Common AML Schemes: Business Email Compromise


Bryan Chapman

Publish Date



  • AML and Financial Crime

Money laundering and financial crimes pose large risks to financial firms, both from a reputational and regulatory perspective. However, these schemes can take many forms making it difficult for firms to do their due diligence to protect themselves and their investors.

We’ve put together a series of the most common forms of money laundering and financial crimes and what firms can do to combat each one.

Business email compromise

Business email compromise (BEC) schemes are a type of cybercrime in which attackers use fraudulent emails to trick businesses or individuals into sending them money or sensitive information. These schemes often involve the use of phishing emails that appear to be from a legitimate source, such as a company executive or a trusted vendor, and contain a request for payment or sensitive information.

BEC schemes can be used to facilitate money laundering by obtaining funds that can be used for illicit purposes. For example, attackers may send an email that appears to be from a company executive and request that an employee transfer funds to a specific account. If the employee does not verify the authenticity of the request, the funds may be transferred to an account controlled by the attackers, who can then use the funds for illicit purposes.

Another way that BEC schemes can be used to facilitate money laundering is through invoice fraud. Attackers may send an email that appears to be from a supplier or vendor, requesting payment for an invoice that is either fake or for a larger amount than was agreed upon. If the payment is made, the attackers can use the funds for illicit purposes.

How to combat BEC

To protect against BEC schemes, businesses should implement strong email security measures, such as spam filters and two-factor authentication, and provide employee training on how to identify and report suspicious emails. It is also important for businesses to verify the authenticity of any requests for payment or sensitive information before acting on them. By taking these precautions, businesses can help prevent BEC schemes and protect themselves from financial losses and other damages.

If a business does fall victim to a BEC scheme, it is important to report the incident to law enforcement and seek legal advice as soon as possible. Reporting the incident can help prevent others from falling victim to similar schemes and can also help businesses recover any losses they may have incurred.

How we help

ACA’s AML and Financial Crimes practice offers advisory services and solutions to assist financial services firms in addressing threats and regulatory obligations associated with financial crime. We work with investment advisers and broker-dealers, among others, to assess risk, develop policies and procedures, and perform independent tests and gap analyses. Our support can incorporate our ComplianceAlpha® regulatory technology and managed services to help your firm meet its data screening, ongoing monitoring, remediation and reporting needs.

Reach out to your ACA consultant, or contact us to find out how ACA can help you meet your AML requirements. 

Contact Us