As Regulators Tighten Liability Rules, Banks Face Pressure to Justify Fraud Losses
In a rapidly evolving financial landscape, banks are confronted with significant challenges regarding fraud management. With the expansion of the Federal Reserve’s FedNow service to include high-value transactions of up to $10 million, financial institutions are compelled to reassess their fraud prevention strategies. The balance between reducing fraud losses and ensuring customer convenience, which has typically favored the latter, is becoming increasingly precarious.
As banks have historically managed to strike a balance by accepting a certain level of fraud loss rather than implementing stringent controls that may slow down transactions, the emergence of real-time payments has changed the dynamics significantly. A key drawback of such systems is their rapid pace; transactions now become irrevocable within seconds, which places immense pressure on banks to make swift decisions regarding potentially fraudulent activities before they can be thoroughly investigated.
Pressure from Regulators and Rising Fraud Losses
The situation is exacerbated by tightening reimbursement and liability rules, particularly in the U.K., where regulators are increasingly scrutinizing how banks not only fight fraud but also measure the acceptable level of risk they are willing to endure. While most banks already operate with an implicit fraud threshold—an internal balance between fraud prevention and customer satisfaction—analysts note that this threshold often remains unarticulated within the institution’s strategic framework.
Serpil Hall, a senior analyst with Datos Insights, indicated that the implicit fraud thresholds stem from various operational considerations. Authorization levels, customer journey friction, and budget allocations all play a role in defining how banks approach fraud mitigation. With fraud losses continuing to rise—despite increased spending on preventive measures—this balancing act is under increased scrutiny. For example, the FBI’s Internet Crime Report indicated that cybercrime losses in the U.S. surpassed $16 billion in 2024, marking a staggering 33% increase from the previous year. Compounding this issue, a study by Gartner revealed that while over half of financial institutions increased their fraud prevention budgets, approximately 70% still reported rising losses from fraudulent activities.
Trade-offs and Structural Challenges
According to Hall, banks often face trade-offs between two competing priorities: fraud prevention and customer experience during payment processing and digital onboarding. A noteworthy finding from Datos Insights revealed that while 60% of financial institutions monitor merchant chargeback rates, only a small fraction—27%—apply stricter authorization controls for high-risk merchants. The issue is further complicated by what Hall refers to as "structural invisibility." This term describes a scenario where false declines do not incur regulatory penalties and remain unquantified in financial reports, thus failing to appear in risk dashboards.
Devesh Desai, a partner at PwC U.S., noted that institutions are evolving their approach to fraud—moving away from the unattainable goal of complete fraud eradication towards optimizing controls based on acceptable business impacts. This involves weighing the cost of implementing additional controls against the potential losses prevented, while also considering customer inconvenience, false positives, and the overhead costs tied to investigations.
Desai acknowledged that excessively stringent controls could lead to as many complications as the fraud they aim to prevent, particularly in digital and real-time operational environments. However, this valuation of fraud risk as part of a commercial balance is not universally accepted. Brent Philips, senior vice president at b1Bank, emphasized that many institutions continue to absorb preventable losses due to a reluctance to invest adequately in fraud prevention solutions. He argued that this stems from a widespread lack of expertise in effectively mitigating such risks.
Compression of Investigation Timelines
The shift toward real-time payments has intensified these challenges, primarily by constricting the timelines for fraud and Anti-Money Laundering (AML) investigations. Will Lawrence, CEO of Bretton AI, pointed out that existing AML systems were primarily designed for slower batch processing environments. In contrast, with the FedNow service facilitating instantaneous transactions, compliance teams now confront narrower windows for reviewing higher-value transactions that carry substantial financial risks. The struggle lies not in detecting fraud but in swiftly completing investigations to make legally sound decisions before transactions can no longer be reversed.
In addition, growing demands for instant payments have sparked heightened regulatory scrutiny. In 2025, regulatory bodies such as the OCC, Federal Reserve, and FDIC initiated inquiries into the fraud risks associated with instant payment systems like FedNow and RTP.
Evolving Regulatory Landscape
Internationally, regulators have begun rethinking liability frameworks concerning fraud. In 2024, the U.K. instituted mandatory reimbursement regulations for authorized push payment fraud, while the European Union’s new directives will extend fraud reimbursement requirements across member states. These changes reflect a broader move towards establishing liability frameworks that govern how fraud risks are shared across various stakeholders in the financial ecosystem.
Hall noted that these developments surpass traditional notions of security regulation; they represent a mechanism for assigning financial repercussions based on failure to act upon fraud alerts. Furthermore, regulatory bodies are increasingly demanding transparency from institutions about the friction placed on customers due to fraud controls. As such, banks are investing heavily in AI-driven fraud management systems to enhance both detection accuracy and customer experience. Research by Gartner revealed that 62% of banks now favor hybrid fraud detection models that amalgamate both supervised and unsupervised machine learning techniques.
Overall, while fraud continues to be a foundational risk management issue for banks, it is increasingly reframed through a commercial lens. As financial institutions take calculated risks in managing fraud, regulators are expected to enforce stronger governance over how these decisions are made. The era in which banks passively accept fraud losses is fading; they now face the dual challenge of not only halting fraud but also demonstrating to regulators and customers that the level of tolerated fraud risk is both intentional and justifiable.