Blueprint for Successful AI Implementation in AML

Blueprint for Successful AI Implementation in AML

Manual alert review is no longer a scalable compliance model, according to Castellum.AI co-founder and CEO Peter Piatetsky. Many firms are now realising the answer to the prevailing challenge lies in the implementation of AI into AML.

Blueprint for Successful AI Implementationin AML Manual alert review is no longer a scalable compliance model, according to Castellum.AI co-founder and CEO Peter Piatetsky. Many firms are now realising the answer to the prevailing challenge lies in the implementation of AI into AML. It has been impossible to ignore AI over the past few years. Hype around the technology has dominated discussions and firms across the financial services market have been exploring adoption. One area that remained a little hesitant about its adoption was compliance. Piatetsky explained, “Two years ago, the typical compliance leader came to a conversation about AI with a lot of questions and very little urgency. What about hallucinations. Model risk? How do I explain this to my examiner? That has changed.”

Piatetsky noted that compliance leaders are now embracing AI agents, moving from evaluation and into production. In PwC’s 2025 Global Compliance Survey, it claimed that 71% of respondents believe AI will have a net positive impact overall on compliance. For the firms that are engaging with the technology, Piatetsky sees the most successful implementations initially focus on discrete, high-confidence deployments, such as resolving AML/KYC screening alert sor watchlist and adverse media hits. He said, “These are workflows where volume is high and the human value-add at the L1 phase is low.”

The benefits of AI in these workflows have even been noted by the US’ Federal Reserve, which recently released data showcasing that LLMs reduced false positives by 92% and improved detection by 11% against traditional fuzzy matching. “That kind of evidence builds institutional confidence fast.”

Piatetsky added, “FDIC Chairman Travis Hill put it plainly at an ABA conference this March: ‘Every compliance dollar spent at low-value activity is a dollar not spent on detecting fraud, money laundering, trafficking or terrorism financing.’ Regulators are not just permitting the use of AI, they see the value of its use, and the cost of not leveraging this technology for compliance.”

While compliance teams are now experimenting with AI, there are still some major risks they must address during its implementation. At the top of this list is explainability and auditability. There is no place for black-box tools, when mistakes can cost firms significant financial penalties and reputational damage.

Piatetsky explained, “Explainability isn’t a feature. It’s the critical deliverable of your entire AML controls program. If your answer to an examiner inquiring about a closed case is ‘The agent said so’, there’s an issue. A documented, traceable rationale is the baseline, the same as is expected of human analysts.”

As an example of how this looks in practice, Castellum.AI offers AI-powered agents to support compliance teams across AML and KYC functions. Every decision its AI makes comes alongside a full audit trail. This is a documented chain of reasoning that can be passed to examiners when needed.“ That’s the baseline for our Arbiter agents being layered into a regulated workflow, whether onboarding, payments, EDD or others.”

Finding the balance of human and AI

Despite persistent worry about AI being the replacement for humans, that is not the case, particularly for compliance where decisions carry a lot of risk. Instead, AI is augmenting analysts, handling repetitive tasks to free up time for investigators to focus on more complex tasks. However, what is the right balance for AI autonomy and human oversight?

Piatetsky explained, “I get asked this a lot, and I think the framing is usually wrong. People look for the “right” level of autonomy as if there’s a single dial to set. There isn’t. For example, if you’re resolving AML alerts, you should expect different thresholds for alert closure or escalation that is informed by the data types like a sanctions alert or PEPs alert. Likewise, it should also be tuned to the workflow originating the alert, like onboarding or payments or ongoing customer monitoring. Then there’s the question of your institution’s risk profile and appetite. All of this should inform the level of agent autonomy and guardrails in place.”

The solution is simply testing. Initially, firms should begin with alerts they already know the answers to and see how the AI agents perform, he explained. From there it moves to a closed-book test on alerts without an answer key. This will enable teams to calibrate, expand, and document. “This may sound like an large endeavor, but this is a straightforward application of above-the-line/below-the-line (ATL/BTL) principles used in screening or transaction monitoring systems and applying this to alert-clearing.”

“Finding the right autonomy-human balance is not the sole challenge firms face when evaluating AI solutions for AML. One of the biggest misconceptions firms make with the technology is confusing agentic with general-purpose AI,” Piatetsky said. Any LLM can be implemented into a workflow and called an agent, but this does not mean it is going to meet the same standard as a model trained specifically for AML. When looking to adopt an agentic AI solution for AML, firms should be asking about the model’s training, what data sources it used, whether it was trained by a team of experts with backgrounds as practitioners and how the agent can incorporate your risk posture and review procedures. Piatetsky added, “If the vendor depends on a third-party data provider, you’ve just added latency, information security risk and supply chain complexity you didn’t need.”

Implementing AI in AML

Firms that have managed to implement AI within AML are already experiencing its benefits for the L1 and L2 alert resolution. Piatetsky noted that L1 is where teams spend most of their time and it is where AI is having the most immediate impact. This is the first line of response, handling name matches, watchlist alerts and adverse media pings. It is also where trained analysts follow a documented process and makes a judgement call. “AI can do that work at scale, consistently, with a documented rationale every time,” he said.

In practice, this means the agent ingests the alert, fetches relevant context from the data layer, evaluates it against the institution’s policies and then offers a disposition with a full audit trail. Piatetsky said, “What used to take an analyst anywhere from 90 seconds to 15 or more minutes is now instant. Analysts are then able to come in and do rapid QA/QC and, where an alert is escalated, receive full case context prepared by the agent.”

Through AI, teams can experience six-times faster L1 alert review, an 83% reduction in compliance review time and up to 95% of alerts resolved by AI agents, he said. The compounding value comes from improving the cost per alert as volume scales, allowing firms to grow without needing to bloat compliance teams. “When people talk about turning compliance into a competitive advantage, this is it: Enabling an institution to go-to-market with existing or new products and services and manage their risk effectively.”

As for L2, these require deeper investigations than an L1 alert and analyst judgments are vital for case decisioning. In these workflows, the agents support analysts with data collection across systems and with summarization.

“The analyst workflow impact is significant. Teams stop spending time on clear false positives and start spending it on genuine risk. That’s not just an efficiency story. It changes what compliance work actually feels like.”

When implementing AI in AML, those going live the fastest are those starting narrow, with policies documented and early involvement from stakeholders. He said, “Scope is the biggest implementation variable. A single, well-defined use case like L1 alert resolution for sanctions screening can go live in weeks.” Before AI is implemented, however, firms need to ensure the underlying data and workflow is clearly defined. Similarly, configuration is often undervalued, but success relies on whether an agent is trained on how the institution actually adjudicates alerts. “Think of it like onboarding a new analyst, not recycling the same rules-based criteria.” He added, “Lastly, testing and calibration before go-live. The institutions that move fastest treat this as a compliance program decision, not an IT project, with a compliance owner driving it end to end.”

Castellum.AI helps firms get live quickly with effective agentic AI, which can integrate directly with existing platforms. Its agents learn how a team works, trained on the client’s policies and procedures, historical adjudication decisions and escalation pathways. Each decision comes with full, explainable rationale, with documented reasoning, regulatory alignment built in, consistent with how the client’s policies are written.

Castellum.AI was recently named in this year’s FinCrimeTech50, which identifies the companies leading tech companies fighting money laundering, fraud and financial crime in financial services. The full FinCrimeTech50, including profiles on each company, can be found here. 

Read the daily FinTech news

Copyright © 2026 FinTech Global

Enjoyed the story? 

Subscribe to our weekly RegTech newsletter and get the latest industry news & research

Copyright © 2018 RegTech Analyst

Investors

The following investor(s) were tagged in this article.