Schiffrin, A., Marwick, A. E., Sinha, N., Wangnoo, A., Williams, K., Huseynova, E., & Hatfield, A. (2026). Deepfake financial fraud: The global regulation of ai-driven scams. https://doi.org/10.69985/enbp3007
Summary
This policy brief surveys the rapid global rise of deepfake-enabled financial fraud and the fragmented regulatory responses it has provoked. The authors argue that generative AI has qualitatively transformed scams — making convincing impersonation cheap, scalable, and multimodal — while the underlying “scam ecosystem” of social platforms, messaging apps, telecoms, banks, crypto exchanges, and money laundering networks remains under-regulated. Reviewing interventions across the UK, EU, Singapore, China, the US, and roughly a dozen other jurisdictions, the brief contends that gatekeeper liability, not victim vigilance or labeling mandates, is the policy lever most likely to change behavior. It frames deepfake fraud as a systemic intermediary problem rather than an individual cybersecurity failure.
Key Contributions
- One of the first comparative, cross-jurisdictional policy surveys focused specifically on deepfake-enabled financial fraud.
- A “scam ecosystem” framework mapping enabling actors (platforms, telcos, banks, launderers) to corresponding regulatory intervention points.
- A conceptual distinction between prevention-oriented regulation (labeling, disclosure) and liability regimes, with an argument that the latter is more effective.
- Synthesis of scattered loss estimates, victim-reporting data, and platform ad-revenue figures into a policy-actionable picture.
- Concrete recommendations on gatekeeper accountability, real-identity ad verification, federated data sharing, and cross-border coordination.
Methods
The brief combines a comparative policy review across roughly 15 jurisdictions with a synthesis of investigative journalism (OCCRP, ICIJ, ProPublica, Reuters), industry and government reports (Deloitte, Resemble AI, F-Secure, UNODC, FBI, US TIP Report), and academic literature on platform governance and AI regulation. Illustrative case studies — the Arup CEO deepfake, the Brad Pitt romance scam, the Indonesian Prabowo deepfake, the Alice Guo prosecution, and the Chen Zhi / Prince Holding indictment — anchor the analysis in concrete harms.
Findings
- Deloitte projects US generative-AI fraud losses growing from 40B (2025); Resemble AI estimates ~$350M in Q2 2025 alone; 92% of 575 surveyed firms reported some deepfake-related loss.
- Only ~37% of scam victims across 12 countries report the crime, and just 27% of those report to police — indicating massive underreporting.
- Meta serves over 15 billion “high risk” ads per day (~$7B annual revenue) and removes scam ads only at ~95% fraud certainty; ad personalization actively steers vulnerable users toward more scams.
- End-to-end encrypted messaging apps act as downstream infrastructure that evades moderation once initial contact moves off public platforms.
- Mandatory SIM registration has not demonstrably reduced scam prevalence and can create new vulnerabilities (e.g., third-party SIM markets in Kenya and Tanzania).
- Promising models include Singapore’s Shared Responsibility Framework and COSMIC data-sharing platform, Taiwan’s federated-learning Eagle Eye Anti-Fraud Alliance, and the UK’s mandatory APP fraud reimbursement.
- Southeast Asian “scam compounds” integrate trafficked labor with AI translation and voice cloning at industrial scale, with rare convictions.
- US Section 230 and corporate structure effectively export US liability rules globally — Andrew Forrest’s suit against Meta had to be filed in California, illustrating extraterritorial enforcement limits.
Connections
This brief contributes a financial-harm angle to the broader platform-governance and generative-AI literature, complementing work on how LLMs reshape online manipulation and influence operations such as Triedman2025-uy, Murtfeldt2025-wu, and Hackenburg2025-dj, as well as studies of AI-generated content provenance and detection like Bouchaud2026-lr and DeVerna2025-dl. Its gatekeeper-liability argument resonates with platform-accountability and data-access debates explored in Rieder2025-ju, Larsson2026-ro, and Bak-Coleman2025-pm, and with the systemic-risk framing of EU regulation discussed in Votta2025-xz.
Podcast
A research-radio episode discusses this paper: 🎧 MP3 · Spotify · Apple Podcasts