New data highlights surge in scams while firms urged to strengthen internal defenses
Canadian investors and financial institutions are facing a dual threat as fraud losses climb to record levels while internal vulnerabilities grow more complex.
New data from the Canadian Anti-Fraud Centre shows reported fraud losses reached more than $704 million in 2025, a figure that likely represents only a fraction of total activity, as just 5% to 10% of incidents are believed to be reported.
The scale of the problem has escalated rapidly. Since 2022, reported losses alone have exceeded $2.4 billion, underscoring the persistent and expanding nature of financial scams across the country.
Identity fraud continues to dominate case volumes, with thousands of incidents reported annually, while investment-related scams remain among the most financially damaging schemes affecting Canadians.
Fraud tactics are also evolving, with criminals increasingly using advanced technologies to convincingly impersonate trusted organizations and exploit victims.
“AI has industrialized identity fraud. Synthetic identities, deepfake video for KYC bypasses, Fraud-as-a-Service kits, these are not emerging threats,”says José Israel Castro, Regional Manager NORAM. “They are operational realities that any institution onboarding customers digitally must address today. The question is not whether to adopt advanced identity security, but whether your current system covers all the stages where fraud can occur.”
At the same time, financial institutions are contending with risks originating from inside their own operations.
A recent EY analysis points to insider threats as an increasingly significant concern, extending beyond employees to include contractors, vendors and other third parties with access to systems and sensitive data.
These internal risks can lead not only to fraud, but also to breaches involving anti-money laundering and anti-terrorist financing compliance, exposing firms to regulatory penalties and reputational damage.
The report emphasizes that managing insider risk requires a broader and more proactive approach than many firms currently employ. Roughly 70% of insider incidents originate from within employee populations, but the overall threat landscape is wider than commonly assumed.
To counter this, EY highlights the importance of layered safeguards built on governance, access controls and behavioral monitoring. Integrating these measures into daily operations can help organizations identify suspicious activity earlier and reduce the likelihood of internal misconduct.
The convergence of external scams and internal vulnerabilities is creating a more challenging environment for financial institutions, where prevention must extend beyond client-facing safeguards to include internal systems and culture.
As fraud losses continue to mount, firms that fail to address both fronts risk falling behind in an increasingly complex financial crime landscape.
