Latest white paper on evolving regulations and emerging technologies

  • Industry perspective: The key forces driving AML reform in 2025 and beyond.

  • Operational insight: How automation is reshaping onboarding and accuracy.

  • Strategic value: Where collaboration is unlocking the next era of compliance.

Access White Paper
relycomply whitepaper

5 Cybersecurity weak spots

Cybersecurity AML

Cybercrime is on an upward trajectory thanks to digitalisation, and that’s a worry for us all. Data infiltration can affect every consumer; access to bank accounts, but also social media profiles and stored e-commerce details ripe for identity theft or even romance scams. In that light, this Cybersecurity Awareness Month feels more timely than ever.

Malware, phishing, ransomware, deepfakes, and DDoS attacks once reserved for IT teams are no longer underground. We hear often in mainstream media of stolen personal data at worldwide-connected businesses committed to maintaining customer security: 7.4 million exposed records at French luxury goods conglomerate Kering by the “Shiny Hunters” hacking group, or attacks by “Scattered Spider” on huge companies including Allianz, Victoria’s Secret and Whole Foods. 

No matter the industry or where data is stored, criminals are primed to extrapolate it for ill means, financial or otherwise. Given data privacy laws ramping up and financial institutions’ (FIs) obligations to adhere to them, anti-money laundering (AML) checks play a defining role in maintaining consumer safety. If not, the damage for all parties is near impossible to rectify.

Identifying the AML weak links

Across Africa, financial services and government sectors make up two of the top three most targeted businesses, alongside the main target: telecommunications. Fraud related to that space costs South Africa around R5.3 billion a year, with digital systems and infrastructure in the firing line. According to Check Point Research, the country’s organisations face 2,113 a week – a harrowing increase of 14% year on year. 

Cybercrime impact in South Africa

Cybercrime is a trillion-dollar problem globally and counting. No place is completely removed from an attacker’s tractor beam; given the amounts of personal detail we have online, unknown amounts are already available on the dark web as a result of lax customer care, yet also poor know your customer (KYC) checks and other anti-fincrime and data privacy controls at the organisations we do business with every day.

When an average data breach can cost a company around R44.1 million, it’s crippling to the nationwide economy and places consumer trust at risk. There’s little scarier than becoming an unwitting victim of crime that’s becoming a bigger possibility day by day, despite parameters in place to protect sensitive data. When the important data usage agreement is broken, there’s little to come back from.

The top 5 cybercrime vulnerabilities in financial services

Adhering to data privacy regulations is another headache for companies already swamped with protocols to identify areas of laundering, fraud, exploitation and other cybercrime. Being able to do so takes a strategic human-led approach to utilising technology from onboarding through to perpetually-monitored customer activity, but enduring platform and peoples’ weaknesses often grant cybercriminals access through these routes:

  • Poor risk assessment controls: from the onboarding stage, FIs must adopt risk-based strategies to identify persons or organisations from high-risk regions or industries to flag anomalous activity that has higher potential for criminality.
  • Overlooked authentication: weak passwords are always poor practice, where modern businesses may also lack two-factor authentication, AI-driven techniques and encryption to protect customer data.
  • Weak identity verification (IDV): FIs are acting against tricky synthetic identity capabilities, and need granular AI-led biometric capabilities to instantly scan consumer details against trusted governmental records to stand a chance (and speed up KYC).
  • Siloed AML: outdated legacy systems can store consumer datasets sporadically and render them vulnerable to brute force attacks, also slowing FIs’ ability to complete KYC and monitor behaviours in a valuable one-system view to report suspicious instances to authorities.
  • Skills gaps: cybersecurity is a growing specialism, where talented hires are required of a business to adhere to regulations, but also to develop secure software and architecture to serve strong data privacy expectations. Companies need regular training to be aware of AML threats and preventative measures.
Cybercrime weak spots

These potential trip-ups apply to every single financial services business, and if you translate this to every industry that captures, stores and uses customer data, there’s an unthinkable number of simple paths for a hacker to worm their way into the system.

Understanding the cybercriminal’s playbook

Cybercriminals are parasitical in capitalising on the exposed flaws of others and use sophisticated tools to stay streaks ahead in the digital race, leaving institutions playing catch up. Identity crime is growing with perpetrators fully understanding that it is harder than ever to separate fact from fiction in online spaces. 

Phishing scams are a form of social engineering utilised to manipulate consumers to ‘give over’ details willingly through trust, often disguised as legitimate peoples or businesses. Even still, this is not too new a technology compared to Generative AI (to fabricate identities on WhatsApp, or using mock-up images), as well as deepfaking and injection techniques that can bypass even advanced IDV software – and they’ll continue to attack weak spots to get a bigger bite of the apple.

En masse, connected criminals networks only need one small kink in the chain to gain access and share their data prizes with others for all manner of uses. Our defense against them is minimal in comparison: organisations with varying levels of KYC, and suspicious activity detection and monitoring capabilities unlinked with prosecution authorities. It leaves the anti-fincrime department a ‘reactive’ power after the crime has been committed, mopping up the mess after it is too late.

There’s a cultural problem here too, as reporting of fraudulent incidents remains low – decreasing in South Africa to 65.1% in 2024/25. Banks and other institutions cannot know the true extent of the problem, but nor should they rely on their consumers when they have a duty to protect their digital infrastructure from harm. Ill-fitting criminal detection will continually turn customers away, and cause reputations to plummet.

Necessary responses to combat cybercrime

The internet remains a frontier that’s difficult to govern in a centralised way. However, given the prominence of digital crime and growing awareness of it, multinational organisations, individual governments and expert agencies are joining forces in combat. 

The European Union is looking to roll out so-called ‘digital resilience laws’ (the Digital Operational Resilience Act, the Cyber Resilience Act) to complement their attempts to define and implement ethical AI usage through the AI Act. Denmark is looking to legalise the protection of personal identity from imitations. Cybercrime has many iterations, but attempts to rise to emerging methods sends a clear message around how regulation and action can spur change.

In the private sector, there’s a mixed range of responses. As WEF’s Global Cybersecurity Outlook finds, almost 80% of organisations identify the role of regulation is reducing criminal risk, yet almost as many see the growing complexity of compliance requirements challenging. This is where partnerships with AML expertise and regulatory technology (RegTech) providers can start to strengthen defences against infiltrating financial criminals, as follows:

  • Integrated fraud detection: with sophisticated IDV for KYC and multi-tier authorisation against trusted sources, businesses can onboard and validate customers in the knowledge that they are who they say they are.
  • Automated monitoring and screening: continuous activity checking with AI’s data processing abilities updates customer profiles in real time according to risk thresholds, so no high-risk alerts are missed post-onboarding.
  • Expert-led AI training: by simulating known threats using AI models, AML systems are able to identify suspicious behaviours indicative of fraudsters and continuously learn to preempt evolving typologies.
  • Flexible compliance: using cloud-based platforms pre-set to regional and global AML regulations and data privacy acts, businesses can securely store consumer data without regulatory rebuttal.
  • Risk reporting and cooperation: with integrated ways to compile suspicious activity reports (SARs) to authorities, a proactive, collaborative stance to detect and investigate illicit fund flows is possible.

These capabilities are available to firms immediately, to install a risk-based approach against AML and cybersecurity threats that’s able to future-proof sectors from inevitable criminal sophistication.

Cybersecurity – awareness to action

Cybersecurity Awareness Month is observed and promoted by some of the largest tech-movers on the planet: America’s Cyber Defense Agency, Microsoft, the World Economic Forum, etc. Growing knowledge around what hackers are capable of is positive, but not enough to stop them in their tracks.

Regulators, FIs, agencies, and governments are all obliged to keep customers safe, yet there is still stalled dialogue around a cooperative approach against the highly smart and connected criminal underbelly, where RegTech can bolster identity detection, data privacy, and the sharing of expertise and digital capabilities industry-wide to strengthen that barrier.

Anti-cybercrime best practice cannot be achieved with immediate effect. Instead, steps to increase KYC and AML that’s fit for the current swathe of threats (and those to follow) is an integral start, and enough to close the vulnerabilities hackers see as the lifeforce for their endeavours which should never win.

Arrange a demo

More News and Resources

FAFT greylisting playbook

FAFT greylisting: How regulators can learn from South Africa’s playbook

October 6, 2025

Besides the negative connotations of a FATF greylisting, it&#8217;s a jolt for a nation to react and correct its AML functions from that initial failure. That is, if the efforts by the interrogated country are deemed effective in creating positive change, and a “sustained political commitment&#8221;.&nbsp; South Africa is currently within the zone of judgement; &hellip; <a href="https://relycomply.com/faft-greylisting-how-regulators-can-learn-from-south-africas-playbook/">Continued</a>

UK National ID card

Digital ID debate: the UK pushes back on the Brit Card

October 15, 2025

Preventing financial crime is something we&#8217;re always working on at RelyComply, and now with the launch into the UK, we have started to hear from Brits about the implementation of the digital ID and what that means for them. Financial services have always identified people through KYC, KYB, and AML processes &#8211; but what happens &hellip; <a href="https://relycomply.com/why-the-uk-is-kicking-back-at-brit-card-digital-id/">Continued</a>

Blanket de-risking in AML

“Ghost Customers”: How de-risking excludes the very people banks should protect

October 29, 2025

As usual with financial compliance, if you fail to spot real risk, there’s dire repercussions. In the case of blanket de-risking, there’s an even greater Pandora’s Box of implications beyond stalling financial access to low-risk entities &#8211; wrongly chasing the “ghost customers” who rely on those they bank with the most.&nbsp; There’s already been a &hellip; <a href="https://relycomply.com/aml-risks-with-de-risking-in-banks/">Continued</a>

Cookie Settings

Manage your cookie preferences here.