Business Email Compromise Fraud: AML Risk Signals
In brief: Business email compromise fraud occurs when a criminal manipulates email instructions to redirect payment, and it can create AML risk when funds move through client or business accounts.
Key points
- BEC fraud is often a payment-instruction fraud.
- For AML, focus on the money movement, client explanation, and whether funds have become criminal property.
- Keep a decision note and consider internal escalation where suspicion arises.
What is business email compromise fraud?
Business email compromise fraud, often shortened to BEC fraud, involves a criminal compromising or impersonating email communications to redirect payments. Examples include fake supplier bank-detail changes, invoice interception, and impersonation of a senior employee.
Why it matters in professional work
A firm may see BEC risk when reconciling accounts, handling client money, reviewing invoices, or advising after a compromised payment. The fraud itself may be outside the firm's role, but the movement of funds can still create AML questions.
Red flags
- Bank details change close to payment.
- Email tone or domain is subtly different.
- Payment urgency is unusual.
- Invoice details do not match the supplier history.
- Client cannot explain why funds moved through an account.
File response
Record the facts, preserve supporting documents, reassess source-of-funds risk, and escalate internally if the firm suspects criminal property.
This guide is general information for AML risk assessment, not legal advice or fraud-investigation guidance. Use it alongside the firm's AML procedures, the Fraud Act 2006, the NCA's money laundering and illicit finance material, and supervisor guidance.