Across the world, regulatory expectations for financial institutions, whether traditional banks, fintechs, or payment companies, are rapidly converging. Supervisory bodies are aligning around a common set of principles: transparency, accountability, explainability, and risk-based decision-making. This shift is driven by the dual pressures of increasing financial crime complexity and the accelerating speed of money movement services.

Regulators in major jurisdictions are now harmonizing expectations around model governance, detection quality, risk-based monitoring, and operational resilience. Cross-border information sharing is increasing, and enforcement actions demonstrate that fast growth without strong controls results in severe financial, operational, and reputational consequences.

In today’s landscape, any institution facilitating money movement must meet the same AML standards, regardless of size, licensing category, or business model.

Common expectations emerging across the U.S., UK, EU, Nordics, and CEE include:

Regional Snapshots: How Expectations Are Shifting

United States

U.S. regulators have significantly escalated oversight for both banks and fintechs, with a focus on TM maturity, SAR quality, governance, scalability, and third-party risk

Key supervisory bodies: FinCEN, CFPB, OCC, Federal Reserve, and state regulators (NYDFS, DFPI, Texas).

Recent enforcement actions (Cash App, Wise US, OKX) highlight rising expectations for:

• Scalable, risk-based monitoring
• Faster and higher-quality SAR decisioning
• Mature governance and documentation
• Consistent detection across all customer segments

Banking industry: Traditional banks face mounting pressure to modernize legacy systems and justify models under SR 11-7.

Fintech industry: Fintechs—and their bank partners—must demonstrate equivalent standards and governance maturity.

United Kingdom

The UK is asserting global leadership in financial crime and responsible AI regulation.

Key frameworks: FCA PS24/17 (explainability & auditability), SMCR (senior accountability), BoE/FCA AI guidance, and payments/open banking oversight.

Banking industry: Banks must demonstrate continuous oversight and explainability for AI-driven models.

Fintech industry: Fintechs must provide bank-grade transparency and documentation to maintain sponsor bank trust and permissions.

European Union

The EU is undergoing its most sweeping AML transformation since AMLD4

AMLA : centralized supervision across the EU

AMLR : unified rulebook applied directly to all institutions

EU AI Act : AML models classified as “high risk,” requiring explainability and human oversight

Banking industry : Large banks face intensified, harmonized cross-border scrutiny.

Fintech industry : Fintechs must meet identical standards to retain corridor access and passporting rights.

Nordics

With some of the world’s most digitized financial ecosystems, Nordic regulators prioritize:

• Real-time detection in instant-payment environments
• Proven risk based approach for AML
• High data integrity and resilience
• Transparency and model explainability

Banking industry: Large banks remain under stringent supervision following historic AML failures.

Fintech industry: Neo-banks and PSPs must prove operational resilience and comparable oversight.

Central & Eastern Europe (CEE)

CEE financial systems are scaling rapidly while tightening controls. Key drivers include:

• Strengthened VASP regulation (Lithuania, Estonia, Czechia)
• Increased cross-border flow complexity
• Heightened scrutiny of digital identity and onboarding systems
• More frequent inspections for high-growth PSPs

Banking industry: Local banks are upgrading systems to retain correspondent relationships.

Fintech industry: Payment companies must demonstrate scalable AML operations to avoid de-risking.

While regulatory fines often make headlines, the deeper, more damaging consequences of weak compliance programs are far-reaching, and they impact both fintechs and banks. These risks extend well beyond financial penalties, striking at the core of institutional trust, operational scalability, and long-term growth.

Operational Impact: Inefficiency, Noise, and Rising Costs

Legacy compliance infrastructure and fragmented workflows create an operational drag that quietly erodes efficiency across both banks and fintechs. Beneath surface-level outcomes is a layer of operational debt; costly, compounding, and ultimately unsustainable as institutions scale.

The result is a pervasive drag cycle: more alerts → slower investigations → higher backlogs → rising costs → reduced customer satisfaction → greater regulatory risk.

For banks, this drag increases cost-to-serve, inflates headcount, and strains legacy systems.

For fintechs, it slows onboarding, impacts partner-bank trust, and can jeopardize licensing readiness.

Why Optimization Comes First

Legacy transaction monitoring engines remain deeply embedded across payments, KYC, sanctions screening, and case management workflows. Fully replacing them introduces material operational and regulatory risk, including data migrations, extended validation cycles, parallel testing, and retraining across jurisdictions.

For global banks and high-growth fintechs alike:

Banks cannot risk disruption to critical infrastructure

Fintechs cannot absorb multi-year, multi-million-dollar transformation programs

As a result, optimization, not immediate replacement, is emerging as the most practical first step.

AI as an Optimization Layer: Easier for Regulators and Auditors to Digest

Applying AI on top of existing controls is significantly easier for regulators and auditors to assess.

Once risks are defined by subject-matter experts, typologies documented, and controls implemented, AI functions as an enhancement layer, not a replacement of regulatory intent. This allows auditors to clearly map requirements to controls, while institutions improve effectiveness without introducing compliance risk.

Today:

Approximately three out of four financial institutions still rely heavily on a rules-first approach to transaction monitoring

Looking to the decade:

• An estimated ~75% of transaction monitoring is expected to be AI-driven
• Total cost of ownership for AML programs is expected to decline by up to ~50%, driven by improved detection accuracy, reduced false positives, and greater automation

These figures reflect directional industry expectations, informed by regulatory guidance, market analyses, and

the growing pressure on institutions to improve effectiveness while controlling compliance costs.

A Strategy Aligned with Regulators

This model isn’t just technological, it’s strategic. It lets institutions move confidently from rules-based monitoring to AI-driven detection at a pace that preserves operational continuity, reduces cost, and elevates AML effectiveness.

The global financial ecosystem is undergoing rapid transformation, with regulators worldwide intensifying scrutiny and financial crime becoming more dynamic, at the same time, the “defense” mechanism is left outdated, old and paralyzed.

Institutions must modernise compliance in a way that balances innovation with stability. ThetaRay’s Cognitive AI solution offers a path to modernization. By enhancing existing systems at the first stage, significantly increasing efficiency and opening the way to modern detection. Institutions that modernize today, position themselves not only to meet current expectations but to lead in an industry where trust, intelligence, and agility define long-term success.