Account Takeover Fraud and AML Risk
In brief: Account takeover fraud occurs when a criminal gains control of an account, and it can create AML risk where funds, identity, or payment instructions are compromised.
Key points
- Account takeover can affect bank, email, ecommerce, payroll, or platform accounts.
- For AML, focus on compromised instructions and suspicious funds movement.
- Keep evidence and escalate if the firm may be handling criminal property.
What is account takeover fraud?
Account takeover fraud happens when a criminal gains control of an account and uses it to steal money, redirect payments, change details, or impersonate the legitimate user.
Why it matters for AML
A firm may see account takeover after a client reports compromised bank details, changed email instructions, unusual payroll entries, ecommerce withdrawals, or unexplained platform transfers. The key AML question is whether the firm is being asked to rely on compromised evidence or handle funds linked to fraud.
Risk checks
- What account was compromised?
- Who controlled the account before and after the change?
- Did funds pass through client, business, or matter accounts?
- Is there reliable evidence of the compromise?
- Does the issue require internal SAR consideration?
This guide is general information for AML risk assessment, not legal advice or fraud-investigation guidance. Use it alongside the firm's AML procedures, Action Fraud, the Fraud Act 2006, and supervisor guidance.