Bridging AI and regulatory obligations in cross-border payments

How can payment providers turn fragmented compliance into growth using AI? Dean Francis, VP and Sector Lead for FinTech, Payments & Insurance at Corlytics, shares more.

Cross-border payments are entering a decisive phase. The market, estimated at USD 194.6 trillion, is forecast to expand to USD 320 trillion by 2032. Yet the system is still constrained by legacy rails, divergent regulations, and a lack of interoperability.

Despite this rapid growth, the infrastructure underpinning global payments is still held back by significant fragmentation. Multiple intermediaries, outdated messaging standards, and, most critically, conflicting regulatory regimes create compliance bottlenecks and operational risk. Payments firms operate across many jurisdictions with fragmented regulations such as PSD2/PSD3 in the EU, FATF standards globally, sanctions in the US/UK/EU, and many others.

This discrepancy is particularly noticeable in obligations around anti-money laundering (AML), data privacy, sanctions, and suspicious transaction reporting (STRs). Each jurisdiction applies these rules with its own expectations, format, and enforcement posture. As a result, the disparities cause a compliance minefield and a strategic headache for global financial institutions.

The expanding role of AI in modern payments

Artificial intelligence has become essential to operational resilience in cross-border payments. Traditional AI in payments has focused on pattern recognition, like detecting anomalies in transaction flows or triaging alerts. Today’s challenges demand deeper contextual understanding. That’s particularly true when it comes to interpreting regulatory obligations embedded in legal texts or supervisory notices.

It is now widely used, for instance, to detect fraud and suspicious transaction patterns in real time, optimise payment routing through dynamic risk scoring, screen transactions and entities against evolving sanctions lists, reduce false positives, and improve alert quality.

AI-powered systems have transformed the industry from static rules to adaptive, data-driven risk intelligence. But many deployments remain narrowly focused on classification and transaction analysis. The next frontier lies not solely in speed, but in interpretation, especially when it comes to legal and regulatory obligations.

Making compliance understandable to machines

A persistent challenge in compliance is bridging the gap between human-readable regulations and machine-executable controls. Traditional systems struggle to translate evolving legal text, such as regulatory notices, updates to FATF guidance, and PSD3 amendments, into obligations that operations and product teams can apply.

This is where the new wave of AI for obligation detection plays a transformational role. Using advanced neural networks trained on regulatory taxonomies and tagged datasets, firms can now extract compliance requirements directly from source materials and map them to operational workflows.

These models don’t just summarise, they interpret intent, context, and enforceability. We're now moving beyond traditional AI tasks like sorting or categorising; models are capable of nuanced interpretation of complex regulatory materials, everything from legal directives to supervisory alerts. This ability to operate in the space between human language and machine logic is where generative AI proves most valuable, enabling faster and more accurate implementation of regulatory change.

The AI transformation begins with the ingestion of regulatory materials: everything from central bank circulars and policy statements to EU directives and FATF guidance. These documents are first cleaned, standardised, and segmented into manageable units such as clauses, bullet points, and annexes. Next, advanced natural language processing models tag key legal elements: actors (for example, ‘payment service provider’), obligations (‘must notify’), and objects (‘suspicious transaction’). These tagged components are mapped to regulatory taxonomies, such as FATF classifications or a firm’s internal compliance ontology.

Generative AI models are then applied to extract contextually meaningful obligations, distinguishing between binding rules and guidance. This includes capturing nuanced details, such as conditions, deadlines, and jurisdictional triggers, turning them into structured, machine-readable instructions. From there, the obligations are classified by domain (for example, AML, data privacy, consumer protection), prioritised, and scored for implementation risk. Critically, these outputs are mapped directly into internal systems, such as GRC solutions, policy management platforms, or DevOps pipelines, allowing compliance actions to be automatically built into dynamic workflows, product features, and audit processes in real time.

Throughout the process, every action is logged to create an audit trail. This not only supports regulatory transparency but also enables continuous improvement, as human-in-the-loop validation refines model accuracy over time. The result is a dynamic learning system that transforms regulatory intent into operational compliance. 

Some common use cases in payments

The challenges our clients in the payments sector face include regulatory overload, inconsistent regulations, fragmentation, and an overwhelming volume and pace of regulatory updates. These are also struggles with the duplication and inconsistency of internal policies, siloed control environments, and unclear risk ownership. Manual efforts in mapping regulations to controls, as well as increased regulatory pressure from bank-like activities (despite not being designed for them), further complicate compliance.

AI-driven regulatory intelligence helps address these issues by:

• automating obligation mapping for DORA, PSD2 (and upcoming PSD3);   
• aligning data privacy obligations with managing payment data;
• rationalising and consolidating Policies and Controls across the business;
• conducting gap analysis of in-force obligations to policies; 
• mapping obligations for data privacy and cyber security regulations, which are currently a high priority; clients are approaching these in tranches, with financial crime, BNPL, and consumer lending next in line as they expand into more traditional banking products.

How AI is solving obligation-related pains in payments
Pain Point (Obligation-Driven)	AI Use Case (Solution)
Regulatory overload across jurisdictions: DORA, PSD2/PSD3, FATF, sanctions all evolving fast	AI automates obligation extraction from new regulations and maps them to existing controls and teams
Conflicting or unclear obligation formats across regions	NLP models interpret intent, jurisdictional triggers, and enforceability across fragmented legal texts
Duplicate and inconsistent internal policies are not clearly linked to obligations	AI clusters similar obligations and rationalises policy language across units or jurisdictions
Siloed control environments with no single view of coverage	Obligations are mapped to policies and controls across departments, creating one connected compliance map
Manual effort to identify gaps between policies and in-force obligations	AI performs gap analysis of in-force obligations to policies to highlight missing or outdated coverage
Expanding into BNPL or lending without understanding new obligations	AI flags new applicable obligations as firms move into regulated activities, triggering policy/control updates
Overwhelmed by privacy and cybersecurity regulations	Obligations from GDPR, CPRA, and NIS2 are extracted and linked to payment data use, with prioritised actions

The firms that succeed in cross-border payments will be those that treat compliance not as a constraint but as a source of intelligence and innovation. By leveraging highly accurate, expert AI to extract and operationalise obligations from evolving regulations, payment providers can turn a fragmented compliance landscape into a connected framework for resilience, trust, and growth. In the next era, competitiveness will be critically defined not by speed alone, but by the ability to apply AI with precision and embed compliance and transparency into every transaction.

 

About author   

 

Dean Francis is VP and Sector Lead for FinTech, Payments, and Insurance at Corlytics. With over 20 years of experience in the regulatory and financial services sector, Dean helps leading fintechs, payment providers, and insurers build scalable, technology-led compliance strategies. He specialises in bridging complex regulatory expectations with practical innovation, particularly across high-risk domains like cross-border payments, embedded finance, and insurance. 

 

 

About Corlytics

Corlytics is the regulatory technology partner of choice for Tier 1 banks, insurers, payments companies, and financial services providers worldwide. Its precision FIUI (Find, Interpret, Understand, Implement) regulatory technology is reshaping compliance by embedding intelligence directly into regulatory content. With over EUR 50 million invested in R&D, Corlytics leads with a vision to transform how organisations manage regulatory risk through the power of AI. An award-winning innovator, Corlytics is also the first regtech to achieve ISO/IEC 42001 certification for AI governance.