Boards are having a FOMO moment. They have been told that artificial intelligence will transform everything from retail to railways, and they are damned if their institution is going to be the last one still tinkering with Excel macros. In financial crime, this often manifests as an oddly simple instruction from on high: “We need AI in AML. Go and get some.”

For money laundering prevention officers, this is both flattering and faintly terrifying. On the one hand, at last, budget. On the other, an uncomfortable sense that they are being asked to retrofit a fashionable solution to problems that have not yet been properly articulated. As several panellists at the Institute’s AI event observed, much of today’s AI enthusiasm in compliance is “a solution looking for a problem”, not a careful response to a clearly defined risk.

The psychology is not hard to decode. Boards read breathless headlines about generative models that write passable sonnets and moderately competent legal briefs. Vendors, rarely shy and retiring, arrive with slide decks promising a 70% reduction in alerts and a 50% reduction in headcount, often in that order. Supervisors, for their part, speak warmly of “supporting innovation” and “embracing new technologies”, while also reminding firms, sometimes in the same paragraph, that responsibility cannot be outsourced to a machine. Small wonder many MLROs feel they are stuck between a hype cycle and a hard place.

The trouble with fear of missing out is that it short circuits the dull but essential disciplines of problem definition and cost benefit analysis. The panel traded war stories of systems bought in haste and repented at leisure: transaction monitoring packages implemented “out of the box”, with rules borrowed wholesale from the vendor and never calibrated to the firm’s actual business, sanctions filters switched on with default fuzzy matching settings that nobody in the institution could explain, and, in one memorable case, an IT upgrade that quietly severed feeds into a monitoring system. On Monday morning the backlogs vanished, dashboards glowed green, and for a brief moment everyone was delighted…until someone asked the awkward question of why a perpetual bottleneck had miraculously disappeared overnight.

This is the darker side of the “AI as silver bullet” narrative. When implementation has been expensive and politically painful, there is a powerful incentive to believe that the job is done once the system is live. Panellists noted that some firms seemed to think the mere act of installing an “AI powered” tool satisfied their regulatory obligations, even when they had done no serious analysis of the rules, no back testing, and no attempt to demonstrate that outputs were remotely aligned to their risk appetite. Regulators have developed a habit of noticing such omissions.

The more sensible starting point is disarmingly old fashioned: what exactly is the problem? Boards rarely begin there. They begin with PowerPoint. Yet in AML, most questions are fairly pedestrian. Are we generating far too many false positives because our scenarios are crude? Are we missing complex layering schemes because our analysis is too narrow? Are

investigators spending hours on manual data gathering that could be automated, leaving them too little time to exercise judgement? Each of these is a different problem, and “embed some AI” is not an adequate answer to any of them.

MLROs, if they are to keep their reputations and their sleep, would do well to insist on a few fundamentals before they nod AI projects through. First, they should demand clarity on the use case and the success metric. Reducing alerts by 50% is meaningless if the alerts that vanish are the ones that actually mattered. Better metrics might include demonstrable improvements in true positive rates, reductions in time to disposition, or greater consistency in risk classification for similar cases. These can be tested, challenged and, yes, audited.

Second, they ought to be rather more parsimonious in their trust. Both panel and audience spoke repeatedly about the need for robust governance, clear documentation of rules and models, proper user acceptance testing, ongoing QA and change management, before anyone should rely on AI in production. The point is not that machines are uniquely untrustworthy. The point is that when they go wrong, they can go wrong at industrial scale and very quietly. A junior analyst makes a poor judgement and one case is mishandled. A misconfigured model makes a poor judgement and a whole segment of the customer base can fall into a blind spot.

Third, MLROs should insist on a grown up discussion about cost. Several speakers questioned whether firms have honestly counted the price of implementation: not just licences, but data remediation, integration work, governance overhead, specialist skills, and the inevitable remediation when something is discovered to have been mistuned for the last 18 months. In some cases, they suggested, the cost of doing AI badly may exceed the cost of not doing it at all. That is not an argument against AI per se, but an argument against precipitous FOMO driven investments dressed up as strategic transformation.

There is, mercifully, a way for MLROs to sound pro innovation without turning themselves into unpaid sales reps for vendors. It is to reframe the conversation away from “Do we have AI?” towards “Are we solving the right problems, with the right tools, in a way we can defend?” An institution that has cleaned up its data, rationalised its scenarios and tightened its governance, but uses relatively simple analytics, may be in a far stronger regulatory position than one that has festooned itself with dazzling neural networks but cannot explain what any of them are doing.

The doctor’s answer to AI FOMO, then, is boring but bracing. Start with the disease, not the drug. Diagnose specific weaknesses in the AML operating model. Decide which are best tackled with rules, which with better processes, and which genuinely require more sophisticated analytics. Only then go shopping. In an era when everyone is rushing to boast about their latest model, the institutions that quietly ask “why?” before “what?” may look unfashionable. They may also be the ones that avoid the next wave of enforcement actions for badly governed technology.


Tom Vidovic is a senior financial crime compliance specialist. He held several roles in the financial services industry as well as the consulting sector, including as Financial Crime Advisory Manager for Deloitte; Associate Director, FCC Controls for Standard Chartered Bank; Financial Crime Forensic Manager for KPMG; and FIU Financial Crime Consultant for Wells Fargo; and most recent VP Financial Crime Compliance for a global bank. He is a Certified Fraud Examiner, Certified Anti-Money Laundering Specialist, and holds an MBA in Sustainable Finance. 

The Institute of Money Laundering Prevention Officers trading as The Institute. © Copyright Institute of Money Laundering Prevention Officers. All rights reserved.
Log in | Powered by White Fuse