ThetaRay has published a landmark study on the future of AML in Europe, concluding that the system will be unable to meet upcoming supervisory expectations without AI-driven monitoring and customer-screening systems.
The report, Next-Generation AML Solutions: An Analysis of AI-Based Tools vis-à-vis the Reform of the European AML Institutional and Substantive Architecture, shows how the EU’s AML reform package and the Artificial Intelligence Act will shape compliance for European countries.
According to the report, the global AML system experiences structural inefficiencies, high false-positive rates, and poor conversion due to legacy rule-based systems that generate poor-quality alerts, rely on outdated architectures, and lack the cross-border visibility required to detect modern networked financial crime.
Key findings of the study
Despite rising budgets and better enforcement, Europe’s AML framework underperforms. The FATF reports that 96% of 120 assessed countries show low to moderate effectiveness in preventing money laundering and terrorist financing. FIUs in Europe report significantly low intelligence yield, with the Netherlands having less than 3.5% of 3.48 million in 2024 reports as suspicious, and France’s Tracfin reports only 5% actionable SARs.
Germany’s FIU data shows that only 15% of SARs are investigated by authorities, and 95% of forwarded cases end with no prosecution. Additionally, one operational risk study found that rules-based detection scenarios produced reporting in just 2% of cases. This shows that Europe’s AML system is not keeping pace with financial complexity without AI adoption.
The report concludes that the EU’s AML Package and the Artificial Intelligence Act represent a shift that will strengthen due diligence responsibilities, expand governance requirements, and establish a new EU-level AML Authority that balances obligations across member states. The AI Act defines transaction monitoring and screening as high-risk uses for AI, enforcing rules on transparency, human oversight, data governance, and model lifecycle management.
The study also reports vulnerabilities in banking and crypto flows, where traditional rule engines can't keep up in detecting hidden network behaviour across cross-border transaction chains. There is friction between AML Regulation and GDPR data processing constraints that could push institutions to face overlapping regulatory and legal risks.
The report calls for a shift from volume-driven alerting to intelligence-led detection, pushing for a hybrid human-AI oversight, stronger data governance aligned with the AI Act, transparent models, and integrated customer and transaction screening processes.
