Cross-cutting trends and actionable takeaways
1. Insider collusion with external threats
All these cases involve some form of personal motivating dynamic which makes individuals susceptible to perceived grievances, nation-state actors, criminal networks or corrupt vendors. AML, anti-cybercrime and anti-fraud professionals must broaden the definition of customer due diligence to include employee and third-partner due diligence.
2. Control failures enable longevity
Insider activity can take place over several years. Weak audit functions, override-prone cultures and insufficient data analytics enable the intrusion. Institutions should deploy:
▪ Behavioral biometrics
▪ Vacation and rotation policies
▪ Real-time monitoring of employee financials and access behavior
3. Interconnected risk domains
Insider threats no longer stand alone. They interact with cyber risk, geopolitical risk, sanctions evasion, procurement fraud and crypto-enabled money laundering schemes.
Recommendations for anti-financial crime professionals
1. Develop insider threat typology libraries: Tailor detection models to reflect internal role-specific risks ― e. g., procurement officers vs. IT administrators vs. HR professionals.
2. Red team exercises: Test systems with simulated internal breaches to identify the weakest access points.
3. Collaborate across departments: Insider threats sit at the intersection of HR, cybersecurity, AML and compliance. Interdisciplinary detection teams can be critical.
4. Integrate employee risk scoring: Use risk scoring for staff based on access levels, financial pressures and behavioral anomalies ― like customer risk scoring in AML.
5. Strengthen whistleblower protections: Insider threats are often uncovered internally. Safe and anonymous reporting channels can hasten reporting.
Conclusion
Insider threats now occupy a central place in the fraud and financial crime threat landscape. Addressing them requires systemic shifts in how institutions monitor, detect and respond to internal risk. These recent case studies ― from government departments to fintech firms ― are not outliers; they are warning signs of a broader vulnerability. For AML, cybersecurity or anti-fraud professionals, the path forward lies in reframing insider threats not solely as a personnel issue, but as a core component of financial crime risk management.
Joby Carpenter, SME, Emerging Threats and Illicit Finance, ACAMS, jcarpenter @ acams. org
1
“ The Threat from Within: A Growing Concern,” ACAMS, Cifas, May 2025, https:// www. acams. org / en / media / document / 39113
2
Cifas is a U. K.-based nonprofit fraud prevention service which enables data and intelligence sharing across members in the banking, retail, insurance and telecoms sectors.
3
Adonijah Ndege,“ Kenya’ s Equity Group fires 1,200 staff after internal $ 15.4 million fraud probe,” TechCabal, May 30, 2025, https:// techcabal. com / 2025 / 05 / 30 / equity-group-ceo-fires-1200-fraud /
4
“ Former State Department Budget Analyst Pleads Guilty to Embezzling More than $ 650,000,” U. S. Attorney’ s Office, April 30, 2025, https:// www. justice. gov / usao-dc / pr / former-statedepartment-budget-analyst-pleads-guilty-embezzlingmore-650000
5
Anika Arora Seth,“ Ex-CFA Institute Executive Charged With Embezzling Millions,” Bloomberg, June 23, 2025, https:// www. bloomberg. com / news / articles / 2025-06-23 / ex-cfa-institute-executive-charged-with-embezzling-millions
6
“ Four men jailed for £ 6m bribery and corruption against NHS Scotland,” NHS Counter Fraud Authority, June 5, 2025, https:// cfa. nhs. uk / about-nhscfa / latest-news / four-men-jailed-for-bribery-against-NHS-scotland
7
Tom Gerken,“ Leading crypto firm Coinbase faces up to $ 400m hit from cyber attack,” BBC, May 15, 2025, https:// www. bbc. co. uk / news / articles / c80k5plpx8do
8
“ Department Files Civil Forfeiture Complaint Against Over $ 7.74M Laundered on Behalf of the North Korean Government,” U. S. Department of Justice, June 5, 2025, https:// www. justice. gov / opa / pr / department-files-civilforfeiture-complaint-against-over-774m-laundered-behalfnorth-korean
9
Robert McMillan and Dustin Volz,“ North Korea Infiltrates U. S. Remote Jobs ― With the Help of Everyday Americans,” The Wall Street Journal, May 27, 2025, https:// www. wsj. com / business / north-korea-remote-jobs-e4daa727
ACAMS Today | September – November 2025 41