Regulators, stakeholders and boards are pressuring companies to enhance anti-fraud programs.
Key takeaways
Global regulatory developments now require dynamic, continuous and tech-enabled programs.
Real-time monitoring is now necessary to meet regulatory expectations and build long-term value.
In today’s rapidly evolving risk landscape, organizations are experiencing unprecedented pressure from regulators, stakeholders and boards to enhance the sophistication of their anti‑fraud programs. Traditional periodic control testing and retrospective monitoring are no longer sufficient. Regulators—particularly the U.S. Department of Justice (DOJ)—are now clearly signalling heightened expectations for real‑time fraud monitoring, data‑driven governance and technology‑enabled detection capabilities.
These expectations parallel themes raised in RSM’s recent Lessons from the frontlines: Building anti‑fraud programs that deliver ROI webinar, where more than 600 attendees shared their challenges and maturity levels through live polling.
This webinar revealed that regulatory momentum is expanding beyond the United States. For organizations with operations or material nexus in the United Kingdom, the recently enacted UK “Failure to Prevent Fraud” offence imposes a statutory requirement to maintain “reasonable procedures” to prevent fraud—effectively mandating formal anti‑fraud programs with monitoring, governance and prevention controls. Combined, these global developments highlight an unmistakable shift: effective anti‑fraud programs must now be dynamic, continuous and technologically enabled, with demonstrable business value and alignment to enterprise strategy.
Regulatory shift: Emphasis on real‑time fraud monitoring
Regulatory enforcement bodies across major jurisdictions increasingly evaluate whether organizations can detect and respond to fraud risks in real time. This shift reflects expectations that a compliance program’s effectiveness is measured not by its written policies, but by how rapidly it identifies anomalies, escalates concerns and mitigates harm.
Key themes across regulatory guidance include:
Need for continuous—not periodic—monitoring of transactions, user behavior and financial patterns
Need for rapid detection and escalation mechanisms
Expectations for integrated data environments that break down operational silos
Use of automation, analytics and artificial intelligence to surface anomalies and behavioural outliers
These expectations are consistent with concerns expressed by RSM’s webinar participants: 38% cited “keeping pace with new and evolving fraud schemes” as their top challenge, far outpacing all others.
DOJ’s updated ECCP: AI risks and real‑time capabilities
In 2024–25, the DOJ updated its Evaluation of Corporate Compliance Programs (ECCP) to reflect emerging risks associated with AI and advanced analytics. These updates explicitly guide prosecutors in assessing whether organizations have modernized their compliance programs in a way that aligns with contemporary risk. The updates focus on:
Prosecutors now evaluate:
- Governance structures for AI models used in financial, operational and customer‑facing processes
- Controls to prevent AI‑enabled misconduct, manipulation or circumvention of controls
- Accountability for model drift, unintended results and ongoing monitoring of AI behaviour
- Governance structures for AI models used in financial, operational and customer‑facing processes
The DOJ now asks whether:
- Data sets are complete, accurate, timely and actionable
- Information flows across finance, human resources, procurement, legal and operations
- Continuous monitoring is feasible with existing data infrastructure
These criteria reflect a recognition that fragmented data environments materially erode an organization’s ability to detect fraud.
- Data sets are complete, accurate, timely and actionable
Prosecutors evaluate whether:
- Analytics are refreshed as fraud schemes evolve
- Thresholds are continually recalibrated
- Lessons from investigations and near misses are fed back into monitoring systems
- Analytics are refreshed as fraud schemes evolve
Despite clear regulatory direction, many organizations still lack sufficient investment in their compliance efforts. According to polling results, 27.5% of webinar participants identified budget and resource limitations as the most significant barrier to progress.
Global alignment: UK “Failure to Prevent Fraud” requirement
A notable regulatory development aligning with evolving global expectations is the UK’s recently enacted “Failure to Prevent Fraud” offence, introduced through the Economic Crime and Corporate Transparency Act. This offence requires in‑scope organizations—with operations, subsidiaries, customers, agents or other UK nexus—to maintain “reasonable procedures” designed to prevent fraud.
Although principles‑based, the UK framework reinforces several themes also emphasized by the DOJ, including:
- The need for structured, risk‑based anti‑fraud programs
- Formal governance, ownership and reporting structures
- Controls that operate in real time or near real time, enabling timely risk mitigation
- Integration of analytics, data quality and technology‑enabled detection
- Training and oversight of employees, intermediaries and high‑risk third parties
For U.S. companies with UK touchpoints, these requirements effectively elevate anti‑fraud programs from best practice to legal obligation. The convergence between DOJ expectations and UK statutory requirements indicates a broader international shift: regulators are no longer satisfied with static or reactive compliance programs.
Insights from RSM’s anti‑fraud webinar: Market reality versus best practice
More than 600 cross‑industry attendees contributed insights that illustrate where their organizations stood as of November 2025 compared to regulatory expectations.
How organizations view their anti-fraud program
Among polling respondents, 36.7% view their program as risk mitigation with some business value. In addition:
- 27.5% view it as a compliance cost center
- 21% report a lack of a formally defined anti‑fraud program
- Only 14.7% view it as a strategic advantage with measurable ROI
Implication: Most organizations are not yet aligning anti‑fraud programs with strategic value or regulatory expectations.
Communicating fraud prevention impact to senior leadership
A majority of participants communicate reactively, with:
- 33.4% of polling respondents using general compliance/internal audit reporting
- 23.8% of polling respondents relying on incident/investigation reporting
- 22.3% of polling respondents indicating limited or no formal reporting
- 20.5% of polling respondents providing regular, data‑driven ROI‑focused reporting
Implication: Boards rarely receive actionable insights that justify resourcing or strategic alignment.
Alignment of anti-fraud program with enterprise risk strategy
Among polling respondents, 26.4% indicate their program is fully aligned with enterprise risk strategy. In addition:
- 36.5% indicate their program is partially aligned
- 9.5% indicate their program is not aligned (siloed)
- 27.7% are unsure about alignment
Implication: Fragmented oversight structures hinder the adoption of modern monitoring and analytics.
Most significant challenges
Polling respondents ranked their top challenges as:
- Keeping pace with evolving fraud schemes: 38%
- Insufficient budget/resources: 27.5%
- Accessing and analyzing complex/siloed data: 18.7%
- Demonstrating value and securing executive buy‑in: 15.8%
Implication: These challenges map precisely to the deficiencies regulators now scrutinize most closely.
Among polling respondents, 36.7% view their program as risk mitigation with some business value. In addition:
- 27.5% view it as a compliance cost center
- 21% report a lack of a formally defined anti‑fraud program
- Only 14.7% view it as a strategic advantage with measurable ROI
Implication: Most organizations are not yet aligning anti‑fraud programs with strategic value or regulatory expectations.
A majority of participants communicate reactively, with:
- 33.4% of polling respondents using general compliance/internal audit reporting
- 23.8% of polling respondents relying on incident/investigation reporting
- 22.3% of polling respondents indicating limited or no formal reporting
- 20.5% of polling respondents providing regular, data‑driven ROI‑focused reporting
Implication: Boards rarely receive actionable insights that justify resourcing or strategic alignment.
Among polling respondents, 26.4% indicate their program is fully aligned with enterprise risk strategy. In addition:
- 36.5% indicate their program is partially aligned
- 9.5% indicate their program is not aligned (siloed)
- 27.7% are unsure about alignment
Implication: Fragmented oversight structures hinder the adoption of modern monitoring and analytics.
Polling respondents ranked their top challenges as:
- Keeping pace with evolving fraud schemes: 38%
- Insufficient budget/resources: 27.5%
- Accessing and analyzing complex/siloed data: 18.7%
- Demonstrating value and securing executive buy‑in: 15.8%
Implication: These challenges map precisely to the deficiencies regulators now scrutinize most closely.
Integrating real‑time monitoring into anti‑fraud programs
To meet regulatory expectations—and to generate measurable ROI—organizations should pursue rapid adoption of real‑time or near‑real‑time monitoring capabilities, including.
With enhanced automation capabilities, companies can discourage fraudulent behaviour by:
- Flagging anomalies in procurement, vendor setup, payroll, disbursements and journal entries
- Using machine learning to detect unusual combinations of behaviours or attributes
- Flagging anomalies in procurement, vendor setup, payroll, disbursements and journal entries
Elevated oversight and advanced analytics can provide significant value by:
- Creating privilege escalation alerts
- Highlighting suspicious user activity patterns
- Conducting monitoring of override patterns and policy exceptions
- Creating privilege escalation alerts
Organizations must address the widely cited challenge of siloed data by:
- Implementing data lakes or federated models
- Standardizing fraud risk indicators across the enterprise
- Establishing governance over data lineage and accuracy
- Implementing data lakes or federated models
Real‑time monitoring enhances internal controls by:
- Identifying repetitive control failures
- Measuring override frequency
- Supporting dynamic, risk‑based testing
- Identifying repetitive control failures
Ethical culture and internal controls: The foundation for real‑time monitoring
Technology enhances anti‑fraud efforts, but internal controls, governance and culture remain foundational. Consistent with the COSO Framework and industry benchmarks, organizations must maintain:
Strong controls to prevent and detect fraud
Active governance, including whistleblower channels and rapid escalation mechanisms
Periodic risk assessments to update control design
Continuous evaluation of emerging risks, such as AI- and cryptocurrency enabled schemes
Monitoring, data and analytics operate effectively only within a governance structure that reinforces accountability and transparency.
The takeaway
The convergence of regulatory requirements (DOJ, UK “Failure to Prevent Fraud”), technology‑driven risks and market maturity gaps signals a new era for anti‑fraud programs. Real‑time monitoring is no longer an enhancement—it is a regulatory expectation, a global legal requirement in certain jurisdictions and a strategic necessity for organizations seeking to:
- Reduce fraud losses
- Demonstrate control effectiveness
- Strengthen governance and culture
- Improve regulatory posture
- Deliver measurable ROI on compliance investments
Organizations that modernize their data infrastructure, monitoring capabilities and cross‑functional governance models will be best positioned to meet these expectations, deter misconduct and build durable long‑term value.
RSM contributors
Related insights
