Romance scams pose a growing threat to banks and financial institutions, with potentially significant financial consequences. While chief risk officers focus on modeling credit losses, mitigating operational risks and ensuring regulatory compliance, a complex and growing system of fraud threatens customer portfolios, institutional reputations and financial stability – often without triggering existing risk monitoring systems.
Given that romance scam incidents have increased dramatically since 2014, the trend warrants thoughtful attention from risk committees. Moreover, these sophisticated, relationship-driven attacks bear little resemblance to the transaction-based crimes that are the focus of traditional fraud detection models. For risk managers accustomed to quantifying tail risks, romance scams present a particularly troubling scenario: a high-impact event that occurs with increasing frequency but remains largely invisible to conventional risk models and due-diligence monitoring.
Scams Harm Both Customers and Their Institutions
From a credit risk perspective, consumer scams – including romance scams – represent a hidden source of portfolio deterioration. Recently published Federal Trade Commission data indicate a significant rise in consumer fraud losses, with Americans reporting losses exceeding $12.5 billion in 2024 – a 25% increase from 2023.
Cristian deRitis
This growth is attributed not to an increase in the number of reports, but to a larger share of victims experiencing financial losses, rising from 27% to 38%. Notably, affected individuals frequently liquidated retirement accounts, refinanced homes, or maximized credit facilities such as home equity lines, under the belief that they were supporting legitimate relationships.
Romance scams have negative ramifications for financial institutions as well as the victims, as credit exposures increase precisely as the customer’s ability to repay decreases. The $4.8 billion in losses reported by victims over 60 in 2024 suggests that financial institutions with significant exposure to affluent retirees are particularly exposed, as over 147,000 people in this age group reported being the victim of a scam.
Operational and Reputational Risks Accelerate
Romance scams present operational risk through multiple channels that compound over time.
First-party fraud claims surge when victims eventually recognize their victimization and attempt to recover losses through their financial institutions. The claim amounts – often exceeding $100,000 – require extensive resources to investigate and frequently result in customer litigation regardless of the outcome.
Richard Graham
Beyond the customer risk, another problematic aspect of this scam is the potential for reputational risk. Romance scam victims and their families may become vocal advocates, generating negative media attention that could put the names of their financial institutions in the spotlight.
A further complication is the emergence of “recovery scams,” or secondary frauds targeting known romance scam victims. Institutions must now consider whether customers reporting romance scam losses face elevated risk for subsequent victimization, requiring enhanced monitoring and difficult conversations about a customer’s capacity for financial decision-making. The involvement of children and other relatives may further complicate the situation.
Regulatory and Compliance Risks
The regulatory landscape around romance scams is evolving rapidly, creating compliance risk for institutions that fail to adapt their monitoring systems. Regulators such as the Financial Crimes Enforcement Network (FinCEN) increasingly expect financial institutions to identify and intervene in romance scam transactions early on, even though these payments may appear to be legitimate to traditional fraud monitoring systems.
New legislation is also being considered in response to the growing issue, including the Romance Scam Prevention Act. This bill seeks to reduce the number of online romance scam incidents by mandating that online dating services provide “fraud ban notifications” to users who have received messages from someone who has been banned from the platform for fraudulent activity.
Regulatory measures targeting shell-company transparency demonstrate an increased awareness among authorities that criminals, including romance scammers, are utilizing complex corporate structures to conceal the proceeds of fraud. A recent analysis by Moody’s of 21 million shell company indicators revealed that scammers are employing advanced money laundering strategies, which could subject financial institutions that inadvertently process such transactions to heightened regulatory scrutiny.
In addition, for government entities managing a large number of employees or contractors, romance scams present security clearance risks when personnel become financially compromised through victimization. The financial stress and potential blackmail exposure created by romance scams can compromise individuals and lead to additional operational risks as victims seek to extricate themselves from difficult situations.
Technology Arms Race
The integration of artificial intelligence (AI) into romance scam operations presents a significant emerging technological threat that may further complicate current fraud detection methods. Deepfake video technology now enables “video verification” calls featuring non-existent individuals, while large language models (LLMs) can sustain consistent personas across extended periods, engaging with multiple victims simultaneously.
This technological sophistication means that traditional fraud indicators – poor grammar, inconsistent stories, reluctance to meet in person – are becoming less relevant. Risk managers must consider whether their fraud detection models and training are up to the task of dealing with the evolving threat landscape.
Focusing on Vulnerable Demographics
The distribution of losses from various types of scams results in portfolio risk for financial institutions serving particular customer segments. While all age groups are vulnerable, individuals over 50 account for approximately two-thirds of reported losses. Actual losses are likely much higher due to underreporting.
This creates risk for wealth management firms, private banks, and institutions serving affluent retirees that may not be apparent in traditional portfolio analytics. A single successful romance scam targeting a high-net-worth client could result in losses equivalent to the lifetime fee revenue from multiple customers.
Corporate employers face similar risks when considering the financial vulnerability of their workforce. The surge in extortion targeting younger demographics through social media and chat applications suggests that employers may need to address fraud victimization as a workplace risk factor affecting productivity and the security of information and financial systems.
Criminal Enterprises Take Scamming to the Next Level
Perhaps most concerning from a systemic risk perspective is the industrialization of romance scam operations. Raids on “fraud factories” in Southeast Asia and Africa have revealed operations with hundreds of workers, sophisticated technology infrastructure, and territorial expansion strategies that mirror – and even exceed – legitimate multinational corporations.
The involvement of organized crime groups brings operational sophistication, corruption capabilities, and geographic diversification that can evade traditional threat models. These organizations treat romance scams as scalable business processes, continuously optimizing their operations through advanced data analytics and performance management. Essentially, scammers are building their own risk management capabilities to maximize their returns.
Risk Assessment Framework Gaps
Existing enterprise risk assessment frameworks may fail to adequately capture romance scam threats because they don’t fit squarely into one traditional risk category. These crimes span operational risk (through customer impact and remediation costs), credit risk (through customer financial impairment), regulatory risk (through compliance failures) and reputational risk (through negative publicity and litigation).
The gradual nature of romance scam victimization means that traditional anomaly detection systems may miss the patterns entirely. Unlike credit card fraud or check kiting, romance scams may unfold over months or even years, with payment patterns that are consistent with legitimate expenses or investment activities.
Parting Thoughts
Effective romance scam risk management requires a fundamental shift from transaction-focused monitoring to relationship-pattern analysis. Institutions should consider implementing behavioral analytics that can identify gradual escalation in international transfers, unusual asset liquidation patterns, or deviations from established customer spending behaviors that may indicate financial exploitation.
Firms should undertake regular assessments of romance scam exposure, including analyzing customer demographics that correlate with higher victimization rates. This analysis, in turn, should inform portfolio management decisions and customer education.
Crucially, risk managers must recognize that romance scams represent a fundamental challenge to the assumption that customers always act in their own financial interests. Models that assume economic rationality may prove inadequate when emotional manipulation overrides logical decision-making.
The romance scam epidemic serves as a reminder that as financial systems become more sophisticated and safeguards increase, bad actors adapt their methods accordingly. The question for enterprise risk managers isn’t whether romance and other scams will continue to evolve; it’s whether their risk frameworks can evolve quickly enough to protect their institutions and customers from the growing threat.
Cristian deRitis is Managing Director and Deputy Chief Economist at Moody’s Analytics. As the head of econometric model research and development, he specializes in analyzing current and future economic conditions, scenario design, consumer credit markets and housing. In addition to his published research, Cristian is a co-host of the popular Inside Economics Podcast. He can be reached at cristian.deritis@moodys.com.
Richard Graham is Director for Financial Crime at Moody’s. With over 20 years’ experience, he brings deep expertise in technologies addressing fraud, money laundering and sanctions. Richard has advised some of the world’s largest financial institutions, government agencies and fintechs on complex financial crime technology challenges. He serves as an advisor to the Coalition Against Financial Crime (CAFC), an industry group focused on ending financial crime. He can be reached at richard.graham@moodys.com.
Topics: AML & Fraud
