Tackling Today’s AML Challenges: Expert Insights that Matter

How do evolving regulatory requirements shape compliance strategies and risk profiling today?

Regulatory change is the single biggest driver of both compliance strategy and risk classification. Without external triggers (such as FATF recommendations, EU directives, or audit findings) internal systems often remain unchanged. That’s why Heads of Compliance must actively monitor upcoming developments. By the time a regulation is finalized, it can already be too late to adapt.

Take the Instant Payments Regulation as an example: it was discussed for years, yet many did not anticipate the necessary technological and procedural changes ahead of time. Regulatory updates can also shift the risk landscape. If certain professions, such as lawyers or notaries, are newly classified as high-risk, customer peer groups need to be reassessed accordingly. Ideally, such changes are picked up automatically by the system, but in reality, many setups aren’t that advanced.

Also, these triggers aren’t always predictable. The Ukraine war, for instance, led to rapid sanctions, and in some cases, institutions preemptively flagged all Russian passport holders as high-risk – even without specific listings. This kind of blanket response shows how inflexible systems can get in the way of precise, risk-based decision-making.

Another layer of complexity is legal certainty. Compliance teams often need legal validation, especially when interpreting EU regulations at the national level. That’s why many in the industry hope for more clarity from the upcoming EU AML Authority (AMLA), which is expected to deliver a more unified rulebook.

What are effective ways to reduce false positives in transaction monitoring while maintaining reporting obligations?

Reducing false positives is only part of the equation. The real challenge is using limited human resources as effectively as possible. Case handling is time-consuming and costly, which makes intelligent alert prioritization essential.

Smarter rule design is the baseline. What really matters is going further: enriching alerts with contextual data and applying machine learning to assess actual risk. If your system can explain why a €10,000 transaction poses minimal risk based on a set of transparent parameters, downgrading that alert becomes justifiable, provided everything is well-documented.

That’s the foundation: traceability and defensibility. Regulators rarely ask why you didn’t review a specific low-risk alert. They want to know why a suspicious transaction was allowed to slip through. This is where machine learning helps, not by replacing rules, but by reprioritizing alerts to let analysts focus on what truly matters.

What is the best way to digitize AML workflows without creating gaps between core banking, case management, and reporting tools?

Fully digitizing AML workflows is rarely a straightforward task. Most financial institutions rely on a mix of legacy systems, often accumulated through years of mergers and acquisitions, which makes data harmonization a long-term challenge. In many cases, organizations are still far from having a centralized data lake or a well-structured warehouse where all data  are clean and standardized.

That’s why a gradual, structured approach is more realistic. What matters most is that your AML solution can connect to and harmonize data from disparate sources behind the scenes. The user experience should remain consistent for investigators and rule maintainers, no matter how complex the underlying architecture may be.

Key to this is early involvement of the IT teams – especially when large infrastructure upgrades are planned. For example, when switching to a new core banking system, compliance teams must be involved from the outset. These upgrades tend to happen only every few years, so they must be designed to be future-proof from day one.

One recurring technical hurdle is inconsistent customer identification across departments. Without a shared "golden record" (a single, unified identification of a natural person or a legal entity seamless data integration remains out of reach. Fixing this requires more than technology. It means rethinking organizational processes, aligning departmental requirements, and breaking down data silos to ensure long-term interoperability.

How can organizations ensure end-to-end AML compliance from detection to audit-ready reporting?

At the heart of any robust AML strategy is transparency. Every decision, user action, and system interaction must be traceable, not only for internal audits, but to withstand external regulatory scrutiny. If it’s unclear who did what, when, or why, the credibility of the entire compliance framework is at risk.

This level of transparency must be built into the system. Workarounds, such as bypassing the four-eyes principle or granting unnecessary data access, may offer short-term convenience, but they undermine long-term compliance integrity. Secure, auditable processes should be the default, not an afterthought.

The same principle applies to technology: While machine learning offers enormous potential, black-box models that can’t explain their decisions introduce legal risk. Explainable AI is essential, enabling compliance teams to demonstrate why a transaction was flagged or dismissed, and how the system arrived at that conclusion.

But transparency isn’t just a matter of system design. It also depends on people. Well-trained staff need to understand the reasoning behind compliance procedures, and software should actively support them through templates, standardized documentation, and guided workflows. That’s how you embed audit-readiness into the everyday routine of AML operations.

From your perspective, What helps compliance teams scale effectively and bridge fraud and AML efforts?

Scaling compliance isn’t just about adding resources – it starts with a mindset. Leaders need to believe in the impact of their work beyond ticking regulatory boxes. At its core, effective compliance disrupts financial crime. Fraud and AML are closely linked: laundered money has to come from somewhere, and large-scale fraud is often the source.

Breaking down silos between departments is essential. Only when teams collaborate can they build a more comprehensive risk picture. It’s also important to challenge existing processes regularly, run internal audits, and continuously refine the setup, not just to improve efficiency, but to stay ahead of evolving threats.

The second pillar is smart resource allocation. People are the most valuable (and limited) asset in any compliance team. Technology should support them, not overwhelm them. That means intuitive case management tools, effective alert prioritization, and transparent automation that helps staff focus on what matters most.

Ultimately, scaling compliance means creating an environment where smart tools and strong processes enable teams to work faster, more confidently, and with greater impact, without losing sight of the mission behind it all.