Paula Albu
06 Oct 2025 / 5 Min Read
How can payment providers turn fragmented compliance into growth using AI? Dean Francis, VP and Sector Lead for FinTech, Payments & Insurance at Corlytics, shares more.
Cross-border payments are entering a decisive phase. The market, estimated at USD 194.6 trillion, is forecast to expand to USD 320 trillion by 2032. Yet the system is still constrained by legacy rails, divergent regulations, and a lack of interoperability.
Despite this rapid growth, the infrastructure underpinning global payments is still held back by significant fragmentation. Multiple intermediaries, outdated messaging standards, and, most critically, conflicting regulatory regimes create compliance bottlenecks and operational risk. Payments firms operate across many jurisdictions with fragmented regulations such as PSD2/PSD3 in the EU, FATF standards globally, sanctions in the US/UK/EU, and many others.
This discrepancy is particularly noticeable in obligations around anti-money laundering (AML), data privacy, sanctions, and suspicious transaction reporting (STRs). Each jurisdiction applies these rules with its own expectations, format, and enforcement posture. As a result, the disparities cause a compliance minefield and a strategic headache for global financial institutions.
Artificial intelligence has become essential to operational resilience in cross-border payments. Traditional AI in payments has focused on pattern recognition, like detecting anomalies in transaction flows or triaging alerts. Today’s challenges demand deeper contextual understanding. That’s particularly true when it comes to interpreting regulatory obligations embedded in legal texts or supervisory notices.
It is now widely used, for instance, to detect fraud and suspicious transaction patterns in real time, optimise payment routing through dynamic risk scoring, screen transactions and entities against evolving sanctions lists, reduce false positives, and improve alert quality.
AI-powered systems have transformed the industry from static rules to adaptive, data-driven risk intelligence. But many deployments remain narrowly focused on classification and transaction analysis. The next frontier lies not solely in speed, but in interpretation, especially when it comes to legal and regulatory obligations.
A persistent challenge in compliance is bridging the gap between human-readable regulations and machine-executable controls. Traditional systems struggle to translate evolving legal text, such as regulatory notices, updates to FATF guidance, and PSD3 amendments, into obligations that operations and product teams can apply.
This is where the new wave of AI for obligation detection plays a transformational role. Using advanced neural networks trained on regulatory taxonomies and tagged datasets, firms can now extract compliance requirements directly from source materials and map them to operational workflows.
These models don’t just summarise, they interpret intent, context, and enforceability. We're now moving beyond traditional AI tasks like sorting or categorising; models are capable of nuanced interpretation of complex regulatory materials, everything from legal directives to supervisory alerts. This ability to operate in the space between human language and machine logic is where generative AI proves most valuable, enabling faster and more accurate implementation of regulatory change.
The AI transformation begins with the ingestion of regulatory materials: everything from central bank circulars and policy statements to EU directives and FATF guidance. These documents are first cleaned, standardised, and segmented into manageable units such as clauses, bullet points, and annexes. Next, advanced natural language processing models tag key legal elements: actors (for example, ‘payment service provider’), obligations (‘must notify’), and objects (‘suspicious transaction’). These tagged components are mapped to regulatory taxonomies, such as FATF classifications or a firm’s internal compliance ontology.
Generative AI models are then applied to extract contextually meaningful obligations, distinguishing between binding rules and guidance. This includes capturing nuanced details, such as conditions, deadlines, and jurisdictional triggers, turning them into structured, machine-readable instructions. From there, the obligations are classified by domain (for example, AML, data privacy, consumer protection), prioritised, and scored for implementation risk. Critically, these outputs are mapped directly into internal systems, such as GRC solutions, policy management platforms, or DevOps pipelines, allowing compliance actions to be automatically built into dynamic workflows, product features, and audit processes in real time.
Throughout the process, every action is logged to create an audit trail. This not only supports regulatory transparency but also enables continuous improvement, as human-in-the-loop validation refines model accuracy over time. The result is a dynamic learning system that transforms regulatory intent into operational compliance.
The challenges our clients in the payments sector face include regulatory overload, inconsistent regulations, fragmentation, and an overwhelming volume and pace of regulatory updates. These are also struggles with the duplication and inconsistency of internal policies, siloed control environments, and unclear risk ownership. Manual efforts in mapping regulations to controls, as well as increased regulatory pressure from bank-like activities (despite not being designed for them), further complicate compliance.
AI-driven regulatory intelligence helps address these issues by:
How AI is solving obligation-related pains in payments |
|
Pain Point (Obligation-Driven) |
AI Use Case (Solution) |
Regulatory overload across jurisdictions: DORA, PSD2/PSD3, FATF, sanctions all evolving fast |
AI automates obligation extraction from new regulations and maps them to existing controls and teams |
Conflicting or unclear obligation formats across regions |
NLP models interpret intent, jurisdictional triggers, and enforceability across fragmented legal texts |
Duplicate and inconsistent internal policies are not clearly linked to obligations |
AI clusters similar obligations and rationalises policy language across units or jurisdictions |
Siloed control environments with no single view of coverage |
Obligations are mapped to policies and controls across departments, creating one connected compliance map |
Manual effort to identify gaps between policies and in-force obligations |
AI performs gap analysis of in-force obligations to policies to highlight missing or outdated coverage |
Expanding into BNPL or lending without understanding new obligations |
AI flags new applicable obligations as firms move into regulated activities, triggering policy/control updates |
Overwhelmed by privacy and cybersecurity regulations |
Obligations from GDPR, CPRA, and NIS2 are extracted and linked to payment data use, with prioritised actions |
The firms that succeed in cross-border payments will be those that treat compliance not as a constraint but as a source of intelligence and innovation. By leveraging highly accurate, expert AI to extract and operationalise obligations from evolving regulations, payment providers can turn a fragmented compliance landscape into a connected framework for resilience, trust, and growth. In the next era, competitiveness will be critically defined not by speed alone, but by the ability to apply AI with precision and embed compliance and transparency into every transaction.
About author
Dean Francis is VP and Sector Lead for FinTech, Payments, and Insurance at Corlytics. With over 20 years of experience in the regulatory and financial services sector, Dean helps leading fintechs, payment providers, and insurers build scalable, technology-led compliance strategies. He specialises in bridging complex regulatory expectations with practical innovation, particularly across high-risk domains like cross-border payments, embedded finance, and insurance.
About Corlytics
Corlytics is the regulatory technology partner of choice for Tier 1 banks, insurers, payments companies, and financial services providers worldwide. Its precision FIUI (Find, Interpret, Understand, Implement) regulatory technology is reshaping compliance by embedding intelligence directly into regulatory content. With over EUR 50 million invested in R&D, Corlytics leads with a vision to transform how organisations manage regulatory risk through the power of AI. An award-winning innovator, Corlytics is also the first regtech to achieve ISO/IEC 42001 certification for AI governance.
Paula Albu
06 Oct 2025 / 5 Min Read
The Paypers is the Netherlands-based leading independent source of news and intelligence for professional in the global payment community.
The Paypers provides a wide range of news and analysis products aimed at keeping the ecommerce, fintech, and payment professionals informed about the latest developments in the industry.
Current themes
No part of this site can be reproduced without explicit permission of The Paypers (v2.7).
Privacy Policy / Cookie Statement
Copyright