* This article is Part one of a two-part series dealing with Pig Butchering and APP scams.
Pig butchering is a slang term for a sophisticated cryptocurrency investment scam in which criminals patiently “fatten up” their victims with trust before stealing their money. Scammers create fake online personas – often posing as friendly acquaintances or potential romantic partners – and spend weeks or months building a relationship with the target.
The term pig butchering comes from the idea that the scammers are metaphorically fattening up a pig (the victim) over time with promises and affection before eventually “slaughtering” the pig for profit.
In a typical pig butchering scam, the fraudsters first establish an emotional connection and gain the victim’s confidence through frequent chats and social interaction. Once trust is secured, they introduce an “exclusive” investment opportunity – usually on a phony cryptocurrency trading platform that they control.
The scammers manipulate their victim into investing by promising high returns and even showing small fake profits or allowing minor withdrawals early on to make the scheme seem legitimate. As the victim commits larger sums, the illusion eventually shatters: the supposed investment platform suddenly locks the account or the scammer vanishes, leaving the victim unable to retrieve their funds.
With the ever-increasing cases concerning Pig Butchering Scams, earlier this year the Office of the Arbiter for Financial Services (“OAFS”) released a Technical Note offering guidance on ‘Pig Butchering’ scams. The document explains how the arbiter intends to handle complaints concerning these complex, relationship-driven fraud schemes.
The technical note guidance issued by the OAFS places varying levels of responsibility on different types of financial service providers that are particularly affected by these scams:
(a) Banks and Credit Institutions (licensed under the Banking Act[1]);
(b) Financial Institutions (including payment institutions and e-money institutions, licensed under the Financial Institutions Act[2]); and
(c) Virtual Financial Asset Service Providers (“VFASP”) (VFASPs, licensed under the Virtual Financial Assets Act[3]). Our understanding is that this now also extends to Crypto-Asset Service Providers (CASPs) under the Markets in Crypto Assets Regulation.[4]
Each category operates under its own legal framework and thus has varying levels of explicit obligations for transaction monitoring, However, all are subject to overarching duties of care. Notably, all licensed providers owe fiduciary duties to their clients, and they must act with due diligence and in the client’s best interest to avoid facilitating fraud.
Banks (and similar credit institutions) are considered to have the highest level of obligation when it comes to monitoring transactions for fraud. Because of this, regulations impose strict standards on banks to detect unusual or unauthorised payments that deviate from a customer’s norm.
In particular, the OAFS technical note cites Commission Delegated Regulation[5] which obliges banks to have mechanisms to detect unauthorised or fraudulent transactions. Article 2(1) of the Regulation mandates that “Payment service providers shall have transaction monitoring mechanisms in place that enable them to detect unauthorised or fraudulent payment transactions”. It further specifies that such mechanisms must be based on an analysis of payment transactions considering the normal usage patterns of the user (i.e. what is typical for that customer).
Banks are not only allowed, but expected, to act on suspicious payments. Under PSD2,[6] a bank can block a payment or payment instrument if it has objectively justified reasons, such as suspicion of unauthorised or fraudulent use. Additionally, given their long-standing customer data, banks are urged to use it proactively.
The Arbiter urges banks to upgrade their monitoring systems to analyse each client’s historical payment patterns and flag anomalies effectively. When an abnormal pattern is detected, the bank should intervene by contacting the customer and warning them that they may be victim of a scam.
The technical note explicitly warns banks not to ignore suspicious payments even if they appear authorised or are going to the customer’s own account elsewhere. Banks in some cases argued that since the money was going to an account in the customer’s name (just at another institution or exchange) they had no reason to be suspicious of the transaction. The Arbiter’s guidance rejects that complacency: even me-to-me transfers can be part of a fraud scheme if they are abnormal for the client.
Banks have a duty to use due suspicion when they see a customer suddenly transferring large sums to unfamiliar accounts, even if the immediate beneficiary is the customer’s own account with a crypto platform. The note stresses that a quick conversation with the client at an early stage, asking why they are making these unusual transfers, could “make a difference and prevent augmentation of a fraud scam”.
The technical note spells out that in adjudicating pig butchering complaints, the Arbiter will consider several factors regarding the bank’s conduct namely:
Timing: When did the bank first intervene (if at all)? Did they wait until dozens of payments had gone out, or did they act after the first few unusual transactions?
Nature of Intervention: How did the bank intervene? For example, did they simply send a generic SMS, or did they speak to the customer and explicitly warn them they might be a fraud victim?
Customer’s Response: What did the customer do after any warning?
The aforementioned factors will influence the Arbiter’s view on whether the bank fulfilled its obligations or was negligent. The note pointedly says that doing nothing in the face of an obvious pattern, and later trying to excuse it as “well, the customer authorized those payments” “will not find favour with the Arbiter.
This category covers non-bank entities that offer payment services – for example, payment institutions, electronic money institutions, or other FinTech’s that hold client accounts or facilitate transfers and are licensed under the Financial Institutions Act.[7]
For Financial Institutions, the technical note urges strong due diligence and monitoring both at the onboarding stage and in real-time transactions. They should know who they’re doing business with (to avoid hosting scammer accounts) and stay vigilant for signs that an account is being used in a fraud (like sudden influx of many small retail deposits that get quickly withdrawn or sent onward – a pattern consistent with pig butchering funnels).
Stay tuned for Part Two, to explore what further guidance has been issued by the OAFS.
For information or assistance, please contact us at info@gtg.com.mt
Author: Dr Delilah Vella
[1] Chapter 371, Laws of Malta
[2] Chapter 376, Laws of Malta
[3] Chapter 590, Laws of Malta
[4] Regulation (EU) 2023/1114 of the European Parliament and of the Council of 31 May 2023 on markets in crypto-assets
[5] (EU) 2018/389 (under PSD2 – the Payment Services Directive 2)
[6] Article 68(2)
[7] Chapter 376 of the Laws of Malta