If there is one thing everyone in the financial industry felt in the last few years, it was the speed at which scams evolved. Fraudsters became smarter, attacks became faster, and stolen funds moved through dozens of accounts in seconds. Consumers were losing life savings. Banks and fintechs were overwhelmed. And regulators had to act.

This is the backdrop behind the Anti-Financial Account Scamming Act (AFASA), Republic Act No. 12010 — the Philippines’ most robust anti-scam law to date. AFASA reshapes how financial institutions detect fraud, protect accounts, coordinate with one another, and respond to disputes.

But while many have written about the law, most explanations feel overly legalistic or too high-level. What institutions really need is a practical, human-friendly breakdown of what AFASA truly means in day-to-day operations.

This blog does exactly that.

What Is AFASA? A Simple Explanation

AFASA exists for a clear purpose: to protect consumers from rapidly evolving digital fraud. The law recognises that as more Filipinos use e-wallets, online banking, and instant payments, scammers have gained more opportunities to exploit vulnerabilities.

Under AFASA, the term financial account is broad. It includes:

• Bank deposit accounts
• Credit card and investment accounts
• E-wallets
• Any account used to access financial products and services

The law focuses on three main categories of offences:

1. Money Muling

This covers the buying, selling, renting, lending, recruiting, or using of financial accounts to receive or move illicit funds. Many young people and jobseekers were unknowingly lured into mule networks — something AFASA squarely targets.

2. Social Engineering Schemes

From phishing to impersonation, scammers have mastered psychological manipulation. AFASA penalises the use of deception to obtain sensitive information or access accounts.

3. Digital Fraud and Account Tampering

This includes unauthorised transfers, synthetic identities, hacking incidents, and scams executed through electronic communication channels.

In short: AFASA criminalises both the scammer and the infrastructure used for the scam — the accounts, the networks, and the people recruited into them.

Why AFASA Became Necessary

Scams in the Philippines reached a point where traditional fraud rules, old operational processes, and siloed detection systems were not enough.

Scam Trend 1: Social engineering became hyper-personal

Fraudsters learned to sound like bank agents, government officers, delivery riders, HR recruiters — even loved ones. OTP harvesting and remote access scams became common.

Scam Trend 2: Real-time payments made fraud instant

InstaPay and other instant channels made moving money convenient — but also made stolen funds disappear before anyone could react.

Scam Trend 3: Mule networks became organised

Criminal groups built structured pipelines of mule accounts, often recruiting vulnerable populations such as students, OFWs, and low-income households.

Scam Trend 4: E-wallet adoption outpaced awareness

A fast-growing digital economy meant millions of first-time digital users were exposed to sophisticated scams they were not prepared for.

AFASA was designed to break this cycle and create a safer digital financial environment.

New Responsibilities for Banks and Fintechs Under AFASA

AFASA introduces significant changes to how institutions must protect accounts. It is not just a compliance exercise — it demands real operational transformation.

These responsibilities are further detailed in new BSP circulars that accompany the law.

1. Stronger IT Risk Controls

Financial institutions must now implement advanced fraud and cybersecurity controls such as:

• Device fingerprinting
• Geolocation monitoring
• Bot detection
• Blacklist screening for devices, merchants, and IPs

These measures allow institutions to understand who is accessing accounts, how, and from where — giving them the tools to detect anomalies before fraud occurs.

2. Mandatory Fraud Management Systems (FMS)

Both financial institutions and clearing switch operators (including InstaPay and PESONet) must operate real-time systems that:

• Flag suspicious activity
• Block disputed or high-risk transactions
• Detect behavioural anomalies

This ensures that fraud monitoring is consistent across the payment ecosystem — not just within individual institutions.

3. Prohibition on unsolicited clickable links

Institutions can no longer send clickable links or QR codes to customers unless explicitly initiated by the customer. This directly tackles phishing attacks that relied on spoofed messages.

4. Continuous customer awareness

Banks and fintechs must actively educate customers about:

• Cyber hygiene
• Secure account practices
• Fraud patterns and red flags
• How to report incidents quickly

Customer education is no longer optional — it is a formally recognised part of fraud prevention.

5. Shared accountability framework

AFASA moves away from the old “blame the victim” mentality. Fraud prevention is now a shared responsibility across:

• Financial institutions
• Account owners
• Third-party service providers

This model recognises that no single party can combat fraud alone.

The Heart of AFASA: Temporary Holding of Funds & Coordinated Verification

Among all the changes introduced by AFASA, this is the one that represents a true paradigm shift.

Previously, once stolen funds were transferred out, recovery was almost impossible. Banks had little authority to stop or hold the movement of funds.

AFASA changes that.

Temporary Holding of Funds

Financial institutions now have the authority — and obligation — to temporarily hold disputed funds for up to 30 days. This includes both the initial hold and any permitted extension. The purpose is simple:
freeze the money before it disappears.

Triggers for Temporary Holding

A hold can be initiated through:

• A victim’s complaint
• A suspicious transaction flagged by the institution’s FMS
• A request from another financial institution

This ensures that action can be taken proactively or reactively depending on the scenario.

Coordinated Verification Process

Once funds are held, institutions must immediately begin a coordinated process that involves:

• The originating institution
• Receiving institutions
• Clearing entities
• The account owners involved

This process validates whether the transaction was legitimate or fraudulent. It creates a formal, structured, and time-bound mechanism for investigation.

Detailed Transaction Logs Are Now Mandatory

Institutions must maintain comprehensive transaction logs — including device information, authentication events, IP addresses, timestamps, password changes, and more. Logs must be retained for at least five years.

This gives investigators the ability to reconstruct transactions and understand the full context of a disputed transfer.

An Industry-Wide Protocol Must Be Built

AFASA requires the entire industry to co-develop a unified protocol for handling disputed funds and verification. This ensures consistency, promotes collaboration, and reduces delays during investigations.

This is one of the most forward-thinking aspects of the law — and one that will significantly raise the standard of scam response in the country.

BSP’s Expanded Powers Through CAPO

AFASA also strengthens regulatory oversight.

BSP’s Consumer Account Protection Office (CAPO) now has the authority to:

• Conduct inquiries into financial accounts suspected of involvement in fraud
• Access financial account information required to investigate prohibited acts
• Coordinate with law enforcement agencies

Crucially, during these inquiries, bank secrecy laws and the Data Privacy Act do not apply.

This is a major shift that reflects the urgency of combating digital fraud.

Crucially, during these inquiries, bank secrecy laws and the Data Privacy Act do not apply.

This is a major shift that reflects the urgency of combating digital fraud.

Penalties Under AFASA

AFASA imposes serious penalties to deter both scammers and enablers:

1. Criminal penalties for money muling

Anyone who knowingly participates in using, recruiting, or providing accounts for illicit transfers is liable to face imprisonment and fines.

2. Liability for failing to protect funds

Institutions may be held accountable if they fail to properly execute a temporary hold when a dispute is raised.

3. Penalties for improper holding

Institutions that hold funds without valid reason may also face sanctions.

4. Penalties for malicious reporting

Consumers or individuals who intentionally file false reports may also be punished.

5. Administrative sanctions

Financial institutions that fail to comply with AFASA requirements may be penalised by BSP.

The penalties underscore the seriousness with which the government views scam prevention.

What AFASA Means for Banks and Fintechs: The Practical Reality

Here’s what changes on the ground:

1. Fraud detection becomes real-time — not after-the-fact

Institutions need modern systems that can flag abnormal behaviour within seconds.

2. Dispute response becomes faster

Timeframes are tight, and institutions need streamlined internal workflows.

3. Collaboration is no longer optional

Banks, e-wallets, payment operators, and regulators must work as one system.

4. Operational pressure increases

Fraud teams must handle verification, logging, documentation, and communication under strict timelines.

5. Liability is higher

Institutions may be held responsible for lapses in protection, detection, or response.

6. Technology uplift becomes non-negotiable

Legacy systems will struggle to meet AFASA’s requirements — particularly around logging, behavioural analytics, and real-time detection.

How Tookitaki Helps Institutions Align With AFASA

AFASA sets a higher bar for fraud prevention. Tookitaki’s role as the Trust Layer to Fight Financial Crime helps institutions strengthen their AFASA readiness with intelligent, real-time, and collaborative capabilities.

1. Early detection of money mule networks

Through the AFC Ecosystem’s collective intelligence, institutions can detect mule-like patterns sooner and prevent illicit transactions before they spread across the system.

2. Real-time monitoring aligned with AFASA needs

FinCense’s advanced transaction monitoring engine flags suspicious activity instantly — helping institutions support temporary holding procedures and respond within required timelines.

3. Deep behavioural intelligence and comprehensive logs

Tookitaki provides the contextual understanding needed to trace disputed transfers, reconstruct transaction paths, and support investigative workflows.

4. Agentic AI to accelerate investigations

FinMate, the AI investigation copilot, streamlines case analysis, surfaces insights quickly, and reduces investigation workload — especially crucial when time-sensitive AFASA processes are triggered.

5. Federated learning for privacy-preserving model improvement

Institutions can enhance detection models without sharing raw data, aligning with AFASA’s broader emphasis on secure and responsible handling of financial information.

Together, these capabilities enable banks and fintechs to strengthen fraud defences, modernise their operations, and protect financial accounts with confidence.

Looking Ahead: AFASA’s Long-Term Impact

AFASA is not a one-time regulatory update — it is a structural shift in how the Philippine financial ecosystem handles scams.

Expect to see:

• More real-time fraud rules and guidance
• Industry-wide technical standards for dispute management
• Higher expectations for digital onboarding and authentication
• Increased coordination between banks, fintechs, and regulators
• Greater focus on intelligence-sharing and network-level detection

Most importantly, AFASA lays the foundation for a safer, more trusted digital economy — one where consumers have confidence that institutions and regulators can protect them from fast-evolving threats.

Conclusion

AFASA represents a turning point in the Philippines’ fight against financial scams. It transforms how institutions detect fraud, protect accounts, collaborate with others, and support customers. For banks and fintechs, the message is clear: the era of passive fraud response is over.

The institutions that will thrive under AFASA are those that embrace real-time intelligence, strengthen operational resilience, and adopt technology that enables them to stay ahead of criminal innovation.

The Philippines has taken a bold step toward a safer financial system — and now, it’s time for the industry to match that ambition.

In early December 2025, Australian authorities executed one of the most significant financial crime crackdowns of the year — dismantling a sprawling A$150 million money-laundering syndicate operating across New South Wales. What began as an illicit tobacco investigation quickly escalated into a full-scale disruption of an organised network using shell companies, straw directors, and cross-border transfers to wash millions in criminal proceeds.

This case is more than a police success story. It offers a window into Australia’s evolving financial crime landscape — one where illicit trade, complex laundering tactics, and systemic blind spots intersect to form a powerful engine for organised crime.

The Anatomy of an Illicit Tobacco Syndicate

The syndicate uncovered by Australian Federal Police (AFP), NSW Police, AUSTRAC, and the Illicit Tobacco Taskforce was not a small-time criminal operation. It was a coordinated enterprise that combined distribution networks, financial handlers, logistics operators, and front companies into a single ecosystem.

What investigators seized tells a clear story:

• 10 tonnes of illicit tobacco
• 2.1 million cigarettes packaged for distribution
• Over A$300,000 in cash
• A money-counting machine
• Luxury items, including a Rolex
• A firearm and ammunition

These items paint the picture of a network with scale, structure, and significant illicit revenue streams.

Why illicit tobacco?

Australia’s tobacco excise — among the highest globally — has unintentionally created a lucrative black market. Criminal groups can import or manufacture tobacco products cheaply and sell them at prices far below legal products, yet still generate enormous margins.

As a result, illicit tobacco has grown into one of the country's most profitable predicate crimes, fuelling sophisticated laundering operations.

The Laundering Playbook: How A$150M Moved Through the System

Behind the physical contraband lay an even more intricate financial scheme. The syndicate relied on three primary laundering techniques:

a) Straw Directors and Front Companies

The criminals recruited individuals to:

• Set up companies
• Open business bank accounts
• Serve as “directors” in name only

These companies had no legitimate operations — no payroll, no expenses, no suppliers. Their sole function was to provide a façade of legitimacy for high-volume financial flows.

b) Rapid Layering Across Multiple Accounts

Once operational, these accounts saw intense transactional activity:

• Large incoming deposits
• Immediate outbound transfers
• Funds bouncing between newly created companies
• Volumes inconsistent with stated business profiles

This rapid movement made it difficult for financial institutions to track the money trail or link transactions back to illicit tobacco proceeds.

c) Round-Tripping Funds Overseas

To further obscure the origin of funds, the syndicate:

• Sent money to overseas accounts
• Repatriated it disguised as legitimate business payments or “invoice settlements”

To a bank, these flows could appear routine. But in reality, they were engineered to sever any detectable connection to criminal activity.

Why It Worked: Systemic Blind Spots Criminals Exploited

This laundering scheme did not succeed simply because it was complex — it succeeded because it targeted specific weaknesses in Australia’s financial crime ecosystem.

a) High-Profit Illicit Trade

Australia’s tobacco excise structure unintentionally fuels criminal profitability. With margins this high, illicit networks have the financial resources to build sophisticated laundering infrastructures.

b) Fragmented Visibility Across Entities

Most financial institutions only see one customer at a time. They do not automatically connect multiple companies created by the same introducer, or accounts accessed using the same device fingerprints.

This allows straw-director networks to thrive.

c) Legacy Rule-Based Monitoring

Traditional AML systems rely heavily on static thresholds and siloed rules:

• “Large transaction” alerts
• Basic velocity checks
• Limited behavioural analysis

Criminals know this — and structure their laundering techniques to evade these simplistic rules.

d) Cross-Border Complexity

Once funds leave Australia, visibility drops sharply. When they return disguised as payments from overseas vendors, they often blend into the financial system undetected.

Red Flags Financial Institutions Should Watch For

This case provides powerful lessons for compliance teams. Below are the specific indicators FIs should be alert to.

KYC & Profile Red Flags

• Directors with little financial or business experience
• Recently formed companies with generic business descriptions
• Multiple companies tied to the same:
  • phone numbers
  • IP addresses
  • mailing addresses
• No digital footprint or legitimate online presence

Transaction Red Flags

• High turnover in accounts with minimal retained balances
• Rapid movement of funds with no clear business rationale
• Structured cash deposits
• Transfers between unrelated companies with no commercial relationship
• Overseas remittances followed by identical inbound amounts weeks later

Network Behaviour Red Flags

• Shared device IDs used to access multiple company accounts
• Overlapping beneficiaries across supposedly unrelated entities
• Repeated transactions involving known high-risk sectors (e.g., tobacco, logistics, import/export)

These indicators form the behavioural “signature” of a sophisticated laundering ring.

How Tookitaki Strengthens Defences Against These Schemes

The A$150 million case demonstrates why financial institutions need AML systems that move beyond simple rule-based detection.

Tookitaki helps institutions strengthen their defences by focusing on:

a) Typology-Driven Detection

Pre-built scenarios based on real-world criminal behaviours — including straw directors, shell companies, layering, and round-tripping — ensure early detection of organised laundering patterns.

b) Network Relationship Analysis

FinCense connects multiple entities through shared attributes (IP addresses, devices, common directors), surfacing hidden networks that traditional systems miss.

c) Behavioural Analytics

Instead of static thresholds, Tookitaki analyses patterns in account behaviour, highlighting anomalies even when individual transactions seem normal.

d) Collaborative Intelligence via the AFC Ecosystem

Insights from global financial crime experts empower institutions to stay ahead of emerging laundering techniques, including those tied to illicit trade.

e) AI-Powered Investigation Support

FinMate accelerates investigations by providing contextual insights, summarising risks, and identifying links across accounts and entities.

Together, these capabilities help institutions detect sophisticated laundering activity long before it reaches a scale of A$150 million.

Conclusion: Australia’s New Financial Crime Reality

The A$150 million illicit tobacco laundering bust is more than a headline — it’s a signal.

Illicit trade-based laundering is expanding. Criminal networks are becoming more organised. And traditional monitoring systems are no longer enough to keep up.

For banks, fintechs, regulators, and law enforcement, the implications are clear:

• Financial crime in Australia is evolving.
• Laundering networks now mirror corporate structures.
• Advanced AML technology is essential to stay ahead.

As illicit tobacco continues to grow as a predicate offence, the financial system must be prepared for more complex laundering operations — and more aggressive attempts to exploit gaps in institutional defences.

1. Introduction of the Scam

In one of Australia’s most astonishing financial crime cases, police arrested a mother and daughter in November 2025 for allegedly running a two hundred million dollar fraud and money laundering syndicate. Their cover was neither a shell company nor a darknet marketplace. They presented themselves as psychics who claimed the ability to foresee danger, heal emotional wounds, and remove spiritual threats that supposedly plagued their clients.

The case captured national attention because it combined two worlds that rarely collide at this scale. Deep emotional manipulation and sophisticated financial laundering. What seemed like harmless spiritual readings turned into a highly profitable criminal enterprise that operated quietly for years.

The scam is a stark reminder that fraud is evolving beyond impersonation calls and fake investment pitches. Criminals are finding new ways to step into the most vulnerable parts of people’s lives. Understanding this case helps financial institutions identify similar behavioural and transactional signals before they escalate into million dollar losses.

2. Anatomy of the Scam

Behind the illusion of psychic counselling was a methodical, multi layered fraud structure designed to extract wealth while maintaining unquestioned authority over victims.

A. Establishing Irresistible Authority

The syndicate created an aura of mystique. They styled themselves as spiritual guides with special insight into personal tragedies, relationship breakdowns, and looming dangers. This emotional framing created an asymmetric relationship. The victims were the ones seeking answers. The scammers were the ones providing them.

B. Cultivating Dependence Over Time

Victims did not transfer large sums immediately. The scammers first built trust through frequent sessions, emotional reinforcement, and manufactured “predictions” that aligned with the victims’ fears or desires. Once trust solidified, dependence followed. Victims began to rely on the scammers’ counsel for major life decisions.

C. Escalating Financial Requests Under Emotional Pressure

As dependence grew, payments escalated. Victims were told that removing a curse or healing an emotional blockage required progressively higher financial sacrifices. Some were convinced that failing to comply would bring harm to themselves or loved ones. Fear became the payment accelerator.

D. Operating as a Structured Syndicate

Although the mother and daughter fronted the scheme, police uncovered several associates who helped receive funds, manage assets, and distance the organisers from the flow of money. This structure mirrored the operational models of organised fraud groups.

E. Exploiting the Legitimacy of “Services”

The payments appeared as consulting or spiritual services, which are common and often unregulated. This gave the syndicate a major advantage. Bank transfers looked legitimate. Transaction descriptions were valid. And the activity closely resembled the profiles of other small service providers.

This blending of emotional exploitation and professional disguise is what made the scam extraordinarily effective.

3. Why Victims Fell for It: The Psychology at Play

People often believe financial crime succeeds because victims are careless. This case shows the opposite. The victims were targeted precisely because they were thoughtful, concerned, and searching for help.

A. Authority and Expertise Bias

When someone is positioned as an expert, whether a doctor, advisor, or psychic, their guidance feels credible. Victims trusted the scammers’ “diagnosis” because it appeared grounded in unique insight.

B. Emotional Vulnerability

Many victims were dealing with grief, loneliness, uncertainty, or family conflict. These emotional states are fertile ground for manipulation. Scammers do not need access to bank accounts when they already have access to the human heart.

C. The Illusion of Personal Connection

Fraudsters used personalised predictions and tailored spiritual advice. This created a bond that felt intimate and unique. When a victim feels “understood,” their defences lower.

D. Fear Based Decision Making

Warnings like “your family is at risk unless you act now” are extremely powerful. Under fear, rationality is overshadowed by urgency.

E. The Sunk Cost Trap

Once a victim has invested a significant amount, they continue paying to “finish the process” rather than admit the entire relationship was fraudulent.

Understanding these psychological drivers is essential. They are increasingly common across romance scams, deepfake impersonations, sham consultant schemes, and spiritual frauds across APAC.

4. The Laundering Playbook Behind the Scam

Once the scammers extracted money, the operation transitioned into a textbook laundering scheme designed to conceal the origin of illicit funds and distance the perpetrators from the victims.

A. Multi Layered Account Structures

Money flowed through personal accounts, associates’ accounts, and small businesses that provided cover for irregular inflows. This layering reduced traceability.

B. Conversion Into High Value Assets

Luxury goods, vehicles, property, and jewellery were used to convert liquid funds into stable, movable wealth. These assets can be held long term or liquidated in smaller increments to avoid detection.

C. Cross Jurisdiction Fund Movement

Authorities suspect that portions of the money were transferred offshore. Cross border movements complicate the investigative trail and exploit discrepancies between regulatory frameworks.

D. Cash Based Structuring

Victims were sometimes encouraged to withdraw cash, buy gold, or convert savings into prepaid instruments. These activities create gaps in the financial record that help obscure illicit origins.

E. Service Based Laundering Through Fake Invoices

The scammers reportedly issued or referenced “healing services,” “spiritual cleansing,” and similar descriptions. Because these services are intangible, verifying their legitimacy is difficult.

The laundering strategy was not unusual. What made it hard to detect was its intimate connection to a long term emotional scam.

5. Red Flags for FIs

Financial institutions can detect the early signals of scams like this through behavioural and transactional monitoring.

Key Transaction Red Flags

1. Repeated high value transfers to individuals claiming to provide advisory or spiritual services.
2. Elderly or vulnerable customers making sudden, unexplained payments to unfamiliar parties.
3. Transfers that increase in value and frequency over weeks or months.
4. Sudden depletion of retirement accounts or long held savings.
5. Immediate onward transfers from the recipient to offshore banks.
6. Significant cash withdrawals following online advisory sessions.
7. Purchases of gold, jewellery, or luxury goods inconsistent with customer profiles.

Key Behavioural Red Flags

1. Customers showing visible distress or referencing “urgent help” required by an adviser.
2. Hesitation or refusal to explain the purpose of a transaction.
3. Uncharacteristic secrecy regarding financial decisions.
4. Statements referencing curses, spiritual threats, or emotional manipulation.

KYC and Profile Level Red Flags

1. Service providers with no registered business presence.
2. Mismatch between declared income and transaction activity.
3. Shared addresses or accounts among individuals connected to the same adviser.

Financial institutions that identify these early signals can prevent significant losses and support customers before the harm intensifies.

6. How Tookitaki Strengthens Defences

Modern financial crime is increasingly psychological, personalised, and disguised behind legitimate looking service payments. Tookitaki equips institutions with the intelligence and technology to identify these patterns early.

A. Behavioural Analytics Trained on Real World Scenarios

FinCense analyses changes in spending, emotional distress indicators, unusual advisory payments, and deviations from customer norms. These subtle behavioural cues often precede standard red flags.

B. Collective Intelligence Through the AFC Ecosystem

Compliance experts across Asia Pacific contribute emerging fraud scenarios, including social engineering, spiritual scams, and coercion based typologies. Financial institutions benefit from insights grounded in real world criminal activity, not static rules.

C. Dynamic Detection Models for Service Based Laundering

FinCense distinguishes between ordinary professional service payments and laundering masked as consulting or spiritual fees. This is essential for cases where invoice based laundering is the primary disguise.

D. Automated Threshold Optimisation and Simulation

Institutions can simulate how new scam scenarios would trigger alerts and generate thresholds that adapt to the bank’s customer base. This reduces false positives while improving sensitivity.

E. Early Intervention for Vulnerable Customers

FinCense helps identify elderly or high risk individuals who show sudden behavioural changes. Banks can trigger outreach before the customer falls deeper into manipulation.

F. Investigator Support Through FinMate

With FinMate, compliance teams receive contextual insights, pattern explanations, and recommended investigative paths. This accelerates understanding and action on complex scam patterns.

Together, these capabilities form a proactive defence system that protects victims and reinforces institutional trust.

7. Conclusion

The two hundred million dollar psychic scam is more than a headline. It is a lesson in how deeply fraud can infiltrate personal lives and how effectively criminals can disguise illicit flows behind emotional manipulation. It is also a warning that traditional monitoring systems, which rely on transactional patterns alone, may miss the early behavioural signals that reveal the true nature of emerging scams.

For financial institutions, two capabilities are becoming non negotiable.

1. Understanding the human psychology behind financial crime.
2. Using intelligent, adaptive systems that can detect the behavioural and transactional interplay.

Tookitaki helps institutions meet both challenges. Through FinCense and the AFC Ecosystem, institutions benefit from collective intelligence, adaptive detection, and technology designed to understand the complexity of modern fraud.

As scams continue to evolve, so must defences. Building stronger systems today protects customers, prevents loss, and strengthens trust across the financial ecosystem.