AI’s Double Edge: Accelerating Financial Fraud and Enabling Its Detection

AI as an accelerator of financial fraud

Artificial intelligence is fundamentally reshaping the scale and sophistication of financial fraud.

Established schemes – CEO fraud, spear-phishing, identity theft, phishing campaigns, quishing, ping calls, and deepfakes – are becoming more convincing, faster to deploy and harder to detect. The use of AI in the commission of a wide range of criminal offences has now emerged as one of the most significant operational risks facing corporates and financial institutions alike.

This risk is no longer prospective. The Arup case in Hong Kong demonstrated that a deepfake video-conference fraud could lead an employee to authorise multiple wire transfers after believing they were communicating with genuine company executives, all of whom had been artificially generated.

Identifying liability behind the tool

At this stage, few French decisions expressly mention artificial intelligence in the context of financial fraud cases. AI does not fundamentally alter the application of the general principles and established categories of French criminal law. It is simply a means by which the physical element of an offence is carried out. Where the relevant statutory provision permits, the constituent elements of the offence will fall to be assessed against the user, to whom criminal responsibility may be attributed. It is therefore a matter of applying, in the traditional manner, the rules on the criminal liability of natural persons or legal entities where the conditions are met (Criminal Code, Article 121-1; Criminal Code, Article 121-2).

The position becomes more nuanced, however, where an AI system is no longer merely executing a simple instruction. Generative AI models such as ChatGPT, Gemini or Claude can produce outputs that were not entirely determined by the user, as they exercise a degree of creative latitude in the means by which they achieve the desired result. This blurs the causal link between the individual, the tool and the harm caused, as well as the requisite mental element needed to establish the offence.

While AI may materially contribute to the commission of an offence, it cannot, under French law as it currently stands, be prosecuted as an autonomous author, given that it possesses neither legal personality nor distinct criminal capacity. Article 121-4 of the Criminal Code refers to a “person” who commits or attempts to commit an offence. Given that criminal statutes must be strictly construed, the absence of legal personality prevents criminal liability from being directly attributed to an AI system.

It therefore follows that only a legal person (natural or corporate) can bear criminal liability for an offence committed through AI. Developers and users of AI systems are the natural candidates when fault can be established and causally linked to the conduct of the AI that gave rise to the offence.

The search for the party who controls the risk also prompts a re-examination of the concept of complicity. A user who deploys an AI system will remain the direct perpetrator of the offence. The position is less straightforward for the AI service provider: the mere act of making a tool available that is capable of being misused should not, in itself, be sufficient to establish criminal complicity. Articles 121-6 and 121-7 of the Criminal Code require that the assistance or facilitation be provided intentionally, in connection with the preparation or commission of the offence.

The decisive factor will therefore be the role effectively played by the provider. An AI service designed, configured and promoted so as to facilitate fraudulent uses will not be assessed in the same manner as a general-purpose tool that has been repurposed by an end-user in breach of its terms of service.

This analysis extends a debate already familiar in the digital sphere. Courts are increasingly confronted with technical services (hosting, encrypted messaging, communication interfaces, and software infrastructure) being used as vehicles for criminal activity. The central question is to distinguish the neutral provision of a service from knowing facilitation of unlawful activity.

These questions remain at an early stage of development. The rapid evolution of generative AI systems will inevitably renew the debate on the allocation of criminal liability between the developer and the user. In this context, the question of whether, and to what extent, a duty of vigilance may be imposed on developers is of central importance.

In this regard, Regulation (EU) 2024/1689 of the European Parliament and of the Council of 13 June 2024 laying down harmonised rules on artificial intelligence (the “AI Act”) provides an initial normative framework. The Regulation operates principally through the concept of “provider”, defined as the natural or legal person who develops, or causes to be developed, an AI system or a general-purpose AI model and places it on the market or puts it into service under their own name or trade mark.

The AI Act establishes a graduated approach based on the level of risk posed by AI systems. Systems classified as “high-risk” – in particular where deployed in sensitive sectors listed in Annex III, like biometrics, personal identification, certain critical infrastructure are subject to enhanced obligations. These include the implementation of a documented, continuous and regularly updated risk management system, together with the identification and mitigation of reasonably foreseeable misuse of the system.

The use of generative AI tools to refine fraudulent mechanisms, automate scam campaigns, or facilitate certain cybercriminal offences may well constitute precisely such foreseeable misuse. That said, generative AI models do not automatically fall within the high-risk regime. Their classification depends primarily on the specific use made of them in one of the domains covered by Annex III, or, in the case of the most powerful general-purpose AI models, on whether they may be classified as presenting a “systemic risk” within the meaning of the Regulation.

It should be noted, however, that this framework remains in flux. Recent European discussions surrounding the so-called “AI Omnibus” initiative are aimed at simplifying certain procedural obligations under the AI Act, in particular for innovative companies and certain industrial operators, and at extending several compliance deadlines applicable to high-risk AI systems.

Without establishing a distinct regime of criminal liability for AI developers, the AI Act therefore contributes to defining a European standard of vigilance and compliance that may, over time, influence the assessment of criminal fault or breach of a duty of care and safety. The principal obligations applicable to high-risk AI systems will come progressively into force from 2026 and 2027, subject to any adjustments arising from the Omnibus reforms. The question will then be whether and to what extent failure to comply with obligations of prevention, monitoring or anticipation of misuse may be relied upon to establish criminal liability on the part of the developer or provider of the AI system.

Finally, French courts also take into account the conduct of the victim. They may consider whether the corporate victim displayed excessive credulity, inadequate internal controls or an unduly delayed response following discovery of the fraud.

French courts may thus scrutinise more closely the behaviour of victims of AI-facilitated fraud, and in particular the measures deployed to prevent and detect this risk, measures which may themselves increasingly be developed with the assistance of AI.

AI as a tool for fraud detection and prevention

AI is not solely an accelerator of fraud. It is also becoming a tool for detection and prevention.

In France, this evolution is particularly evident in the field of anti-money laundering and counter-terrorist financing (AML/CFT). Article L. 561-2 of the Monetary and Financial Code imposes obligations on a broad range of entities, including financial and insurance sector institutions, as well as certain regulated professions. Financial sector actors are required to implement customer due diligence measures, compelling them to gather information on their clients in order to understand the risks each client presents and the transactions they are likely to undertake, to build a client profile and thereafter to monitor, on an ongoing basis, that transactions correspond to that profile.

In this context, the joint guidelines issued by the ACPR (Autorité de contrôle prudentiel et de résolution) and Tracfin (Traitement du renseignement et action contre les circuits financiers clandestins), published on 23 April 2025 and replacing the guidance in force since 2018, recommend the use of AI to refine client segmentation, improve alert mechanisms, and detect money-laundering networks or circuits that are not identifiable through traditional approaches.

The primary contribution of AI lies in the calibration of alerts. Where a conventional system triggers an alert upon the crossing of a fixed threshold, a more advanced system can assess a transaction by reference to the client’s actual profile, sector, turnover, payment habits or a comparable peer group. Machine learning and AI can detect atypical behaviour, reveal new risk typologies and adapt alert-triggering criteria to evolving client behaviour.

Human oversight nevertheless remains central. AI cannot, on its own, form the basis for a decision to submit a suspicious activity report to Tracfin. Under French law, such a report requires an individualised assessment of the facts, characterisation of the suspicion, and adequate documentation, notably in accordance with Articles L. 561-15 and R. 561-31 of the Monetary and Financial Code.

European supervision and compliance evidence

These developments are taking place against a more significant European backdrop. With effect from 10 July 2027, the European Anti-Money Laundering Regulation (AMLR) will be directly applicable throughout the European Union, establishing a more uniform body of rules for obliged entities.

For financial groups operating in multiple member states, the change is material: customer due diligence, know-your-customer, risk classification and monitoring obligations will no longer be assessed solely through the lens of potentially divergent national practices, but within a more harmonised European framework.

It is here that AI can prove genuinely useful, not because the new European framework mandates it, but because a more harmonised AML/CFT regime requires the processing of significant volumes of data, the identification of inconsistencies, the prioritisation of alerts and the documentation of decisions made by compliance teams.

Commercial communications and regulated professions

A further area of concern involves commercial communications. A company that uses AI to generate advertising, investment promises, commercial documents or presentations of financial services cannot shelter behind automation where the message misleads the public.

The position becomes yet more sensitive with respect to generative tools presenting themselves as lawyers. Under French law, Article 433-17 of the Criminal Code criminalises the unlawful use of a title associated with a regulated profession.

Articles 54 and 66 of the Act of 31 December 1971 further regulate the provision of legal advice and the drafting of legal documents on behalf of third parties. An automated service providing individualised legal responses under an ambiguous presentation could therefore expose its publisher or operator to liability.

Here again, the AI system will not itself bear liability. Responsibility will fall on the legal entity that publishes, markets, configures or makes the service available.

This area of litigation is expected to develop further in France. As an illustration, a complaint is currently pending before the United States District Court for the Northern District of Illinois, filed on 4 March 2026 by Nippon Life Insurance Company of America against OpenAI, alleging, among other things, the unlicensed practice of law via ChatGPT.

The End of the CJIP?

Approaching its tenth anniversary, the Convention Judiciaire d’Intérêt Public (CJIP) remains a subject of debate in French white-collar criminal law.

Introduced by the Sapin 2 Act of 9 December 2016 and codified at Article 41-1-2 of the Code of Criminal Procedure, the CJIP is an alternative resolution mechanism that allows the public prosecutor to refrain from bringing criminal charges against a corporate entity under investigation, provided it agrees to enter into a negotiated agreement subject to judicial supervision. Its scope covers corruption, influence peddling, tax fraud and money laundering. Since the Act of 24 December 2020, it has been extended to environmental offences.

In exchange for extinguishing the public prosecution, the entity undertakes a number of obligations: payment of a public interest fine to the Treasury (capped at 30% of average annual turnover), implementation of a compliance programme under the supervision of the Agence Française Anticorruption (AFA), and, where applicable, compensation of identified victims. The agreement must be validated by the relevant Court at a public hearing and subsequently published.

One of the most distinctive features of the CJIP is that it carries no finding of guilt. The entity is not the subject of a criminal conviction, avoids an entry on its criminal record and retains access to public procurement. The CJIP does not, however, protect the natural persons involved, such as directors and officers, who remain liable to individual prosecution.

France was long criticised for the weakness of its criminal response to major international corruption cases, at a time when US and UK authorities were actively resolving such matters through deferred prosecution agreements. By equipping the French prosecutor with a comparable instrument, France has reasserted its role in the resolution of transnational investigations.

A recent case illustrates this new dimension and the international reach of the mechanism. In the BALT USA LLC matter, validated on 19 March 2026 by the Tribunal judiciaire de Paris, the company agreed to pay a public interest fine of EUR1.765 million and to implement a three-year compliance programme under the supervision of the AFA, as part of a co-ordinated resolution with the US Department of Justice, which entered into a concurrent Declination agreement.

Further recent cases confirm that the CJIP is now firmly embedded in the landscape of economic crime, and demonstrate its effectiveness. In the so-called “cum-cum” cases, concerning dividend arbitrage schemes, the Tribunal judiciaire de Paris validated two significant CJIPs: the first with Crédit Agricole CIB, on 8 September 2025, for a public interest fine of EUR88.25 million; the second with HSBC Bank plc, on 8 January 2026, for a public interest fine of EUR267.531 million.

Yet the growing effectiveness of the CJIP has simultaneously intensified criticism of the instrument. Chief among these is the charge that it constitutes a two-tier criminal justice system, accessible only to entities capable of paying substantial fines and conducting sophisticated negotiations with the prosecution. Critics argue that it weakens the deterrent effect of criminal law, obscures the clarity of the sanction and undermines the principle of equality before the law, with victims receiving less consideration than in conventional proceedings.

This debate resurfaced acutely in 2026 in the context of legislative proposals on the prevention of social and tax fraud, when the Assemblée nationale adopted Amendment No 696, which sought the outright abolition of the CJIP regime.

However, this abolition was ultimately rejected, with a consensus emerging around the CJIP’s effectiveness, bolstered by reference to its role in enabling France to resolve major international corruption and complex economic crime cases, such as the landmark CJIP concluded with Airbus in 2020, while generating close to EUR4 billion for the Treasury since 2016.

International organisations such as Transparency International also opposed abolition, taking the view that it would be contrary to the fight against corruption, even while acknowledging that particular attention must be paid to the reasoning set out in decisions, that validation hearings receive wide publicity and that they serve an educational function.

For corporates, the CJIP remains an instrument of predictability. For prosecuting authorities, it remains a lever of effectiveness. For the public, it must continue to demonstrate that it is not merely the price of criminal peace.

PNACO

The Parquet national anticriminalité organisée (PNACO), which became operational on 5 January 2026, signals a change in enforcement methodology.

Established by the Act of 13 June 2025 aimed at extracting France from drug trafficking, the PNACO is modelled on the Parquet national financier (PNF) and the Parquet national antiterroriste (PNAT). Its mandate is to handle the most serious organised crime cases and to co-ordinate judicial action at regional, national and international level.

For corporates, its significance lies less in the fight against drug trafficking per se than in the methodology adopted: following the money.

The PNACO was endowed from the outset with 16 magistrates, with further expansion planned. It also draws on a multidisciplinary team incorporating profiles from customs, intelligence, the national police and the gendarmerie. The objective is clear: to identify the points through which criminal proceeds enter the legitimate economy.

Its early months confirm this orientation.

The Cour de cassation nevertheless clarified, in its judgment of 20 January 2026, No 26-80.113, that this national jurisdiction is not intended to absorb all organised crime cases. The PNACO therefore appears as an instrument of concentration for the most structurally significant matters, assessed by reference to the criterion of exceptional complexity.

At this stage, the PNACO remains an institutional promise. Its effectiveness will be measured by its capacity to develop a doctrine of action, and to translate financial tracing into concrete outcomes.

E-Invoicing: The 2026 Reform

Electronic invoicing will constitute one of the major compliance undertakings of 2026.

With effect from 1 September 2026, all VAT-registered entities will be required to receive electronic invoices; large enterprises and mid-sized companies will also be required to issue them from that date.

The invoice must be issued, transmitted and received in a standardised electronic format, through an accredited platform.

For corporates, the implications extend beyond the purely fiscal. Accounting systems, internal procedures, supplier contracts and data flows will all require adaptation. A non-compliant invoice may delay payment, disrupt supplier-client relationships or create cash flow tension.

The reform also pursues a control objective. Entities will be required to transmit to the tax authorities certain invoicing, transaction and payment data, in particular through the e-reporting mechanism for transactions not directly governed by e-invoicing.

The authorities will thereby gain a more rapid and structured visibility over commercial flows. The stated aim is two-fold: to simplify corporate administration, while enabling more effective detection of irregularities, in particular in relation to VAT.

The reform already provides for a coercive mechanism with fines of up to EUR15,000 per calendar year. The amounts are modest, but the signal is clear: fiscal data compliance is becoming a formal regulatory obligation.

French invoicing rules apply, in principle, to transactions treated as being located in France for VAT purposes. They may also apply to certain transactions not located in France where they are carried out by a taxable person whose registered office, domicile or fixed establishment from which the transaction is made is in France.

Conversely, a foreign company without a permanent establishment in France is not, in principle, subject to the e-invoicing requirements, ie, the obligation to issue and receive electronic invoices between taxable persons established in France. It may, however, be subject to e-reporting when it carries out transactions deemed to be situated in France for which it is liable for French VAT.

In practice, foreign groups will need to map their French flows more carefully: who is invoicing, from which country, in respect of which transaction, with what VAT treatment and with what documentation available in the event of a tax audit?

Taken together, these two developments tell the same story. French law is no longer content to sanction fraud after the event; it is progressively organising a more structured traceability of economic flows.

Energy Savings Certificates: Green Assets Under Scrutiny

Energy savings certificates (certificats d’économies d’énergie – CEE) illustrate a further development in economic crime: fraud increasingly targets regulated intangible assets.

Article L. 221-8 of the Energy Code defines CEE as negotiable moveable property, expressed in kilowatt-hours of final energy saved, which may be held, acquired or transferred by certain legal persons.

This market value creates an inherent risk. Non-existent works, inaccurate attestations, doubtful professional qualifications or falsified documentation may be used to obtain certificates which are then circulated within the legitimate economy.

Act No 2025-594 of 30 June 2025 against fraud against public aids has significantly tightened the regime. CEE acquirers are now required to implement identification, assessment and risk management procedures to detect fraudulent procurement by the transferor.

The new framework is coercive. Article L. 222-2 of the Energy Code now allows for the cancellation of certificates acquired where the acquirer failed to implement, or implemented inadequately, the due diligence procedures required by Article L. 221-8. It also permits the imposition of a financial penalty of up to 10% of the pre-tax turnover of the most recent completed financial year, increased to 12% in the event of a repeat breach.

The risk may even become criminal. Article L. 222-8 criminalises the fraudulent procurement of a CEE, as well as the acquisition of certificates where the due diligence procedures have made it possible to detect a fraudulent procurement by the transferor.

Civil litigation is also beginning to reflect this economic reality. In a matter recently handled by Weil & Associés, the Nanterre Commercial Court granted, on an ex parte application, a conservatory seizure over energy savings certificates.

The CEE market thus demonstrates that the instruments of the energy transition can themselves become a terrain for white-collar risk.