RegTech for AML: AI, Machine Learning, and What Works

The application of artificial intelligence and machine learning to AML compliance has generated enormous enthusiasm — and some considerable hype — over the past five years. Regulatory technology vendors have proliferated, promising to solve the false positive problem, automate SAR drafting, and identify complex financial crime networks that rules-based systems miss entirely. Some of these claims are well-founded; others are not. For MLROs and compliance teams evaluating AI-based AML solutions, the critical challenge is distinguishing genuine capability from marketing narrative, and understanding what regulators actually expect when firms deploy these tools.

AI in Transaction Monitoring

The most commercially significant application of machine learning in AML is in transaction monitoring. Traditional rules-based systems apply static thresholds to individual transaction characteristics; machine learning models can learn patterns across thousands of features simultaneously and identify anomalies that rules cannot capture. The practical benefits are real: well-implemented ML models consistently produce lower false positive rates and higher detection rates than rules-based equivalents in controlled testing environments.

However, the deployment of ML in transaction monitoring introduces new risks alongside the benefits. The most significant is model opacity: a complex neural network that produces an alert because of a multi-dimensional pattern in the data may be entirely correct in its output but impossible for an investigator to explain or for a regulator to audit. This "black box" problem is not hypothetical — it has resulted in specific regulatory challenges to ML-based monitoring systems in multiple jurisdictions.

Supervised ML models (trained on labelled datasets of known suspicious and non-suspicious transactions) typically perform well in environments where sufficient labelled training data exists. For most payment institutions, the challenge is that the volume of confirmed suspicious activity in their historical data is very small relative to total transaction volumes — training data imbalance that can skew model performance. Addressing this requires careful model architecture choices, oversampling techniques, and robust validation methodology.

Unsupervised and semi-supervised approaches — which identify anomalous patterns without requiring labelled training data — are increasingly popular for behavioural anomaly detection. These can identify deviations from a customer's established transaction profile without needing historical examples of confirmed money laundering. The limitation is that anomaly detection produces many false positives unless it is carefully calibrated against the specific customer population.

Network Analysis for Financial Crime

One of the most powerful genuinely novel capabilities that AI brings to AML is network analysis — the ability to identify relationships between accounts, entities, and transactions and detect patterns that span multiple customer relationships simultaneously. Traditional transaction monitoring operates at the individual account level; network analysis operates across the entire customer portfolio and payment network.

Practical applications include: identifying common beneficiaries across multiple customer accounts (potential smurfing networks); detecting circular payment structures that suggest round-tripping; identifying accounts that consistently appear in each other's transaction histories (potential criminal networks); and flagging clusters of recently-opened accounts with similar onboarding characteristics (potential synthetic identity fraud).

Graph-based analysis tools — including those offered by NICE Actimize, Quantifind, and Ayasdi (now part of SymphonyAI) — can process billions of transaction records to identify network patterns that would be invisible to an individual investigator. The regulatory challenge is that alerts generated by network analysis are often difficult to explain in the context of a single customer relationship, requiring investigators to understand the full network context before making a SAR decision.

NLP for SAR Drafting

Natural language processing (NLP) has been applied to the labour-intensive process of drafting Suspicious Activity Reports. Given that most financial institutions file hundreds or thousands of SARs per year, each requiring a coherent narrative description of the suspicious activity and the reasons for suspicion, AI-assisted drafting tools can significantly reduce the time burden on investigators while improving narrative quality and consistency.

Current NLP tools can: extract key facts from transaction records and investigation notes and organise them into a structured narrative; suggest relevant typology descriptors based on the pattern of suspicious activity; identify gaps in the narrative (missing dates, missing transaction amounts) and flag them for completion; and check the draft against regulatory guidance on SAR quality standards. These are genuinely useful capabilities, and several major banks have reported significant efficiency improvements from NLP-assisted SAR drafting.

The critical risk is over-reliance. SAR drafting is fundamentally a human judgment exercise — the investigator must form and articulate a genuine suspicion, not simply aggregate automated system outputs into a form. AI tools should assist and improve the quality of human SAR drafting, not substitute for it. An investigator who submits an AI-drafted SAR without critical review is not discharging their professional responsibility.

Regulatory Expectations on Model Explainability

Regulators in the UK, EU, and US have all published guidance on the use of AI and ML in financial services that has direct implications for AML technology deployment. The FCA's AI and Machine Learning guidance, the European Banking Authority's guidelines on internal governance (which address model risk), and FinCEN's guidance on technology innovation in AML all converge on a consistent theme: firms are responsible for the outputs of the models they deploy, regardless of whether they built the model themselves or procured it from a vendor.

For AML-specific ML applications, regulators expect: documented justification for why the ML approach is appropriate for the risk being addressed; evidence that the model has been validated by personnel independent of those who built or selected it; documentation of the model's inputs, architecture, and training data; ongoing performance monitoring against defined metrics; and the ability to explain model outputs in terms that a compliance investigator can use in an investigation or a regulator can audit. "The model said it was suspicious" is not sufficient justification for a SAR or a customer exit decision.

Vendor Selection: What to Look For

Selecting an AI-based AML technology vendor requires scrutiny beyond product demonstrations:

• Explainability: Can the vendor explain what their model is detecting and why it generates specific alerts? Vendors who cannot answer this clearly should be viewed with significant scepticism.
• Validation track record: Has the vendor's model been independently validated in a comparable environment to your own? Can they provide performance metrics from current clients?
• Regulatory engagement: Has the vendor engaged with regulators about their approach? Have they been deployed at regulated firms without regulatory objection?
• Training data quality: What training data was used? Is it representative of your customer population? Models trained on bank transaction data may not perform well when deployed in a payment institution context.
• Ongoing support: What is the vendor's model maintenance approach? As the threat landscape evolves, models must be retrained — who is responsible for this, on what timeline, and with what governance?