The financial crime compliance sector is facing a pivotal moment. Criminal networks are estimated to have increased their use of artificial intelligence tools by as much as 800% over the past two years, operating entirely free from the regulatory obligations and budget constraints that weigh on legitimate compliance teams.
According to ComplyAdvantage, meanwhile, the US regulatory environment is undergoing a significant shift, with proposed anti-money laundering (AML) reforms explicitly opening the door to innovation under an effectiveness-first framework.
For compliance leaders, the tension between moving fast enough to match criminal sophistication and meeting the standards of explainability and governance that regulators demand is now one of the defining challenges of the role.
At ComplyAdvantage’s North American Future of Compliance summit, Todd Raque — a financial crime specialist with experience spanning regulators, financial institutions, vendors, and advisory firms — laid out a practical framework for navigating this challenge.
His central argument: effective AI adoption in compliance depends on embedding risk management from the very beginning, not treating it as a final sign-off stage.
The opportunity hiding inside the threat
The instinctive response to AI’s rise in criminal networks is a defensive one. The threat is real — generative AI, deepfakes, and synthetic identities have become measurable tools of financial crime. But Raque argues that focusing exclusively on the threat misses the bigger strategic story.
Technology has, for the first time, genuinely caught up with what compliance programmes have long needed to do. Legacy infrastructure was built around static rule sets and siloed workflows, where analyst time was consumed by data aggregation, low-quality alert clearing, and manual handoffs between teams. AI now makes it possible to connect those silos, generate higher-confidence risk signals, and operate far closer to real time.
Regulatory direction reinforces the urgency. US AML reform is moving toward judging programmes on whether they work — not merely whether they exist — and the notice of proposed rulemaking actively encourages innovation. The institutions that engage now, Raque suggests, have the opportunity to help define what “effective” looks like in practice, rather than simply responding to whatever definition regulators settle on.
Governance as a co-designer, not a gatekeeper
The most common failure mode Raque has observed in AI proof-of-concept work is treating risk management as a tollgate at the end of the process rather than a partner from the start. When compliance and risk teams are only brought in to approve a near-complete solution, two things tend to follow: outcomes fall short of regulatory expectations, and the course-correction required pushes the project well beyond its original timeline.
Citizens Financial Group, Inc. senior vice president and deputy BSA officer Todd Raque said, “I always talk about full contact governance. It’s not just what has to be done, but being an active participant in owning how it’s done.”
The “full contact governance” model Raque advocates means risk management actively participates in designing the solution from the outset — whether the AI capability is built in-house or sourced externally.
Done well, this produces three concrete advantages. First, faster and more defensible deployment: when risk management helps define use cases, data inputs, and testing criteria upfront, late-stage rewrites are fewer and the audit trail is cleaner.
Second, better-calibrated outcomes: embedding risk expertise early ensures that detection logic, thresholds, and human-in-the-loop checkpoints reflect the institution’s actual risk appetite rather than a generic vendor default. Third, a more agile programme overall: once risk management is part of the design conversation, future model updates and new use cases become incremental adjustments rather than full re-reviews.
Raque is clear that this governance discipline applies across the full maturity spectrum — from traditional machine learning models through to agentic AI. The use case may vary considerably; the principle does not.
Copyright © 2026 RegTech Analyst
Copyright © 2018 RegTech Analyst
