Challenges in Understanding AML and Fraud Use Cases

Introduction

Financial crimes such as fraud and money laundering present a growing threat to global economies, costing an estimated $2 to $5 trillion annually. To counter these threats, financial threat intelligence plays a critical role. However, many organisations face ongoing challenges in defining and implementing effective anti-money laundering (AML) and fraud use cases. Key obstacles include poor data quality, lack of standardisation, limited collaboration, complex regulatory environments, high resource demands, and the rapid evolution of criminal tactics.

Key Challenges

Organisations depend on timely, high-quality data from sources like transactional records and know-your-customer (KYC) profiles to identify suspicious activity. Unfortunately, incomplete or outdated data often leads to missed threats—particularly in areas like cryptocurrency laundering, where anonymity complicates traceability. Real-time data feeds are essential to detect fast-moving fraud schemes such as phishing and investment scams, yet implementing such systems remains a significant hurdle.

Standardised data formats—such as STIX 2.1 (Structured Threat Information Expression)—enable consistent threat profiling, for example, detecting malicious URLs associated with phishing campaigns. In contrast, proprietary or non-standard data formats create information silos that limit internal coordination. A bank’s unique transaction logging system might prevent its fraud team from recognising patterns in invoice fraud, highlighting the need for interoperable data models.

Sharing threat intelligence is also critical. Internally, departments such as compliance, fraud, and cybersecurity must collaborate efficiently. Externally, sharing information with regulators, financial institutions, or international bodies is complicated by regulatory constraints and trust barriers. Secure protocols such as TAXII (Trusted Automated eXchange of Indicator Information) support these efforts but are difficult to deploy at scale due to data privacy concerns. Regulations like the EU’s Sixth Anti-Money Laundering Directive (6AMLD) and GDPR further increase compliance complexity by requiring organisations to anonymise data while maintaining threat indicators.

The technical side of detection poses additional challenges. Effective AML and fraud prevention demands skilled analysts and advanced technologies such as blockchain analytics. Criminal networks are increasingly leveraging technologies like AI, deepfakes, and cryptocurrency mixing services, making real-time detection even more difficult. While detailed threat profiles help identify risks such as spoofed emails in invoice fraud, these are only effective when built on accurate, well-structured data. Training, governance, and cross-platform integration remain difficult to implement across complex IT environments.

STIX-AML: Extending the Standard

To address some of these limitations, Njordium is leading the development of STIX-AML, a dedicated extension of the STIX framework tailored to AML, KYC, and fraud-related use cases. This initiative introduces machine-readable objects—such as x-suspiciousactivities, x-kycindividual, and x-kybbusiness—to represent financial crime data in a standardised format.

STIX-AML is designed to enhance interoperability, automation, and detection accuracy across platforms by integrating seamlessly with cybersecurity and fraud detection systems. While still under development, this extension represents a promising step toward enabling intelligence-led, real-time financial crime prevention.

Conclusion and Recommendations

Addressing the complexities of AML and fraud detection requires more than isolated tools or reactive strategies. The challenges—ranging from fragmented data and inconsistent standards to regulatory pressure and rapidly evolving criminal methods—are deeply interconnected. To respond effectively, organisations must take a comprehensive, intelligence-led approach that brings together people, processes, and technology.

Improving data quality and adopting structured formats like STIX 2.1 is a foundational step. As the financial crime landscape grows more complex, emerging initiatives such as STIX-AML offer a promising way forward by enabling interoperability and enhancing real-time detection across diverse systems. Equally important is fostering collaboration, both within and between organisations. Secure data-sharing platforms and clear governance models can help overcome regulatory and trust barriers, ensuring that relevant threat intelligence reaches the right stakeholders at the right time.

Staying compliant with evolving regulations demands continuous updates to policies and systems, requiring strong alignment between compliance, legal, and technical teams. Building and maintaining the right expertise is also critical. Organisations need to invest in skilled analysts and scalable technologies capable of adapting to new tactics, such as AI-driven fraud and cryptocurrency-based laundering. Ultimately, success in combating financial crime depends on a proactive mindset—one that integrates threat intelligence into daily operations, emphasises prevention over reaction, and embraces innovation as a core pillar of financial crime risk management.

Read the full report: Financial Crime Research: Threat Profiling of Fraud, Corruption, and Money Laundering, download here.

Njordium (2025): Download the STIX-AML Extension Proposal.