Financial crime has never respected organisational charts. Fraud becomes money laundering. Identity theft enables account takeover. A mule account today becomes the source of suspicious payments tomorrow. Yet inside many financial institutions, the teams responsible for tackling those risks still work largely as separate functions.
That model has served the industry for years. But as financial crime grows more connected, and AI makes it easier to join data across the customer lifecycle, many are asking whether the operating model itself needs to evolve.
The answer isn’t as simple as merging AML, fraud and KYC into a single team. Rather, it’s about whether institutions can build a shared view of risk while preserving the specialist expertise each discipline requires.
The separation of AML, fraud and KYC
Why are firms beginning to rethink the separation between AML, fraud and KYC teams?
In the view of Jon Elvin, strategic risk advisor at Saifr, firms of all shapes, sizes and regulatory jurisdictions have been debating this topic for several decades. Clear consensus remains elusive, but this is changing quickly.
He explained, “Today, technology advances and aspirations for efficiency, reduced cost, and effectiveness are the key drivers. Additionally, the speed to which bad actor tradecraft and their schemes evolve and adapt to controls/detection countermeasures demand a more holistic consideration of risk and cross-channel coordination.
“Many leading practitioners and consulting firm recommendations illustrate diversity in thought. This is seen in the range of current operating models for global institutions to the smallest of credit unions and everything in between. It is further split in design when including many Fintech and new-entry credit, payment, and bank-like firms where fraud loss prevention and importance of customer/ transaction speed nuances may be initially prioritized more than the core compliance tasks that surface as processes and standards mature,” Elvin added.
As the risk advisor explained, previously the question was more directly shaped by legacy organisational design structure versus a conscious debate and decision.
“Historically, a Triggering Event was the core driver of change,” explained Elvin. “In my view and distinct examples in the industry over the last couple of decades where firms have alternated organizational design is most likely attributed to unique events. This was an accepted and natural response often resulting from a negative event fraud loss or AML control failure.”
Jon Elvin believes firms are rethinking the traditional separation between AML, fraud and KYC for a combination of technological, operational and economic reasons.
“Triggering events are likely still key drivers of change,” he says, “but shaping today’s decisions is the recognition and power- or hope thereof – of advancing technologies, larger data volumes, and the need to improve both compliance effectiveness and costs.”
According to Elvin, many institutions are moving away from large, monolithic platforms in favour of more modular technology, AI agents and architectures that can respond more quickly to evolving threats.
“Agility, cost, and advancing technology capability remain at the forefront,” he explains. At the same time, he argues, the nature of financial crime itself has changed. Criminals increasingly operate across digital channels, using behaviours and signals that cannot easily be detected through isolated controls.
“Modern financial crime increasingly relies on digital behaviors and signals that traditional tools cannot fully interpret with the speed and precision required for actionable response,” Elvin says. “Criminals exploit this weakness as threat vectors do not present risk in clean, functional boundaries.”
That, he believes, presents institutions with an opportunity to reassess longstanding control structures and make greater use of AI to improve both effectiveness and efficiency. However, he cautions that criminals are evolving alongside the industry and are increasingly leveraging the same technological advances.
“We operate in an unparalleled time to assess control structure, functional priorities and leverage advances in technology, including AI, to close windows of vulnerability,” he says. “It is important to remember, though, that criminal tradecraft is also evolving. They often move faster.”
Elvin also points to a changing regulatory environment, with supervisors increasingly encouraging responsible innovation while firms explore how AI and advanced signal intelligence can identify risks that would otherwise remain hidden across disconnected systems.
Even so, he stops short of suggesting that convergence is the only answer. “My exploration and instinct in debating this topic suggests that both models can work and both can fail,” he says.
Instead, Elvin argues that success depends less on organisational structure than on execution. Leadership commitment, the strength of underlying technology and data, collaboration between teams, clearly defined risk appetite and strong governance all play a decisive role in determining outcomes.
He also believes cultural barriers should not be underestimated. Fraud, AML and KYC professionals have developed different skills, priorities and measures of success over many years. Fraud teams often focus on preventing immediate financial loss and recovering funds in real time, while AML investigators are measured against regulatory obligations such as building complete investigations and submitting Suspicious Activity Reports within prescribed timeframes. Bridging those differences, he suggests, may prove just as important as connecting the underlying technology.
Unified intelligence models
Can unified intelligence models improve detection without increasing complexity? Here, Elvin says yes, but also maybe not.
He said, “Yes- when implemented correctly, unified intelligence models can help improve detection while reducing operational complexity by consolidating signals, not systems. Rather than adding more rules or point solutions, models that apply AI-driven analysis across communications, behaviors, and structured data are being used to help identify patterns that discrete screening tools miss. They help enhance signal quality, reduce noise, and prioritize higher-risk alerts, ultimately delivering detection while requiring fewer manual interventions.:
When it came to why maybe not, Elvin said when broader guardrails are not in place for risk tolerance, typologies of emphasis and investigative standards of how to stop or no longer pursue potential leads is not well defined.
Elvin commented, “It is the classic discussion of “do not let perfect be the enemy of good enough.” And maybe not is also a potential outcome as AI could pre-maturely stop as it shows enough to conclude on a single or simple dimension of reportable action, but misses something much larger in contrast to a human investigator or analyst that might pursue due to instinct, experience or spirit of the hunt mindset that detects wider criminal activity but takes longer.
“These potential outcomes, much like hallucination possibilities, are why human-in-the-loop and experienced investigators will have to stay engaged and begin shifting some skills and time to affirming AI completeness and conceptual soundness are not diminished.”
The barriers to convergence
What barriers still stand in the way of financial crime convergence? For Elvin, the greatest barriers to financial crime convergence are no longer purely technological – they are rooted in the way organisations, data and governance have evolved over time.
“The primary barrier remains disconnected data and legacy operating models designed for human-led review rather than AI-driven insight where people truly trust the machine,” he says.
Even where firms have invested in modernising infrastructure, Elvin argues that critical risk information often remains fragmented across multiple systems, limiting the context available to investigators and slowing decision-making. At the same time, established operating models and regulatory caution can make large-scale transformation difficult.
He also believes AI will fundamentally change how controls are assessed, forcing firms and regulators to rethink long-held assumptions around investigations and oversight.
“Before AI, reviewers would often ask why you didn’t look further or conduct more manual research,” Elvin explains. “Now the question is becoming whether you’re doing too much, and when you have enough evidence to conclude and move on.”
As AI becomes more embedded within financial crime operations, he expects governance, explainability and human oversight to become increasingly important.
“While speed and precision matter, the importance of how these processes are governed, the privacy and protection of customer data, explainability and ensuring a human-in-the-loop will collectively grow in importance as these early solutions mature.”
According to Elvin, firms will also need to move beyond measuring success by whether individual compliance steps have been completed and instead demonstrate the overall effectiveness of their financial crime controls.
Beyond governance, he points to the practical challenge of integrating data, models and operating standards that have historically developed independently. Differences in model governance between AML and fraud, competing technology priorities and the complexity of building platforms that serve multiple use cases can all slow progress.
“Single-use solutions can change quickly,” he says. “Multi-use agents and multiple stakeholders often complicate speed and fit.”
Despite those challenges, Elvin does not see convergence as an all-or-nothing proposition. “Both models can work and both can fail,” he says. “There really is no differentiated good reason to keep them apart.”
However, he acknowledges that practitioners working within individual disciplines may be more cautious, reflecting the different objectives, expertise and operating cultures that have developed over many years.
Ultimately, Elvin believes successful convergence depends less on technology than on trust.
“Better together is a concept based on trust,” he concludes. “The people, process and technology components are the core building blocks for success, but transparency in communication and trust is the glue that holds either decision together.”
Tackling new problems with old tools
RelyComply believes financial institutions are attempting to tackle modern financial crime with outdated operating models, leaving compliance teams at a growing disadvantage.
“Financial crime teams are losing a war they’re still trying to fight with last decade’s weapons,” the company says.
According to RelyComply, many institutions continue to separate AML, fraud and prudential risk into distinct functions, each supported by its own systems, data and operating frameworks. Meanwhile, criminal organisations have become increasingly sophisticated, using automated, cross-border operations that span multiple risk domains.
“The structural problem is straightforward: siloed data means missed signals,” the company explains. “A fraud alert that never reaches an AML analyst isn’t just inefficiency – it’s an open door.”
The result, RelyComply argues, is that the same risks are often assessed multiple times by different teams, each working with only part of the picture. That fragmented approach not only creates operational inefficiencies but also makes it easier for criminal activity to go undetected.
The company believes regulation is beginning to acknowledge that reality. “The UK’s Economic Crime and Corporate Transparency Act 2023 represents a significant tightening of beneficial ownership transparency and corporate accountability,” it says, describing the legislation as “a clear signal that fragmented, self-contained compliance approaches are no longer fit for purpose.”
In RelyComply’s view, the industry’s direction of travel is towards greater unification, requiring firms to rethink how financial intelligence is shared across the organisation.
“Executing that internally means rebuilding how financial intelligence is structured and shared – automated, continuous, and visible across the business,” the company says. “RegTech architecture that unifies AML, fraud and conduct risk isn’t a luxury for mature compliance teams. It’s the baseline for institutions that want to stay ahead of criminals who’ve already automated everything they do.”
Ultimately, RelyComply argues that the institutions best placed to respond will be those willing to modernise their underlying infrastructure rather than simply adding more controls to existing processes.
“The criminals moved first,” the company concludes. “The institutions that survive are the ones that stop playing catch-up and start building infrastructure that matches the threat.”
Copyright © 2026 RegTech Analyst
Copyright © 2018 RegTech Analyst
