffer a hit to public trust.
2. Pressure on Fraud Systems
Digital arrest scams exploit authorised transactions. Victims themselves make the transfers. Traditional detection tools that focus on unauthorised access or password breaches cannot easily flag these cases.
3. Global Movement of Funds
Money from scams rarely stays local. Transfers are routed across borders within hours, layered through mule accounts, e-wallets, and fintech platforms. This complicates recovery and exposes gaps in international coordination.
4. Corporate Vulnerability
The threat is not limited to retirees or individuals. In Singapore earlier this year, a finance director was tricked into wiring half a million dollars during a deepfake board call. Digital arrest tactics could just as easily target corporate employees handling high-value transactions.
5. Regulatory Expectations
As scams multiply, regulators are pressing institutions to demonstrate stronger customer protections, more resilient monitoring, and greater collaboration. Failure to act risks not only reputational damage but also regulatory penalties.

Lessons Learned from the Scam
For Individuals
- Treat unsolicited calls from law enforcement with suspicion. Real investigations do not begin on the phone.
- Verify independently by calling the published numbers of agencies.
- Watch for signs of manipulation, such as demands for secrecy or threats of immediate arrest.
- Educate vulnerable groups, particularly senior citizens, about how these scams operate.
For Corporates
- Train employees, especially those in finance roles, to recognise coercion tactics.
- Require secondary verification for urgent, high-value transfers, especially when directed to new accounts.
- Encourage a speak-up culture where staff can challenge suspicious instructions without fear of reprimand.
For Financial Institutions
- Monitor for mule account activity. Unexplained inflows followed by rapid withdrawals are a red flag.
- Run customer awareness campaigns, explaining how digital arrest scams work.
- Share intelligence with peers and regulators to prevent repeat incidents across institutions.
The Role of Technology in Prevention
Digital arrest scams prove that traditional safeguards are insufficient. Fraudsters are not stealing credentials but manipulating behaviour. Prevention requires smarter, adaptive systems.
1. Behavioural Monitoring
Transactions made under duress often differ from normal patterns. Advanced analytics can detect anomalies, such as sudden large transfers from accounts with low historical activity.
2. Typology-Driven Detection
Platforms like Tookitaki’s FinCense leverage the AFC Ecosystem to encode real-world scam scenarios into detection logic. As digital arrest typologies are identified, they can be integrated quickly to improve monitoring.
3. AI-Powered Simulations
Institutions can run simulations of coercion-based scams to test whether their processes would withstand them. These exercises reveal gaps in escalation and verification controls.
4. Federated Learning for Collective Defence
With federated learning, insights from one bank can be shared across many without exposing sensitive data. If one institution sees a pattern in digital arrest cases, others can benefit almost instantly.
5. Smarter Alert Management
Agentic AI can review and narrate the context of alerts, allowing investigators to understand whether unusual activity stems from duress. This speeds up response times and prevents irreversible losses.
Conclusion
The digital arrest scam is not just a fraud. It is a form of psychological captivity, where victims are imprisoned through fear on their own devices. In 2025, India saw a surge of such cases, stripping people of their savings and shaking trust in digital communications.
The message is clear: scams no longer rely on technical breaches. They rely on exploiting human trust. For individuals, the defence is awareness and verification. For corporates, it is embedding strong protocols and encouraging a culture of questioning. For financial institutions, the challenge is profound. They must detect authorised transfers made under coercion, collaborate across borders, and deploy AI-powered defences that learn as fast as the criminals do.
If 2024 was the year of deepfake deception, 2025 is becoming the year of coercion-based fraud. The industry’s response will determine whether scams like digital arrests remain isolated tragedies or become a systemic crisis. Protecting trust is no longer optional. It is the frontline of financial crime prevention.

Inside the New Payments Platform (NPP): How Australia’s Real-Time Payments Are Changing Finance and Fraud
Australia’s real-time payments revolution is reshaping finance, but it also brings new risks and compliance challenges.
Imagine sending money to a friend, paying a bill, or receiving your salary in seconds, no matter the day or hour. That vision became reality in Australia with the launch of the New Payments Platform (NPP) in 2018. Since then, the NPP has transformed how Australians transact, powering faster, smarter, and more flexible payments.
But while the benefits are undeniable, the NPP has also introduced fresh risks. Fraudsters and money launderers now exploit the speed of real-time payments, forcing banks, fintechs, and regulators to rethink how they approach compliance. In this blog, we take a deep look at the NPP, exploring its origins, features, benefits, risks, and what the future holds.

What is the New Payments Platform (NPP)?
The NPP is Australia’s real-time payments infrastructure, designed to allow funds to be transferred between bank accounts in seconds. Unlike traditional bank transfers, which could take hours or days, the NPP settles payments instantly, around the clock, 365 days a year.
A Collaborative Effort
The NPP was launched in February 2018 as a collaborative initiative between the Reserve Bank of Australia (RBA), major banks, and key financial institutions. It was developed to modernise Australia’s payments infrastructure and to match the expectations of a digital-first economy.
Core Components of the NPP
- Fast Settlement Service (FSS): Operated by the RBA, this ensures transactions settle instantly across participating banks.
- Overlay Services: Products built on top of the NPP to offer tailored use cases, such as Osko by BPAY for fast peer-to-peer payments.
- PayID: A feature that allows customers to link easy identifiers such as email addresses or phone numbers to bank accounts for faster payments.
- ISO 20022 Data Standard: Enables rich data to travel with payments, improving transparency and reporting.
The NPP is not just a new payment rail. It is an entirely new ecosystem designed to support innovation, competition, and efficiency.
Key Features of the NPP
- Speed: Transactions settle in less than 60 seconds.
- Availability: Operates 24/7/365, unlike traditional settlement systems.
- Rich Data: ISO 20022 messaging allows businesses to include detailed payment references.
- Flexibility: Overlay services enable innovative new use cases, from consumer-to-business payments to government disbursements.
- Ease of Use: PayID removes the need for remembering BSB and account numbers.
Benefits of the NPP for Australia
1. Consumer Convenience
Everyday Australians can send and receive money instantly. Whether splitting a dinner bill or paying rent, transactions are seamless and fast.
2. Business Efficiency
Businesses benefit from faster supplier payments, real-time payroll, and improved cash flow management. For SMEs, this reduces dependency on costly credit.
3. Government Services
Government agencies can issue refunds, grants, and welfare payments in real time, improving citizen experience and efficiency.
4. Financial Inclusion and Innovation
The NPP creates opportunities for fintechs to build new payment products and services, driving competition and giving consumers more choice.
5. Enhanced Transparency
The rich data standards improve reconciliation and reduce errors, saving time and cost for businesses.
The Risks and Challenges of Real-Time Payments
As with any innovation, the NPP comes with challenges. The very features that make it attractive to consumers also make it attractive to fraudsters and money launderers.
1. Authorised Push Payment (APP) Scams
Fraudsters use social engineering to trick customers into sending money themselves. Because NPP payments are instant, victims often cannot recover funds once transferred.
2. Money Mule Networks
Criminals exploit mule accounts to move illicit funds quickly. Dormant accounts or those opened with synthetic identities are often used as conduits.
3. Increased Operational Pressure
Compliance teams that once had hours to review suspicious transactions now have seconds. This shift requires entirely new approaches to monitoring.
4. False Positives and Noise
Traditional systems generate vast numbers of false positives, which overwhelm investigators. With NPP volumes growing, this problem is magnified.
5. Cyber and Identity Risks
Fraudsters use phishing, malware, and stolen credentials to take over accounts and push funds instantly.

Regulatory and Industry Response
Australian regulators have moved swiftly to address these risks.
- AUSTRAC: Expects banks and payment providers to implement effective real-time monitoring and suspicious matter reporting tailored to NPP risks.
- ASIC: Focuses on consumer protection and ensuring victims of scams are treated fairly.
- Industry Initiatives: The Australian Banking Association has been working on scam-reporting frameworks and shared fraud detection systems across banks.
- Government Action: Proposals to make banks reimburse scam victims are under consideration, following models in the UK.
The message is clear: institutions must invest in smarter compliance and fraud prevention tools.
Fraud and AML in the NPP Era
Why Legacy Systems Fall Short
Legacy monitoring systems were built for batch processing. They cannot keep up with the millisecond-level requirements of real-time payments. By the time a suspicious transaction is flagged, the funds are gone.
What Next-Gen Solutions Look Like
Modern systems use AI and machine learning to:
- Detect anomalies in real time.
- Link suspicious activity across accounts, devices, and geographies.
- Reduce false positives by learning from investigator feedback.
- Provide regulator-ready explanations for every alert.
Key Fraud Red Flags in NPP Transactions
- Large transfers to newly created accounts.
- Multiple small payments designed to avoid thresholds.
- Sudden changes in device or login behaviour.
- Beneficiaries in high-risk jurisdictions.
- Rapid pass-through activity with no balance retention.
Spotlight on Technology: Tookitaki’s Role
As the risks around NPP accelerate, technology providers are stepping up. Tookitaki’s FinCense is purpose-built for the demands of real-time payments.
How FinCense Helps
- Real-Time Monitoring: Detects suspicious activity in milliseconds.
- Agentic AI: Continuously adapts to new scam typologies, reducing false positives.
- Federated Intelligence: Accesses insights from the AFC Ecosystem, a global compliance community, while preserving privacy.
- FinMate AI Copilot: Assists investigators with summaries, recommendations, and regulator-ready narratives.
- AUSTRAC-Ready Compliance: Built-in reporting for SMRs, TTRs, and detailed audit trails.
Local Adoption
FinCense is already being used by community-owned banks like Regional Australia Bank and Beyond Bank. These partnerships demonstrate that even mid-sized institutions can meet AUSTRAC’s expectations while delivering excellent customer experiences.
The Future of NPP in Australia
The NPP is still evolving. Several developments will shape its future:
1. PayTo Expansion
PayTo, a digital alternative to direct debit, is gaining traction. It allows consumers to authorise payments directly from their accounts, offering flexibility but also new fraud vectors.
2. Cross-Border Potential
Future integration with Asia-Pacific payment systems could expand NPP beyond Australia, increasing both opportunities and risks.
3. Smarter Fraud Typologies
Criminals are already exploring ways to exploit deepfake technology, synthetic identities, and AI-driven scams. Fraud prevention must evolve just as quickly.
4. Industry Collaboration
Expect stronger cooperation between banks, fintechs, regulators, and technology vendors. Shared fraud databases and federated intelligence models will be crucial.
Conclusion
The New Payments Platform has reshaped Australia’s payments landscape. It delivers speed, convenience, and innovation that benefit consumers, businesses, and government agencies. But with opportunity comes risk.
Fraudsters have been quick to exploit the instant nature of NPP, forcing institutions to rethink how they detect and prevent financial crime. The solution lies in real-time, AI-powered monitoring platforms that adapt to new typologies and reduce compliance costs.
For Australian institutions, the NPP is more than a payment rail. It is the foundation of a new financial ecosystem. The winners will be those who embrace innovation, partner with the right AML vendors, and build trust through smarter compliance.
Pro tip: If your institution still relies on batch monitoring, you are already behind. Now is the time to modernise and future-proof your compliance with intelligent fraud and AML platforms.
