As the EU evaluates its “Fighting Online Fraud – Action Plan,“ a new emerging operating model is taking center stage: FRAML (the integration of Fraud and Anti-Money Laundering systems) to fight fraud real-time and more efficiently. At EFRI, we view FRAML as a double-edged sword. While it is a significant technical advance, we must be clear: FRAML is not a solution for victims; it is merely evidence of the bank’s capability. To truly protect European citizens, we must move beyond technical buzzwords and implement Strict Liability rules set in law.
What is FRAML? (A Detailed Deep Dive)
FRAML stands for the integration of FRaud prevention and Anti-Money Laundering (AML).
Historically, banks operated in “silos”:
- The Fraud Team: Focused on real-time protection (stopping a stolen credit card).
- The AML Team: Focused on long-term patterns (detecting money laundering months after the fact).
A FRAML Framework breaks these walls down. It uses AI and machine learning to analyze a single data stream for both threats simultaneously. If a student suddenly receives €50,000 from a “crypto platform” and tries to send it to a high-risk jurisdiction, a FRAML system flags this as both a potential fraud victim being coached (Fraud) and a money mule operation (AML).
The "Organized Ignorance" Loophole
Currently, banks use their internal structure (e.g., separating the fraud department from the AML department) to evade their Duty of Care (Sorgfaltspflicht). In civil litigation, banks often argue by claiming “internal blindness.”
The Current Tactic:
- The AML Department identifies a suspicious inflow (e.g., from a “Pig Butchering” scam) and files a suspicious transaction report.
- The Fraud Department claims they never received this information.
- In Court: The bank argues they cannot be liable because the “knowledge” of the fraud was trapped in a regulatory silo (AML) and never reached the payment execution team.
How FRAML Changes the Evidentiary Landscape
A mature FRAML capability materially undermines this silo narrative. When fraud and AML signals are integrated into a single intelligence loop, the institution creates a time‑stamped audit trail of alerts, risk scores, and decision points. That trail can become the “smoking gun”: evidence that meaningful red flags existed before the payment was executed.
The Remaining Hurdle: The Litigation Trap
This is where FRAML falls short. Even if FRAML proves the bank “knew,” the victim still has to sue. Expecting a defrauded consumer, who may have lost their entire life savings, to launch a multi-year legal battle against a multinational banking group is a fantasy. Even with a stronger case thanks to FRAML, the Information Asymmetry remains: the bank holds the logs, and the victim has to fight to see them. For many, the road to justice is too expensive and too long to even begin.
The EFRI Solution: Strict Liability as the Only Redress
FRAML proves that banks can see the fraud. Because they have this technical capability, the law should no longer require the victim to prove what the bank knew in a costly court case. Instead, the law must mandate Strict Liability.
We call for a reimbursement anchor in the PSR:
Automatic reimbursement by default: where appropriate fraud‑prevention capabilities exist (on the payer’s PSP/ASPSP side and/or on the receiving PSP side), the PSP that failed to apply them should reimburse the customer promptly—subject only to narrowly defined exceptions (e.g., customer collusion or proven fraud by the customer).
End the David‑vs‑Goliath dynamic: the customer is made whole first; if other actors contributed to the scam chain (e.g., online platforms, telecoms, acquirers, marketplaces), the PSP should pursue recovery—using its resources, not the victim’s.
Incentivise the “kill switch” responsibly: only real financial consequences will ensure institutions empower FRAML systems to stop high‑risk transactions in real time—paired with safeguards (rapid review, clear appeal paths, and proportionality) to minimise false positives.
Conclusion: No More Half-Measures
FRAML can expose institutional failures, but it is not a cure for institutional abandonment. Europe does not need more buzzwords; it needs enforceable responsibility. The EU must decide whether it will continue to tolerate “silos” and “secret logs,” or whether it will implement the liability rules necessary to make Europe’s payment rails safe for everyoneFor more info, read our contribution (Restoring Trust in European Payment Rails: A Framework for a Shared Liability Reform) to the ongoing PSR (Payment Service Regulation) discussion.
