AI in financial crime prevention: from hype to practical application

Four years into the generative AI era, NOTO’s experts, including CEO Ivan Stefanov, share early insights into how AI is reshaping financial crime prevention and influencing the world we live in.

The following points are intended to provide an objective and realistic level set for our perspective on AI:

1. It is unproductive to debate whether the AI bubble will burst or when. AI as a technology is unequivocally here to stay.
2. What survives this initial hype cycle will fundamentally reshape nearly every industry and vertical.
3. Less than four years is insufficient time for a new field to mature into a scientific discipline. A new discipline moves from speculative inquiry to a systematic pursuit of verifiable knowledge, becoming a science.
4. Given point 3, we are observing mixed results and speculative success reports from the adoption, leading to its rapid and sometimes reckless implementation.
5. Cybercriminals, as always, are ahead in the AI adoption race. With accessible AI tools, almost anyone can now launch global-scale phishing attacks and execute sophisticated scam schemes. Advanced technical skills are no longer a prerequisite for criminals, which significantly amplifies the threat landscape.
6. As a critical services vendor to our clients, NOTO must approach AI with an objective lens, proceeding carefully and choosing a long-term strategy that enhances our platform, client experience, and Return on Investment (ROI).

The NOTO platform was built around a ‘Flexibility First’ concept, pivoting on two primary principles rooted in the foundation of financial crime prevention:

1. Fraud prevention and Anti-Money Laundering (AML) both draw from the same data pool, encompassing end-customer profiles and transactional data.
2. The fraud prevention and AML processes are inherently perpetual and iterative, consisting of three key stages: A) Risk Screening; B) Review & Investigation; C) Analysis & Response.

NOTO's core tenets for AI solutions

Staying true to our founding principles, our roadmap is focused on delivering AI solutions while adhering to the following core tenets:

• Augment instead of replace. The AI solutions within NOTO will augment human experts, enabling faster and more accurate decisions.
• Avoid expertise and visibility degradation while increasing speed and productivity. Analysts must remain central to the investigation and decision loop, but they will be equipped with AI-enhanced insights and condensed, actionable intelligence. Institutional knowledge must be preserved and not outsourced entirely to AI-only workflows and agents. Increasing speed in the Review & Investigation and Analysis & Response stages must not introduce new risks.
• Deep implementation and instrumentalisation instead of superficial add-ons. A solid takeaway from AI adoption so far is that AI projects delivering positive ROI have had an obvious application focus and well-defined use cases, detailed down to the specific tasks assigned to the AI. Allowing AI assistants to become more than just a power summary generator depends on allowing LLMs access to data and enabling them to run data queries. This will help the next generation of AI-assisted review, investigation, and decision-making, which will be key to a real boost in human productivity and accuracy. Integrating AI agents with key platform instruments, such as those for design decision workflows, will greatly aid the translation of SME expertise into rules and ML models.
• Build instead of buy. This approach is the most reliable path to producing robust, consistent AI solutions that do not compromise on scalability, data privacy, or security, and do not introduce unwanted or unknown bias. The building will mitigate a multitude of risks that other solution providers currently do not address. Data residency, training process, data used for training, and cost predictability are some of the most critical risks that require treatment.
  
• Clear audit trail, consistency, and explainability. These are fundamental to NOTO's position as a critical service provider and will help our clients navigate regulatory scrutiny over a young technology that is still widely misunderstood. Training AI assistants on data from each NOTO client will significantly benefit from adopting organisational fraud and compliance specifics and eliminating bias from other clients, huge ones.

With a clear foundation and set of principles established, it is time to shift to a practical, solutions-oriented perspective. By examining the financial crime prevention process and its three key stages, we can define what AI can and cannot do, and what the actual applications and use cases are:

Risk screening

Whether targeting fraud or money laundering, screening is always the initial step—be it at the account opening/application level or during transactions. Best practices recommend multi-layered screening throughout the entire customer journey. This approach yields optimal results by enabling more precise, accurate decisions across multiple touchpoints, rather than attempting to address fraud and money laundering risk solely at the transactional level. Screening is primarily real-time and accounts for over 80% of the desired impact, especially in fraud prevention. This requires sub-200 millisecond decision times.

Speed is currently a limitation for AI and Large Language Models (LLMs). While there have been limited, unverified reports of LLMs achieving the necessary speed for real-time decision-making, these lack evidence and design details. At the peak of the hype cycle, such claims should be treated as predominantly PR exercises.

Despite the demand for instant results, batch and offline screening and re-screening should not be entirely abandoned. Certain monitoring use cases can benefit significantly from this approach. In the fight against financial crime, it is never ‘too late’ to identify patterns.

Furthermore, the cost of running LLMs to screen all transactions is likely to be astronomical, potentially negating any ROI from fraud or money-laundering prevention. While the market currently benefits from sponsored AI costs by leading developers (with various reliable sources suggesting rates well below actual cost), this will not last indefinitely.

Review & investigation

This is the stage where human experts intervene to reveal, study, and classify patterns. This brief time window enables the maximisation of prevention impact achieved through real-time screening.

This is the domain of Subject Matter Experts (SMEs), who require significant time and extensive training to reach actual expertise. Unfortunately, these experts are often viewed solely as a cost centre, which is why most AI applications in financial crime prevention are currently aimed at this stage of the process.

What do fraud/compliance analysts, investigators, and agents do, and how can AI assist?

These roles typically focus on reviewing alerts related to account originations, logins, or financial transactions, utilising various tools and environments.
 A typical review workflow examines the following:

1. Alert trigger: Why was the alert generated? Which rules, models, etc., flagged this specific event for review? In short, what are the abnormalities that require investigation?
2. History: Has this event been reviewed previously? Are there any current or historical positive or negative list associations?
3. Pattern context: Is this part of an ongoing pattern, the beginning of a pattern evolution, or a brand new pattern? Is it consistent with the Business as Usual (BAU) user and transaction profile for the specific institution?
4. Link analysis: Are there other linked events or users associated with the alert? If so, what is the nature of these links?
5. Organisation specifics: Other fraud, AML, or organisation-specific actions taken.
6. Resolution: Steps related to alert and case resolution.

Having worked as a fraud analyst for many years, I understand that every action counts: every click, every ALT+Tab, every copy/paste, every link reviewed, every line typed, and every mouse movement and scroll. A human can only sustain 100% attention focus for a limited time across multiple screens while chasing ever-growing alert queues.

LLMs can significantly enhance preprocessing, speed, and consistency. In practice, this means:

1. Concise alert summaries: A succinct, human-readable summary of why an alert was generated is more useful and faster to grasp than a list of rule codes or a black-box machine learning score. Content like ‘The transaction is 5x the typical size for this client, performed outside normal hours, and from a completely new device and location’ is far more valuable to the agent than a list of rules or model scores.
2. Clear history summaries: A clear historical summary is superior to a long list of audit trail lines in tiny font.
3. Suggested decisions: A proposed decision, accompanied by clear supporting reasons based on the organisation's data and the previous decisions of the analysts and the entire fraud/compliance team, is highly valuable.
4. Condensed link summaries: Summarising links and their nature. For this to work effectively, AI must be deeply embedded within the Enterprise Financial Management (EFM) platform to prepare data for analytics, rather than being a tacked-on plugin attempting to make sense of triggered rules and limited text fields.
5. Configuration flexibility: Allowing configuration flexibility around keeping the human in the loop, such as defining which alerts the AI assistant can decide, where the human SME must weigh in, and which alerts should not be touched by the AI assistant.

The Review & investigation stage is an undeniable candidate for AI augmentation. With the proper AI tooling, analysts can become more productive and accurate over longer periods. When off-duty, preparatory groundwork can be performed for them, as a machine does not tire and will not make fatigue-induced errors.

If you are a CRO, CCO, or any C-level function responsible for financial crime prevention, keep the following in mind:

• Do not rush to lay off your agent/operational teams. There are numerous examples where organisations have made this mistake, and the reversal is slow and costly. Do not underestimate the value of institutional expertise and knowledge.
• The gains from AI augmentation in this stage are likely a low-hanging fruit but inherently limited. Manual review teams consist of a limited headcount, with expert knowledge, and often do not constitute the largest component of your compliance and fraud prevention spend. Even if this cost is reduced to near zero, it will be accounted for by your CFO as a one-time saving in a single year.

Analysis & response

This stage of financial crime prevention is owned by data scientists and highly experienced analysts. It is critically important, as it determines your response time to new threats and directly influences your mitigation success, translating into avoided losses and reduced customer friction.

The experts responsible for analysis must connect hard facts (like negative outcomes) with the qualitative decisions made by their investigation and review teams. These diverse data sources, often in unstructured formats, inhibit the transfer of correct insights, especially when teams are siloed.

The application of AI agents/assistants will be far more complex but holds the potential to deliver unlimited, perpetual gains. 

LLMs can be deployed to assist with:

• Classification of human decisions.
• Data labelling and organisation.
• Initial feature discovery with a much broader scope than a human analyst would typically explore.
• Tracking large sets of Key Performance Indicators (KPIs) and metrics, reducing the room for human oversight and errors.

In this stage, AI can bridge the gap between data scientists and investigators, which is often an internal hurdle in fraud and AML organisations.

The ROI from using AI in analysis & response activities will be near-unlimited. Imagine being able to respond to threats just 10% faster. Now multiply that benefit across the number of fraud attacks you receive in a year, the volume of chargebacks, recalls, and customer complaints for the same period. This impact is ongoing and perpetual, just like the attacks of cybercriminals.

Deploying AI is far more complicated than described above or in any sales brochure. Success depends on clear target use cases, and it should only be pursued after a solid risk management program is in place, utilising the right EFM toolset and operated by an expert team of financial crime fighters. Going solely ‘AI first’ and attempting to paper over a malfunctioning or fragmented financial crime setup is simply not going to work - and the potential compliance headaches it will generate could bring down unprepared organisations.

Conclusion and next steps

Deploying AI successfully in the high-stakes environment of financial crime prevention is not a matter of simply purchasing a new tool; it is a strategic, long-term undertaking that demands clarity, consistency, and a profound respect for institutional expertise. Going ‘AI first’ without a solid risk management foundation and an integrated EFM toolset will only paper over existing fragilities. The real, perpetual gains from AI, from the immediate boost in analyst productivity during Review & investigation to the near-unlimited ROI in faster threat response from Analysis & response, are only realised when the technology is deeply instrumentalised and built on principles that prioritise augmentation, auditability, and data security.

Ready to move beyond the hype and implement an AI strategy that is robust, scalable, and delivers demonstrable ROI?

 

Connect with NOTO today. Our solutions are engineered on the core tenets of augmenting human expertise and providing a clear audit trail, ensuring you gain speed and accuracy without compromising on regulatory scrutiny or institutional knowledge. Schedule a consultation to explore how the NOTO platform can transform your financial crime defence from a cost centre into a source of perpetual mitigation success.

 

About author

 

Ivan Stefanov is the CEO and Co-founder of NOTO, with extensive experience in fraud prevention across financial services and the crypto industry. He previously held senior risk and fraud leadership roles at Groupon, Paysafe Group, and Crypto.com.