AI is everywhere. Is it making your financial crime decisions?

Financial Crime Expert Colin Whitmore breaks down why institutions adopt AI for financial crime decision - making - and what they must consider first.

Introduction

AI is now prevalent across financial services and used for many tasks, including gathering, summarising and analysing data, advising and supporting humans, writing reports, case notes, customer interaction, and many other activities across the many financial services processes. 

Financial crime has many processes that lend themselves to automation. There is also a considerable reliance on humans for decision making. Firms are adopting AI within Financial crime, but will they move beyond automation of processes and use AI for making financial crime decisions? Using AI to replicate human thought and decision-making? 

This short article considers the motivation and considerations behind the adoption of AI for financial crime decisioning.

Background to the process

Financial crime processes follow similar patterns to those found across financial services, that is, the Input > Gather, and Analyse data > Decision > Output. With the input to the process being an ‘alert’ from transaction monitoring, a sanctions name, or payments ‘match or hit’, or an ‘event, review, or action’ within KYC/CDD*. 

Within the processes, there are nuances around a level 1, 2, and 3 process, whereas at levels 1& 2, data is gathered and the decision is often whether the alert or case can be closed, or is ‘worthy’ of further investigation. Level 3 ‘investigators’ perform an in-depth investigation before making the final decision. Not all firms deploy a Level 1 / Level 2 model, and they may use ‘auto triage’ using machine learning models, to close obvious ‘false positives’. In this article, the generic term ‘financial crime operations’, is used to cover all levels, including the more specialised financial crime investigations. 

Figure 1 below shows a generic (simple) investigation process**

Figure 1 - Simple Financial Crime Investigation Process

Role of the human decision maker

Regulation will vary globally and regionally; however, in most countries, there is a requirement on regulated firms to monitor for ‘unusual’ activity and raise instances of suspicion to the appropriate law enforcement, country financial intelligence unit, or similar bodies. 

Within AML controls***, this is done through a financial crime report, often called SARs (suspicious activity reports) or STRs (Suspicious Transaction Reports), or similar. As the name suggests, the process requires the reporting of ‘suspicion’, which is not proof beyond doubt, not 100% percent certain, but an individual’s determination of suspicion of financial crime. 

In regulated firms, there should be agreed operating procedures, guidelines, training, and ‘accreditation’ to support the decision makers, with extensive quality review processes.  In other words, though the human has the responsibility to act, they will do this within guidelines, support and control, with junior members of staff receiving substantial training and on-going reviews. 

In these processes, a lot of time and effort can be spent gathering information, performing analysis, and considering the facts before making a decision. The outcomes of the decision should be documented, usually in case notes, and then, where required, the final report is prepared and submitted.

AI deployments to date

Financial crime processes lend themselves to automation, the use of Generative AI (GenAI), Large Language Models (LLMS), and Agentic AI, which perform particularly well when it comes to stitching together data, performing data and transaction analysis, reviewing counter parties, and identifying areas of interest, in addition to producing case notes and final report text. Figure 2 below shows the use of AI Automation across the process.

Figure 2 - AI augmentation of a simple process steps

Using AI to ‘augment’ processes is far less concerning for compliance managers; the ‘machine’ is supporting the human decision maker, not making the decision. Other than the time required, the human could do the same data gathering, stitching, preparation, and analysis activity; however, the machine can do it quickly, consistently, and repeatably – without the need for local use of spreadsheets and note files!

An obvious emerging area is Agentic AI, the use of autonomous AI agents, to run independently, these are tuned to performing specific steps in the process, with different ‘agents’ specialising on a theme, or set of activities.  

Rationale for automated decision making 

Stakeholders
Who decides whether to use AI within financial crime processes? Within any firm, there will be a wide set of stakeholders with different viewpoints and motivations for the use of AI. 

Purse string holders
Compliance is seen as a cost of doing business, usually paid by business areas (retail, corporate, wealth, etc), who would like to see that cost reduced. This is especially true in areas such as retail banking, which have very small profit margins per customer. Business leaders and the C-suite will have a continual focus on costs, but balanced against this is the need to meet regulations, avoid fines, and keep customers and the bank safe.

C-suite, technology, and other leaders
In addition to a cost focus, leaders need to show that they are clocking up AI implementations and the use of new AI capabilities. It is not only the fear of missing out, but the need to demonstrate that they can aggressively deploy AI across the enterprise. Who wants to be a follower, as opposed to leading the pack? 

Financial crime leaders
So far, much of the rationale and need to use AI is not related to financial crime; it is down to cost saving and the need to show leadership in AI across the firm. What about financial crime leaders? Well, here, costs, the need to reduce costs (often headcount) is a high priority. However, matched to this are the concerns of compliance officers, and the need to be more effective at detection and to avoid regulatory action or fines.

Compliance officers - Nominated officers / MLROS / BSA officers⁴
Compliance officers are concerned with protection, the meeting of regulations, the accurate reporting of suspicions, and the need to protect the customers and the firm. You may assume they are in favour of human decision-making, as opposed to AI decision-making. Here, however, it is nuanced and based on the ‘what’. For example, providing consistent and accurate case notes and report narratives is seen as a positive use of AI, helping to enforce standards and accuracy. Decision-making will depend on factors such as explainability, safeguards, and what is being decided.   

Financial crime operations
This will depend on the level of automation. For example, if it is supporting the human, then this could be seen as positive, freeing up humans to focus on ‘financial crime’, the true ‘crime fighter’. However, if it is seen only as a means of saving costs and reducing headcount, then employees are going to be very nervous and concerned, with implications both for them, for financial crime, and the enterprise, with wider impacts on the team and organisational dynamics. 

Regulators
This is a moving position, as reported in the recent Cambridge University Judge Business School, 2026 Global AI in Financial Services Report. It spoke globally to financial institutions, regulators, and vendors, stating that ‘For industry and AI vendors, there is a general lack of guidelines on the use of AI from their respective financial regulators. Nearly 50% of the surveyed authorities do not have a national AI strategy in place. Even those that do, the guidelines are general or broad rather than specific to AI in financial services. However, there is unanimous recognition from all surveyed stakeholders on the need to clarify and update AI guidance, with 79% identifying it as the top priority for regulators and supervisors to focus on.’

Arguments for and against AI decision-making

From a cost perspective, as discussed in the last section, there is significant pressure from senior stakeholders to deploy AI, to reduce human processing and associated headcount, i.e., the payback for deploying AI across the firm. However, there are a number of arguments that need to be considered, including: 

Reasons for AI decision-making

• Cost savings – probably the highest reason, removing headcount across financial crime operations, focusing resources on involved, in-depth investigations.
• Quality & consistency – There is an argument that AI decision-making will be of higher quality and consistency than human decision-making. Though there is a risk of hallucinations and inaccuracies, the output of AI can be monitored and flagged up where they arise. With humans, by nature, it is argued that there is a personal bias and viewpoint, with one person deciding to file a report, another not.
• Noise reduction – within financial crime detection, there can be a lot of ‘noise’, that is, alerts, which on inspection turn out to be ‘false positives.’ AI can quickly assess large amounts of data, identifying alerts that are likely to be false positives, enabling humans to focus on higher-priority and complex cases.
• Monitored processes – Unlike human processes, there are no shortcuts, off-system use of spreadsheets to analyse data, or note, ‘scratch’, pads to make notes, and record outcomes. The machine will follow the standard process; if the process needs amending, it can be flagged up and corrected, without ‘work-arounds’. I think we can remove the comma and space?
• A natural expansion of AI – if AI is accepted and going to be used by the firm to support humans, then why stop there? Why not use it for decision-making too? 

Against  

• Human intuition – the ability of the human to look at a situation from different aspects, to use past learning, experience, and something that is hard to codify – human intuition.
• Explainability – within human decision-making, it is possible to go and find the person who made the decision, and ask them why they made the decision. However, humans are not infallible and can cover-over their actions or just forget.
• Accountability – who is accountable where a machine is making a decision, and how happy are the compliance officers on this point? This will come down to a number of factors and considerations, including how well-versed the compliance officers and leadership are with the use of AI.

Approaches to AI decision-making

If it has been agreed to use AI for decision-making, where do you start? Here, it is assumed that firms have applied AI to augment humans, to tackle the obvious low-hanging gains, and address areas such as data gathering, preparation, documentation, and so on. Some factors are considered below.

• Population to be included – what is the population to be included in AI decision-making? This could be based on the type of customer, jurisdiction, or product. For example, it may be better to go with a smaller set of customers, with fewer alerts, to trial and then scale up, or to start with a specific set of products.
• Complexity of cases – linked to the decision based on the population, is the complexity of the alert and the subsequent investigations. For example, a retail account product, with one account holder, repeated, and similar transactions will be less complex than a cross-border correspondent banking payment, with a number of different (non-bank) parties. For decisioning, can you go for easier, less ‘involved cases’, then refine and move to the complex ones at a later date?
• What are your decisions - maybe you do not need to consider the full decision, the determining of suspicion to start with, maybe you could focus on the level 1 / level 2, i.e., is the alert worthy of further investigation. It is worth noting that this is often referred to as ‘triage’ and many aspects of it are already being automated in many firms. 
• Implementation models - will you go big bang, or will you select a control group? Will you initially run the AI decision on cases that have already been decided by a human to compare, or will you just switch over to automated decision-making?
• Quality – what is the role of quality assurance and checking, and who is doing this? Is it human-led, sampling so many cases, or due to the (arguably) increased capacity, will a form of automated checking and quality be needed? AI monitoring AI?

Considerations

In addition to deciding on your approach, there are a number of considerations that will need to be worked through. Below is a summary of the key ones.

• Human in the loop – what, if any, is the role of the human? Is it a complete or partial replacement? Will the human make the final decision? Where a machine makes a recommendation, how will you prevent the human being ‘led’ by the machine, especially if they are under pressure to get as much work done as possible?
• Human distrust of AI – if the intent is to replace humans, then maybe the humans involved may find ways to make the implementation difficult, or circumvent the use of AI, or blame the machine for any errors.  
• On-going monitoring, feedback loops, and refinement - this is critical, the on-going monitoring of the AI for the detection of hallucinations and other inaccuracies, the feedback to monitor the correctness, ‘worthiness’ of decisions, and to prevent any AI drift.
• Automation of bad processes – a word of warning, are you considering processes that may not have been reviewed for many years, or have deviated from the original intent, or have workarounds? This may be the ideal time to review current processes, to assess them, and to review ‘what good looks like’.
• Data – data accuracy, quality, and availability - the ‘data issue’ has been around for many years, and firms have spent, and continue to spend, many millions of dollars trying to resolve data inaccuracies, duplication, and incomplete records. Fixing data is a big, ongoing undertaking, which is unlikely to be resolved before AI is introduced.  How will bad data impact decisions? How will the machine deal with this? Will it be flagged up? Will a decision be referred to a human, assuming you still have humans?
• Security and data leaks - there is a risk that AI ‘public’ tools may be inadvertently used within the firm, exposing customer or other sensitive information to the internet, and by extension, criminals and fraudsters. It is critical that the AI tools and capabilities are understood, locked down, and that data access is secured. 
• Regulation – have you considered relevant regulation, both in terms of the use of AI, for example, the EU AI act, but also specifically compliance regulation, or country guidance? Is your legal team involved?
• Hidden costs – are the true costs of AI fully understood? Is there a firm-wide global agreement for AI that hides the true cost, or is it discounted to enable the uptake of AI? What is the token cost? Will costs increase as the scope of AI increases? The recent Paypers report on the SAASpocalyse⁵   – provided a view on the change to current software payment models due to AI.

Conclusion

Within financial services, there is significant interest in and ongoing deployments of AI, with many processes lending themselves to automation. With a continued push to reduce costs and headcount, business leaders are seeking to increase the pace and scope of AI deployments. 

Financial crime is no exception; given the high costs and the reliance on human decision makers, it has so far allowed for automation up to a point, but not the full end-to-end process.

Supporting humans by removing the many tedious data gathering and preparation activities is not in question and is seen as a positive use of AI. However, once these ‘decision preparation’ steps have been automated, what is to stop the push to go ‘all the way’ and fully automate financial crime decision-making?

References and further reading

¹The Paypers – Expert views - The SAASpocalypse and payments: who survives when the per-seat model dies?, May 2026, https://thepaypers.com/fintech/expert-views/the-saaspocalypse-and-payments-who-survives-when-the-per-seat-model-dies

²IBM - Why infrastructure is key to AI readiness: Insights from Think 2026, May 2026, https://www.ibm.com/think/news/think-2026-infrastructure-recap

³Cambridge University Centre for Alternative Finance – the 2026, The 2026 Global AI in Financial Services Report, April 2026, https://www.jbs.cam.ac.uk/wp-content/uploads/2026/05/ccaf-2026-04-28-global-ai-in-financial-services-report-2.pdf

⁴AML Intelligence, REDEFINING AI: How AI is Redefining Financial Crime Compliance, April 2026, https://www.amlintelligence.com/2026/04/redefining-ai-how-ai-is-redefining-financial-crime-compliance/

⁵Bank of International Settlements - In data we trust? Emerging policy and supervisory approaches to AI data use in financial services, March 2026, In data we trust? Emerging policy and supervisory approaches to AI data use in financial services

*Know Your Customer / Customer Due Diligence
**All diagrams produced by the author
***AML = Anti-Money Laundering

About the author 

Former Financial Crime Director, AI, Strategy and Design, Natwest Group 

Colin Whitmore is a recognised subject matter expert in Financial Crime technology, strategy, and innovation, bringing over two decades of experience across banking and financial services. He has worked with leading institutions including Thomson Reuters, Aviva, Barclays, the Royal Bank of Scotland, HSBC, and NatWest. 

For the past 15 years, Colin has specialised in Financial Crime, advising senior leaders on strategy, technology, innovation, and architectural transformation. His work focuses on designing integrated solutions that combine data, technology, process, and advanced analytical approaches to strengthen Financial Crime prevention.