The AML/CFT landscape continues to evolve under mounting regulatory scrutiny and commercial pressure. Financial institutions, from long-established banks to fast-growing FinTechs, are expected to demonstrate not only robust controls but also clear progress in how those controls are designed, operated, and improved over time.
According to ComplyAdvantage, as AML programmes grow more complex, technology transformation is no longer optional, yet it remains challenging. Institutions must understand where they sit today and how to advance from manual compliance processes towards intelligent, automated systems that can scale with risk and growth.
The idea of a compliance maturity curve was explored at the 2025 Future of Payments Summit, where Patrick Craig, EMEIA financial crime technology lead at EY, and Andrew Davies, global head of FCC strategy at ComplyAdvantage, discussed how organisations can benchmark their AML capabilities and plan realistic paths forward.
The maturity curve provides a structured way of assessing how AML frameworks develop over time, from fragmented and reactive controls to advanced, risk-based ecosystems.
At the earliest stage, organisations rely heavily on manual processes and legacy tools. Spreadsheets dominate workflows, data is poorly curated, and compliance teams are forced into reactive firefighting. The next phase introduces partial automation, often through multiple tools and bespoke integrations, which reduces some manual effort but still delivers limited performance improvements.
As firms progress, automation tends to emerge in silos, with more sophisticated components such as integrated case management, API-centric workflows, entity resolution, and configurable screening and monitoring, yet without a fully unified architecture.
More advanced stages are characterised by AI-enabled automation, where institutions begin to ingest real-time data, apply AI-powered matching, and introduce dynamic risk scoring. While these capabilities unlock efficiencies and accuracy, they do not on their own deliver market-leading differentiation. That comes with agentic intelligence, where autonomous systems support case remediation, behavioural anomaly detection, and genuinely risk-based decision-making.
At the top of the curve sits agentic excellence, defined by full-stack automation across data gathering, analysis, and decisioning, supported by feedback loops and behavioural risk assessments that materially improve revenue, cost control, and regulatory outcomes.
Moving away from manual compliance is often triggered by a combination of regulatory and commercial pressures. Regulatory reviews and audits frequently expose weaknesses in existing controls, while escalating operational costs caused by false positives can overwhelm compliance teams.
Slow onboarding and review processes also create friction for customers, constraining growth. In many cases, board-level direction plays a decisive role, as executives increasingly recognise that investment in AML technology is a strategic business imperative rather than a defensive cost.
Successful AML modernisation is guided by a small set of core principles. Firms must shift from siloed systems towards unified data views that bring together internal and external risk signals. Rules-based frameworks should give way to adaptive, risk-based approaches that reduce noise and focus resources where they matter most.
Governance must be strengthened to ensure technology, policy, and oversight are aligned, while outcomes should be measured rigorously through KPIs such as alert volumes, remediation times, and customer acquisition rates.
Next-level AML performance depends on a combination of advanced analytics, agentic AI, and modern architectures. Machine learning enables pattern detection across onboarding, screening, and transaction monitoring, while agentic systems automate triage and summarisation. Entity and network analytics uncover hidden relationships, and cloud-native, API-first designs support real-time responses. Dashboards and analytics close the loop by enabling continuous performance improvement.
Crucially, the maturity curve challenges the myth that compliance transformation requires a disruptive “big bang” replacement. Progressive renovation, built on augmentation, targeted pilots, and close collaboration with RegTech vendors, is often more effective. Institutions that reach the upper end of the curve treat compliance like product development, committing to continuous improvement and innovation to stay ahead of evolving threats and expectations.
By adopting this mindset and leveraging modular, AI-driven platforms such as ComplyAdvantage Mesh, financial institutions can move towards scalable, agentic compliance that supports both growth and resilience.
Copyright © 2026 RegTech Analyst
Copyright © 2018 RegTech Analyst
