Evolving Threats in the Bank Branch Footprint: ATM Fraud, Internal Fraud, and AML Compliance

In the drive to digitize, FIs may have a critical vulnerability exposed: the fraud and AML risks within their branch networks that still stem from physical branches.

Even as branch footprints evolve, physical locations still serve as important interaction points for both true customers and—at times—bad actors. And as branch networks are more closely integrated with digital channels, these locations can introduce unique risks and exposure to evolving fraud schemes and compliance challenges, particularly check fraud, internal and teller-assisted fraud, and money laundering.

New Tactics in Check Fraud

Lagged check fraud (or “kiting”) has proven persistent even as fraud controls overall grow more sophisticated. The enduring link between new accounts and check fraud risk presents a particular challenge for branch operations, where physical check deposits and non-customer check-cashing remain routine services.

Treasury Checks represent another area of operational exposure for branches. While Executive Order 14247 aims to modernize federal disbursements by reducing paper check volumes, the transition to digital payments may create new vulnerabilities that fraudsters could exploit, potentially impacting branch operations tasked with handling customer disputes and claim processes. Similarly, a persistent issue for branches has been payee name verification for Treasury Checks, contributing to loss exposure.

To mitigate these risks, branch executives are considering enhanced verification tools, such as barcode and QR code readers capable of authenticating Treasury Checks, as well as integrating name-matching technologies at the teller line. Additionally, revisiting front-line procedures for non-customer check-cashing and escalating thresholds for manual review can help address fraud exposures tied to new account activity and kiting schemes. Finally, regular benchmarking against peer institutions can reveal evolving fraud typologies, assess the effectiveness of their current controls, and identify gaps in fraud detection.

Insider Risk in the Age of Automation

Internal fraud and teller-assisted schemes are a persistent—and in some cases, escalating—risk within branch environments. Insider threats have become more nuanced, particularly as institutions adopt automated teller cash recyclers, centralized transaction processing hubs, and role-based access management systems. Ironically, these efficiency gains can mask transactional anomalies and erode front-line accountability if not carefully controlled.

“We’re seeing a concerning rise in collusion fraud, where internal staff – sometimes deceived, coerced, or even bribed – are exploited by external fraudsters,” said Auriemma Roundtables Director Troy Huth. “This can lead to serious breaches like bypassing transaction limits, tampering with KYC records, or overriding dual-control safeguards, especially in high-value cash transactions.”

Another emerging trend is the use of synthetic identities in branch-facilitated fraud schemes, where teller staff – either complicit or inadequately trained – fail to detect red flags associated with account opening fraud or fraudulent loan origination. In a more digitized onboarding environment, fraudsters exploit any residual manual or paper-based processes within the branch network as weak links in the identity verification chain.

Some institutions are adopting enterprise-wide insider threat programs that combine cross-channel data analytics, behavior anomaly detection, and privileged access monitoring. By correlating teller transaction logs with HR data (e.g., abnormal working hours, financial distress indicators) and internal hotline reports, banks can triangulate early indicators of insider risk.

Branches: The Front Line in Financial Crime Detection

AML compliance expectations continue to intensify under the weight of expanding regulatory mandates, cross-border information sharing protocols, and evolving criminal methodologies.

In fact, branches have become a high-risk nexus for placement and layering stages of money laundering, particularly given the enduring preference by certain criminal organizations for cash-intensive business deposits, trade-based laundering through physical documentation, and abuse of correspondent banking arrangements facilitated through branch networks.

In response, forward-looking banks are investing in next-generation AML transaction monitoring systems capable of fusing digital and physical transaction data, enabling more holistic risk profiling and faster interdiction of suspicious activities. Some institutions are piloting AI-powered surveillance tools deployed directly at branch level, which can dynamically assess cash transaction patterns, document anomalies, and customer behavioral red flags during teller interactions.

Equally critical is the upskilling of branch personnel to act as “AML first responders.” In leading organizations, tellers, relationship managers, and branch supervisors are being equipped with advanced typology training, real-world case studies, and escalation playbooks that reflect the latest laundering methodologies. Moreover, institutions are deploying real-time escalation tools embedded into teller platforms, empowering staff to trigger alerts or flag suspicious behaviors without fear of reprisal or operational friction.

Finally, the tightening of beneficial ownership reporting obligations, trade finance AML scrutiny, and cross-border transaction transparency mandates necessitates that branch teams are equipped to conduct enhanced customer due diligence at the point of interaction—often under conditions of high customer expectation and time pressure.

The Power of Collaboration

As fraud typologies grow more complex and branch operations become increasingly integrated with digital ecosystems, financial institutions need sharper insights and stronger peer connections to adapt their branch fraud, technology integration, and compliance strategies.

Auriemma Roundtables’ Bank Branch Operations Roundtable offers members a forum to explore these challenges, benchmark best practices, and collaborate on strategies to mitigate risks unique to the branch environment.

The next virtual meeting will be held on July 15 and 16: To get involved, contact Warren Murphy, or RSVP here.