For much of the past decade, fraud was treated primarily as a private sector problem. Banks, payment service providers, and corporates were expected to absorb losses and manage risk within their own systems. While regulators set high level expectations, fraud itself was largely framed as an operational challenge rather than a structural weakness in the financial system.
That position has now decisively shifted.
Rising fraud losses, increasingly sophisticated cross border crime, and the move to instant payments have pushed fraud firmly into the regulatory spotlight. Fraud is no longer viewed only as a cost of doing business. It is now recognised as a threat to financial stability, consumer confidence, and the integrity of payment and trade systems. As a result, regulators are no longer leaving fraud prevention solely to individual institutions. They are reshaping rules, mandates, and infrastructure to address it directly.
At the centre of this evolution is a question that is no longer optional, and increasingly regulated. Who is really sending and receiving money?
The new Identity Layer
This shift is driving the emergence of a new identity layer across the global financial system. One that connects global rules, real time payments, and live fraud prevention. From international standards to payment regulation and pre transaction checks, a consistent message is emerging. Fraud cannot be controlled at speed or at scale without stronger, standardised organisation identity.
Global rules: fraud reframed as a systemic risk
Global standard setters have been clear that fragmented legal entity identity is no longer just an inconvenience. It is a systemic vulnerability.
The Financial Action Task Force (FATF) has increasingly linked fraud, money laundering, and terrorist financing to weaknesses in identity and transparency. Its recent emphasis on digital identity in Recommendation 16 and Recommendation 24 reflects a recognition that legacy approaches cannot keep pace with modern financial crime.
Recommendation 16 addresses payments directly. It requires that verified sender and beneficiary information travels with every payment. This requirement exists because fraudsters routinely exploit gaps in payment messages. When identity data is inconsistent or incomplete criminals can insert themselves into legitimate payment flows with little resistance.
Recommendation 24 addresses the ownership problem. It requires countries to identify and verify who really owns and controls companies. This is a direct response to the widespread use of shell companies and complex ownership chains to conceal fraud and launder proceeds.
Real world fraud cases illustrate why regulators are acting. Large scale corporate fraud schemes rarely rely on a single entity. They involve networks of companies operating across jurisdictions, each appearing legitimate when viewed in isolation. Without a shared, standardised way to identify legal entities and link them to ownership data, these networks remain hidden until losses are already significant.
The regulatory direction is clear. Identity must be persistent, reusable, and digital. One off onboarding checks are no longer sufficient.
In this context, the Legal Entity Identifier directly supports the intent of FATF Recommendations 16 and 24. It provides a persistent, standardised way to identify legal entities in payments and to link them to verified ownership information. By enabling consistent identification across jurisdictions and over time, the LEI helps close the gaps that fraud networks exploit when moving funds through complex structures. It is not an additional compliance layer, but a practical mechanism for implementing FATF’s expectation that entity identity be reliable, reusable, and continuously available.
Real time payments: regulation meets real time fraud
The regulatory focus on fraud becomes even sharper when payments move in real time. Instant payments systems fundamentally change the window in which fraud can be detected and stopped.
Regulations governing instant payments are designed to improve efficiency and competition, but they also transfer risk. When payments settle in seconds, there is no opportunity for post transaction intervention. Fraud controls must operate before or during the transaction itself.
This is why instant payments regulation explicitly raises identity challenges. Sanctions screening, fraud detection, and identity validation must all happen in real time. Yet many payment infrastructures still rely on free text names, local identifiers, or fragmented reference data.
Fraudsters exploit this gap. Authorised Push Payment (APP) fraud is a prime examples. A legitimate corporate user is persuaded to send funds to a fraudulent account. From a system perspective, the payment is authorised and technically valid. The failure lies in the inability to confidently confirm the identity of the beneficiary organisation under time pressure.
Regulators now expect payment service providers to manage this risk proactively. That expectation cannot be met with manual reviews or loosely matched names. It requires machine readable, standardised identity that can be evaluated instantly.
This is where the Legal Entity Identifier can help. By providing a globally unique identifier linked to verified reference data, the LEI enables real time systems to assess identity risk as part of the payment decision. Is this entity newly registered? Does it match the expected counterparty? Is it linked to known ownership structures or prior activity?
In a regulated real time environment, those signals become essential.
Live fraud prevention: regulatory pressure to stop fraud before it happens
Verification of Payee (VoP) is one of the clearest examples of how fraud prevention has moved from guidance to mandate. It explicitly shifts responsibility towards preventing fraud before money moves, rather than reimbursing losses afterwards.
For consumer payments, basic name and account matching already reduces misdirected payments and simple scams. However, business to business payments present a more complex fraud risk.
Corporate fraud increasingly exploits the weakest link in VoP: names. Corporate names vary across jurisdictions and registries. Trading names differ from legal names. Group structures mean there may be several legitimate entities with near identical naming. When VoP relies on name and IBAN matching alone, these realities produce exactly the conditions fraudsters want: ambiguity, close matches, and human overrides.
That is why the VoP debate is shifting from name matching to identity matching. Clare Rowley of Global Legal Entity Identifier Foundation puts it bluntly: names are a poor proxy for identity, and expecting names to carry the burden of automated validation is a structural flaw. In practice, the more global and real time payments become, the more frequently banks and corporates encounter low match rates, multiple languages, and manual interventions simply to confirm the intended beneficiary.
The LEI can turn VoP from a fuzzy match exercise into a deterministic check. When the beneficiary provides an LEI alongside their IBAN, the payer or payer bank can validate the legal entity identity in a machine readable way, reducing reliance on names and reducing the risk of criminals using lookalike entities or invoice redirection to defeat controls. In GLEIF / EACT briefing material on VoP, this is framed as eliminating close matches that otherwise trigger costly manual reconciliation, while adding a stronger validation layer that can flag discrepancies before payment execution.
Cross border trade: fraud beyond payments, same identity problem
Regulatory concern about fraud is not confined to payments. Cross border trade remains one of the most fraud exposed areas of the financial system, particularly as trade documentation moves from paper to legally recognised digital form.
The UK Electronic Trade Documents Act is a clear signal of regulatory intent. By giving electronic trade documents the same legal status as their paper equivalents, the Act removes one of the last structural barriers to fully digital trade. Bills of lading, promissory notes, and trade instruments can now exist, transfer, and be enforced electronically under UK law.
This is a major step forward for efficiency, but in doing so, raises new requirements for fraud control.
Trade finance fraud has never been primarily about forged paper. It has been about identity. Duplicate financing, phantom shipments, and circular trading schemes rely on weak or fragmented identification of exporters, importers, and intermediaries. Paper documents slowed fraud down. Digital documents accelerate both legitimate trade and criminal abuse.
Regulators understand this risk. Making documents digital without strengthening entity identity simply moves fraud from analogue to electronic form. A digitally authentic document still becomes a fraud vector if the entity presenting it cannot be reliably identified across banks, platforms, and jurisdictions.
This is why regulatory focus is shifting beyond document integrity to counterparty identity. Documents prove what is being traded, while identity establishes who is trading.
Anchoring exporters, importers, logistics providers, and financiers to Legal Entity Identifiers provides that missing layer. The LEI creates a shared, jurisdiction neutral reference point that survives across documents, transactions, and institutions. It allows banks to link trade documents to known legal entities, detect reuse or duplication across financing requests, and share risk signals without relying on free text names or local identifiers.
The Electronic Trade Documents Act enables digital trade. Fraud pressure determines whether it can scale safely. Without consistent organisation identity beneath digital documents, controls remain fragmented and reactive. With it, digital trade ecosystems can support automation, oversight, and fraud prevention at scale.
Once again, fraud exposes the same structural weakness. Documents can now move instantly and legally. Identity must keep up, or fraud will move just as fast.
From compliance obligation to regulated fraud infrastructure
What emerges from these developments is a clear regulatory pattern. Identity is no longer viewed solely as a compliance requirement tied to reporting. It is becoming regulated infrastructure for fraud prevention.
The LEI sits at the centre of this shift. It connects global standards to operational controls. It supports real time payments, continuous KYB, ownership transparency, and pre transaction fraud prevention.
Regulators are not mandating specific technologies lightly. They are responding to evidence that fragmented identity frameworks cannot protect modern financial systems.
Conclusion: regulation is catching up with reality
Fraud has evolved faster than the controls designed to stop it. Instant payments, digital trade, and global platforms demand real time trust, yet organisation identity has remained inconsistent and localised.
Regulators are now closing that gap. Fraud is no longer treated as an internal loss problem, it is a system wide risk that demands shared solutions.
The emergence of a new identity layer, centred around the increased adoption of the Legal Entity Identifier reflects this reality. One that in standardised, regulated and aligns global rules at a local level, and one that supports real time decision making to prevent fraud before funds move.
Watch the on-demand webinar: GLEIF & RapidLEI
The rising cost of fraud is forcing regulators and the industry to rethink how trust is established in payments, KYB and cross border trade. In this on demand webinar, experts from Global Legal Entity Identifier Foundation and RapidLEI explore how organisation identity is moving from regulatory reporting into live fraud prevention.
Watch now to learn:
- Why regulators are focusing on identity as a fraud control
- How LEIs support verification of payee, continuous KYB and cross border payments
- What practical adoption looks like for banks, PSPs and corporates
