Skip to content
Sanctions and Fraud: Managing Compliance in a High-Risk World
Compliance Risk Management

Sanctions and Fraud: Managing Compliance in a High-Risk World

William C Hord
William C HordChief Strategy Officer - ERM Pilot

By William Hord, Chief Strategy Officer – ERM Pilot Compliance Risk Management Series, Part 3 of 3

In an era of geopolitical volatility, rapid technological change, and sophisticated criminal schemes, sanctions compliance and fraud prevention have risen to the top of regulators' agendas. In 2026, financial institutions face a landscape where sanctions policy can reverse direction within a single quarter and payment fraud morphs with new channels and tools — even as parts of the underlying rulebook are themselves being actively rewritten. The key challenge is building adaptive governance and controls, not just maintaining static processes. Strong programs must evolve continually as regulators update expectations, criminals refine their tactics, and — increasingly — as sanctions and fraud enforcement converge at the federal policy level.

Sanctions Compliance in a More Volatile World

Sanctions programs haven't simply expanded in recent years — they've become genuinely volatile, and institutions need to plan for that volatility directly. New measures targeting Russia, Iran, North Korea, Belarus, Venezuela, and cybercriminal networks continue to affect many industries and jurisdictions. But the pace and direction of that activity has stopped being predictable. Through most of 2025, new Russia-related designations slowed considerably as the administration prioritized negotiations to end the war in Ukraine. Then, in October 2025, Treasury sanctioned two of Russia's largest oil companies, Rosneft and Lukoil. By March 2026, facing rising oil prices tied to the Iran conflict, OFAC issued significant relief to the Russian oil sector — general licenses that were themselves amended and superseded within weeks. General license expiration tracking has become its own discipline inside sanctions compliance programs; a lapsed GL can turn yesterday's lawful transaction into today's violation without any announcement.

At the same time, where OFAC has concentrated its actual designation activity has shifted. 2025 saw a notable pivot toward cartels and counternarcotics networks, Southeast Asia-based scam operations concentrated in Burma and Cambodia, and continued "maximum pressure" on Iran's shadow fleet and shadow banking networks. Enforcement followed a similar pattern: OFAC brought 14 public enforcement actions in 2025 totaling roughly $266 million, with a notable emphasis on non-bank "gatekeepers" — private equity funds, real estate firms, and attorneys — facilitating Russia sanctions evasion, a reminder that sanctions risk in an institution's customer base doesn't stop at the financial sector's edge. Criminal groups have continued developing intricate evasion schemes, including shell companies, foreign intermediaries, and illicit payment channels, in response.

In this environment, regulators stress that effective sanctions compliance goes beyond one-off list screenings. Institutions must demonstrate ongoing, risk-based oversight of sanctions obligations. Key elements of a robust program include:

  • Comprehensive Screening and Alerts: Checking customers, transactions, and new products against up-to-date OFAC lists and enhanced watchlists. This includes not only direct SDN matches, but entities owned or controlled by designated parties. Under OFAC's "50 Percent Rule," any entity owned 50% or more in the aggregate by one or more blocked persons is itself treated as blocked, whether or not it appears on the SDN List.
  • Alert Triage and Investigation: Promptly reviewing and clearing or escalating alerts, with clear procedures and documentation of decisions.
  • General License Monitoring: Given how frequently GLs are now issued, amended, and superseded, institutions need a defined process to track expiration and amendment dates in something closer to real time.
  • Governance and Ownership Controls: Documented policies, senior-management oversight, and explicit board reporting on sanctions risk. Policies should require due diligence on beneficial owners, corporate structures, and new counterparties — regulators expect firms to understand ownership structures and hidden relationships that could mask sanctioned parties.
  • Change Management: A process to rapidly integrate new sanctions and country restrictions — and to rapidly unwind controls when relief is granted, without creating gaps.
  • Tailored Training: Regular training for front-line and compliance staff on current sanctions trends and evasion tactics, such as deceptive invoice instructions or obscure ownership.
  • Risk-Based Scope: Sanctions controls should be scoped to the business model. A global correspondent bank with dozens of cross-border channels needs more extensive sanctions compliance than a small domestic-only credit union.

Regulators have made clear that list screening alone is not enough. OFAC guidance and examiners expect active due diligence on indirect relationships — U.S. persons may not deal indirectly with a blocked person acting on behalf of an otherwise non-blocked entity. In practice, this means compliance teams must use tools like beneficial-ownership databases and network analysis to uncover hidden connections. Institutions should assume that even if an entity itself is not on the SDN list today, it could become blocked — or, increasingly, un-blocked — in a future OFAC action.

Maintaining this capability is especially challenging for smaller institutions. Sanctions programs now cover more than 100 countries and hundreds of thousands of designated parties worldwide, and many community banks and credit unions have not increased compliance headcount to match. The solution is to leverage smarter technology and efficient workflows — automated screening platforms that flag potential ownership hits, combined with periodic manual review of high-risk relationships, can help a lean team meet growing expectations. It's worth noting that examiners are also being asked to tailor supervision more closely to institution size and complexity, so the expectation isn't necessarily "do everything a global bank does" — it's "demonstrate your controls are proportionate to your actual exposure."

Fraud Has Become an Enterprise Risk — and a Federal Enforcement Priority

Payment fraud is no longer a niche problem; it's an enterprise-wide threat affecting virtually every part of banking and payments, and it's now attracting formal attention from parts of the federal government that historically stayed out of it. Emerging instant-payment rails (such as FedNow and real-time ACH) and ubiquitous peer-to-peer systems mean fraudsters can move money instantly and irreversibly. Common schemes include business-email compromise, account takeover, payment-app scams, unauthorized push-payment fraud, check washing and counterfeiting, and deepfake-enabled identity fraud.

In April 2026, DOJ formalized its own institutional response, creating a National Fraud Enforcement Division under Acting Attorney General Todd Blanche, with an early focus on fraud against federal programs and benefits. FinCEN has issued its own advisories in the same vein, including a January 2026 alert on fraud rings exploiting federal child nutrition programs. On the consumer side, the CFPB has narrowed its enforcement focus considerably since early 2025, now prioritizing "actual fraud" — cases with identifiable victims and material, measurable consumer damages — over broader theories of consumer harm; that's a meaningfully different enforcement posture than a few years ago, even as fraud itself remains a stated priority.

The most significant new connector, though, is sanctions policy itself: a March 6, 2026 executive order directs an interagency review of the tools available against transnational criminal organizations running cyber-enabled fraud and "scam center" operations — many of the same networks OFAC has already begun designating under its sanctions authority. For institutions, that means a P2P or romance scam flowing through a customer account may now sit at the intersection of fraud, BSA/SAR, and sanctions screening obligations simultaneously, in a way it didn't a few years ago.

Regulators are responding by breaking down silos. Examiners increasingly evaluate fraud under multiple disciplines:

  • Consumer Protection: Whether fraud impacts consumers, especially elders, and whether error-resolution and refunds are handled per Regulation E and other statutes.
  • Operational Resilience: Whether the institution can detect fraud quickly and respond, including incident response testing and technology monitoring.
  • Cybersecurity: Because many fraud schemes start with phishing or credential theft, the OCC and FFIEC encourage cross-coordination between cyber and fraud teams.
  • Third-Party Risk: Outsourced payment services, fintech partnerships, and correspondent banking introduce new fraud avenues; third-party risk management is expected to explicitly address fraud controls.
  • BSA/AML Compliance: Fraud generates illicit proceeds, so AML exams focus on whether suspicious activity relating to fraud is being detected and reported.
  • Sanctions Exposure: Given the March 2026 executive order, scam operations increasingly touch designated or soon-to-be-designated networks directly.
  • Safety and Soundness: Fraud losses hit the bottom line; examiners assess loss trends and reserve adequacy.

Because of this overlap, bank leaders need an enterprise view of fraud, not a narrow one. Fraud control units, BSA/AML, IT security, and operations must share data — information on attempted fraud, even if blocked, should inform the money-laundering risk assessment, since criminal networks often use fraud to launder proceeds. Institutions should also be prepared to show examiners how they learn from fraud incidents: updating red flags in transaction monitoring after a new pattern emerges is central to satisfying examiners that a program is adaptive rather than static.

The Continued Resurgence of Check Fraud

Despite the decline in paper check volume, check fraud is surging. Criminal networks have focused on mail theft and check alteration with renewed intensity. Thieves routinely steal outgoing mail to obtain signed checks — from personal checks to tax refund and government benefit checks — then wash or counterfeit them, and may also exploit the personal data from stolen envelopes for identity theft.

The scale is significant. In its February 2023 alert, FinCEN and the U.S. Postal Inspection Service noted that financial institutions filed more than 350,000 check fraud-related SARs in 2021 — a 23% increase over 2020 — and that filings nearly doubled again in 2022, exceeding 680,000. A follow-up FinCEN trend analysis covering just a six-month window (February–August 2023) identified over $688 million in actual and attempted suspicious activity across more than 15,400 reports from 841 institutions. Broader estimates, incorporating unreported losses, put total U.S. check fraud losses at roughly $21 billion for 2023 alone — and Postal Inspection Service data shows mail theft from receptacles rose 139% between fiscal years 2019 and 2023, with little indication the trend has reversed since.

It's also worth being precise about a frequently cited statistic: FinCEN's 2023 alert states that fraud, including check fraud, is the largest source of illicit proceeds in the United States and an official AML/CFT priority — that's a claim about fraud broadly, with check fraud named as a significant contributor, not a claim that check fraud alone tops that list.

Many institutions, however, cut back on check-processing oversight in prior years, assuming fraud would wane as check usage declined. Criminals took advantage of that gap. Today's examiners are keenly focused on check controls, and will assess:

  • Check-Verification Processes: Policies for verifying payee names, endorsers, and validity of altered checks.
  • Positive Pay and Reverse Positive Pay: The extent of these programs, and whether exceptions are handled and resolved promptly.
  • Fraud Detection Systems: Whether systems are tuned to flag unusual check volume or payee name discrepancies.
  • Staff Training: Front-line tellers and fraud analysts trained to recognize mail-theft red flags.
  • Suspicious Activity Reporting: Close coordination between fraud and BSA teams. FinCEN specifically requests institutions reference the key term "FIN-2023-MAILTHEFT" in SAR Field 2 and the narrative, and mark SAR Field 34(d) for check fraud.
  • Escalation Procedures: Clear protocols on when to involve law enforcement (e.g., USPIS) and regulators if systemic check fraud is identified.

The bottom line: check usage may be down, but check fraud risk is up. Institutions should not let their guard down just because volumes are declining.

Fraud and AML Continue to Converge

One of the biggest exam themes of recent years is the convergence of fraud risk and AML compliance — and it's showing up directly in enforcement, not just in examiner commentary. In December 2025, the OCC issued a cease-and-desist order against Bank of America over BSA and sanctions program deficiencies, including delays in suspicious activity reporting; other 2025 OCC enforcement actions cited similar gaps tying BSA/AML weaknesses to fraud-adjacent findings.

Nearly every fraud scheme has money-laundering elements — stolen funds need to be laundered, converted, or moved offshore — and conversely, many AML indicators (multiple small transactions, atypical beneficiary changes) can also signal fraud. Financial institutions with cross-functional collaboration between AML analysts, fraud investigators, and cybersecurity teams have a real advantage. An AML team that notices multiple ACH payments to new accounts tied to a single Social Security number has spotted a possible synthetic identity fraud pattern; shared with fraud operations, that can surface related phishing attacks or account takeovers. The FFIEC's BSA/AML Examination Manual emphasizes that suspicious-activity monitoring and fraud monitoring should inform each other when similar red flags arise — and in February 2026, the FFIEC updated several sections of that manual, including its Suspicious Activity Reporting section, to remove references to reputational risk, consistent with a 2025 executive order. That's a real, current change worth knowing about — the manual's substantive expectations around fraud-AML coordination were not otherwise altered.

Institutions that silo fraud and AML often miss the broader picture: a check-washing scheme might generate SARs on the BSA side while fraud operations independently sees the counterfeit checks, and if these aren't connected, the institution may not spot the criminal network's full reach.

There's also a significant regulatory shift underway on the AML side specifically. In April 2026, FinCEN proposed a substantial reform of AML/CFT program requirements — moving away from prescriptive, process-driven compliance toward a risk-based, outcomes-focused framework, distinguishing between deficiencies in program "establishment" (design) versus "maintenance" (execution), and reserving significant enforcement action for the latter category to systemic failures rather than isolated technical issues. The proposal is not yet final — comments closed June 9, 2026, with a 12-month implementation window proposed after finalization — so institutions should treat it as a strong directional signal rather than a current requirement. It does not change institutions' underlying due diligence obligations in the meantime.

Increasingly, examiners probe whether an institution's enterprise risk assessment considers fraud-AML overlap explicitly — documentation should tie specific fraud trends (digital skimming, deepfakes, scam-center-linked activity) to the AML risk assessment and demonstrate how controls address both.

Governance and Adaptability Are Competitive Advantages

The overarching lesson from regulators is that adaptability is now a core compliance capability in its own right — not just because threats keep changing, but because the regulatory framework itself is being actively rewritten in real time, in more than one direction at once. Sanctions lists will expand and then loosen. FinCEN's AML/CFT program rule is mid-reform. DOJ has stood up new fraud infrastructure. The FFIEC has already revised manual language once this year. Institutions that succeed are not necessarily those with the largest compliance staffs, but those with the most nimble governance.

Key characteristics of a high-performing program include:

  • Dynamic Regulatory Monitoring: A formal process — a regulatory change register — that tracks new OFAC directives, FinCEN advisories and rulemakings, and executive orders, and automatically triggers review of affected policies and systems.
  • Cross-Functional Risk Committees: Regular forums where AML/BSA, fraud, sanctions, cybersecurity, operations, and legal teams share insights and coordinate responses to emerging threats.
  • Board and Management Reporting: Periodic metrics for senior management and the board, including sanctions program status, a dashboard of fraud losses and SARs, and remediation status.
  • Periodic Risk Assessments: Enterprise-wide assessments updated at least annually, explicitly considering sanctions (country and industry risk) and fraud channels (new products, payment modes, technologies).
  • Control Effectiveness Reviews: Independent testing of key controls — sanctions screening performance, fraud detection rules — often through internal audit or outside consultants, to catch blind spots.
  • Continuous Learning and Training: Scenario-based training and case-study reviews, including internal "war games" after significant publicized fraud events.

In short, compliance should function as an agile program, not a static manual. Regulators have signaled they will not accept "set it and forget it" approaches, even as some of them simultaneously reduce prescriptive procedural burden elsewhere. Those two things — less process, same or higher expectations for actual effectiveness — are not in tension. They're the same message.

Looking Ahead

Sanctions compliance and fraud management are no longer back-office checklists — they are central to an institution's enterprise risk profile, and as of 2026, they are also converging with each other at the level of federal policy, not just inside individual compliance departments. The best preparedness comes from treating both as living governance disciplines: continual horizon-scanning for new OFAC listings, emerging fraud typologies, and shifting AML program requirements, paired with the discipline to close policy or control gaps quickly in either direction — when scrutiny increases and when it eases. As criminals leverage AI, new payment apps, and increasingly sophisticated networks, compliance programs that adapt quickly will turn regulatory volatility into a competitive advantage rather than a liability.


ERM Pilot's Compliance solution is designed to support this approach. By linking a dynamic regulatory content library to your obligations register, policies, risk assessments, and controls, ERM Pilot ensures that updates — a new sanctions list, a fraud advisory, a revised exam manual section — automatically flag affected processes. In an era where examiners want proof of governance and evidence of change management, that kind of integration is a force multiplier. Start your free trial at ermpilot.com.

References

  1. U.S. Department of the Treasury, Office of Foreign Assets Control. Sanctions Programs and Country Information. Available at: https://ofac.treasury.gov/sanctions-programs-and-country-information
  2. U.S. Department of the Treasury, Office of Foreign Assets Control. Entities Owned by Persons Whose Property and Interests in Property Are Blocked (50% Rule), FAQ Topic 1521, revised guidance issued August 13, 2014. Available at: https://ofac.treasury.gov/faqs/topic/1521
  3. Corporate Compliance Insights. The State of OFAC Sanctions Enforcement in 2025-26, covering Rosneft/Lukoil designations, 2026 Russian oil sector relief, scam-network designations, and the March 2026 executive order on transnational fraud networks. Available at: https://www.corporatecomplianceinsights.com/state-ofac-sanctions-enforcement-2026/
  4. Financial Crimes Enforcement Network. Alert on Nationwide Surge in Mail Theft-Related Check Fraud Schemes Targeting the U.S. Mail, FIN-2023-Alert003. February 27, 2023. Available at: https://www.fincen.gov/news/news-releases/fincen-alert-nationwide-surge-mail-theft-related-check-fraud-schemes-targeting
  5. Financial Crimes Enforcement Network. Financial Trend Analysis: Mail Theft-Related Check Fraud — Threat Pattern and Trend Information, February to August 2023. September 2024. Available at: https://www.fincen.gov/news/news-releases/fincen-issues-depth-analysis-check-fraud-related-mail-theft
  6. Financial Crimes Enforcement Network. Alert on Fraud Schemes Involving Deepfake Media Targeting Financial Institutions, FIN-2024-Alert004. November 13, 2024. Available at: https://www.fincen.gov
  7. U.S. Department of the Treasury, Financial Crimes Enforcement Network. Anti-Money Laundering and Countering the Financing of Terrorism Programs, Notice of Proposed Rulemaking. April 10, 2026 (comments closed June 9, 2026). Available at: https://www.federalregister.gov/documents/2026/04/10/2026-07033/anti-money-laundering-and-countering-the-financing-of-terrorism-programs
  8. Office of the Comptroller of the Currency. Semiannual Risk Perspective, Spring 2026. May 2026. Available at: https://www.occ.gov/news-issuances/news-releases/2026/nr-occ-2026-35.html
  9. Office of the Comptroller of the Currency. Cease-and-desist order re: Bank of America BSA/sanctions program deficiencies, December 2025. Summarized at: https://www.bankingdive.com/news/bank-of-america-bsa-compliance-order-occ-aml/736287/
  10. National Credit Union Administration. NCUA's 2026 Supervisory Priorities, Letter to Credit Unions, January 14, 2026. Available at: https://ncua.gov/regulation-supervision/letters-credit-unions-other-guidance/ncuas-2026-supervisory-priorities
  11. Federal Financial Institutions Examination Council. BSA/AML Examination Manual, including February 2026 updates removing reputational-risk references consistent with Executive Order 14331. Available at: https://bsaaml.ffiec.gov/manual
  12. Norton Rose Fulbright. Summary referencing DOJ's April 7, 2026 memorandum creating the National Fraud Enforcement Division under Acting Attorney General Todd Blanche. Available at: https://www.nortonrosefulbright.com/en-us/knowledge/publications/fa891ed4/proposed-fincen-amlcft-rule-key-changes-for-financial-institutions
  13. Venable LLP. CFPB Narrows Supervision and Enforcement, Leaving Broader Focus to States, summarizing the CFPB's 2025 shift toward an "actual fraud" enforcement focus. Available at: https://www.venable.com/insights/publications/2025/04/cfpb-narrows-supervision-and-enforcement

Ready to transform your risk management?

Discover how ERM Pilot can streamline your compliance, automate workflows, and provide real-time insights for your organization.

Stay Updated on ERM Pilot

Join our newsletter to receive the latest news, feature updates, and expert insights on all things risk related.

We respect your privacy. Unsubscribe at any time.