Blog

The FATF Pushes For Information-Sharing Rules In Crypto

Tookitaki

18 Jul 2022

3 min

read

According to a worldwide anti-money laundering watchdog, the majority of nations lack "travel rule" laws that may aid in preventing the unauthorised use of cryptocurrencies by criminals and terrorists.

The legislation requires businesses and service providers to submit information about the senders and receivers of cryptocurrency transactions. Only a small sample of the governments questioned by the Financial Action Task Force (FATF) reported passing such rules, and only approximately 30% of those jurisdictions had begun enforcing the regulations.

The State of Travel Rule Compliance Among Member Nations

In a report released on June 30th, FATF stated that more countries need to grasp the risks of money laundering and terrorist financing present in the cryptocurrency industry. One way to reduce these risks is to enact travel rules. Only 29 of the 98 jurisdictions that replied to the FATF survey as of March indicated that they had passed relevant rules, and only 11 of those 29 had begun enforcing and monitoring those rules.

According to FATF, roughly a third of the respondents had not yet begun introducing pertinent laws, and about a quarter of the respondents were in the process of passing such laws.

Although there are technical ways to make it easier to follow travel regulations, FATF stated that the private sector still has to improve information sharing between countries.

FATF added that it would keep an eye on new threats in the industry, such as using cryptocurrencies to get around regulations and launder illegal ransomware attack proceeds. FATF also observed member nations' concerns regarding decentralised finance (DeFi) and nonfungible tokens (NFTs), which are challenging to implement FATF rules, had grown.

Member jurisdictions develop relevant policies that businesses and organisations must abide by once FATF sets guidelines for member countries to implement. The FATF conducts mutual evaluations of member nations to evaluate the success and application of anti-money-laundering measures. Members from various nations conduct the peer reviews that make up the FATF's mutual assessments to evaluate the efficacy and application of one another's anti-money-laundering policies.

FATF stated that it would facilitate dialogue with member nations and keep an eye on market trends that might require further investigation in order to promote the implementation of the travel-rule requirement. In June 2023, FATF will again assess how the implementation of the travel rule is going.

The Role of Virtual Asset Service Providers (VASPs)

While new regulations can create a larger framework in the fight against financial crime, the onus is on virtual asset service providers (VASPs) to implement the regulations. New regulatory reforms would mean increased obligations for banks, money service businesses, asset management and exchange houses.

They normally do this via regulatory compliance programmes, which include both human and technology resources.

VASPs are facing increasing pressure from local and global regulators to revamp their AML compliance programmes. Given the rapidly evolving nature of virtual assets, the financial system and sophisticated criminal networks, it would be a complex task for them.

Regarding AML compliance, crypto exchanges are troubled by the scarcity of skilled compliance staff and inefficient staff allocation. A shortfall in these areas might lead to enforcement actions, including hefty fines.

FATF’s report highlights that there are now technological solutions available to facilitate travel rule compliance in practice, but the private sector needs to continue to increase interoperability between solutions and across jurisdictions and to work towards full compliance.

On market developments and emerging money laundering/terrorist financing (ML/TF) threats, the report highlights the continued need for the FATF to monitor the growth of, and illicit financing risks associated with, DeFi and NFTs markets and unhosted wallets.

How can Tookitaki Help?

With modern technologies such as artificial intelligence and machine learning at the forefront, compliance departments can address many of these issues effectively. With proper implementation, these technologies can bring in a paradigm shift in the way financial institutions approach financial crimes and compliance risk at large.

This is an area where machine learning-powered platforms like Tookitaki can add value. Our end-to-end AML/CFT analytics solution, the Anti-Money Laundering Suite (AMLS), can create next-generation compliance programmes encompassing key processes such as transaction monitoring, AML screening and customer due diligence on a single platform.

The suite comprises our Transaction Monitoring, Dynamic Risk Review, Smart Screening and Case Management solutions under one roof for all your AML needs. AMLS achieves new levels of accuracy and speed by providing the industry’s only shared typology platform, allowing our clients to break through silos and benefit from the industry’s collective AML insights. Our coordinated, collaborative and innovative approach enables everyone to join forces in the fight against financial crime.

Both modern and traditional financial institutions across the globe are building agile and scalable compliance programmes using AMLS, making us a partner of choice.

If you are a crypto business that is looking to set up an AML compliance programme, reach out to one of our experts.

Experience the most intelligent AML and fraud prevention platform

Talk to an expert

Experience the most intelligent AML and fraud prevention platform

Download Now

Experience the most intelligent AML and fraud prevention platform

Download Now

Top AML Scenarios in ASEAN

Download Now

The Role of AML Software in Compliance

Download Now

Thank you! Your submission has been received!

Oops! Something went wrong while submitting the form.

Ready to Streamline Your Anti-Financial Crime Compliance?

Get Started

Our Thought Leadership Guides

Blogs

01 Jul 2025

read

The Thai Investment Scam That Sold Dreams and Stole Millions from Australians

In an era where trust is everything, a well-orchestrated investment scam has shaken thousands of unsuspecting Australians—reminding us that financial fraud is becoming smarter, faster, and more global.

In June 2025, Thai police arrested 13 foreign nationals operating a fake investment scheme that swindled over 14,000 Australians, totalling USD 1.2 million in losses. The arrests marked a breakthrough, but also exposed a growing web of cross-border fraud built on digital deception.

Background of the Scam

How the Scam Worked

The fraudsters posed as investment consultants from legitimate-sounding financial firms. Using spoofed Australian phone numbers, they cold-called thousands of individuals across the country and offered attractive bond investment opportunities. These pitches came with fake documentation, official logos, and scripted professionalism designed to build trust quickly.

Key elements of the modus operandi:

Cold Calls: Made using VoIP services that masked the true origin.
Fake Bonds: Named similarly to well-known offerings like “Liberty Bonds”.
Pressure Tactics: Victims were told the opportunity was limited-time and required urgent action.
Credibility Builders: They shared fraudulent certificates, fake websites, and even customer service follow-ups.

The syndicate used psychological manipulation and urgency to override rational scepticism—a classic hallmark of modern investment fraud.

‍

What the Case Revealed

The arrests revealed a shocking level of operational maturity:

The scam was run like a call centre—with job roles, scripts, and tech infrastructure.
Laptops, phones, documents, and hard drives found on-site pointed to thousands of victim profiles.
The scammers were not Thai nationals—they were foreigners recruited for their English skills and familiarity with Australian culture.

This case also confirmed suspicions that Southeast Asia is increasingly a base of operations for globally targeted scams due to loosely regulated digital infrastructure and low operational costs.

Impact on Global Finance

The Thai investment scam isn’t an isolated financial crime—it’s a sign of larger systemic risks:

🌐 Cross-Border Vulnerabilities

Victims in Australia, syndicates in Thailand, digital payments routed through intermediary countries—a truly borderless operation.
This highlights weaknesses in international anti-fraud collaboration, especially in early detection and enforcement.

📉 Institutional Trust Erosion

Thousands of Australians now second-guess legitimate investment outreach.
As frauds mimic real financial products, trust in banks, fintechs, and brokers is undermined—especially among older investors.

💸 Rising Compliance Costs

Financial institutions face pressure to tighten onboarding, verification, and investment approval protocols.
These measures, while necessary, increase costs and slow down legitimate operations.

🔁 Abuse of Financial Infrastructure

Scammers moved stolen funds via mule accounts, prepaid cards, and potentially crypto wallets, complicating recovery efforts and aiding money laundering.

This scam may be small in dollar terms compared to global Ponzi schemes, but in structural impact, it’s significant.

Lessons Learned from the Scam

The Thai scam case offers valuable lessons for all financial stakeholders:

1. Scams are Scalable

Fraud is no longer amateur—it’s an industrialised business model with SOPs, tech stacks, and recruitment funnels. Treat it like a business, not a one-off incident.

2. Consumer Awareness is a Weak Link

Even financially literate individuals were duped. The emotional triggers and sophisticated documentation overpowered rational caution. Public education must be ongoing and adaptive.

3. Older Demographics Need Targeted Protection

A large portion of the victims were retirees or older professionals—an age group with access to capital but less digital scam awareness.

4. Transnational Law Enforcement Is Critical

The success of this bust hinged on coordination between Thai police and Australian authorities. Stronger intelligence-sharing, extradition treaties, and regional enforcement frameworks are now vital.

5. Scams Are Brand Killers

Reputational damage from such scams doesn’t just affect the victims—it casts a shadow on entire categories of legitimate financial products.

The Role of Technology in Preventing Future Scandals

As scams grow more sophisticated, traditional rule-based compliance systems are no longer enough. Financial institutions must move towards intelligent, adaptive, and collaborative technologies.

1. AI-Powered Transaction Monitoring

Detecting subtle anomalies—such as unusually timed investments, repeat transactions to flagged accounts, or first-time investors sending large sums—requires machine learning models that learn and adapt from real-time data.

2. Collaborative Intelligence

Scams often follow repeated patterns. A federated approach allows institutions to share risk indicators and red flags without exposing customer data—building collective muscle to fight new threats faster.

3. Behavioural Risk Modelling

Beyond static thresholds, systems can now track behavioural shifts—like a customer suddenly engaging in high-risk investments, or funds moving through unfamiliar geographies.

4. Continuous Learning

Fraud is dynamic—your defences must be too. Tools that ingest new typologies, simulate red flag thresholds, and auto-tune detection parameters are the future of scalable protection.

Moving Forward: Learning from the Past, Preparing for the Future

This scam underscores the urgent need for proactive, intelligence-led financial crime defence strategies. Institutions can no longer afford to act alone, react late, or rely solely on static rules.

This is where Tookitaki’s FinCense platform comes in. Purpose-built for the new era of fraud and compliance, it enables:

🔍 Advanced typology-based detection that spots patterns in transactions, behaviour, and cross-border flow.
🤖 Federated learning models that update with every new red flag scenario contributed by a global expert community.
🛡️ Scenario simulation engines to test your institution’s resilience to evolving scams before they strike.
📉 Smart dispositioning to reduce false positives while capturing real threats early.

Tookitaki’s platform, powered by the AFC Ecosystem, transforms compliance teams from passive detectors into active defenders.

Strengthening AML Compliance Through Technology and Collaboration

Conclusion

The Thai investment fraud case was more than a scam—it was a systems test. A test of our global defences, our public awareness, and our institutional resilience.

Thousands lost money. But the real loss would be if we ignored what this case revealed.

It’s time for the financial ecosystem to level up—combining technology, collaboration, and foresight to stay ahead of an increasingly professional fraud economy.

Because the next scam is already being planned.
The question is: will we be ready?

‍

The Thai Investment Scam That Sold Dreams and Stole Millions from Australians

Blogs

28 May 2025

5 min

read

Instant Payments, Instant Threats: The New Face of Laundering in Singapore

Singapore has long been a regional hub for financial innovation. But with innovation comes risk — and a recent case involving OCBC and suspected scam syndicates has raised new concerns about how real-time payment systems are being misused for laundering illicit funds. As financial institutions race to offer seamless customer experiences, compliance teams must reckon with the unintended consequences of speed and scale in digital payments.

What Happened: OCBC and the Scam Syndicate Probe

In May 2024, OCBC Singapore confirmed its involvement in a case where law enforcement was investigating multiple individuals for facilitating scam-related transactions. The individuals were believed to have abused real-time fund transfers via OCBC accounts to enable large-scale money laundering for criminal networks. The bank worked closely with authorities, providing transaction data and account activity insights as part of the investigation.

While OCBC was not accused of wrongdoing, the case shed light on how even strong compliance systems can be circumvented when criminals exploit the instant, anonymous, and high-frequency nature of digital transfers.

Instant Payments, Instant Threats: The New Face of Laundering in Singapore

Impact on Global Finance

This incident is not just a domestic compliance concern — it’s a wake-up call for banks across the region and beyond.

Global Interconnectedness: In a world of interoperable payment rails and open banking APIs, the misuse of Singapore-based accounts can enable cross-border laundering activities across ASEAN and beyond.
Increased Regulatory Pressure: Regulators are taking a tougher stance on instant payments. MAS has reiterated the importance of real-time monitoring tools and collaborative data sharing to combat fraud and financial crime.
Reputational Risk: Incidents like this can erode institutional trust. Singapore has a reputation as a well-regulated financial centre — and banks operating here are expected to go beyond basic compliance to safeguard that trust.

Red Flags and Laundering Tactics in Real-Time Payments

The AFC Ecosystem community has extensively studied real-time payment laundering typologies and found common techniques that criminals rely on:

QR Code Obfuscation: Criminals embed QR payments within fake e-commerce or empty package delivery schemes to justify fund flows.
Money Mule Recruitment: Syndicates exploit students, gig workers, and low-income groups to open accounts used for laundering.
Smurfing at Speed: Instant payments allow layering within seconds across multiple accounts, making tracking difficult.
Shell Account Structuring: Using prepaid cards, utility accounts, or fake merchant profiles to disperse and reintegrate proceeds.

These methods allow syndicates to create a smokescreen of legitimate-looking transactions that bypass legacy transaction monitoring systems.

Role of Technology in Preventing Future Scandals

Technology must evolve as fast as the financial crime tactics it’s trying to stop. Here’s how institutions can respond:

Real-Time AI Monitoring: AI-powered transaction monitoring tools that detect velocity, anomalies, and behavioural deviations are no longer optional — they’re essential.
Federated Intelligence Sharing: Platforms like Tookitaki’s AFC Ecosystem enable banks to tap into collective insights on emerging typologies without compromising data privacy.
Typology-Based Detection: Monitoring systems must go beyond rules and thresholds. They must ingest real-life scenarios (e.g., QR laundering via empty package schemes) and detect transaction flows that match known patterns.
Integrated KYC & Risk Scoring: Identity verification must be continuously evaluated, especially for new accounts with sudden activity bursts.

Moving Forward: Learning from the Past, Preparing for the Future

The OCBC incident is a reminder that even strong banks in tightly regulated jurisdictions are not immune. But it’s also an opportunity to rethink how financial institutions tackle fraud and AML in the era of instant payments.

Collaboration is Key: Financial crime is no longer a siloed problem. Banks, fintechs, regulators, and technology providers must collaborate across borders and platforms.
Speed ≠ Safety: Instant payments should come with instant safeguards. The speed of money should be matched by the speed of detection.
Scenario-Led Compliance: A one-size-fits-all rulebook won’t work. Institutions need dynamic compliance systems that reflect real-world typologies contributed by expert communities.

Final Thoughts

Real-time payment systems are a double-edged sword — offering convenience on one side and risk on the other. The only way to stay ahead is by combining advanced technology, cross-border intelligence, and scenario-led compliance. Tookitaki’s FinCense platform, powered by the AFC Ecosystem, helps financial institutions do just that — with federated AI that continuously evolves to detect new laundering methods faster and more accurately.

The fight against financial crime is real-time. Our defences should be too.

Blogs

23 Apr 2025

6 min

read

FATF Grey List Shakeup: Laos and Nepal In, Philippines Out

The FATF’s latest grey list update is reshaping financial compliance priorities across Asia, with Laos and Nepal in—and the Philippines out.

Announced in February 2025, this high-stakes shift underscores a growing focus on risk governance, transparency, and regulatory enforcement—particularly in rapidly developing economies.

Whether you’re a compliance lead, fintech founder, or risk officer in APAC, this change raises critical questions: What triggered these decisions? What lessons can be learned from the Philippines’ exit? And how should institutions recalibrate their AML strategies in light of FATF’s evolving lens?

In this article, we break down what the latest grey list update means, how it impacts financial institutions, and how you can stay ahead of the next jurisdictional shift.

What Is the FATF Grey List?

The FATF grey list, officially called the list of jurisdictions under increased monitoring, highlights countries that are actively working with FATF to address strategic deficiencies in their AML/CFT (Anti-Money Laundering and Countering the Financing of Terrorism) regimes.

Greylisting doesn’t mean a country is unsafe or non-cooperative. Instead, it indicates that a jurisdiction has weaknesses in its AML/CFT systems but has committed to resolving them within a set timeframe under FATF supervision.

What Are the Impacts of Greylisting?

De-risking by global banks and investors
Tighter scrutiny for cross-border transactions
Higher due diligence requirements for financial institutions
Damage to the country’s financial credibility and access to funding

Why Laos and Nepal Were Added in 2025

Laos: Emerging Market, Growing Risk

Laos has seen increased digitisation in its financial sector, but it remains vulnerable to cross-border financial crime, particularly through informal value transfer systems and loosely regulated sectors.

FATF Likely Flagged:

Inadequate regulation of Virtual Asset Service Providers (VASPs)
Weak Suspicious Transaction Reporting (STR) frameworks
Limited transparency around beneficial ownership
Cross-border risks linked to trade, casinos, and real estate

Nepal: Informality Meets Inattention

Nepal’s dependence on informal remittance corridors and a cash-heavy economy make it a prime candidate for enhanced monitoring.

FATF Concerns Likely Included:

Weak enforcement of Customer Due Diligence (CDD) standards
Lack of oversight for DNFBPs (Designated Non-Financial Businesses and Professions)
Outdated regulatory enforcement and weak supervision
Poor implementation of targeted financial sanctions

Both countries must now implement time-bound action plans and undergo closer scrutiny from international partners.

The Philippines: From Greylisted to Compliant

After being added to the FATF grey list in June 2021, the Philippines was officially removed in February 2025, following significant improvements across legislation, supervision, and enforcement.

What the Philippines Got Right:

Established the National Anti-Money Laundering Coordinating Committee (NACC)
Strengthened AML laws, including the Anti-Terrorism Act of 2020 and FIST Act
Boosted monitoring of offshore gaming operators, MSBs, and DNFBPs
Deployed regtech and AI-driven solutions for transaction monitoring

The Philippines' removal demonstrates that FATF listing can be a powerful motivator for change—and that exit is achievable with cross-sector collaboration.

Why This Matters for Financial Institutions

Whether or not your institution operates in Laos, Nepal, or the Philippines, FATF updates are a reminder of the global nature of compliance risk.

Key Impacts:

Enhanced Due Diligence on clients and transactions involving greylisted jurisdictions
Recalibration of Risk Scoring Models to reflect changes in country risk profiles
Correspondent Banking Disruption, especially for cross-border remittances
Increased Reporting and documentation obligations for flagged activity

Tookitaki's Role in Navigating Greylist Complexity

At Tookitaki, we help financial institutions stay ahead of evolving compliance obligations through intelligent, scalable technology that adapts to FATF expectations.

Our Platform: FinCense

Scenario-Based Transaction Monitoring with real-time country risk adjustments
AI-Driven Alert Optimisation to reduce false positives and highlight high-risk activity
Built-In Typologies contributed by AML experts from across the AFC Ecosystem
Cross-Border Risk Mapping that flags exposure to greylisted jurisdictions

Whether you operate in a FATF-listed country or do business with one, Tookitaki enables faster response, better decision-making, and audit-ready compliance.

Lessons from the FATF Grey List Shakeup

For Compliance Teams:

Update transaction monitoring rules to reflect FATF changes
Train analysts on new jurisdictional risks
Use country risk as a dynamic input in risk scoring and alert escalation

For Regulators and Policymakers:

Benchmark against the Philippines' success story
Embrace regtech solutions that support real-time adaptation
Encourage cross-border collaboration and data sharing

Conclusion: Real-Time Compliance for a Real-Time World

The FATF grey list is a dynamic reminder that compliance is not static. With Laos and Nepal now under watch and the Philippines proving that reform is possible, the pressure is on for institutions to respond quickly and proactively.

Tookitaki's technology was built to power that response—turning complex risk into actionable intelligence, and regulatory pressure into an opportunity to lead.

In a world where reputation, trust, and regulation intersect, smart compliance isn't just about avoiding penalties. It's about enabling financial institutions to thrive in the face of uncertainty.

Stay ahead. Stay trusted.

FATF Grey List Shakeup: Laos and Nepal In, Philippines Out

Blogs

01 Jul 2025

read

The Thai Investment Scam That Sold Dreams and Stole Millions from Australians