What to Look for in Commercial Fraud: A Q&A with Director Troy Huth, CFE

As fraud tactics continue to evolve, commercial banks are facing a very different risk environment than they were just a few years ago. Criminals are shifting their focus away from heavily fortified consumer channels and toward commercial clients, where complexity, high-dollar transactions, and fragmented processes create new points of exposure.

To unpack what’s changing, where banks are seeing the most pressure, and how teams are adapting, we sat down with Troy Huth, CFE, Director at Auriemma Roundtables, to get his perspective on the most pressing issues shaping commercial fraud as we head into 2026.

Q: How is the commercial fraud landscape heading into 2026 meaningfully different from a few years ago?

As financial institutions have gotten better at putting controls in place, detecting fraud, and reducing losses in the consumer space, fraudsters have increasingly shifted their attention to commercial banking.

In many organizations, there is still less automation in commercial than in consumer, more manual processes, and technology stacks that are often fragmented across multiple platforms, which makes it harder to see the full picture. Commercial accounts also tend to have many authorized users, meaning more employees with access and, therefore, more potential targets for scams and social engineering.

Q: What’s actually changing about BEC attacks, and why do commercial clients remain so vulnerable?

Business email compromise is increasingly being used to target employees who have access to move funds. Fraudsters often spoof high-ranking executives within a company, information they can easily gather from sources like LinkedIn, and then send fake payment or wire instructions.

Advances in generative AI have made these messages more realistic and convincing, which increases the likelihood that an employee believes the request is legitimate and acts on it.

Q: How are banks thinking about shared responsibility when fraud is driven by client actions?

Commercial banking doesn’t have the same consumer protection framework as Regulation E, so in most cases the commercial accountholder is contractually liable for the loss.

That said, many financial institutions will choose to share in the loss in certain situations to preserve the client relationship and avoid losing the business.

Q: Where is AI or automation truly improving commercial fraud prevention today?

Broadly, AI is helping commercial banks automate manual processes. Within fraud specifically, it is being used to pull together information for investigations that historically required a lot of manual effort.

Many institutions are also exploring, or already using, AI to assist with drafting SAR narratives, which have traditionally been very time-consuming to produce.

Q: How are teams balancing stronger controls with fast, friction-light client experiences

You can eliminate a large portion of fraud through controls, but if you’re not careful, those controls can introduce so much friction that you lose clients. Finding the right balance between protection and experience is critical.

Time is money for commercial clients. If they can’t access their funds quickly, it can directly impact their business, and they will not tolerate overly burdensome controls.

Commercial fraud teams are increasingly leaning on technology such as machine learning models to detect changes in customer behavior and to flag higher-risk activity. Having the ability to pend money-movement transactions for verification is especially important given the high dollar values typically involved. While commercial banking may not see the same transaction volumes as consumer, the individual transaction amounts are often much larger.

Q: What’s the most common mistake banks make when modernizing their commercial fraud operating model?

When modernizing, banks need the ability to introduce new rules quickly so they can adapt at the same pace as fraudsters.

They also need the capability to pend transactions while they are being verified so large-dollar payments don’t immediately go out the door. If suspicious activity is detected but funds are allowed to move before verification is complete, significant losses can still occur.

Going Deeper with Auriemma Roundtables

Auriemma’s Commercial Fraud Roundtable gives senior commercial fraud leaders a closed-door forum to compare approaches, pressure-test controls, and share practical lessons from peers facing the same challenges.

To learn more about the advantages of participating, reach out to Zeenat Shah.