As Southeast Asia’s digital economy scales, scams and AI-enabled social engineering are scaling with it, widening the attack surface for banks, fintechs, and digital platforms.

Against a backdrop of high scam exposure, the Philippines is entering a new phase in scam and fraud enforcement with its Anti-Financial Account Scamming Act (AFASA) – and the timing is telling. 

Recent findings show 77% of Filipinos have encountered a scam, with consumers facing an average of 239 scam encounters/attempts per year – above the wider Southeast Asia average, where 63% of adults reported encountering scams. 

In that context, AFASA is less about introducing “new rules” in isolation, and more about formalizing a shift that’s already underway across the region: fraud prevention and AML can’t be treated as back-office functions after growth happens. They are increasingly becoming foundational to trust, customer experience, and sustainable scaling. 

We gleaned more insights from Troy Nyi Nyi, SVP & GM, APAC, SEON.

Why do you think AFASA came at the right time, and what does it signal about where fraud/AML regulation is headed across Southeast Asia?

Troy: AFASA lands as Southeast Asia’s digital rails such as instant payments, interoperable QR and mobile wallets have become mainstream.

The Global Anti-Scam Alliance (GASA) estimates US$442 billion lost to scams globally with 1 in 2 people experiencing a scam; in Southeast Asia, scammers most commonly receive funds via wire/bank transfer (48%) and digital/e-wallets (36%), which is far higher than global averages.

Alongside AFASA, regulators across the region are strengthening safeguards, from faster-payments risk guidance to e-KYC and coordinated scam-response playbooks. What’s emerging is:

  • Continuous, proportionate risk assessment from first touch (pre-KYC) through login, session, checkout and payouts, with approve/step-up/hold outcomes that are explainable by design. Pre-KYC evaluation that combines identity evidence with device, network and behavioral signals helps low-risk users move instantly, while higher-risk users receive targeted step-ups.
  • A unified workflow that connects screening, alerting, investigations and casework so campaign-level activity is surfaced and contained quickly. Analysts get network graph relationship views and movement-of-funds visualization that expose shared devices, coordinated movements and layering patterns.
  • Jurisdiction-aware governance with configurable screening profiles and rule categories aligned to local lists and standards, while keeping outcomes consistent and auditable across borders, allowing teams to tune sources and match sensitivity by market without heavy engineering.

Taken together, AFASA points to a regional future where readiness is measured by speed, explainability and market-by-market adaptability without sacrificing customer experience.

As digital economies grow, what fraud patterns are changing fastest (especially AI-enabled scams), and what are business leaders underestimating?

Troy: AI has industrialized fraud. Adversarial and agentic tools can sustain believable personas across channels, generate convincing documents and voice/video, and iterate at machine speed. This scales social engineering, automates account farming and accelerates coordinated scams.

We’re seeing synthetic identity bursts around promotions, bot-driven account creation tuned to bypass basic velocity/rate limits and deepfake-assisted schemes that move victims onto faster rails. Mule networks have professionalized; coordinated payout flows and refunds can mask layering and structuring inside legitimate-looking activity.

Leaders often underestimate where risk begins and where it hides. It begins pre-KYC on the landing page – device intelligence, network context, navigation flow, timing cadence and early digital-footprint checks separate genuine users from scripted automation. It hides in refunds and payouts, where overlapping devices/IPs signal movement toward mule accounts.

Teams that baseline “good” behavior, blend signals in real time and keep decisions explainable (using similarity ranking to surface linked entities and AI summaries to condense investigations) will protect conversion and contain losses earlier.

Why should fraud prevention and AML be viewed as a core growth investment for scaling businesses, rather than a back-office afterthought?

Troy: Trust now drives conversion, unit economics and partner readiness. Behavior-aware, proportionate controls reduce false positives, write-offs and manual-review load while keeping genuine customers moving – turning risk management into an advantage, not a tax on growth.

For firms scaling across Southeast Asia, explainable decisions and audit-ready trails shorten partner diligence, streamline regulator interactions and reduce time-to-launch. In practice, that means faster onboarding, fewer unnecessary step-ups
and more predictable loss rates.

Embedding fraud and AML into the product experience enables risk-based staging, supported by policy controls that show reviewers the “why” behind decisions and payment screening that covers both card and emerging rails to keep outcomes consistent.

A connected investigations flow that brings screening, monitoring, relationship mapping (shared devices/behaviors)
and payment-flow views into one path lets analysts see campaigns rather than isolated tickets and keep outcomes consistent across products and markets – so teams scale efficiently without trading off customer experience.

By adding concise, explainable AI case summaries, teams will further reduce handling time while keeping documentation audit-ready.

What does “readiness” look like in practice for banks and fintechs, especially when balancing conversion, compliance, and customer trust?

Troy: Banks and fintechs should start with first-touch-to-payout coverage, orchestrating identity evidence with device and network integrity, velocity and behavioral patterns so every interaction maps to approve, step-up, or hold with a clear reason. This helps teams stop automation early, keep genuine users moving and reduce downstream workload.

An API-first, modular approach makes it easier to iterate thresholds and add controls as volume grows.

They should also keep fraud and AML in one unified workflow, so screening alerts flow directly into investigations with relationship maps and payment-flow views. This helps analysts spot coordination sooner, cut hand-offs and resolve cases faster with consistent outcomes.

In addition, they should tune screening sources, list types and rule categories by market while keeping decisions consistent and auditable. This helps accelerate launches, shorten partner diligence and ease regulator reviews – with jurisdiction-specific screening profiles that adapt to local lists and matching sensitivity without rebuilding the stack.

Finally, they should track KPIs tied to customer experience and efficiency, drill peak-season playbooks
and use explainable models with a human in the loop. This helps lower false positives, limit manual reviews and give customers transparent next steps, while AI-generated timelines keep cross-functional teams aligned under pressure.