The State of Global Scam Prevention: Regulatory Gaps, FI Challenges, and Solutions for 2026

A level of frustration comes in when I assess scam fighting results in 2025.  I have just come back from Global Anti-Scam Alliance (GASA) North American annual meeting, and the appetite for change is high. There are controls, many proven, that can be deployed to help mitigate consumer scams. These are set out in detail in the Outseer Consumer Scam Controls whitepaper and in the recent Aspen Institute report calling for a national strategy to prevent scams.

However, against a backdrop or transnational organized crime and massive scam compounds in Southeast Asia raking in tens of billions of dollars, I fail to see a truly aggressive fight being mounted by the ‘good guys’. What is holding us back?

Australia: Strong Scam Framework, Slow Execution

A major source of inconsistency begins with governments and regulators themselves, where promising frameworks stall, shift direction, or fail to confront the scale of the problem.

The Australian government was on a tear through February 2025. With unusually fast and deft political action, it passed the Scam Prevention Framework (SFP), which requires banks, telcos and digital platforms to have proper controls or risk being liable for scam losses.

The next step was to define the sector-specific controls and how reimbursement will work. The Australian Treasury just released the Scam Prevention Framework consultancy on the controls.  This document included the proposed scam controls for banks, telcos and digital platforms and how consumer reimbursement will be handled.

I believe the holdup was tied to writing the control and associated reimbursement requirements. It is difficult to specify when controls are considered noncompliant and therefore trigger reimbursement.

UK Leadership in Scam Prevention Showing its Limitations

The UK is widely seen as the global leader in consumer scam prevention and reimbursement, yet significant opportunities are still being missed.

A surprise in 2025 was the UK government’s decision to modify the role of the Financial Ombudsman Service (FOS). This has effectively pushed the FOS to recalibrate when it recommends reimbursement. Victims can still appeal to the FOS when a bank denies a claim, but the process has become far more burdensome. Anna Rowe, co-founder of LoveSaid (a nonprofit supporting reimbursement cases), noted the FOS has added dozens of new questions before a claim can even be reviewed, adding 12–24 hours of work per case, even for an experienced advocate. This hardly supports swift reimbursement.

The Financial Conduct Authority (FCA) also released a report showing wide inconsistency among financial institutions in identifying and mitigating romance scams. Some firms exceeded expectations; others failed outright. The FCA highlighted repeated missed opportunities to detect suspicious activity: transfers to unfamiliar overseas jurisdictions, rapid-fire payments, and sudden spikes in transaction values. One bank missed six high-value transfers totalling over £131,000; another allowed 403 payments over a year, resulting in £72,000 in losses. This is in the UK, where some of the strongest controls in the world exist. It raises serious questions about how much romance-scam activity is being missed globally.

Meanwhile, Ofcom has delayed finalising requirements for digital platforms under the Online Safety Act. Although the law passed in 2023, Ofcom now expects to publish final guidance in early 2027. Two years on, consumers still do not know when these protections will take effect.

Why Digital Platforms Struggle to Police Scams

In November, Reuters reported that Meta projected 10% of its 2024 revenue would come from ads for scams and banned goods. Internal documents also estimate the company shows users 15 billion scam ads a day. Meta’s platforms are frequently cited in the UK as the primary starting point for many scams.

Reuters further noted that Meta earns roughly $16 billion a year from advertising linked to scams and banned goods. It’s hard to expect digital platforms to meaningfully curb scam ads when the revenue tied to them is so substantial. According to the same report, Meta even charges higher rates when an ad appears “scammy,” applying a penalty when it suspects an advertiser may be fraudulent.

This creates a fundamental conflict of interest: scam prevention versus profit.

Data Sharing: Still the Weak Link

Effective data sharing for fraud and scams is still stuck in the mud in the US. While there are good examples, too many banks remain hesitant due to unclear government guidance.  This was discussed in detail in my recent blog interview with NCFTA founder Dan Larkin, Why U.S. Banks Must Embrace Fraud Data Sharing.

Even in the UK, where data sharing is far more established, industry groups are still asking the government to do more. Jane Jee of the Payments Association noted in November 2025 that information sharing often happens informally between banks that know each other, but not at the scale needed. Criminals can attempt to open accounts at a dozen or more institutions, and two banks sharing data “is neither here nor there.” Firms also worry they may be fined for sharing customer data for intelligence purposes.

These same concerns apply across the US and other markets, limiting the effectiveness of cross-bank fraud prevention.

California Law has Unintended Consequences

During my research, I came across a California law that could unintentionally discourage banks from training staff on consumer scams. Too much training could be interpreted as giving banks “absolute knowledge” of a scam, increasing their potential liability if mistakes occur, especially when protecting elderly customers.

I clearly want banks to have well-trained staff to deal with scams, but when liability concerns come into play, it can undermine the very scam prevention we need more of.

The Other Side of the Coin: Positive Scam Prevention Momentum Globally

Now all is not ‘gloom and doom’ when it comes to protecting consumers from scams.  Here are some very positive examples of steps being taken, such as stronger enforcement actions in the U.S.

Scam Center Strike Force

In November, U.S. Attorney Jeanine Pirro announced the first U.S. Scam Center Strike Force targeting Southeast Asian cryptocurrency-related fraud. According to the Department of Justice, the Strike Force brings together the U.S. Attorney’s Office, DOJ Criminal Division, FBI and Secret Service to disrupt these schemes. The U.S. government is finally joining the fight in a serious way.

Sanctions and Seizures

In late 2025, U.S. law enforcement announced sanctions against major scam groups. The DOJ also issued a seizure warrant to Starlink for satellite internet systems being used at scam compounds.

Arrests and Takedowns

Several scam compounds in Southeast Asia have been shut down, and U.S. agencies have made notable arrests. In one case, FBI San Diego arrested 22 individuals tied to an international elder scam network impacting up to 500 victims.

Better Consumer Protections in the U.S.

Many U.S. states have introduced voluntary transaction holds for suspicious payments initiated by elderly customers, providing safe harbor for banks and credit unions that intervene.

Asia-Pacific Countries Rolling Out Comprehensive Scam Controls

Countries including Hong Kong, Singapore and Thailand are adding coordinated scam controls involving banks, telcos and digital platforms. Requirements commonly include money mule management, data sharing and the establishment of National Anti-Scam Centres.

Although the Australian government has slowed SFP implementation, Australian banks continue to introduce innovative scam controls. CEOs regularly highlight these measures and their impact. Scam levels remain too high, but Australian banks are moving in the right direction.

Improved KYC in Digital Platforms

In November, the Wall Street Journal reported that Tinder will soon require all new U.S. users to complete a video scan before swiping. According to Yoel Roth, who leads trust and safety at Match Group, the feature aims to reduce bots, impersonation and banned users returning. At last, some dating platforms are focused on member KYC to prevent romance scams.

Financial Institutions Expanding Scam Prevention Teams

More large and regional banks have introduced dedicated consumer scam prevention teams. I was particularly encouraged to see Patelco Credit Union receive an award for its Elder Financial Abuse Prevention Program (EFAPP). In 2025, EFAPP prevented more than $2.7 million in potential fraud losses for elder members and reviewed $3.2 million in flagged transactions. This is real focus.

National Anti-Scam Collaboration Models Emerging

Canada’s Anti-Scam Coalition brings together government, banks, telcos, digital platforms and law enforcement to coordinate national scam-prevention strategies.

The Path Forward for 2026: What Must Change to Fight Scams Globally

Every “rank and file” fraud fighter I meet in the US wants to take on consumer scams. Too often, they simply can’t secure the funding to build a proper scam-prevention program. At many FIs, scam prevention still doesn’t have high enough priority, and there are no broad regulations around consumer scams or money mule detection to justify investment - beyond the narrower rules related to elder protection.

From the US, I hope to see:

1. Broad private-sector adoption of the Aspen Institute scam controls.
2. Full commitment from banks, telcos, fintechs and digital platforms to reduce consumer scams.
3. Clear, serious direction from the U.S. government and Congress on scam controls, mule detection and data sharing.

Closing Thoughts

The controls to fight consumer scams already exist. The fraud fighters are ready. What’s needed now from the private sector is the will and the funding to act. Government and Congress may take longer, but they are an essential part of the solution.

If 2025 was the year we finally recognized the scale of the threat, 2026 must be the year we act on it.

To dive deeper, read the Outseer Consumer Scam Controls whitepaper, which contains 70+ proven global controls for financial institutions to disrupt scams across every stage of the attack chain.