Preparing for a New Era of AML Oversight
How Financial Institutions Can Adapt, Comply, and Thrive Amid Global Regulatory Tightening
Executive Summary
Yaron Hazan,
VP Regulatory Affairs
Across every major financial hub—from Washington to Johannesburg, Singapore to Sydney—regulators are tightening their anti–money laundering (AML) regimes and raising expectations for both operational effectiveness and technological sophistication. The message is clear: legacy approaches are no longer sufficient in an era defined by high-velocity transactions, digital complexity, and geopolitical instability.
In response to massive laundering scandals, sanctions breaches, and systemic AML control failures, a new wave of regulatory enforcement is reshaping the global financial landscape. Financial institutions (FIs), from traditional banks to digital-first fintechs, are being compelled to modernize their compliance capabilities. No longer is it acceptable to rely solely on static, rule-based systems or manual workflows. The burden of proof now lies with institutions to demonstrate that their systems are not only aligned with global regulatory standards but are also proactive, risk-based and agile enough to address evolving threats.
In parallel, regulators and thought leaders, are increasing expectations around technological adoption, like the Financial Action Task Force (FATF), the European Banking Authority (EBA), Australian Transaction Reports and Analysis Centre (AUSTRAC), the Monetary Authority of Singapore (MAS), and South Africa’s Financial Intelligence Centre (FIC) have issued strong guidance encouraging the use of advanced analytics and AI to strengthen detection, improve alert precision, and scale compliance to meet the needs of a rapidly evolving financial ecosystem.
Industry best practices are evolving in parallel. The Wolfsberg Group has also urged institutions to take a risk-based, intelligence-led approach that blends traditional rule-based controls with advanced analytics, focusing on meaningful, high-impact cases rather than chasing theoretical risks or overproducing low-value suspicious activity reports (SARs).
AI is no longer a nice-to-have, it’s fast becoming a regulatory expectation. Institutions that embrace transparent, explainable, AI-driven tools are better positioned to:
- Detect nuanced and complex threats and connected networks of criminal behavior
- Reduce operational inefficiencies and false positives
- Improve Suspicious Activity Report (SAR) quality and timeliness
- Demonstrate to regulators a commitment to innovation, transparency, and accountability
This white paper explores the global momentum behind stricter AML enforcement, the operational and technological changes required, and how Cognitive AI platforms like ThetaRay can help institutions adapt, and lead, in this next era of financial crime compliance.
Table of Contents
-
01Executive Summary
-
02What Key Global Regulators Expect from Technology and AI Adoption in AML
-
03Converging Global Standards: How AML Regulation Is Evolving Worldwide
-
04What a Future-Ready AML Program Looks Like
-
05ThetaRay’s Key Capabilities
-
06Conclusion: Compliance at a Crossroads—Lead, Don’t Lag
-
07Glossary of Terms
-
1
Financial Action Task Force (FATF)
FATF is the global standard-setter for AML and counter-terrorist financing (CTF). In its 2021 guidance on digital transformation, FATF emphasized the importance of applying advanced technologies to improve the effectiveness of AML systems, calling on financial institutions and supervisors alike to adopt machine learning and AI for customer due diligence, transaction monitoring, and risk-based decision-making. That same year, FATF also urged Financial Intelligence Units (FIUs) to adapt these technologies — a signal that regulators themselves are modernizing their oversight. For financial institutions this is highly relevant: they are aware that regulators like France’s ACPR are exploring AI in its own audits, and recognize they must embed AI into their compliance functions now to be ready for that level of supervisory scrutiny.Key Message: FATF supports the use of responsible innovation and views AI as a means to strengthen AML effectiveness, reduce false positives, and uncover hidden risks. Institutions are expected to implement technology that enhances outcomes without compromising transparency.
-
2
European Banking Authority (EBA)
In March 2021 and again in 2023, the EBA issued updates to its Risk-Based Supervision Guidelines and AML Risk
Factor Guidelines, explicitly encouraging the use of regtech, AI, and data analytics in transaction monitoring and customer risk assessment. The EBA highlights the importance of explainability and auditability in automated systems.Key Message: The EBA sees AI as an enabler for a more effective risk-based approach and urges firms to balance innovation with governance. Supervisors will increasingly assess institutions’ use of machine learning and the quality of their internal controls.
-
3
AUSTRAC (Australia)
Australia’s AML/CTF regulator AUSTRAC has consistently promoted technology innovation. In 2020, AUSTRAC launched an “Innovation Hub” to accelerate RegTech and AI adoption. In 2022, it issued sector-specific guidance encouraging the use of analytics and real-time monitoring to detect criminal abuse of payment
systems.Key Message: AUSTRAC expects regulated entities to adopt technologies that enhance responsiveness to criminal behavior and reduce manual inefficiencies. Institutions unable to modernize face higher scrutiny and potential penalties.
-
4
Monetary Authority of Singapore (MAS)
MAS is recognized globally for its proactive digital and risk-based regulation. Its 2018 and 2021 guidelines on AML/CFT Risk Management explicitly support the use of AI, machine learning, and data analytics. In 2023, MAS required digital payment token service providers to implement robust, real-time monitoring4 and adopted AI as a supervisory priority.Key Message: MAS mandates a tech-forward approach to AML, expecting institutions to demonstrate technological maturity and traceability in AI tools. Explainable models are essential, especially in high-risk sectors like crypto.
-
5
Financial Intelligence Centre (FIC) – South Africa
Following South Africa’s greylisting by FATF in 2023, the FIC increased oversight of banks and fintechs, emphasizing automated and integrated approaches to risk detection. In public advisories and regulatory engagements, the FIC has signaled that AI and analytics will play a crucial role in closing control gaps and improving SAR quality.Key Message: The FIC is aligning with global standards and expects institutions to adopt intelligent systems that support scalable, proactive AML strategies. AI adoption is now viewed as integral to regulatory recovery and compliance modernization in the region.
-
6
Wolfsberg Group (Global)
The Wolfsberg Group plays a pivotal role in shaping industry best practices for AML. In its 2024 “Statement on Effective Monitoring for Suspicious Activity,” the group emphasized the need for a risk-based, intelligence-led approach6, calling for financial institutions to embrace advanced analytics and AI. Importantly, the Wolfsberg Group encourages integrating both traditional rule-based methods and machine learning models to improve detection efficiency, enhance alert quality, and maintain explainability for compliance and regulatory audit purposes.The Group does not believe that the value being derived from the (constantly increasing) volume of SARs/STRs is contributing proportionately to effective outcomes in the fight against financial crime6.” They suggest several concepts to rationalize the move to advanced technology for Suspicious Activity Monitoring:
- Data maximization – measuring the importance of information provided by alerting systems to SARs and not just quantity; how many SARs
- Usefulness of SARs for actual detection of Terrorist Financing and Money Laundering
- Focus on meaningful cases rather than documenting investigations of ‘theoretical risk’
- Avoiding theoretical red flags as commonly published in regulation and guidance documents.
- Aiming for 100% recall, or ‘No SAR/STR left behind’, is likely to lead to an ineffective system.
Key Message: The Wolfsberg Group views the convergence of human judgment, rule-based logic, and advanced analytics as foundational to effective AML programs. It reinforces the need for transparency, risk-based tuning, and continuous improvement, validating AI adoption as both a strategic and responsible path forward.
The Global Catalyst: From Local Failures to Worldwide Reform
Global regulators are responding to an alarming rise in money laundering vulnerabilities. Several landmark cases have served as inflection points:
Danske Bank (Denmark/Estonia)
In one of the largest AML failures in history, over €200 billion in suspicious transactions passed through its Estonian branch from 2007–2015. The fallout triggered sweeping changes across the EU and a $2B+ settlement.
Westpac (Australia)
In 2020, AUSTRAC fined Westpac AU$1.3 billion—the country’s largest corporate penalty at the time—for over 23 million AML violations, including failures to monitor child exploitation-linked transactions.
Capitec & Nedbank (South Africa)
South Africa’s banks are under renewed scrutiny following the country’s greylisting by the Financial Action Task Force (FATF) in 2023. Regulators have imposed tighter reporting duties and transaction monitoring requirements, especially for cross-border and politically exposed clients.
Revolut (UK/EU)
In 2024, fined €3.5 million for transaction monitoring failures. Although no laundering was proven, the penalty demonstrated regulators’ intolerance for procedural weaknesses in fast-scaling fintechs.
Binance (Global/Singapore)
In 2023–2024, Singapore’s MAS tightened crypto oversight, and Binance ceased local operations after failing to meet evolving AML standards. This local withdrawal came against the backdrop of Binance’s $4.3 billion U.S. settlement in November 2023 over AML and sanctions violations, underscoring the global regulatory pressure on crypto platforms to meet banking-level compliance standards.
Flutterwave (Kenya/Nigeria)
Fintechs across Africa, such as Flutter wave, have faced account freezes and investigations for weak AML controls. Kenya and Nigeria have since bolstered licensing regimes and reporting requirements.
Traditional compliance teams often find themselves buried under a sea of alerts, the vast majority of which are false positives. Manual triage processes are slow, inconsistent, and expensive. AI brings speed and precision to these operations—automatically filtering out low-risk transactions, clustering related alerts, and assigning priority scores based on real-time behavioral insights. The result is a leaner investigative pipeline, faster resolution of cases, and a significant reduction in wasted analyst time. Compliance teams can focus on decision-making rather than data wrangling.
Deeper Risk Coverage
Criminals are becoming more sophisticated, using techniques that often fall outside of predefined rule sets—such as layering funds through microtransactions, using shell entities, or leveraging cross-border digital wallets. AI excels at identifying these subtle and evolving risk patterns. Unlike static systems that flag only known threats, AI can detect anomalous behaviors, discover hidden relationships between entities, and adapt to changing typologies. This expands an institution’s defensive capabilities, improving both detection and deterrence.
Reputational Protection
Regulatory fines for AML failures routinely reach into the hundreds of millions—and the reputational damage can be even more costly. AI not only improves detection but also enhances the quality of suspicious activity reports (SARs), supporting clearer
narratives, more accurate risk indicators, and timelier submissions. Perhaps most importantly, AI platforms can be designed with explainability and traceability in mind—offering regulators a transparent view into how decisions are made. This fosters regulatory trust, improves audit outcomes, and minimizes enforcement risk.
Cost Reduction
Compliance has traditionally been viewed as a cost center—frequently sidelined when weighed against other business priorities. In the TD Bank AML investigation, regulators found that senior leadership withheld investment in stronger controls due to cost concerns. AI changes this dynamic—driving both efficiency and effectiveness, and allowing institutions to meet regulatory expectations without compromising on operational or financial viability. Many early adopters have seen a substantial drop in cost per SAR and meaningful savings in investigative resource hours. In this way, compliance objectives and cost-efficiency can finally
align—enabling institutions to scale responsibly without compromising risk standards.
Strategic Agility
In a fast-moving financial ecosystem, compliance can either be a drag on innovation or a catalyst for growth. Institutions that leverage AI in AML programs are better equipped to scale into new markets, onboard fintech partners, and launch new digital services—without compromising their risk posture. Whether it’s entering a high-risk region, integrating crypto flows, or scaling real-time payments, AI-enabled compliance delivers the agility and confidence required to support business expansion. By reframing AML not as a regulatory burden but as a source of strategic advantage, AI shifts the compliance function from reactive to proactive. Institutions that invest now are setting the foundation not just for today’s regulatory demands—but for tomorrow’s
opportunities. In this way, AI isn’t just a compliance tool—it’s a driver of performance, resilience, and growth.
At ThetaRay, we view this regulatory scrutiny as a turning point for compliance maturity. Our Cognitive AI-native platform is designed from the ground up to help financial institutions easily meet the demands of the new regulatory landscape with agility to adjust to changes..
ThetaRay’s Key Capabilities
Risk-Based Transaction Monitoring
ThetaRay leverages Cognitive AI at the detection layer to uncover subtle, complex risks that traditional rule-based systems overlook. Built for AMLA’s intelligence-led, risk-based approach, our platform continuously surfaces evolving threats and sophisticated behavioral patterns missed by legacy tools.
Cross-Border Payment Surveillance
ThetaRay delivers deep visibility into high-volume, cross-border transaction flows, including, but not limited to, SWIFT and SEPA networks. We help institutions meet AMLA’s enhanced due diligence requirements for correspondent relationships, tracing full transaction chains across jurisdictions for comprehensive risk oversight.
Explainability & Auditability
Our AI models are transparent and fully explainable giving analysts, auditors, and regulators clear visibility into how risk was detected and why an alert was triggered. We offer full traceability, displaying the impact details for each feature on the detected alert, and documentation for each step, decisions, and parameters in the process, making audit-readiness inherent, not an afterthought.
Dynamic Risk Scoring
Risk scoring dynamically adjusts in response to behavioral patterns and emerging typologies, helping compliance teams maintain alignment with evolving threats and supervisory expectations.
Multijurisdictional SAR Reporting
Ability to support regulatory reporting requirements for multiple jurisdictions under a single umbrella with e-Filing capabilities e.g. goAML (with a roadmap for specific countries), streamlining SAR submissions and standardizing compliance operations globally.
Dynamic Risk Scoring
ThetaRay’s solution significantly reduces false positives while increasing effectiveness in identifying truly suspicious transactions. Our GenAI-powered alert summaries also help accelerate investigation timelines. The result: improved operational efficiency, faster investigations, and more timely, accurate SAR filings.
Multijurisdictional SAR Reporting
Ability to support regulatory reporting requirements for multiple jurisdictions under a single umbrella with e-Filing capabilities e.g. goAML (with a roadmap for specific countries), streamlining SAR submissions and standardizing compliance operations globally.
Unified Compliance Platform
ThetaRay’s Screening, Transaction Monitoring, and Customer Risk Assessment capabilities operate from a single, integrated platform. This unified foundation ensures seamless data flow, centralized alert management, and faster time to value—without the complexity of stitching together siloed systems.
The global compliance landscape is entering a new era, defined by heightened expectations, technological adoption, and global convergence on risk-based oversight. From FATF to AUSTRAC, and FIC to FinCEN, the message is consistent and urgent: compliance must be intelligent, explainable, and real-time.
FATF has not only encouraged financial institutions and supervisors to use AI for customer due diligence, transaction monitoring, and decision-making but has also called on FIUs to modernize their capabilities, a move that signals regulators themselves are preparing to audit with advanced technology. This has direct implications for financial institutions, where bodies such as France’s ACPR are considering AI in supervisory audits.
The addition of the Wolfsberg Group perspective reinforces the industry consensus: the most effective AML programs will merge human expertise, rule-based frameworks, and advanced analytics. Wolfsberg cautions against chasing theoretical risks or overproducing low-value SARs, instead prioritizing meaningful, high-impact intelligence.
This shift focuses on the adoption of a future-ready operating model: with AI at the core of detection and supplementary rules on the perimeter, unified compliance infrastructures, rapid and precise SAR filing, alert prioritization, and full audit-ready transparency—institutions that align with regulatory mandates will unlock operational efficiency, improving risk visibility, and preparing their organizations for a more adaptive, data-driven future.
ThetaRay’s Cognitive AI platform is designed to support that journey. Built for scale, transparency, and rapid deployment, it enhances existing systems without disruption, helping institutions modernize detection, respond to rising expectations, and strengthen trust across their ecosystems.
The future of AML compliance is intelligence-led, standards-aligned, and globally scalable—and it begins with readiness, not risk.
Glossary
ACPR (Autorité de Contrôle Prudentiel et de Résolution) – France’s prudential supervisory authority responsible for overseeing banks and insurance companies, including AML/CTF compliance. It operates under the Banque de France and has begun exploring the use of AI in supervisory audits.
AI (Artificial Intelligence) – A branch of computer science focused on building systems that can perform tasks typically requiring human intelligence, such as learning, reasoning, and pattern recognition. In AML/CTF, AI enables risk-based monitoring, anomaly detection, and improved alert management.
AML (Anti-Money Laundering) – Measures designed to prevent the illegal generation of income through criminal activity, including terrorism financing.
AUSTRAC (Australian Transaction Reports and Analysis Centre) – AUSTRAC is Australia’s financial intelligence unit and AML/CTF regulator, tasked with monitoring financial transactions to identify criminal abuse of the financial system. It leads regulatory innovation through initiatives like its “RegTech Innovation Hub” and partners with industry to promote real-time, risk-based detection frameworks.
CDD (Customer Due Diligence) – The process of verifying the identity of customers and assessing their risk level. Enhanced CDD is required for high-risk customers or complex ownership structures.
CTF (Counter-Terrorist Financing) – Measures aimed at preventing the use of financial systems to fund terrorism.
EBA (European Banking Authority) – The EBA is an independent EU authority responsible for ensuring consistent and effective prudential regulation and supervision across the European banking sector. It provides guidance on AML/CTF risk factors, promotes the use of RegTech, and supports harmonized compliance across the EU’s single market.
FATF (Financial Action Task Force) – FATF is an intergovernmental organization established in 1989 that sets global standards for combating money laundering, terrorist financing, and proliferation financing. It conducts mutual evaluations of member countries and issues public guidance to promote effective, risk-based AML/CTF practices across jurisdictions.
FIC (Financial Intelligence Centre) – The FIC is South Africa’s national AML/CTF authority responsible for collecting, analyzing, and disseminating financial intelligence to combat financial crime. Following South Africa’s FATF greylisting in 2023, the FIC has taken an assertive role in enforcing enhanced compliance measures, particularly in the banking and fintech sectors.
FinCEN (Financial Crimes Enforcement Network) – A bureau of the U.S. Treasury that oversees and enforces AML laws.
FIU (Financial Intelligence Unit) – A national authority responsible for receiving, analyzing, and disseminating SARs and related financial intelligence to combat money laundering and terrorism financing.
KYC (Know Your Customer) – A key component of AML compliance, involving the collection and verification of customer identification, source of funds, and ongoing monitoring.
MAS (Monetary Authority of Singapore) – MAS is Singapore’s central bank and integrated financial regulator overseeing banking, insurance, capital markets, and AML/CTF compliance. It is known for its forward-looking approach, mandating the adoption of AI, analytics, and strong governance frameworks in both traditional and digital financial services.
ML (Machine Learning) – A subset of AI that enables systems to learn from data patterns and improve performance over time without explicit programming.
PEP (Politically Exposed Person) – An individual in a prominent public position who may present a higher risk for bribery or corruption, requiring enhanced due diligence.
SAR (Suspicious Activity Report) – A mandatory report submitted by financial institutions to authorities (e.g., FIUs) when there is suspected involvement in money laundering or other financial crimes.
SEPA (Single Euro Payments Area) – A pan-European payment network used for cross-border euro transactions.
SWIFT – A global financial messaging network used by banks and financial institutions to transmit information securely.
UBO (Ultimate Beneficial Owner) – The natural person(s) who ultimately owns or controls a legal entity. UBO transparency is a cornerstone of effective AML/CFT regimes.
Wolfsberg Group
The Wolfsberg Group is a consortium of thirteen global banks that issues widely respected guidance on anti-money laundering (AML), counter-terrorist financing (CTF), and sanctions compliance. While not a regulator, it helps shape global best practices—advocating for risk-based, data-driven approaches and the responsible use of AI in financial crime detection.
Sources:
- FATF (2021). Opportunities and Challenges of New Technologies for AML/CFT.
- EBA (2021, 2023). Guidelines on AML/CFT Risk-Based Supervision and Risk Factors Guidelines.
- AUSTRAC (2020–2022). AUSTRAC RegTech Engagement and Innovation Hub.
- MAS (2023). Guidelines on AML/CFT – Digital Payment Token Services.
- FIC (2023). Public Advisories & FATF Greylisting Response.
- Wolfsberg Group (2022). Statement on Effective Monitoring for Suspicious Activity.
- Danske Bank (2022) – U.S. Department of Justice Press Release
- Westpac (2020) – Australian Government, AUSTRAC announcement
- Revolut (2024) Reuters, Lithuania Fines Revolut 3.5 million Euros
- Binance (2024) Monetary Authority of Singapore Announcement
- Flutterwave (2022) Premium Times Nigeria Business News