[PREVIEW] AI in AML: How Financial Institutions Can Use AI Without Breaking Compliance

Last updated: March 2026

The following is a preview of our AI in AML playbook, developed in collaboration with FS Vector. This practical guide shows compliance leaders how AI is deployed today across key AML/FRAML functions. Get your copy today.

Across industries, AI-powered systems have become the operating reality. The same technology scale and speed is also amplifying financial crime. AI-generated fraud, synthetic identities, deepfakes, and automated scam operations now run continuously at machine speed.

Legacy AML programs were not built for this environment. Batch monitoring, manual investigations, and after-the-fact controls assumed institutions had time to detect suspicious activity before funds moved. Real-time payment rails and 24/7 digital asset settlement have eliminated that buffer. Decisions now happen in seconds, and alert volumes continue to climb.

At the same time, regulators are making clear that ineffective monitoring will not be tolerated. In October 2024, FinCEN assessed a record $1.3 billion penalty against TD Bank and imposed a four-year monitorship. The OCC separately cited systemic breakdowns in transaction monitoring that allowed hundreds of millions of dollars in highly suspicious transactions to proceed unchecked. Enforcement is increasingly focused not on whether controls exist, but whether they actually work to detect and stop illicit activity.

This has fundamentally changed the conversation around AI in AML. The question is no longer whether financial institutions should use AI. It is whether they can deploy AI-native defenses that operate at machine speed while remaining explainable, governed, and defensible when an examiner walks through the door.

TL;DR

• AI can dramatically strengthen AML effectiveness, but without proper governance and transparency, it can also increase regulatory exposure.

• Blind automation creates regulatory risk when decisions cannot be explained, governed, or audited.

• Three guardrails make AI defensible: explainability, governance aligned with SR 11-7 model risk principles, and clear human accountability for escalation decisions.

• High-value AI use cases are already emerging, including alert triage, investigation summaries, sanctions false-positive reduction, enhanced due diligence support, and quality control automation.

• Critical decisions should remain human-owned, including final SAR determinations, high-risk onboarding approvals, and sanctions true-hit confirmations.

From documentation to real-time control

AML has historically been treated as a cost center, with success measured by compliance with documentation and reporting requirements. But regulators increasingly evaluate AML programs as real-time control systems. They want evidence that institutions can detect and stop illicit activity as it happens.

AI makes that possible. Used appropriately, it can prioritize alerts, assemble context across systems, reduce investigative workload, and surface emerging patterns faster than manual review alone. But the same speed that creates efficiency also introduces risk. Automation without governance increases regulatory exposure rather than reducing it.

The institutions succeeding with AI are not replacing investigators, but augmenting them. AI handles scale and repetition; humans retain judgment, escalation authority, and accountability.

What regulators look for from AI in AML programs

Regulators are not necessarily opposed to AI and generally recognize that advanced analytics may help institutions address increasingly complex financial crime risks. However, supervisory expectations frequently focus on how these technologies are governed and monitored.

Across regulatory examinations and enforcement actions, several themes commonly appear:

• AI-influenced monitoring decisions should be explainable in plain language

• Models affecting risk decisions often fall under model risk management frameworks

• Human ownership of escalation decisions remains essential

• Institutions are increasingly asked to demonstrate real-world effectiveness, not only theoretical model performance

In many cases, regulatory scrutiny focuses less on how sophisticated a model is and more on whether institutions can demonstrate that monitoring systems operate reliably, remain controlled, and produce meaningful risk detection outcomes.

The three guardrails for responsible AI in AML

Across financial institutions experimenting with AI in AML programs, three themes tend to appear consistently: explainability, governance, and accountability.

These principles function less as rigid rules and more as practical guardrails that help organizations balance automation with regulatory expectations. They reflect how institutions are thinking about deploying AI while maintaining transparency and oversight.

Guardrail 1: Explainability

The first guardrail is explainability. Every AI-influenced decision should have a clear, plain-language rationale and a traceable decision path. Investigators and examiners need to understand not only that an alert occurred, but why it occurred.

In practice, this means institutions must be able to reconstruct the signals that triggered the alert, the factors that most influenced the risk score, and the specific workflow or model version that produced the outcome. When that level of traceability exists, investigators can review alerts more efficiently and regulators can verify that the system is operating as intended.

Explainability is what makes AI defensible during audits and examinations. If a compliance team cannot explain why a transaction was flagged—or why it was not—then the institution cannot credibly demonstrate control over its monitoring program.

Guardrail 2: Governance

The second guardrail is governance. AI models used in AML should be treated as high-risk models and managed under established model risk management frameworks such as SR 11-7.

That governance typically begins before deployment. Institutions validate models to confirm conceptual soundness, verify the integrity of input data, and test performance under realistic conditions. Validation assesses not only headline accuracy but also false positives, false negatives, and sensitivity to changing thresholds or data inputs.

Governance continues after deployment. Because financial behavior and criminal tactics evolve, institutions must continuously monitor model performance for drift or unexpected changes. Material updates to models, rules, or thresholds should move through documented change-control processes and, when necessary, formal revalidation. This ensures that AI systems remain stable, controlled, and auditable over time.

Guardrail 3: Accountability

While AI can significantly accelerate AML workflows, responsibility for critical risk decisions must remain with humans.

AI can triage alerts, assemble transaction context, identify connections across accounts, and draft investigative summaries that help analysts move more quickly through cases. These capabilities reduce repetitive work and allow investigators to focus on more complex activity patterns.

However, escalation decisions and suspicious activity report (SAR) filings must remain human-owned. Determining whether activity represents laundering, fraud, or legitimate but unusual behavior requires contextual judgment and regulatory accountability that algorithms cannot replicate.

In practice, effective AML programs treat AI as an investigative accelerator rather than an autonomous decision-maker. Automation handles scale and pattern recognition, while experienced investigators retain responsibility for interpretation, escalation, and final reporting decisions.

That is to say, automation supports investigators rather than replacing them.

Model validation: The foundation of defensible AML AI

Model validation plays an important role in turning AI from a technical capability into a controlled risk management tool. Before deployment, validation processes often assess conceptual soundness, data integrity, and model performance under realistic conditions. Parallel testing against existing monitoring systems may also be used to compare outcomes.

Once deployed, institutions typically monitor performance metrics such as alert volumes, detection outcomes, and indicators of model drift. Material changes to models or thresholds may trigger additional review or revalidation.

These practices help provide structured assurance that AI-enabled monitoring systems remain understood, monitored, and controlled over time.

Where AI is currently being used in AML programs today

AI adoption in AML programs is already producing operational impact across several areas. Common applications include:

• Customer onboarding and KYC: AI can assist with identity verification, document analysis, and dynamic risk scoring by analyzing structured onboarding data and behavioral signals.

• Transaction monitoring triage: Machine learning models and AI agents can prioritize alerts, identify relationships across accounts, and assemble investigative context before an analyst reviews a case.

• Sanctions screening: AI techniques such as entity resolution can help reduce false positives by analyzing multiple identity attributes rather than relying solely on name matching.

• Enhanced due diligence: AI systems can gather transaction history, adverse media, and contextual information to help investigators build a more complete understanding of customer activity.

• Quality control and assurance: AI-powered quality control tools can review investigative outcomes at scale, identifying inconsistencies or emerging patterns that may indicate training gaps or procedural weaknesses.

Across these use cases, AI can improve efficiency while investigators retain responsibility for interpreting risk and making final reporting decisions.

The move towards augmented intelligence in AML

One of the most important changes underway in AML may be conceptual rather than technological. Historically, AML programs often measured effort. For example, how many alerts investigators reviewed or how quickly cases were closed.

Increasingly, the focus is shifting toward effectiveness: whether monitoring programs actually identify suspicious activity and escalate meaningful cases. AI technologies can support this transition by helping institutions analyze large datasets, identify behavioral patterns, and surface potential risk signals more quickly.

However, the most effective AML programs tend to combine automation with human expertise. Rather than fully autonomous systems, many institutions are moving toward models of augmented intelligence, where AI accelerates investigative workflows while human investigators remain responsible for judgment and accountability.

In an environment where financial activity (and financial crime) operate at machine speed, explainable and well-governed AI is increasingly becoming a baseline capability for modern AML programs.