The 2026 Compliance Landscape (Part 2 of 3)

2026 is the year fraud prevention stopped being optional — and started being a liability issue.

If you missed Part 1 on the regulatory shift, catch up here: https://www.jfourthsolutions.com/post/the-2026-compliance-landscape-part-1-of-3

Here's what's changing about who pays when things go wrong:

1. The Global Push on Fraud Liability

2026 marks a turning point in who pays when fraud succeeds.

The UK led the charge with its mandatory APP fraud reimbursement rules, now in force for over year. The results are striking: 86% of stolen funds are being returned to victims, up from 68% the previous year. Liability is now split 50/50 between sending and receiving payment service providers - a fundamental shift that makes fraud prevention everyone's problem.

Europe is following suit. PSD3, expected to be finalised this year, will expand liability beyond banks to include telecoms and online platforms under a "shared liability model." If a scam originates from a spoofed phone number or fraudulent social media post, the platform that failed to remove it may share financial responsibility.

In the United States, the Protecting Consumers from Payment Scams Act is pushing to amend the Electronic Fund Transfer Act, requiring banks to share liability for "fraudulently induced" transfers.

The Strategic Opportunity:

→ Fraud Prevention as Liability Management: Invest in detection and intervention capabilities now, before reimbursement obligations hit your bottom line.

→ Cross-Sector Collaboration: PSD3's shared liability model means banks, telecoms, and platforms must build information-sharing mechanisms. Those who move first will shape the standards.

→ Victim-Centric Design: The 86% reimbursement rate in the UK proves that protecting consumers and protecting the institution can align. Build systems that do both.

The Risks to Manage:

→ Receiving Bank Exposure: The 50/50 liability split means your mule account detection capabilities are now directly tied to your financial exposure.

→ The Corruption Nexus: Fraud doesn't operate in isolation. The same shell companies used to layer bribe payments are used to receive scam proceeds. The same weak KYC that enables corrupt PEPs to move money enables romance scammers to cash out. When we strengthen fraud prevention infrastructure, we're simultaneously closing doors that corruption exploits.

2. Stablecoins Take Centre Stage

While CBDCs remain in development across many jurisdictions, stablecoins have emerged as the more immediate regulatory focus.

The United States passed the GENIUS Act, establishing the first federal framework for digital asset regulation. This legitimises stablecoins as a recognised component of the financial system while introducing new compliance obligations.

Why does this matter for corruption?

Stablecoins have become a preferred vehicle for moving illicit funds across borders, including bribe payments and the proceeds of corruption. Venezuela's sanctioned oil company accepting USDT to bypass traditional banking is just one example. The same characteristics that make stablecoins attractive for legitimate use - speed, low cost, borderless transfers, make them attractive for those seeking to evade controls.

The Strategic Opportunity:

→ First-Mover Advantage: Organisations that build compliant stablecoin infrastructure now will be positioned to capture market share as regulatory clarity emerges.

→ Financial Inclusion Use Cases: Stablecoins offer genuine potential for low-cost remittances and cross-border payments, if the compliance infrastructure is proportionate to the risk. This aligns directly with FATF's proportionality mandate from Part 1: applying high-friction controls to low-risk transactions is now a technical compliance failure.

The Risks to Manage:

→ Transaction Monitoring Gaps: Traditional transaction monitoring systems weren't built for on-chain activity. Detecting corruption-related flows requires new capabilities - wallet clustering, chain analytics, and understanding of mixing services and privacy coins.

→ Regulatory Patchwork: The GENIUS Act is US-focused. MiCA governs Europe. Asia remains fragmented. Organisations operating across jurisdictions must navigate an evolving patchwork of requirements around reserves, disclosures, and AML obligations.

→ The De-Pegging Risk: Not all stablecoins are created equal. Consumer protection requires understanding and communicating the difference between fully-reserved, algorithmic, and partially-backed stablecoins. The collapse of TerraUSD remains a cautionary tale.

3. ESG Regulatory Divergence

Environmental, social, and governance requirements have entered a period of regulatory chaos.

The United States has pulled back federal ESG mandates while California and the European Union expand requirements. There appears to be a lot of confusion still to be sorted, creating compliance burdens for organisations operating across jurisdictions.

The "G" in ESG - governance, is where corruption lives. And the divergence in ESG frameworks creates real risk: organisations may deprioritise anti-corruption governance in jurisdictions where ESG mandates have softened, only to face reputational and legal consequences when those gaps are exposed.

The Strategic Opportunity:

→ Governance as Competitive Advantage: While competitors race to the regulatory floor, organisations that maintain robust anti-corruption governance will be better positioned for cross-border operations, investor confidence, and regulatory resilience.

→ Integrated Reporting: The organisations that build integrated ESG and financial crime reporting frameworks now will avoid duplicative efforts as requirements converge over time.

The Risks to Manage:

→ The Lowest Common Denominator Trap: The lack of global alignment tempts organisations to meet only the minimum requirements in each jurisdiction. But the floor should be set by ethics, not by the lowest common regulatory denominator. Reputational risk doesn't respect jurisdictional boundaries.

→ Supply Chain Blind Spots: ESG due diligence increasingly extends to third parties and supply chains. The same opacity that enables environmental and labour violations often enables corruption. Organisations must build visibility into their extended networks.

→ Greenwashing Meets Corruption: False ESG claims aren't just a marketing problem. They can constitute fraud. And where there's fraud, there's often corruption. The intersection of ESG misrepresentation and financial crime is an emerging enforcement frontier.

The Bottom Line

The common thread across fraud liability, stablecoin regulation, and ESG divergence? Liability is expanding. Accountability is shifting. And the cost of inaction is rising.

Part 1 explored how enforcement is fragmenting with the US narrowing FCPA priorities while Malaysia's MACC seized RM8.4 billion and the UK expanded corporate liability with "failure to prevent fraud."

Part 2 shows where that fragmented enforcement meets operational reality: in the fraud you reimburse, the stablecoins you process, and the governance gaps your competitors might exploit.

The liability revolution isn't just about who reimburses victims. It's about building systems robust enough to resist the full spectrum of financial crime.

The direction of travel is clear. Organisations that wait for enforcement to catch up will find themselves exposed. Those that build robust, integrated frameworks now will be positioned to thrive.

The question isn't whether your organisation is compliant with one jurisdiction. It's whether your framework is resilient enough for all of them, and whether it protects the people the financial system is meant to serve.

-----

📚 Read the complete series:

• Part 1 - The Regulatory Shift: [INSERT URL]

• Part 3 - Building Resilient Frameworks: [Coming Soon]

-----

JFourth works at the intersection of compliance, technology, and financial inclusion, helping organisations harness innovation responsibly while protecting the people the financial system is meant to serve.

Get in touch to learn more.