The Wolfsberg Group has published its latest statement on monitoring for suspicious activity, reinforcing its call for banks to move away from outdated detection methods.
The second paper, building on an earlier report, outlines a transition framework focused on three themes: transition and validation, balancing model risk with financial crime risk, and ensuring explainability in monitoring systems, claims Hawk.
One of the most striking messages is the rejection of the “drag net” approach, where institutions try to catch every possible anomaly in the hope of flagging suspicious behaviour. According to Wolfsberg, this method produces a flood of low-quality reports that overwhelm law enforcement and rarely add investigative value. Modern systems may miss some of the activities flagged by older tools, but they generate higher-quality leads and uncover previously hidden risks. With richer data sources, such as behavioural and account history, advanced monitoring systems are better placed to identify what is genuinely unusual. Supervisors, the Group argues, must understand that quality matters more than quantity when it comes to suspicious activity reports.
The paper also emphasises the growing need for contextual and nuanced detection. Advanced monitoring programmes no longer rely on simple thresholds but instead combine multiple risk factors and behavioural trends. This complexity places fresh demands on investigators, while also creating opportunities to apply large language models (LLMs) that can explain these subtle risk signals.
A major obstacle, the Group warns, lies in how regulators and banks approach model risk. Financial crime detection models are often subjected to the same rigid oversight as financial risk models. Wolfsberg argues this slows innovation and undermines effectiveness, as institutions struggle to update systems fast enough to counter new criminal methods. Rather than over-investing in the validation of outdated tools, the Group recommends flexible risk management practices that allow trial-and-error innovation and more agile adoption of new detection techniques.
The statement also supports a hybrid model for monitoring suspicious activity, blending traditional rule-based alerts with both supervised and unsupervised AI. Each approach, Wolfsberg suggests, plays a valuable role: rules remain useful for well-defined risks, supervised AI benefits from clear examples of suspicious cases, while unsupervised AI is crucial for identifying previously unseen criminal behaviour. A mix of these methods, the Group notes, will provide the most effective coverage.
Finally, Wolfsberg highlights the challenge of explainability. Unlike simple rules that are easy to describe, AI models often flag behaviour based on complex interactions of multiple factors. Investigators, therefore, need more than a binary alert — they need to understand why it was triggered. The Group encourages the use of visual tools such as graphs, charts and dashboards to make the logic of these systems clearer, helping investigators to follow the reasoning behind AI decisions and respond effectively.
Wolfsberg’s latest statement makes clear that banks can no longer rely on outdated, rules-heavy systems. Instead, they must embrace a mix of AI-driven approaches, ensure transparency, and adopt flexible governance if they are to keep pace with the fast-changing methods of financial criminals.
Copyright © 2025 FinTech Global
Copyright © 2018 RegTech Analyst
