The traditional financial crime operating model was built for a different era. For decades, financial institutions have relied on separate functions, technologies and processes to manage anti-money laundering, fraud, sanctions screening and customer due diligence obligations. While that approach reflected regulatory structures and operational realities at the time, growing financial crime complexity is beginning to expose its limitations.
Criminal networks are increasingly exploiting the gaps between traditionally siloed controls, moving seamlessly across fraud, money laundering and identity-based threats. At the same time, institutions are facing mounting pressure to improve effectiveness, reduce duplication and demonstrate stronger outcomes despite constrained resources and rising compliance costs.
Against this backdrop, a growing number of firms are re-evaluating whether the traditional model remains fit for purpose. Convergence strategies, shared intelligence frameworks and more integrated approaches to risk management are gaining momentum, but significant operational, technological and organisational barriers remain.
Why a rethink is happening
Why are businesses beginning to rethink the separation between AML, fraud and KYC? For Taami Tamkivi, CEO of Salv, some firms are, but currently, its not yet a dominant shift.
He said, “The companies that are very vocal about unifying AML and fraud are a minority. When I speak with large banks, the AML people typically know almost nothing about what’s happening in the fraud world, and vice versa. The silos are still strong.”
With that said, Tamkivi believes there is a real case for convergence in one specific area, which is scams and APP fraud – areas that rely on victim feedback loops. “Someone loses money, they complain, there is transactional pressure, institutions get hit quickly if they are not on top of it,” Tamkivi explained.
For the Salv CEO, the synergy between AML monitoring, KYC and fraud detection is genuine there, and bringing those disciplines closer together for that use case makes sense.
Despite this, Tamkivi is worried about what gets lost if the whole AML function gets pulled in such a direction.
He explained, “Money laundering is a fundamentally different problem. The Swedbank scandal – which ran from 2008 to 2018 – is a good illustration: hundreds of billions laundered through a major European institution, no victims complaining, no obvious feedback loop, extremely sophisticated counterparties.”
Such a scheme, Tamkivi outlined, requires deep due diligence and sustained investigate focus. If an AML team is optimised entirely around scams – which has a faster and more visible return on investment – teams can miss the next large-scale laundering case. “And given the geopolitical context right now, that is not a theoretical risk,” he said.
Financial institutions are increasingly rethinking the traditional separation between AML, fraud and KYC functions because, as Scott Nice, CRO of Label, points out, “financial crime itself does not operate in silos”.
Criminals are not concerned with the organisational boundaries that exist inside financial institutions. Rather than distinguishing between onboarding controls, fraud controls and AML controls, they look for vulnerabilities between them and exploit those gaps wherever they can.
Historically, Nice explains, AML, fraud and KYC developed as separate disciplines because they were driven by different regulatory requirements, technology platforms and operational objectives. However, the information underpinning those functions is often closely connected.
“Identity, beneficial ownership, device behaviour, transaction patterns, payment flows, sanctions exposure and customer risk all contribute to the same broader question: does this activity make sense, and does this customer present a risk?” he says.
According to Nice, when these teams operate independently, firms can miss patterns that would be more apparent if intelligence was shared across functions. The separation can also introduce unnecessary duplication, both for customers moving through compliance processes and for internal teams reviewing risk.
However, he stresses that convergence is not about dismantling specialist functions. “AML, fraud and KYC each require distinct knowledge,” Nice says.
Instead, the objective is to create a more connected intelligence layer across the organisation, enabling specialists to make decisions using a shared understanding of risk rather than isolated fragments of information.
“The move towards convergence is not about removing specialist expertise,” he adds. “It is about connecting the intelligence layer, so teams can make better decisions from a shared view of risk.”
Kevin McGuinness, head of strategy at Napier AI, believes on this question that the historical separation reflects organisational structures—not how financial crime actually operates.
He remarked, “Criminal networks exploit gaps between fraud detection, AML monitoring, and KYC controls, often moving seamlessly across these domains. As a result, siloed teams create blind spots. Firms are now recognising that financial crime must be tackled holistically, with shared data, intelligence, and workflows.”
While the orchestration of these datasets is advancing rapidly with the onset of agentic workflows, the underlying risk scoring engine is still the power behind more accurate and efficient decision-making.
In the view of AiPrise, AML, fraud and KYC have run as three separate disciplines for over a decade. Different teams, different vendors, different decisions. The separation was never the goal—it was the cost of fragmented technology.
“That cost has become too high. A customer flagged for adverse media by AML but cleared by KYC. A transaction stopped by fraud but cleared by sanctions. Signals that should land on one decision get split across three queues, while the customer waits and multiple teams review the same case.”
Can unified intelligence models boost detection?
Another key question being debated is whether unified intelligence models can improve detection without increasing complexity. Tamkivi here is less worried about the tech complexity and more focused on the human-agentic relationship.
He said, “I would not worry too much about complexity at the technology layer. We have increasingly powerful tools that can handle data streams that would overwhelm a human analyst. The real challenge is how to get human intelligence and agentic intelligence working well in parallel. Each is strong in different areas.”
Tamkivi added that agents can handle volume, real-time processing and pattern recognition, whilst humans bring experience, intuition and contextual judgement. “More data complexity is not the problem. Getting those two modes of intelligence to complement each other is,” he said.
McGuinness agrees with the sentiment on boosting detection – only if such a process is executed correctly.
He explained, “Unified intelligence models bring together customer, transactional, and behavioural data into a single risk view. This reduces duplication while improving detection outcomes, as signals that might appear low-risk in isolation can become highly relevant when combined.”
Despite this, McGuinness said its just as important for models to know which signals are relevant to AML typologies and which create false positive alerts, particularly those which create type 3 errors in classification models.
“Type 3 errors often occur when AI models wrongly assume that a correlated data point is in fact a causation vector. If a model detects suspicious behaviour and the outcome may seem correct, if the underlying risk-assessment is flawed it should not pass testing and validation, and it would still fail under regulatory scrutiny,” he said.
The Napier strategy head added, “Strong subject matter expertise embedded into model validation from across these disciplines is essential to improving detection without increasing complexity and operational inefficiency.”
Scott Nice believes unified intelligence models can improve detection outcomes, but only when they are introduced in a way that genuinely simplifies decision-making rather than adding another layer of complexity.
“They can, but only if they are implemented carefully,” he says. “A unified intelligence model should reduce complexity for the business, not simply create another layer of technology on top of already fragmented processes.”
The advantage, according to Nice, is that firms can move beyond reviewing individual alerts and begin assessing connected risk signals across the customer lifecycle.
“For example, onboarding data, changes in customer profile, transaction behaviour, fraud indicators and adverse media can be assessed together rather than in isolation,” he explains.
By bringing those signals together, firms gain greater context around customer activity, which should ultimately improve detection quality and reduce false positives.
However, Nice cautions that technology alone cannot compensate for poor-quality data.” Unified intelligence does not work if the underlying data is poor,” he says. “If customer records are incomplete, tax classifications are inconsistent, ownership data is stale or exception handling is weak, then the model will simply accelerate bad decisions.”
For Nice, the success of any unified intelligence strategy depends on building from strong foundations, including robust data governance, explainable decision-making frameworks and clearly defined ownership across the organisation.
“The key is to build from strong data governance, explainable rules and clear operating ownership,” he says.
Ultimately, he argues that the most effective models should do more than generate additional alerts.
“The best models will not just generate more alerts. They will help firms understand why a case matters, what evidence supports the risk view and what action should follow.”
According to AiPrise, recent advances in AI are beginning to challenge the assumptions that created those silos in the first place.
“The first wave of compliance technology was rules. The second was machine learning trained on historical labels. Both treated each domain in isolation because the math required it. Reasoning models don’t,” the company explains.
“They can weigh signals across AML, fraud and KYC and produce a decision with the audit trail to back it up. That last part matters more than the speed. A regulator won’t accept ‘the model said no’. A regulator accepts evidence, sources and judgment, and that’s now possible across domains, not just within one.”
The barriers that stand in the way
What are the barriers that still stand in the way of financial crime convergence? For McGuinness, the biggest challenges are legacy technology, organisational silos, and regulatory inertia.
He explained, “Many institutions still operate multiple disconnected systems, making integration difficult. Internally, teams have different mandates and KPIs, which can slow alignment. Externally, regulatory frameworks have historically evolved in silos, reinforcing separation even as risks converge.”
The temptation, McGuinness states, is to layer agentic AI layers that promise a ‘silver-bullet’ solution, but in reality these layers offer limited ability to address the underlying risk exposure that is driving up operational overheads.
He concluded, “Digital transformation and ‘hubs’ might be old-hat elsewhere in the bank, but the real-time risk hub is just coming of age, and the strategic replacement of legacy systems with NextGen engines is essential to removing the barriers to financial crime convergence.”
Scott Nice, CRO of Label, says the biggest barriers to financial crime convergence are “organisational, not technological”.
“Many firms still have separate leadership structures, budgets, systems and regulatory reporting lines for AML, fraud and KYC. That makes convergence difficult even when there is a clear business case,” he explains.
Beyond structure, he points to data as another critical constraint. Effective convergence, he notes, depends on the ability to connect information across onboarding, transaction monitoring, customer lifecycle events, investigations and reporting. In reality, that data is often fragmented.
“In practice, that data is often inconsistent, duplicated or held in legacy platforms,” Nice says.
Governance also remains a key challenge. Firms must clearly define ownership of decisions, ensure consistent application of risk appetite and maintain robust model validation frameworks. Without that clarity, he warns, convergence can create more uncertainty than control.
“There is also a governance challenge. Firms need to be clear about who owns decisions, how risk appetite is applied and how models are validated. If convergence creates ambiguity, regulators will not be reassured,” he says.
Finally, Nice highlights a cultural dimension to the problem, particularly concerns from specialist teams.
“Teams may worry that convergence means losing subject matter expertise,” he notes. “It should not.”
Instead, he argues, the aim is not to merge functions into a single uniform structure, but to connect them through shared data, intelligence and coordinated decision-making.
“The goal is not to collapse AML, fraud and KYC into one generic function,” Nice says. “The goal is to connect specialist teams through common data, shared intelligence and coordinated decision-making.”
AiPrise argues that convergence does not necessarily mean greater operational complexity. “The intuition that combining three workflows produces a bigger one is wrong. It produces a smaller one. False positives drop because the system sees context that point solutions never had.”
The company says those benefits are already being reflected in customer outcomes. “We see this in our own numbers. AML Agent customers cut false positives by around 95%, auto-resolve nine in ten Level 1 alerts, and move analyst time from hours per case to seconds,” AiPrise says.
However, the company believes the remaining barriers are largely organisational. “The barriers are political before they’re technical. AML, fraud and KYC each have their own budgets, leadership and reporting lines, and unifying them is a turf question before it’s an engineering question,” the company notes.
“Vendor lock-in slows it down further. And examiners are used to reviewing the three programmes separately, so any unified architecture has to be explainable on those terms.”
Despite those challenges, AiPrise expects the direction of travel to remain the same. “None of that is a reason to stay where the industry is. The firms that move first won’t look dramatically different from the outside—a bit faster on onboarding, a bit lower on fraud losses, meaningfully lower on compliance cost.”
“The real change is internal: compliance stops being three teams arguing about the same customer and becomes one team defending a single decision,” AiPrise concludes.
Copyright © 2026 RegTech Analyst
Copyright © 2018 RegTech Analyst
