Anti-money laundering regulation is in the midst of a fundamental transformation. Across jurisdictions, regulators are shifting away from simply assessing whether institutions have the right controls on paper, towards a far more demanding benchmark: whether those controls can be shown to actually work.
According to Consillient, driven by recent developments in the European Union, the United Kingdom, and guidance from the Financial Action Task Force (FATF), this shift reflects a growing acceptance that formal compliance does not always translate into effective detection of financial crime.
Consillient recently discussed the conformity trap, and how AML standardization is giving financial crime somewhere to hide.
In reframing AML as an outcomes-based discipline rather than a procedural checklist, regulators are moving in a broadly positive direction — but not without introducing new tensions along the way.
Europe’s response: Harmonisation and centralisation
The EU has been quickest to put this philosophy into practice. Its introduction of a single AML rulebook, alongside the creation of the Anti-Money Laundering Authority (AMLA), is designed to tackle one of the most persistent weaknesses in European financial crime oversight: fragmentation.
For years, inconsistent national implementation and uneven supervisory intensity have allowed financial crime risk to migrate towards jurisdictions regarded as less stringent. By establishing uniform expectations across institutions and enabling more meaningful comparisons of outcomes, AMLA aims to raise accountability at a system-wide level.
The direction is well-founded. Greater consistency reduces ambiguity, improves supervisory clarity, and limits opportunities for regulatory arbitrage. However, harmonisation also introduces a subtler dynamic. As expectations converge and outcomes become more comparable, the way institutions interpret and respond to risk begins to be shaped by what is measured at a system level. Consistency does not merely clarify; it also influences behaviour, nudging institutions towards a narrower band of accepted approaches.
The risk-based principle and an emerging tension
AML frameworks globally remain grounded in the risk-based approach, as FATF guidance continues to emphasise. Institutions are expected to allocate resources dynamically, respond to emerging threats, and tailor controls to their specific risk profiles. At the same time, supervisory models — particularly within the EU — are increasingly oriented towards standardisation, with growing emphasis on consistent reporting structures, comparable metrics, and auditable decision-making frameworks.
Individually, these developments are coherent. Together, they create a structural tension. Institutions are being asked to do two things simultaneously: adapt to evolving risks, and demonstrate that adaptation in a consistent and comparable manner. As expectations become more clearly defined, the range of acceptable approaches quietly narrows. Some observers, including EY, have noted that increasing standardisation may reduce flexibility in the application of risk-based approaches.
The issue is not that flexibility has been removed in principle, but that it must increasingly be expressed within a defined and observable structure. Institutions retain the ability to innovate in their detection methods, but must frame that innovation in a standardised and comparable form.
Behavioural consequences inside institutions
Regulatory systems do not simply define requirements — they also shape behaviour. As expectations become clearer and supervisory scrutiny intensifies, institutions respond rationally. This is already visible in areas such as model validation, audit processes, and regulatory review, where demonstrating compliance in a consistent and defensible manner becomes paramount.
Institutions increasingly favour models that are more readily explainable, approaches that align with established supervisory expectations, and decision-making processes that prioritise defensibility. These patterns are not a sign of regulatory failure; they are the logical result of institutional adaptation to the incentives embedded within the supervisory framework.
Over time, this adaptation drives convergence. Detection approaches grow more similar across institutions, interpretations of risk begin to align, and methods that fall outside accepted frameworks are less likely to be pursued — regardless of their potential effectiveness. This convergence introduces a new form of systemic risk. When institutions approach detection in similar ways, the diversity of perspectives capable of surfacing non-obvious or emerging threats is reduced. Blind spots become less likely to be isolated and more likely to be shared. The system grows more consistent — but also more predictable.
Global context: Alignment in direction, divergence in approach
While Europe pursues harmonisation through centralised supervision, the broader global AML landscape reflects a more varied picture. At a foundational level, alignment remains strong. FATF continues to emphasise the risk-based approach and a shared commitment to improving transparency and detection effectiveness. However, how these objectives are operationalised differs considerably.
Within the EU, the single rulebook and AMLA reflect a clear prioritisation of consistency and comparability. In the United States, reforms introduced by the Anti-Money Laundering Act of 2020 have placed greater emphasis on transparency — notably through beneficial ownership requirements — alongside expanded use of data, technology, and information sharing to enhance detection capability. Other jurisdictions broadly align with FATF principles whilst preserving local flexibility.
These approaches point in the same strategic direction whilst reflecting different assumptions about how improvement is best achieved. Europe seeks to strengthen the system through harmonisation and supervisory alignment. The US places greater weight on capability, innovation, and effective use of data. FATF maintains a principle-based stance that accommodates diversity in implementation. The result is a globally aligned objective alongside an increasingly fragmented execution model.
The structural limitation: Fragmented insight
Beneath these regulatory developments lies a more fundamental constraint that remains largely unresolved. Financial crime operates across networks — spanning multiple institutions, crossing jurisdictions, and relying on patterns that only emerge when activity is viewed in aggregate. The signals that indicate risk are often distributed across entities, rather than contained within any single organisation.
Detection, by contrast, remains largely siloed at the institutional level. Each firm monitors its own transactions, assesses its own customers, and generates its own alerts based on data within its own perimeter. Even as supervision becomes more consistent and expectations more clearly defined, institutions continue to operate with incomplete visibility of the networks in which financial crime occurs. The quality of detection is therefore constrained not only by the models and controls applied, but by the scope of the data those models can access. Institutions are optimising within their field of view, rather than expanding it. Financial crime is networked; detection remains localised.
From standardisation to system capability
The next phase of AML evolution must focus on system capability — specifically, how to generate and combine insight across institutions without requiring data centralisation. Where data cannot be centralised, whether due to privacy, legal, or competitive constraints, the challenge extends beyond standardising processes within institutions to generating intelligence across them.
Centralised approaches encounter well-documented legal and privacy constraints that are unlikely to ease at scale. Distributed approaches follow a different path: rather than attempting to unify data, they enable learning to occur across it. Models are trained locally and combined at the level of insight, preserving the separation of underlying data whilst extending the scope of detection. The system moves from integrating information to integrating understanding. Because learning occurs on locally distinct data reflecting different customer bases and risk profiles, the resulting intelligence preserves diversity even as it is combined. Consistency at the level of insight does not require conformity at the level of detection.
Beyond consistency: The next evolution
AML regulation is undergoing a necessary and well-directed evolution. Across jurisdictions, there is a clear movement towards greater transparency, stronger supervision, and a more explicit focus on demonstrable effectiveness. The European model seeks to raise the baseline of performance through harmonisation.
Yet this evolution has exposed a structural limitation that improved consistency alone cannot resolve. The effectiveness now being sought is not only a function of improved supervision, but of how systems are designed to both connect insight and preserve diversity in how risk is detected. The future of AML lies not in expanding the perimeter of regulation, but in improving the connections within it — and ensuring those connections preserve the diversity of detection that makes the system genuinely hard to predict.
Read the full Consillient post here.
Copyright © 2026 RegTech Analyst
Copyright © 2018 RegTech Analyst
