Hey all, Jason here.
Yes, I’m in your inbox on a Wednesday with a newsletter — bringing you a guest post from Kunal Datta, Chief Product Officer at Unit21. Kunal presents a thoughtful analysis of why the financial industry’s approach to fraud is fundamentally broken — and what we can do about.
Guest post authored by Kunal Datta. Kunal is the Chief Product Officer at Unit21, the leader in AI Risk Infrastructure for fraud & AML serving 200+ fintechs & financial institutions across 90 countries.
Think of the ocean. At the surface, it is violent, unpredictable, shifting by the hour, the waves shoved around by whatever the wind and weather happen to be doing that day. Go deeper, and it calms. Down on the floor, things barely move at all.
Fraud works the same way.
The surface is chaos. Deepfake video calls that impersonate your CEO. AI-generated phishing that learns and adapts in real time. Pig-butchering scams that run for months before any money moves. Just this year, INTERPOL warned that AI-enhanced fraud is now 4.5 times more profitable than traditional methods, and that agentic AI systems can plan and run a complete fraud campaign on their own, from reconnaissance to extraction. The surface will keep changing, faster than anyone can keep up.
Go to the bottom, though, and one thing has held constant for as long as money has existed: fraud always ends in the movement of money. No matter how sophisticated the social engineering, no matter how convincing the deepfake, the goal is the same. The fraudster wants money, and money has to move to get there.
None of this is a new observation. What is new is that most of the industry is still chasing the surface.
Companies scramble to buy point solutions for deepfake detection, voice authentication, behavioral biometrics, and half a dozen other tools aimed at the attack of the moment. Every year, at every conference, a new vendor promises to solve the latest threat. Every year, a new threat makes last year’s solution irrelevant. It is an arms race you cannot win, because the surface will always change.
The better question is the one almost nobody asks: what are you doing about the part that never changes?
Strip away the complexity, and fraud happens in exactly two ways.
The first category is people you know. These are your existing customers, already in your system, already transacting. Maybe they are the perpetrator. Maybe they are the victim. Either way, they are in your data. You have their transaction history, their device information, their behavioral patterns. The challenge here is finding the signal in what you already hold.
The second category is people you do not know. This splits in two. First, there are new customers at onboarding, people walking through your door for the first time, about whom you know nothing yet. Second, there are counterparties on the other end of a transaction who have never had an account with you. They could be anyone.
That is it. There is no third category. Every fraud event in the history of financial services falls into one of these two buckets, or a combination of them.
For the people you know, detection comes down to understanding their behavior, most of all their transaction patterns, because money movement is the constant.
For the people you do not know, it comes down to what you can learn about them quickly: their device fingerprint, their phone and email reputation, and whether they have been flagged elsewhere in the financial ecosystem.
The approaches are different. The principle is the same. Find the signal, and act on it.
For years, the fraud industry has been stuck in a debate that was framed wrong from the start: rules versus machine learning. Pick a side. Which one is better?
Consider what each side gets right, and what each side gets dangerously wrong.
Machine learning models learn. That is their great strength. Feed them enough labeled examples of fraud versus legitimate activity, and they will find statistical patterns across millions of transactions. They scale. They automate. For known fraud typologies where you have deep historical data, they perform remarkably well.
However, ML models carry three weaknesses that the industry consistently underplays.
The first is data hunger. A model needs hundreds of thousands of classified examples before it performs reliably, which makes it structurally terrible at catching new fraud that has never been seen before. A novel attack looks “normal” to a model trained on yesterday’s fraud.
The second is opacity. The best-performing models are black boxes, and there is an inherent trade-off between accuracy and explainability. Most teams choose accuracy. What they get back is a score, maybe 95% suspicious, with no clear account of why. Try defending that to a regulator. Try explaining it to an analyst who has to make a disposition.
The third is the retraining cycle. A new fraud type surfaces, so you go to your data science team, wait for a retraining cycle, validate, test, and deploy. By the time the model is updated, the attack has moved on. The dirty secret of ML in fraud is that, most of the time, it is catching last quarter’s fraud.
Rules run the other direction. A fraud analyst sees a new pattern, maybe two or three examples, and writes a rule to catch it. It needs no training data and no retraining, just a human recognizing something unusual and turning it into logic.
Rules are extraordinary at emergent behavior. They are fast to deploy, fully transparent, and entirely under the control of the team that wrote them. Every decision is explainable, auditable, and defensible. For regulators, rules are the gold standard.
The problem is that rules do not learn. They are static. They need constant human attention to maintain, update, and expand. As fraud evolves, rule libraries grow into unwieldy systems that are expensive to manage and impossible to optimize at scale.
The question should never have been “rules or ML.” The real one is: what if you could have both?
What if you could have a system that learns continuously from real outcomes, adapts to new fraud patterns with one or two examples instead of a hundred thousand, keeps every decision fully explainable, and lets the fraud team stay in control without a data science team in the loop?
This is not a hypothetical. It is the third path.
The breakthrough that makes this possible is not a better ML risk score. Rather, it is the application of large language models to the fraud detection workflow in a fundamentally different way.
Consider what happens every time an analyst reviews an alert and makes a disposition. They leave behind a trail of reasoning: narratives, case notes, comments, annotations. Traditionally, that information sits unused. The decision is recorded as a binary, true positive or false positive, and the reasoning behind it evaporates.
LLMs change that entirely. They can read those analyst narratives, extract the investigative reasoning, identify the underlying signal, and generate improved detection logic from what analysts are actually finding in the data. True positives reinforce and sharpen existing rules. False positives trigger new filters that cut noise. Every investigation makes the system a little smarter.
The result is a continuous feedback loop between detection and investigation that has never existed before. Rules that were once static now evolve. The signal that was once trapped in analyst notes is now put to work. The whole system learns, not at the glacial pace of ML retraining, but in real time.
The advantages over traditional ML are not incremental. They are structural. This approach works with one example instead of a hundred thousand. It is fully explainable, because the output is human-readable logic rather than a statistical score. It adapts to new fraud vectors immediately, not after a retraining cycle. It keeps the fraud team in the driver’s seat, able to review, modify, and validate every recommendation before it goes live.
This is not AI replacing the analyst. It is AI thinking with the analyst. The combination is more powerful than either could be alone.
There is a conversation happening across the industry right now about AI and efficiency. How much can we reduce headcount? How many minutes can we shave off an investigation? How much can we cut alert review costs?
These are the wrong questions.
At the end of every unreviewed alert, there is a real person. Someone whose life savings are being drained. Someone whose identity is being weaponized. In the worst cases, someone is being trafficked, exploited, or used to fund terrorism through the financial system.
The U.S. Treasury’s 2024 National Money Laundering Risk Assessment identified fraud as the largest driver of money laundering activity in the country, with billions of dollars a year connected to drug trafficking, human trafficking, cybercrime, and corruption. INTERPOL’s March 2026 Global Financial Fraud Threat Assessment went further, warning that fraud now sits at the center of “polycriminality,” intersecting with organized crime and human trafficking networks on a global scale.
Even so, most financial institutions set their detection thresholds based on how many alerts their team can handle.
I recently asked a compliance leader how he decides his thresholds. He licked his finger and held it up in the air. That was the most honest answer I have ever gotten. Once you sit with it, you realize what that gesture actually decides: which crimes get looked at, and which ones do not.
Consider what that means. The line between “investigated” and “ignored” is not drawn by risk. It is drawn by operational capacity. When an institution lacks enough analysts, real crimes go undetected, not because the system could not catch them, but because nobody was there to look.
This is where the efficiency framing does real damage, because it reduces AI to a cost-savings story. The actual argument for AI in fraud and compliance is not about reducing headcount. It is about reviewing every alert that matters, at the depth it deserves, in the time that real-world urgency demands.
Consider the regulatory framework itself. Financial institutions have 30 calendar days to file a Suspicious Activity Report after detecting suspicious activity. That is a 30-day window in which potentially criminal activity, including human trafficking, money laundering, and the funding of terrorism, continues while the alert sits in a queue. That clock was never meant as a box to check before an audit. It exists for one reason: to stop criminal money from flowing through your institution.
We talk about AI as a clever efficiency technology, when it is really a societal imperative. If you do not use AI to review more alerts, faster, and at greater depth, then real harm is happening to real people while you let it sit there.
This is not hyperbole. It is the direct consequence of the status quo. The decision not to invest in AI for fraud and compliance is not a neutral cost-saving calculation. It is a choice with human consequences.
There is one more structural problem the industry has not solved: information asymmetry.
When a fraudster is flagged at one institution, there is no reliable, privacy-preserving way to share that intelligence across the financial system. The result is that the same bad actor moves from institution to institution, exploiting the fact that each one starts from zero.
Traditional information-sharing mechanisms, like 314(b) in the United States, are voluntary, opt-in, and oriented toward money laundering rather than real-time fraud. Coverage is patchy. Much of the non-bank ecosystem, fintechs, crypto exchanges, payment processors, and the other companies now moving trillions of dollars a year, never gets reliably connected. Most consortium products, for their part, are siloed by payment rail: one for checks, another for cards, another for wires.
This is a structural gift to fraudsters. As one veteran fraud fighter put it to me, fraudsters do not pick and choose payment rails. They move money, and they use whatever gets it through. The detection infrastructure should work the same way.
A truly effective consortium has to be payment-rail agnostic, covering cards, wires, ACH, crypto, P2P, and whatever comes next. It has to span institution types too, not only banks but fintechs, crypto platforms, lenders, and neobanks. Privacy has to be absolute, so that intelligence can be shared without exposing the underlying customer data.
Combine that kind of network intelligence with AI agents actually conducting in-depth investigations, and something powerful happens. Seen in isolation, a single anomaly at a single institution looks like noise. When the same entity shows the same anomalous behavior across five institutions, on different payment rails, over a span of months, that is a pattern, and the pattern becomes visible only when the data is connected.
According to Experian’s 2026 fraud research, seventy-three percent of fraud decision-makers now agree that sharing fraud intelligence is essential to staying ahead of threats. The question is no longer whether to share. It is how to share safely and comprehensively, in a way that strengthens the entire network rather than only your own organization.
The fraud industry is at an inflection point.
For the past decade, the dominant paradigm has been simple: build a machine learning model, set a threshold, and hire analysts to review what comes through. That paradigm was designed for a world where fraud moved slowly, and data science teams had time to iterate, a world where the fundamental constraint was human operational capacity. That constraint no longer holds, so that world is gone.
What comes next is a different architecture. One where generative AI and rules work together in a continuous feedback loop, where every investigation makes the detection engine smarter, where new fraud vectors are caught with one example instead of a hundred thousand, and where every decision stays fully explainable and auditable.
What comes next is a world where no institution fights fraud alone, where anonymized intelligence flows across the financial ecosystem in real time, strengthening every participant.
What comes next, finally, is a long-overdue reframing of why this work matters. Not because it saves money, not because it satisfies regulators, but because there are real people on the other end of every unreviewed alert, and they deserve better than a threshold set by someone licking a finger and holding it up to the wind.
The spirit of regulation is not about meeting a 30-day deadline. It is about making sure nefarious activity is not funded through our institutions. Take that spirit seriously, and the conclusion is hard to avoid: not using AI is not a cost decision, it is an abdication.
The surface of fraud will keep changing. The tools of deception will grow more sophisticated, but the fundamentals will hold. Money will always need to move. Institutions will always need to decide who to trust. However, the difference between catching the fraud and missing it will come down to whether your detection infrastructure was built for the world as it has been, or the world as it is today.
To learn more about Unit21 and how it matches up to 40+ fraud vendors, read the Chartis vendor spotlight on Unit21 for Enterprise and Payment Fraud.
