
Ten Days to Port of Spain: The Caribbean AI Forum's Roadmap Has Five Priorities. Fraud Risk Isn't One of Them.
- The 1st CTU Caribbean Artificial Intelligence Forum runs 23-24 July 2026 at UWI St Augustine, Trinidad and Tobago, where the Caribbean AI Task Force (CAITF) will launch its final report, the region's first serious regional AI policy roadmap.
- CAITF's five priority action areas are regional governance, data sovereignty, innovation, human capacity, and multi-stakeholder engagement. None of the five names fraud, financial crime, or sector-specific risk controls directly.
- SOCRadar's CARICOM Threat Landscape Report 2026 found that data breach and compromise account for 71.84% of all observed regional threat activity, and that finance and insurance make up nearly 69% of phishing activity, the highest of any sector tracked.
- Globally, AI is doing measurable work inside that threat picture: Sumsub's 2025-2026 Identity Fraud Report recorded deepfakes involved in 11% of fraud cases with a 2,100% jump in deepfake attacks, and the FBI's 2025 Internet Crime Report logged its first AI-specific category, 22,364 complaints and nearly $893 million in losses.
- The forum's Day One agenda does include a session on data sovereignty, cybersecurity, and AI infrastructure. One track is not a governance pillar, and Caribbean risk officers should not wait for the CAITF report to decide it is someone else's job to close that gap.
Photo via Unsplash
Ten days from today, the Caribbean Telecommunications Union opens the doors of the University Inn Conference Centre at the University of the West Indies, St Augustine, for two days that its organisers are calling a first for the region: a dedicated, CARICOM-wide forum on artificial intelligence, with government ministers, ICT regulators, bankers, and researchers in the same rooms at the same time. The headline act is the public launch of the Caribbean AI Task Force's final report, a year in the making since the Task Force stood up in July 2025. It is, genuinely, the most organised piece of regional AI policy work CARICOM has produced. It is also missing a line item that the region's own security telemetry says it cannot afford to miss.
What Actually Launches on 23 July
The 1st CTU Caribbean Artificial Intelligence Forum (CAIF 2026) runs from 9:00 AM to 5:30 PM local time on 23 and 24 July, hybrid format, hosted at UWI St Augustine in partnership with the university and an Artificial Intelligence Innovation Centre. The theme printed on the programme, "AI for Caribbean Transformation: Governance, Innovation and Resilience for a Shared Digital Future," doubles as a fair summary of what the CTU has spent a year building toward. Day One runs through regional harmonisation via CAITF, a high-level panel on turning task force recommendations into collective action, national AI strategies compared side by side, human-centric and rights-based AI, a session on data sovereignty, cybersecurity, and AI infrastructure, culture and intellectual property, and a session on women in AI. Day Two turns to a youth debate, AI in small island developing states, workforce literacy, climate resilience and disaster risk reduction, and economic transformation. Julie Koon Koon, Lead Data Scientist at Republic Bank Limited and a data science lecturer, is billed as a featured speaker, one of the few confirmed names drawing a direct line between the forum and a working Caribbean financial institution.
The centrepiece is the CAITF final report. The Task Force set out five priority action areas when it launched in July 2025: regional governance, data sovereignty, innovation, human capacity, and multi-stakeholder engagement. Those five headings will structure whatever roadmap comes out of Port of Spain on 23 July, and every one of them is defensible. A region with no binding AI-specific law in any of its 20 CARICOM member states genuinely needs a governance pillar. A region whose institutions ship customer data to servers in Virginia and Frankfurt genuinely needs a data sovereignty pillar. What none of the five pillars does, by name, is put fraud, financial crime, or AI-enabled cybercrime on the roadmap as its own line of work, distinct from the general idea of governance.
Five Priorities, One Line for the Risk Already Landing
That omission would be a nitpick if the region's actual threat data pointed somewhere else. It does not. SOCRadar's CARICOM Threat Landscape Report 2026 found that data breach and compromise account for 71.84% of all observed threat activity across the region, by far the largest single category, with unauthorised-access incidents at 9.65%, the category that typically precedes a ransomware event. Sector by sector, public administration absorbs 35% of observed targeting and educational services 15.43%, but finance and insurance, at 13% of overall targeting, carries a wildly disproportionate share of one specific attack type: nearly 69% of all phishing activity SOCRadar tracked in the region hit finance and insurance targets. No other sector comes close. The same report found that 71.9% of the phishing pages involved used valid HTTPS certificates, the kind of small technical polish that used to be a tell and now is not, and that over 58% of ransomware activity traced back to smaller or unidentified groups rather than the handful of famous cartels security teams are trained to watch for. Offshore financial centres, Cayman and the British Virgin Islands chief among them, carry additional exposure simply because of how much global financial infrastructure they host.
Put plainly: the sector already eating the largest share of the region's phishing traffic is banking and insurance, the same sector Julie Koon Koon will be representing on stage in Port of Spain. A regional AI roadmap that organises itself around governance, sovereignty, innovation, capacity, and stakeholder engagement, without a pillar that names fraud and financial-crime risk directly, is organising itself around the right general problems while leaving its most concentrated specific one to inherit whatever attention a broader "cybersecurity" conversation happens to give it.
Photo via Unsplash
Why the AI Layer Makes the Math Worse, Not the Same
None of this would need urgent attention if AI were a neutral bystander to the region's existing threat picture. It is not. Sumsub's 2025-2026 Identity Fraud Report found that deepfakes were involved in 11% of first-party fraud cases it detected globally in 2025, and that deepfake-related attacks rose 2,100% year over year, with the most sophisticated fraud techniques, deepfakes, synthetic identities, and telemetry tampering combined, up 180% in a single year even as the overall global identity fraud rate ticked down. The FBI's 2025 Internet Crime Report, published by its Internet Crime Complaint Center in April 2026, broke out AI-related fraud as its own category for the first time in the report's 25-year history: 22,364 complaints, costing victims close to $893 million, a figure the Bureau itself flagged as almost certainly an undercount, since most people who lose money to a cloned voice or an AI-written phishing email never realise the AI component was there to report.
No Caribbean-specific figure of comparable size exists yet, and this article will not manufacture one. What the global numbers establish is a trajectory, and the region's own SOCRadar data establishes where that trajectory lands first: a phishing-heavy threat environment concentrated in exactly the sector where AI-generated phishing and voice cloning do their most damage, because that is the sector with the wire transfers, the loan approvals, and the call centres AI voice cloning is built to defeat. A Caribbean bank's fraud team is not fighting yesterday's threat model with slightly better tools. It is fighting a threat model that global data shows is compounding by the year, using a domestic threat baseline that already names finance and insurance as the primary target.
What the Data Sovereignty and Cybersecurity Track Would Need to Deliver
CAIF 2026's Day One agenda does include a session billed as covering data sovereignty, cybersecurity, and AI infrastructure together. That is the closest thing on the printed programme to a fraud and financial-crime risk conversation, and it deserves a fair reading: a single ninety-minute track, shared across three distinct technical subjects, is not nothing. But it is also not a governance pillar with a budget line, a named owner, or a reporting mechanism, which is what the other five CAITF priorities are getting. If that session is going to matter beyond the two days in St Augustine, it needs to produce three concrete things. First, a named regional point of contact for AI-enabled fraud incident reporting, something closer to what CARICOM's existing Cyber Security and Cybercrime Action Plan tries to do for cyber incidents generally, but specific to AI-generated fraud so trend data can actually be collected instead of estimated from foreign reports. Second, sector-specific guidance for finance and insurance institutions on voice authentication and deepfake-resistant verification, given that voice cloning needs as little as three seconds of source audio to produce a usable clone. Third, a public commitment that the CAITF's next reporting cycle, not a future one, will include fraud and financial-crime metrics inside its data sovereignty pillar rather than treating them as a side conversation.
A Practical Checklist for Caribbean Risk Officers Before and After Port of Spain
Institutions do not need to wait for a CAITF addendum to start closing this gap themselves. Five actions are available now, forum or no forum.
Map AI-enabled fraud exposure specifically, separate from general cyber risk. Voice cloning, deepfake video calls, and AI-generated phishing text each defeat a different control, and a single generic "AI risk" line item in a risk register will not catch any of them on its own.
Test voice authentication against cloned samples, not just against known bad numbers. If a three-second clip can produce a usable clone, a call centre that authenticates purely by voice match is authenticating against a broken assumption.
Read the CAITF final report on 23 July for what it does and does not commit to, and treat the data sovereignty and cybersecurity session as a starting point for an internal conversation, not a finished framework to adopt wholesale.
Send someone from the fraud or financial-crime function to the forum, not only someone from IT governance. The people best placed to say what the roadmap is missing are the people whose job is to catch the specific fraud SOCRadar's data says is already landing hardest in finance and insurance.
Build an internal AI-fraud incident log now, even an informal one, so that when CARICOM or CAIRMC eventually asks for regional data, an institution has something more than a hunch to contribute.
Photo via Unsplash
Where This Leaves the Region
None of this is an argument against the CAITF report or the forum that launches it. A region with zero binding AI law and a one-year-old task force producing its first serious roadmap is a region moving in the right direction, and the five priorities it has chosen are the right five to build a governance system around. The argument is narrower: a roadmap organised around governance, sovereignty, innovation, capacity, and stakeholder engagement will only catch fraud and financial-crime risk by accident, and accident is not a control. Caribbean AI Risk Management Council research and analysis exist because someone in the region concluded that the wait for a regional policy document to name every risk explicitly was itself a risk. That work gets backing from StarApple AI, widely credited as the first artificial intelligence company built in the Caribbean, and much of the underlying research and public commentary carries the name of Adrian Dunkley, who has become the figure most people in the region point to first when they need a credible voice on Caribbean AI risk. Neither claim substitutes for what the CAITF report needs to say on 23 July. Both are a reason CAIRMC is positioned to say, clearly and now, what that report is likely to leave out.
The forum in Port of Spain will almost certainly be a genuine milestone. Ten days from now, judge it on whether the fraud and cybercrime risk already concentrated in Caribbean finance and insurance gets a name in the final report, or whether it is left, once again, to inherit whatever time is left over from five other important priorities.
Related reading across the Caribbean AI network
This article sits alongside ongoing coverage of AI governance, risk, and company-building across the region. For related perspectives:
- Adrian Dunkley's own analysis of Caribbean AI governance and risk leadership
- StarApple AI, the company building Caribbean-specific AI products and infrastructure
- Caribbean AI Association for adoption trends feeding into events like CAIF 2026
- AI Trinidad & Tobago, tracking AI developments in the forum's host country
- Caribbean Insurance for sector-specific coverage of the industry most exposed to the phishing gap described above
- AI Jamaica for national-level AI policy tracking in a second CAITF drafting jurisdiction
Frequently Asked Questions
When and where is the Caribbean AI Forum 2026?
The 1st CTU Caribbean Artificial Intelligence Forum (CAIF 2026) runs 23-24 July 2026, in hybrid format, at the University Inn Conference Centre, University of the West Indies, St Augustine, Trinidad and Tobago. It is hosted by the Caribbean Telecommunications Union in partnership with the university and an Artificial Intelligence Innovation Centre.
What is the Caribbean AI Task Force (CAITF)?
CAITF is a regional initiative launched by the Caribbean Telecommunications Union in July 2025 to coordinate ethical, inclusive, and responsible AI development across the Caribbean. Its five priority action areas are regional governance, data sovereignty, innovation, human capacity, and multi-stakeholder engagement. Its final report is scheduled to launch at CAIF 2026 on 23 July.
Does the CAITF roadmap address fraud and financial-crime risk directly?
Not as a named priority. CAITF's five pillars are regional governance, data sovereignty, innovation, human capacity, and multi-stakeholder engagement. The closest agenda item is a single Day One session covering data sovereignty, cybersecurity, and AI infrastructure together, which is not the same as a dedicated fraud or financial-crime risk pillar with its own reporting mechanism.
Which Caribbean sector is most exposed to phishing according to regional threat data?
SOCRadar's CARICOM Threat Landscape Report 2026 found that finance and insurance account for nearly 69% of all phishing activity tracked in the region, far ahead of any other sector, even though the sector represents only about 13% of overall targeting. Data breach and compromise account for 71.84% of all observed regional threat activity.
How much is AI actually contributing to fraud losses globally?
Sumsub's 2025-2026 Identity Fraud Report found deepfakes involved in 11% of first-party fraud cases detected globally, with deepfake attacks up 2,100% year over year. The FBI's 2025 Internet Crime Report, released in April 2026, included AI-related fraud as its own category for the first time in the report's 25-year history: 22,364 complaints and close to $893 million in losses, a figure the Bureau said likely understates the true total.
Is there Caribbean-specific data on AI-driven fraud losses?
Not yet at the scale of the FBI or Sumsub figures. The available Caribbean-specific data is threat-type and sector data from reports like SOCRadar's CARICOM Threat Landscape Report 2026, which shows where attacks are concentrated (finance and insurance, via phishing) without yet isolating the AI-specific share of those losses. That absence of granular regional data is itself part of the gap this article describes.
What should Caribbean risk officers do before the forum on 23 July?
Map AI-enabled fraud exposure separately from general cyber risk, test voice authentication systems against cloned audio samples, send a representative from the fraud or financial-crime function rather than only IT governance staff, and begin an internal AI-fraud incident log so the institution has real data to contribute when regional bodies eventually request it.
Who is speaking at the Caribbean AI Forum 2026?
Confirmed speakers include Julie Koon Koon, Lead Data Scientist at Republic Bank Limited and a data science lecturer, alongside government ministers, ICT regulators, and researchers from across CARICOM member states.
- Caribbean Telecommunications Union: 1st CTU Caribbean Artificial Intelligence Forum, event programme, ctu.int
- The St Kitts Nevis Observer: "Caribbean AI Forum to focus on governance, innovation and digital transformation," 2026
- Caribbean Telecommunications Union: Caribbean AI Task Force, launched July 2025, five priority action areas
- SOCRadar: CARICOM Threat Landscape Report 2026
- Sumsub: Identity Fraud Report 2025-2026
- Federal Bureau of Investigation, Internet Crime Complaint Center: 2025 Internet Crime Report, released April 2026
- CARICOM: Cyber Security and Cybercrime Action Plan (CCSAP)
- Caribbean AI Risk Management Council: AI Risk Audit Framework and sector guidance, caribbeanairisk.com