Skillcast explains how financial institutions need to change from system-focused defences to people-centred, regulation-ready learning programmes.
When Skillcast was founded in 2001, the problem it set out to solve was straightforward: compliance departments in financial services needed a reliable way to communicate regulatory obligations to staff. A change in UK money-laundering rules had created an urgent demand for scalable training, and e-learning offered a practical answer. Twenty-four years later, the company serves approximately 1,500 clients, employs 130 people, and generates around £40 million in recurring annual revenue. The compliance challenge it addresses, however, has grown considerably more complex.
At the 14th annual European Compliance and Ethics Institute (ECEI) in Berlin, Catriona Razic — co-founder and Chief Commercial Officer of Skillcast — presented the company’s perspective on what she described as a fundamental shift in financial crime. The session, titled “Inside the Fraudster’s Mind: What Compliance Leaders Need to Know in 2026,” drew on data from the European Banking Authority and the European Central Bank to frame the scale of the problem.
Fraud at Scale
Financial fraud losses across Europe reached €4.2 billion in 2024, a 17 per cent increase on the previous year. Credit transfer fraud alone accounted for €2.5 billion of that total, with more than half of cases involving direct manipulation of a victim rather than a technical breach of systems. Germany, Italy and France recorded the highest volumes.
The shift from system-level attacks to human-targeted manipulation has been underway for some time, but artificial intelligence has accelerated it sharply. Using a few seconds of recorded audio or video, criminals can now produce deepfakes that replicate the voice or appearance of a senior colleague with sufficient accuracy to deceive trained staff. Large Language Models generate grammatically exact phishing messages in any EU language, calibrated to mimic the tone of a specific organisation. Fraud toolkits — complete with scripts, leaked data and laundering pathways — are now available for purchase on criminal networks, lowering the barrier to entry for attackers who lack technical expertise.
The consequences extend beyond direct financial loss. European financial institutions spent an estimated €6.5 billion on defences against AI-enabled attacks in 2024. Fraud has risen to become the second most significant operational risk for European banks, surpassing traditional legal and conduct concerns. Customers who fall victim to scams, or who read about others doing so, lose confidence in digital banking; some exit online services entirely. Victims frequently report lasting psychological harm, including anxiety and social withdrawal.
Regulation is Shifting Liability
The EU’s Payment Services Regulation and the third Payment Services Directive — expected to become law in 2026 — represent a significant change in where responsibility lies. Under the existing framework, institutions are often not liable when a customer authorises a transaction, even if that authorisation was obtained through deception. The new rules alter this.
Payment Service Providers will bear liability for transactions initiated or altered by fraudsters. In spoofing cases — where a criminal impersonates a bank employee — institutions will be expected to reimburse victims unless they can demonstrate gross negligence on the customer’s part. Mandatory name-matching checks will apply to all credit transfers. Institutions will also be required to offer human fraud support, not merely automated responses, and to enable customers to set their own transaction limits. The commercial and reputational exposure of non-compliance is considerable.
From Content to Culture
Skillcast’s response to these developments reflects how the company’s own model has evolved. It began as a content provider — building e-learning courses for regulated industries — and now offers a broader platform that integrates training, behavioural data and risk analytics. The company’s library currently comprises around 400 courses, including a dedicated EU Compliance Library developed to address the pan-European needs of multinational clients. Short-form modules of approximately three minutes are designed to fit into working patterns rather than disrupt them.
Razic noted that money had historically been concentrated on security systems, and that focus was now shifting toward behaviour. “It starts with people,” she said. “Cultural issues within an organisation can make it more attractive to fraudsters.” The implication is that compliance training is not merely a regulatory checkbox, but a component of operational resilience.
The company works with clients across 50 different learning platforms and describes itself as offering a holistic view of compliance data. Roughly half of its clients operate in regulated industries; the other half includes businesses in sectors where compliance obligations are less prescriptive but where reputational and operational risks remain real. Among its longer-standing relationships is a 25-year partnership with UBS, as well as work with UniCredit, for which it has managed content in 16 languages across multiple jurisdictions.
European Ambitions, Deliberate Pace
Around 60 per cent of Skillcast’s employees remains in the UK, with 40 per cent in Europe with an office in Malta. The company has no immediate plans for physical expansion into continental markets but is actively pursuing partnerships — particularly in the DACH region — as a route to serving pan-European organisations from its existing base. Razic described the strategy as working with “true experts” in each market rather than attempting to build local infrastructure rapidly.
The ECEI Berlin conference, which draws compliance professionals from across Europe and beyond, offered an appropriate context for that ambition. The event runs from 2 to 4 March; Skillcast’s educational session sat alongside a broader programme addressing regulatory change, enforcement trends, and the ethics of emerging technology. A further European event is planned for Frankfurt in May.
The competitive landscape Skillcast operates in is not without complexity. Larger platforms, including general-purpose learning management systems and specialist cyber security providers, compete for the same budgets. Razic acknowledged the challenge directly: content editing, client support and the ability to customise at scale are areas where the company positions itself as a dependable, specialised partner rather than a broad-market platform.
The broader point she returned to at ECEI was consistent with the company’s founding logic: regulation changes, technology changes, but the need to ensure that individuals within an organisation understand what is expected of them — and why — does not. In an environment where a well-constructed voice clone may be more persuasive than a firewall, that case has rarely been easier to make.
Dr. Jakob Jung is Editor-in-Chief of Security Storage and Channel Germany. He has been working in IT journalism for more than 20 years. His career includes Computer Reseller News, Heise Resale, Informationweek, Techtarget (storage and data center) and ChannelBiz. He also freelances for numerous IT publications, including Computerwoche, Channelpartner, IT-Business, Storage-Insider and ZDnet. His main topics are channel, storage, security, data center, ERP and CRM.
Contact via Mail: jakob.jung@security-storage-und-channel-germany.de