Cross-border AML rules are outpacing compliance teams

AML

A sanctions alert arrives before 8am. By mid-morning, the business demands an impact assessment spanning the US, UK, EU and a Gulf branch, and by lunchtime legal wants confirmation that internal policy wording remains defensible.

This is the daily reality of AML and financial crime compliance, defined by compressed timelines, fragmented rulebooks and minimal tolerance for error, claims Sherlocq.

Sherlocq recently delved deeper into what it sees as AML and financial crime compliance that holds up. 

For most institutions, the challenge is not regulatory volume alone. It is the collision of cross-border inconsistency, escalating supervisory expectations and heavy reliance on manual research. Compliance teams must interpret fresh obligations at speed, translate them into controls, verify policy alignment and justify their reasoning to senior management, audit and regulators. The weakness is rarely effort; it is the widening gap between the pace of change and the capacity of conventional workflows.

The traditional model assumed subject matter experts could absorb regulatory change through horizon scanning, memo writing and periodic policy refreshes. That approach retains value but no longer scales across jurisdictions or risk categories. AML, sanctions, anti-bribery, fraud controls, beneficial ownership transparency and transaction monitoring expectations all evolve at different speeds, while enforcement trends reshape what supervisors deem adequate even when written rules stay static.

The operational consequences are stark. A bank may run a mature AML programme in one market yet remain exposed elsewhere because risk scoring logic, sanctions escalation triggers or politically exposed person controls are calibrated differently. A FinTech may race ahead with product launches while compliance struggles to confirm that onboarding, screening and suspicious activity standards hold in every jurisdiction. Governance pressure compounds this: institutions must now evidence how conclusions were reached, which sources were used and where obligations diverge.

Manual research often costs more than it appears. Duplicated effort, inconsistent interpretation and delayed decisions accumulate, while critical nuance sits trapped in inboxes rather than becoming reusable institutional knowledge. The greater danger is defensibility, as regulators expect a clear audit trail tied to relevant rules and jurisdiction-specific expectations.

According to Sherlocq, the RegTech behind the analysis, effective programmes now depend on three connected capabilities: fast access to reliable, cited regulatory intelligence; a means of testing internal policies against external requirements; and sanctions intelligence that keeps pace with list changes and jurisdictional overlap. Multi-jurisdiction comparison has become a core capability rather than a nice-to-have, helping firms distinguish where standardisation is safe and where local adaptation is essential.

Technology’s role is not to replace judgment but to compress the retrieval and translation cycle that consumes skilled professionals’ time. Domain-focused platforms hold a clear edge over general-purpose legal AI, given the regulator-specific terminology and enforcement context generic tools frequently oversimplify.

Regulators do not demand perfection, but they do expect controls that are informed, current and proportionate. The institutions that succeed are not those with the largest teams, but those with the clearest intelligence flow, able to stand behind their answers when it matters most.

Read the full Sherlocq post here. 

Daniel Willis is the Editor of RegTech Analyst

Read the daily FinTech news

Copyright © 2026 FinTech Global

Enjoyed the story? 

Subscribe to our weekly RegTech newsletter and get the latest industry news & research

Copyright © 2018 RegTech Analyst

Investors

The following investor(s) were tagged in this article.