EU Fintechs Face New AML Duties as APP Scams Surge

The surge in instant and online bank transfers has turned Authorized Push Payment (APP) scams into the dominant form of payment fraud across the European Economic Area. Unlike traditional card fraud, victims voluntarily approve the transfer, often sending amounts well above €2,000 per incident. This high‑value, cross‑border flow feeds directly into money‑laundering pipelines, with mule accounts and crypto conversions obscuring the trail. As a result, credit‑transfer fraud now represents roughly €2.5 bn of the €4.2 bn total payment‑fraud losses recorded in 2024, reshaping the risk landscape for banks and fintechs alike.

Regulators have responded by embedding APP scams within the anti‑money‑laundering framework. The upcoming PSD3 amendment and AMLD6 directive explicitly label fraud as a predicate offence, expanding PSP liability for failing to prevent impersonation fraud. From 2026, the European Anti‑Money‑Laundering Authority will enforce unified supervision, demanding that suspicious‑activity reporting cover scam‑related transfers. These reforms aim to close the gap between fraud detection and AML monitoring, ensuring that funds are flagged while still in motion rather than after they have been layered abroad.

For industry players, the new rules mandate a structural overhaul of financial‑crime functions. Separate fraud and AML teams must converge onto shared platforms that fuse behavioural analytics, real‑time alerts and risk‑scoring models. RegTech vendors are already offering unified solutions that ingest fraud intelligence into AML transaction monitoring, while data‑sharing provisions encourage collaborative investigations of mule networks. Firms that adopt this integrated approach can reduce loss exposure, improve customer trust, and stay ahead of increasingly stringent European supervision.