In 2026, the rise of AI and ongoing technological innovation is driving industries far-and-wide to work harder to balance two vital aspects – speed and defensibility. Nowhere is such a conundrum seen as powerfully as amongst compliance teams, particularly in the financial space. A key question lingers: where are compliance teams still forced to choose between these two?
According to Holly Sais-Phillippi, CEO of Alessa, the sharpest trade-off between speed and defensibility in compliance today is emerging in environments where financial services are expected to operate almost instantly – particularly real-time payments and digital onboarding.
Customer expectations have shifted dramatically in recent years. Users now expect to open an account, receive approval, and begin transacting within seconds from their phone, and financial institutions face significant commercial pressure to deliver that same frictionless experience. Slow onboarding or delayed payments can quickly translate into lost customers.
Yet the compliance obligations surrounding those moments have not become any simpler. Teams still need to screen names, monitor transactions, and investigate alerts to ensure sanctioned individuals, high-risk actors, or suspicious activity are not slipping through the system. The challenge is that these checks are increasingly taking place in high-volume environments where decisions often need to be made almost instantly.
This, Sais-Philippi details, creates a constant tension. “Move too slowly and the customer experience suffers. Move too quickly and the organization risks missing critical red flags. Compliance programs today are still navigating that push and pull, and it is unlikely to disappear anytime soon.”
New technologies and smarter program design are helping teams manage the balance more effectively, but the fundamental challenge remains the same, according to the Alessa head. “Delivering fast, seamless financial services while maintaining decisions that are clear, explainable, and defensible to regulators.”
More noise than protection
What signals tell you that your sanctions program is creating more noise than protection?
For Sais-Phillippi, the warning signs that a sanctions program is producing more noise than protection are usually visible in the operational data long before they appear in an audit finding. The first signal is often speed. When analysts are closing alerts in under 30 seconds, that’s rarely a sign of efficiency, she believes. “It typically means analysts are encountering a high volume of obvious false positives and are dismissing alerts almost immediately.”
At that point, investigators are no longer analysing risk – they are simply clearing system-generated clutter.
Another indicator emerges in the balance between automated outcomes and human review. If the majority of alerts are being auto-resolved through rules or AI-driven filters rather than investigated by analysts, the program may be generating alerts that were never meaningful to begin with. When auto-resolution rates far exceed the number of alerts analysts actually examine, it often suggests the screening thresholds are too broad or the matching logic is too fuzzy. In other words, the system is creating work only to eliminate it again.
For the Alessa CEO, these signals are usually visible in the data. She said, “By monitoring investigation times, alert disposition patterns, and auto-resolution rates, teams can quickly identify when the program is prioritizing operational throughput over true risk reduction. When those patterns appear, it often means the screening configuration is too noisy, generating large volumes of low-value alerts rather than helping investigators focus on the small number of matches that truly require attention.”
AI-assisted sanctions decisions
The question of accountability around AI-assisted sanctions screening is less ambiguous than some technology narratives suggest. Even when AI is involved, accountability does not move away from the compliance function. In practice, responsibility sits with the Chief Compliance Officer, with oversight from the board, Sais-Phillippi says. AI may help identify, prioritize, or even recommend the resolution of alerts, but regulators still expect institutions to demonstrate that compliance leadership ultimately owns the decisions and the integrity of the program.
According to Sais-Phillippi, from a documentation standpoint, organisations need many of the same governance controls that already apply to other compliance technologies, but adapted specifically for AI.
She said, “This includes clear model governance frameworks, documented risk assessments of AI use, and transparency around which models are being used. Teams should maintain version control, validation testing, and ongoing monitoring to confirm the model is performing as expected.”
On this point, two elements are particularly critical – the first being explainability. “Compliance teams must be able to explain how the AI contributed to a decision if regulators ask,” she said. Second is human accountability. “There must be clear documentation of where human review or override occurs and who is responsible for final decisions,” Sais-Phillippi added.
In short, the Alessa CEO explains, AI can assist the process, but responsibility never shifts away from compliance leadership, and strong governance, validation, and documentation ensure those decisions remain defensible.
Unappreciated sanctions risks
A big challenge for many firms in the industry is understanding the sanctions risks that dominate in such an uncertain and fraught world. What could compliance teams be missing?
In the view of Sais-Phillippi, the most underappreciated sanctions risk heading into 2026 is not a failure of basic controls, but something deeper – structural blind spots embedded in how many compliance programs still operate. “This risk is not about missing a sanctions list or setting a threshold incorrectly. Most compliance programs are already good at maintaining list coverage and basic screening controls. The real challenge is the growing complexity of sanctions evasion itself,” she said.
That complexity increasingly takes the form of layered corporate structures designed to obscure who truly controls an entity or transaction. Sanctioned actors are using cross-border shell companies, intermediary networks, and multi-layered ownership chains to distance themselves from the counterparties that appear in financial flows. These structures, Sais-Phillippi details, are often designed specifically to bypass traditional name-based screening. At the same time, crypto-to-fiat bridges and other hybrid financial channels are adding additional layers of opacity.
As compliance tools get stronger, so do the tactics that threat actors use to evade them. “Bad actors adapt quickly, creating structures that hide risk several layers removed from the obvious counterparties. This is where structural blind spots emerge. A program may appear technically sound, but still miss risk because the true ownership or control sits behind multiple layers of entities or intermediaries,” stressed Sais-Phillippi.
Addressing this risk requires more than simply expanding lists or tightening thresholds, the Alessa head remarked. It requires efficient screening engines, strong ownership intelligence, and investigative capacity, so teams can spend less time managing alert noise and more time analyzing the complex structures where real sanctions risk now lives.
Incorrect assumptions
A less-asked question is what assumptions around sanctions screening does the industry still get wrong despite years of automation investment. In a time where automation is not the watchword, this is becoming a critical question.
“An assumption some people in the industry still get wrong is thinking better name matching automatically equals better compliance,” said Sais Phillippi. “Name screening is necessary, but it is not sufficient. You can keep tightening match logic and screening every name against every list, and still not be any closer to detecting real risk. In fact, that approach often creates more alerts, more noise, and less time for meaningful investigation.”
Effective sanctions screening rests firmly around context. It is about understanding the risk around a match, identifying where your true blind spots are, and making sure your team is focused on the cases that actually matter, not just processing volume.
Sais-Phillippi finished, “In short, automation should not just improve matching. It should help compliance teams make better, more risk-informed decisions, with clearer defensibility.”
Context-aware sanctions screening
Context-aware sanctions screening is realistic in practice, but not in the fully autonomous form it is sometimes portrayed.
As Sais-Phillippi explains, the real progress comes not from replacing traditional controls, but from enriching them. “Effective screening comes from adding context around name matching, not replacing it,” she says. Name screening remains the operational starting point, but institutions increasingly layer in additional signals – risk scoring, geographic exposure, ownership structures, and, where relevant, adverse media – to build a more accurate picture of potential exposure.
The key, she argues, is applying that context selectively rather than universally. “Not every alert or customer requires the same level of contextual review,” Sais-Phillippi notes. Instead, firms should align deeper analysis with their risk tolerance and segmentation strategies, focusing investigative effort on higher-risk jurisdictions, counterparties, and transaction patterns.
In practice, that means moving beyond simple list matching and asking more meaningful questions: Are we operating in high-risk markets? Do we understand the beneficial ownership structure behind this entity? Does the customer’s risk profile warrant additional intelligence, such as adverse media or network analysis?
In that sense, context is less a technological breakthrough than an analytical shift. It enables compliance teams to move from mechanical screening toward a more informed understanding of sanctions risk.
Artificial intelligence can play a supporting role here, particularly in prioritizing alerts and surfacing relevant intelligence. But the idea of fully automated, context-aware sanctions screening remains, for now, more aspirational than operational. “Human judgment and risk-based program design are still essential,” Sais-Phillippi says, “because ultimately someone has to interpret that context and make a defensible decision.”
Benefits and shortcomings of AI
One of the less-discussed topics around AI has been where it outperforms traditional rules-based screening and where it still falls short. Here, Sais-Philippi believes AI already outperforms traditional rules-based screening in several operational areas where speed and scale matter.
For example, she commented, tasks like transliteration, language normalization, and adverse media analysis are areas where AI excels. AI models can quickly interpret multiple spelling variations of names across languages and scripts, something that would be slow and manual for analysts.
“Similarly, AI can scan and classify thousands of news articles in seconds, identifying relevant adverse media signals far faster than a human team could,” she said.
“Where AI still falls short is in complex contextual judgment,” said Sais-Philippi.
“Areas such as structured trade sanctions logic, nuanced regulatory interpretations, and geopolitical context still require human expertise. AI may surface relevant signals but understanding how those signals apply to a specific institution’s risk profile, customer base, or jurisdictional exposure is much harder to automate.”
For now, Sais-Philippi believes AI is most effective as a decision-support tool, due to its ability to dramatically improve speed, scale and information processing. Despite this, human oversight remains essential, especially when decisions involve regulatory nuance, complex ownership structures and geopolitical risk.
Raising the bar
Are regulators implicitly raising the bar for sanctions screening without formally changing the rules?
On this question, Sais-Philippi agrees with the sentiment, stating that in many ways, regulators are raising the bar for sanctions screening without formally rewriting the rules.
She explained, “You can see this in the tone of recent enforcement actions, consent orders, and supervisory exams. Regulators are asking deeper questions and applying greater scrutiny to how programs perform. The focus is shifting away from simply asking whether a process exists to whether that process is truly effective at identifying and managing sanctions risk.”
The Alessa head gave the example that many recent enforcement actions are not about institutions failing to screen a list. Instead, the issue here is often that programs lacked sufficient context around risk, such as ownership structures, geographic exposure, or the effectiveness of the screening configuration. “In other words, regulators increasingly expect institutions to demonstrate that their screening controls meaningfully detect risk, not just that they technically run a search,” said Sais-Philippi.
She also made clear there is a growing scrutiny around model governance and documentation. “Institutions need to clearly document how their screening tools operate, how models are validated, and how program changes are reflected in governance frameworks. Risk-based compliance has always been the standard, but today regulators are asking organizations to prove that their programs are effective in practice, not just well documented in theory.”
The future of sanctions screening
Looking ahead, what will good sanctions screening look like in 2029? How will what is classed as acceptable have changed?
For Sais-Philippi, in three years, strong sanctions screening programs will be defined by context, explainability and continuous tuning.
She remarked, “Good screening will go beyond simple name matching. Organizations will incorporate risk context into their screening decisions, including where they operate, who they do business with, ownership structures, and their overall risk tolerance. This context will feed into risk scoring and prioritization, allowing teams to focus on the exposures that matter most rather than treating every match the same.”
The Alessa CEO suggested another key characteristic will be continuous tuning and monitoring. She suggested effective programs will regularly review and adjust their screening configurations, models and thresholds as new risks emerge.
“Institutions will be expected to demonstrate that they actively evaluate how their systems perform, not just implement them once and leave them unchanged,” said Sais-Philippi.
Additionally, she sees that AI will play a role, but it will need to be explainable and governed. She said that organizations will increasingly adopt AI to support screening and investigations, but they will still need to clearly document how it works, how it is validated, and how decisions are made.
She added, “Screening will also become embedded across the entire customer lifecycle, not just at onboarding. Monitoring customers as their risk profile evolves will be an expected part of a mature sanctions program.”
However, Sais-Philippi believes that several practices by 2029 will likely become unacceptable. For example, persistently high false positives rates will be harder to justify as better technology becomes available.
She detailed, “Regulators will also expect strong model validation, clear governance, and senior management oversight, particularly when AI is involved.In short, the future of sanctions screening will reward programs that can demonstrate effectiveness, transparency, and ongoing improvement, rather than simply proving that a screening process exists.”
Alessa in 2025, and beyond
Alessa has come off the back of a strong 2025, and is looking towards an even stronger future. One of the biggest milestones of 2025, Sais-Philippi states, was completing an acquisition, which marked an important step in the company’s growth.
She said, “It was the right time for us to move into the next phase, and while any transition like that requires some adjustment as teams learn each other’s styles, we moved through that process well and are now focused on what comes next.
“The acquisition also positioned us to accelerate our growth and invest more deeply in the future of the platform. Late in 2025 we began expanding our roadmap with a strong focus on helping our customers operate more efficiently across the entire compliance lifecycle, from onboarding through screening, risk scoring, monitoring, and investigations.”
A key part of the roadmap, the Alessa CEO noted, was advancing its AI capabilities, with its goal to make sure the technology Alessa builds directly supports the real operational challenges its clients face every day.
Sais-Philippi concluded, “Overall, 2025 was a positive and important year for Alessa, setting the foundation for the next stage of innovation and growth.”
Holly’s perspective makes one thing clear: sanctions screening is no longer about how much you screen, but how well you understand and act on risk. As complexity grows and expectations rise, programs that rely on volume and name matching alone will continue to struggle with noise, blind spots, and defensibility challenges.
For a deeper look at how organizations are navigating these shifts, download Alessa’s 2026 Sanctions Screening Trends Report. It brings together real-world data and practical insights to help you improve alert quality, reduce false positives, and build a more effective, defensible screening program.
Copyright © 2026 RegTech Analyst
Copyright © 2018 RegTech Analyst
