IDV in Anti-Money Laundering: Navigating Modern Threats and Countermeasures

Money laundering methods continue to adapt in response to law enforcement and regulatory measures. Today’s launderers exploit emerging technologies, global trade, and regulatory gaps, and also commit identity fraud.

Let’s examine these key threats in the current environment:

The rise of cryptocurrencies and other virtual assets has created new channels for moving illicit funds. Bitcoin, Ethereum, and hundreds of other digital currencies allow value to be transferred pseudonymously all across the globe without traditional intermediaries. 

Criminals use cryptocurrency exchanges, mixers/tumblers, and decentralized finance (DeFi) platforms to obscure money trails. For example, ransomware gangs can often launder their crypto ransom payments by sending them through mixing services that pool and scramble funds from many users.

In trade-based money laundering (TBML), criminals move illicit funds by misrepresenting transactions (e.g., falsifying invoices, shipping phantom goods, etc.). 

TBML schemes have involved everything from automobiles and electronics to agricultural commodities and textiles. According to a 2023 analysis by Global Financial Integrity, virtually any type of goods can be used, with common examples including used cars (24% of cases studied), metals/minerals (17%), and agricultural products (13%) as the trade vehicles for laundering. 

Often, networks of shell or front companies across different countries are used to issue and pay invoices, making detection difficult. Criminal organizations have also capitalized on volatility in trade pricing (exacerbated by events like the COVID-19 pandemic and sanctions disruptions) to justify unusual trade valuations.

Money launderers are adept at exploiting the inconsistency of AML regulations across different countries. Despite the broad adoption of the FATF standards by over 200 jurisdictions, there are still significant gaps in implementation; that’s why illicit funds are moved through the ones with the least enforcement.

Another form of loopholes involves misusing legal residency or citizenship programs to bypass AML verification. Some wealthy offenders can obtain citizenship in states with less rigorous financial due diligence, allowing them to open bank accounts or invest abroad under a new identity that raises fewer flags. 

Additionally, differences in legal thresholds are manipulated—for instance, structuring deposits just below reporting thresholds in multiple countries.

KYC checks and transaction monitoring rely on the assumption that a customer’s identity is genuine. If criminals can procure high-quality fake passports, driver’s licenses, or even real stolen documents, they can launder money under false names, foiling sanctions screening and beneficial ownership transparency. 

That’s why identity fraud has escalated into a critical threat to anti-money laundering efforts in recent years. 

From 2023 to 2025, financial institutions worldwide have reported surges in identity-related attacks, including synthetic identities (fabricated personas using real and fake data) and deepfakes (AI-generated likenesses). Regula’s 2024 survey found that 96% of US businesses experienced identity fraud in 2024, underscoring the pervasiveness of the issue.

The Financial Action Task Force (FATF) is the primary standard-setter and evaluator in the international AML architecture, wielding significant influence despite having no formal enforcement powers of its own. The FATF’s mandate is to set global standards and oversee their effective implementation by countries through a peer-review process and public identification of high-risk jurisdictions.

Established by the G7 nations at the 1989 Paris summit, the FATF coordinates the global response to money laundering. In 1990, the FATF issued its initial version of the 40 Recommendations, a comprehensive set of AML measures for national laws, financial regulation, and law enforcement—including customer identification, record-keeping, and suspicious transaction reporting by banks.

The FATF’s 40 Recommendations serve as the blueprint for national AML/CFT regimes. They cover a range of topics, including: 

• risk assessment and domestic coordination;

• money laundering and terrorist financing offenses; 

• preventive measures for financial institutions; 

• powers and responsibilities of competent authorities (financial intelligence units, supervisors, law enforcement, etc.);

• international cooperation; 

• specific issues (e.g., the transparency of legal persons and arrangements).

Since their inception, the FATF Recommendations have been periodically revised to address new threats and to clarify how a risk-based approach should be applied. The most recent update was in February 2025. 

The risk-based approach means that countries and institutions should identify areas of higher risk and apply stronger controls there (e.g., enhanced due diligence for high-risk customers), while allowing simplified measures for lower-risk cases—thereby focusing resources where they matter most.

One of the FATF’s most impactful activities is its mutual evaluation process—detailed country reviews conducted by expert teams from other member states and the FATF Secretariat. In a mutual evaluation, the team assesses both technical compliance and effectiveness. The results are published in Mutual Evaluation Reports (MERs) with ratings for each Recommendation and each Immediate Outcome. 

These evaluations happen roughly every ten years for each country (the FATF is in its 4th round of evaluations currently, moving to a 5th round later this decade). If a country has deficiencies, the report will spell out recommended actions, and the country will be subjected to follow-up reviews to track improvements.

By the FATF’s own analysis in 2022, while about 76% of countries have satisfactorily implemented the technical requirements of the standards, 97% of evaluated countries are not yet achieving a high level of effectiveness in preventing money laundering. Many countries have a “tick-box” AML system (laws on paper, units established) but struggle to obtain convictions or confiscate significant assets.

Customer due diligence (CDD) is a fundamental part of a modern anti-money laundering framework. CDD requires that financial institutions identify and verify the customer’s identity (and any beneficial owners behind accounts), understand the purpose of the account or transaction, and monitor activity. If a client is higher-risk—for instance, a politically exposed person (PEP) or someone from a jurisdiction with weak AML controls—enhanced due diligence (EDD) steps are required, with greater scrutiny of the source of funds. 

The FATF also imposes record-keeping obligations to ensure that transaction records and customer identification documents are retained (typically for five years or more) in case investigators need them. 

Another recommendation is to use Suspicious Transaction Reports (STR): whenever an institution suspects that funds could be criminal or linked to terrorism, they must promptly file a report to the national financial intelligence unit.

To adhere to the FATF’s guidelines, businesses make use of sophisticated AML identity verification systems. This way, they can ensure that the customer is who they claim to be, and eliminate the ever-present threat of identity fraud.

The identity verification framework typically consists of two key procedures: document authentication and facial recognition.

Verifying government-issued identity documents is considered the first line of defense in CDD and remote customer onboarding. Modern document verification technology has advanced dramatically in recent years, enabling automated forensic checks that previously required trained experts. For example, Regula Document Reader SDK draws on over 15,000 document templates from 251 countries and territories to confirm the authenticity of the presented ID.

Such solutions can analyze the document for signs of tampering, and extract encoded data from RFID chips and machine-readable zones (MRZ) for later cross-checking. Additionally, the software determines that all known elements of the document are present in the correct form and location.

Another feature worth mentioning is document liveness detection—it ensures that the ID presented is a real, live document rather than a printed copy or digital screenshot. The user might be prompted to tilt the ID or show it under varying light, and the system analyzes dynamic responses (color-shifting inks, reflective holographic patterns, etc.). If an imposter tries to fool the system with a photo of an ID on a screen or paper, these liveness checks will fail.

However, as document verification becomes more effective, criminals have shifted tactics—targeting the human element or the biometric step. For instance, if a fraudster can obtain a real person’s ID (through theft or purchase of leaked data) and assume their identity, the document might pass authenticity checks since it’s genuine. This is why facial recognition of the person presenting the document is vital.

Financial institutions increasingly pair document checks with facial recognition: after an applicant scans their ID, they are prompted to take a live selfie or short video. The system compares the facial image from the selfie to the photo on the ID to confirm a match.

There are two main approaches: active liveness and passive liveness. Active liveness techniques prompt the user to perform certain actions (e.g., blink, turn their head, smile, or follow a moving on-screen indicator), while the system analyzes the movement to ensure it comes from a live human. Passive liveness, in contrast, does not require explicit user actions; it uses algorithms to assess a single frame or a short video for natural signs of life (skin texture, depth, reflections in eyes, slight involuntary movements, etc.), often making it more seamless for the user​. 

The effectiveness of these systems is measured by their ability to thwart presentation attacks. This ability, in turn, can be determined by the system’s compliance with the top industry ISO 30107-3 standard for presentation attack detection. For instance, Regula Face SDK is tested for Level 1 and 2 compliance with ISO 30107-3 (iBeta), meaning it can reliably catch both low-effort attacks (like printed photos) and more sophisticated attempts (like high-res screen replays and 3D masks).

The financial industry has made significant strides in fortifying its defenses against identity fraud as part of AML programs. Document verification and facial recognition with liveness detection help them achieve this and make it harder for criminals to exploit false identities or hide behind anonymity. 

Your identity verification procedure can be carried out by solutions like Regula Document Reader SDK and Regula Face SDK, which can easily integrate with your existing mobile or web applications. 

Regula Document Reader SDK processes images of documents and verifies their real presence (liveness) and authenticity. The software identifies the document type, extracts all the necessary information, and confirms whether the document is genuine. 

At the same time, Regula Face SDK conducts instant facial recognition and prevents fraudulent presentation attacks such as the use of static face images, printed photos, video replays, video injections, or masks.

Regula is here to help you make your identity verification FATF-compliant, secure, and customer-centric. Book a call to learn more about our solutions!