Financial crime has always been a moving target. What has changed is the speed at which it now learns, adapts and scales. Money laundering is no longer the blunt, high-volume activity that many control frameworks were built to catch. It is coordinated, technical and increasingly designed to slip between systems that were never meant to talk to each other.
Banks and regulators are spending more than ever on anti-money laundering, yet enforcement actions, fines and exposed criminal networks continue to rise.
An estimated $5.5 trillion is laundered globally each year, equivalent to around 5% of global GDP, a figure that underlines both the scale of illicit activity and the limits of current defences. Digital assets move value across borders in seconds.
Synthetic identities pass basic checks without raising alarms. Criminal groups exploit gaps between jurisdictions, products and teams, while compliance functions are often left running to keep up rather than get ahead. The result is a sense that AML has become a race without a finish line, expensive, exhausting and structurally tilted in favour of those trying to break the rules.
The challenge is not a lack of data or technology. Financial institutions are sitting on decades of transaction history, customer records and behavioural signals.
The problem is how that information is governed, connected and acted on, and whether firms can explain and stand behind the decisions their systems now make. In an environment where regulators are demanding accountability as much as effectiveness, the question is no longer whether AML can detect risk, but whether it can do so responsibly and at scale.
FinTech Global sat down with a host of industry experts to discuss exactly how AML can stay ahead of evolving financial crime, and what must change if it is to do so.
The changing face of FinCrime
Financial crime no longer announces itself through volume alone. It hides in coordination, speed and design, moving across payment rails and jurisdictions with a fluency that exposes the limits of many traditional AML frameworks. What once looked like isolated fraud events now operates more like an industry, complete with supply chains, service providers and specialists.
That shift is visible in the typologies firms are struggling hardest to contain. Digital asset flows blur borders. Layering now stretches from regulated institutions into decentralised platforms and back again. Shell companies and nominee structures are deployed with a sophistication that obscures beneficial ownership just long enough to move funds on. Jurisdictional arbitrage has become routine rather than exceptional.
Scott Nice, Chief Revenue Officer at Label, points to a widening risk surface that is outpacing static controls. “AML is converging with tax transparency, crypto reporting, and digital asset oversight. The risk surface is expanding faster than traditional rules-based systems can adapt.”
Others see the same acceleration driven by fragmentation. Baran Ozkan, Co-founder and CEO at Flagright, describes typologies that thrive on speed and disconnection. “The typologies evolving fastest are the ones that exploit speed and fragmentation: scam-driven payments, mule networks, synthetic identities, and laundering paths that jump between fiat and crypto.”
What makes these threats harder to detect is not just their technical sophistication, but the way they deliberately target seams in control environments. John Gidla, Head of Global Regulatory Research and Analysis at Vixio, argues that the industry has moved beyond simple scale.
“Financial crime is no longer defined by scale alone. It’s defined by coordination, speed and technical sophistication. We’ve moved beyond simple, high-volume fraud and money laundering schemes into professionalised networks that deliberately target weaknesses in identity controls, transaction monitoring and organisational handoffs.”
Those weaknesses are often structural. Legacy AML systems were designed around stable customer profiles, predictable transaction patterns and clear institutional boundaries.
Today’s criminal networks operate across identities, devices and platforms, exploiting the fact that risk is still assessed in silos.
For many firms, the temptation is to respond by adding more rules or more automation. But as Anthony Quinn, CEO of Arctic Intelligence, warns, the pace of criminal adaptation is now faster than the pace at which most AML programmes were designed to evolve. “Financial crime is evolving faster than most AML/CTF programs were ever designed to adapt, particularly across digital assets, rapid transaction layering and increasingly sophisticated financial crime typologies that exploit system gaps.”
When detection becomes a governance problem
As financial crime has grown more complex, so too has the machinery built to stop it. Machine learning models, behavioural analytics and automated transaction monitoring now sit at the heart of many AML programmes. Automation has become the default response to rising alert volumes and operational strain. But in solving one problem, it has created another. Risk has not disappeared. It has changed shape.
Gidla said many firms have responded by pushing more responsibility into the detection layer. “These tools can materially improve signal quality and reduce false positives, but they don’t remove the underlying risk. They shift it. Detection risk becomes model risk.”
That shift matters because regulators are no longer focused solely on outcomes. They want to understand how decisions are reached and who is accountable for them.
AML, Gidla added, is no longer primarily a screening challenge. “It’s becoming a governance problem. Regulators are signalling that they don’t just want better outcomes, they want defensible decision making.”
This places explainability and oversight at the centre of modern AML. Black box systems may improve efficiency, but they introduce supervisory exposure if firms cannot evidence how models are calibrated, monitored and corrected over time.
Khamzin said automation can meet regulatory scrutiny, but only when supervisory expectations are built in from the outset. “Regulators expect firms to remain fully accountable for outcomes, and firms must be able to demonstrate a clear understanding of how models operate, how decisions are made, and how results remain predictable and controlled.”
In practice, regulators care less about technical sophistication than the strength of the controls surrounding it. Documentation, pre-deployment testing and human validation, particularly for higher risk scenarios, are now central to examinations. Systems that cannot explain why a transaction was flagged, or how decisions are challenged, struggle regardless of how advanced the model appears.
Worrall described how this plays out operationally. Automation, he said, should support decision-making rather than replace it. “The agent automatically proposes a classification with a clear, explainable rationale and transparent source generated automatically.” Analysts still review outcomes, approve or reject decisions, and retain full case ownership through an end-to-end audit trail.
Rebuilding AML as a connected discipline
If the shape of financial crime has changed, then so too must the structure of the response. One of the clearest fault lines exposed by modern typologies is fragmentation. Data sits in different systems. Teams operate to different priorities. Controls are designed around products rather than behaviours. Criminal networks exploit those gaps with ease.
A spokesperson from RelyComply described the result as an uneven contest. “Launderers and underground syndicates have spotted that risk management is not a level playing field from bank to bank, country to country.” Fragmented data sharing, strict privacy laws and poor visibility into global criminal networks, they added, have left AML teams stuck in a reactive cycle. “It’s easy to see why achieving AML compliance is a never-ending rat race.”
Yet the same fragmentation also points to where progress can be made. Financial institutions already hold vast reserves of historical transaction data and customer information. The challenge is connecting it responsibly and using it in real time.
According to RelyComply, when data is monitored and cross-referenced within the bounds of local and global privacy laws, it can form a far more effective defence. “Deploying risk-based AML ensures that institutions can automate high-risk detection, screen customers around the clock, and reduce false positives while maintaining audit trails.”
That emphasis on connection is echoed by Dr Sebastian Hetzler, co CEO of IMTF, who argues that AML must reflect how financial crime actually operates. “Financial crime doesn’t operate in silos, and neither can AML.” A holistic view across customers, transactions and channels, enabled by hybrid AI, allows firms to cut through noise and respond faster to genuine threats, while meeting growing expectations for transparency and control.
This need for convergence extends beyond fraud and AML teams. Tax transparency, crypto reporting and digital asset oversight are increasingly intertwined, and regulators are making it clear that fragmented compliance approaches are no longer defensible. Data collected for one obligation is now relevant to others, and risk decisions in one area have consequences elsewhere.
The unifying thread is accountability. As systems become more automated and risks more interconnected, ownership cannot be diluted. Human oversight, clear governance and a shared understanding of risk across the organisation are becoming the defining features of effective AML.
Responsibility becomes the differentiator
Financial crime will continue to adapt. That much is certain. New products, faster payment rails and more sophisticated criminal coordination will keep testing the limits of existing controls. The question for AML is not whether the threat will evolve, but whether governance, data and accountability can evolve with it.
What emerges from the debate is a clear shift in emphasis. Detection alone is no longer enough. Regulators are asking firms to show how risk decisions are made, challenged and owned. Technology remains essential, but only when it is embedded within a framework that senior management understands and can stand behind. The most resilient AML programmes are those that connect identities, transactions and behaviours across channels, while retaining human judgement at the point of consequence.
Ozkan summed up the direction of travel succinctly. “Staying ahead will come from combining better data, more context and adaptive models with clear human controls, rather than simply turning thresholds down.”
In the race between criminals and controls, responsibility may prove to be the decisive advantage.
Keep up with all the latest FinTech news here
Copyright © 2026 FinTech Global
Copyright © 2018 RegTech Analyst
