AMLR is not a compliance exercise, it’s a transformation opportunity Go to content
Consulting Services AMLR is not a compliance exercise, it’s a transformation opportunity
Advisory Managed Services
Tech Solutions AMLR is not a compliance exercise, it’s a transformation opportunity
Quantitative Analytics Financial Data Management Risk Management AML Software
Industries
This is Advisense AMLR is not a compliance exercise, it’s a transformation opportunity
Advisense | talks Client Stories News Career Management & Board Sustainability at Advisense Events
Contact
AMLR is not a compliance exercise, it’s a transformation opportunity EN
Consulting Services
Tech Solutions
This is Advisense

Select your region and language

Search

AMLR is not a compliance exercise, it’s a transformation opportunity News

AMLR is not a compliance exercise, it’s a transformation opportunity

Financial institutions risk repeating the same costly mistake: treating AMLR as another gap analysis exercise and adding an extra set of requirements onto legacy infrastructure. The window to do something different is now.

When a new regulation is announced financial institutions tend to follow the same playbook. A working group is formed. A gap-analysis is run, article by article. A requirement list is handed to the development organization. Policies are updated. First and second line of defence are re-shuffled. The program is closed with a backlog of items that are handed over as part of business-as-usual operations. This results in a new layer of requirements that sits on top of an architecture that was never designed to support the needs of what should be an effective and risk-based financial crime prevention program.  

The EU Anti-Money Laundering Regulation (AMLR) comes into force on the 10th of July 2027. We argue that it would be a serious mistake to also this time follow the old playbook, for several reasons but primarily because the AMLR is structurally different from previous regulations designed for evidence-based supervision.  

While the AMLR is on the way in, technological advancement in the AI space is surging. Financial institutions are at a crossroads with a unique opportunity to re-invent their financial crime prevention programs. We firmly believe that the gap between those who treat AMLR as a transformation opportunity and those who treat it as a compliance exercise will be visible in supervisory outcomes in near future.  

AMLA to establish evidence-based and data-driven supervision 

The new EU Authority for Anti-Money Laundering and Counter Terror Financing (AMLA) has clearly signaled that its supervision will be data-driven and evidence-based rather than document-driven.  

AMLR regulatory requirements must be read through the lens of what AMLA and local supervisors collectively expect. We can already see a clear picture emerging, far beyond the article-by-article approach. Selected key perspectives include: 

  • AMLR is a data infrastructure obligation dressed as a compliance regulation. For instance, verify beneficial ownership against EU registers automatically. Link customer risk ratings to transaction monitoring threshold and frequency. Retrieve compliance decisions, with full audit trail, on demand. Respond to FIU requests within 24 hours. Information (data) sharing obligations within the group and between obliged & non-obliged entities. These are not policy standards. These are system performance and data requirements on group level. You either have the infrastructure that can do this or you do not. 
  • The risk-based approach needs to be proved. The question regulators will ask is not if you have deployed a risk-based approach. It will be if you can prove that you do, with data.  
  • Compliance as a continuous state, not solely a periodic exercise. Dynamic CDD obligations, real-time sanctions screening, ongoing transaction monitoring. Operating models built around annual reviews and periodic reporting cycles are incompatible with what AMLR requires. 
  • Institutions as an intelligence node in an EU-wide network. Institutions that understand their role in the wider EU context will have a better chance of getting it right from the start. AMLA is building a financial intelligence infrastructure across EU and financial institutions will act as data-generating nodes withing that network. 

In essence, this is not a pure compliance program description, it is also a description of governance, process, data, analytics and system capability program that needs to be integrated with interconnected processes.  

AI adoption in the Financial Crime Prevention space and the maturity of trusted AI 

The picture of AI adoption in financial crime prevention depends on where and when you look. Feedzai’s 2026 global survey found that 71% of AML professionals say their institutions are using AI or machine learning in some capacity. 66% of the participants reported 40% efficiency gains and 62% of the participants reported a reduction of false-positives by above 40%.  

On the other hand, our own research, based on a questionnaire with 28 financial institutions in the Nordics early 2025, tells a slightly different story. 59% of the respondents said they were exploring or piloting AI use cases. However, none reported that they had AI implemented at production scale across its AML operations.  

These respective studies reflect two major differences. First, the rapid development of AI adoption in financial institutions. Advisense study was conducted in the spring of 2025 while Feedzai in beginning of 2026. Secondly, machine learning has been applied to real-time fraud detection for over a decade, which is captured by the global survey. AML specific applications, such as transaction monitoring, SAR automation, beneficial ownership analysis and decisioning carry different explainability, auditability and regulatory accountability requirements that make them harder to deploy.  

Agentic AI offers a huge potential for automation. A recent research paper released by Google DeepMind called “Intelligent AI Delegation” argues that AI agents are able to tackle increasingly complex tasks, however not yet in a trusted manner. In the financial crime prevention context, the default has been to keep a human in the loop as a safeguard. While this makes sense in principle,  the authors of “Intelligent AI Delegation” Tomašev, Franklin and Osindero, argue that in practice the issue is more complicated than it appears.  

When AI handles routine work and escalates edge cases for human review, reviewers will face a mounting cognitive load. Verifying long chains of AI reasoning, switching context across cases, and doing so under time pressure will result in nominal or in the worst-case arbitrary oversight. Instead, the authors argue that organisations will get “moral crumple zones”, where humans retain accountability for decisions they did not make in any meaningful way. Applied into the financial crime prevention context, this is not a theoretical risk. A direct consequence is the wrongful denial of banking access and stripping an individual or a business of the basic right to participate in the financial system. 

The answer is not to reject AI autonomy, but to deploy an effective delegation framework built around transparency, continuous monitoring and clearly defined accountability at every point of the chain. Before deploying AI at scale, institutions need a framework that defines which use cases make sense given today’s AI limitations and the risks associated with the specific use case. AI capabilities are advancing fast and current assumptions about what AI can do and cannot do reliably will not hold for long. Governance frameworks built today must therefore be designed to evolve. With that said, having trusted, usable and scalable data remains the key enabler for AI adoption at scale in an enterprise.  

AMLR and AI are the same investment  

Efficiency gains from established machine learning techniques are already evident, as proven by Feedzai’s recent study. The promise of Generative AI and Agentic AI opens new opportunities to re-invent financial crime prevention programs to truly combat financial crime and is the answer to the rising cost of compliance for institutional leaders.  

The most important strategic insight happens to be the simplest; AMLR compliance and AI adoption are two outputs of the same foundational investment. Both depend on the ability to access, extract and aggregate data consistently in real-time. Both require moving from siloed, manual processes to integrated, automated ones. An institution that cannot provide AMLA with the requested data points consistently and on demand cannot feed AI models the data to function. Institutions that treat AMLR as the catalyst to fix its data infrastructure will achieve regulatory compliance readiness and harness the strategic opportunity to capitalize on AI capabilities.

Running successful transformation programs 

Four things must move in tandem, not consecutively. Strategy sets the direction. Execution delivers the work. Performance and risk management will keep it honest. Stakeholder and change management make it stick. Most programs over-invest in execution and treat the other three layers as supporting activities. That is exactly why most transformations are stalled. The plan was solid, but the organization was never truly brought along. 

Advisense has developed a set of recommendations for how organisations can drive their transformation programs successfully:

Know where you stand before you decide where to go. 
Start with a maturity assessment across governance, process, data & analytics, technology, and people. Without it, you are building on assumptions. Assumptions produce rework. 

Define the destination with the people who will own it
A north star defined by a steering committee alone will not survive contact with the organization. Shape it with your leaders who will live with the outcome. Buy-in built at the start will ensure that the investment in your strategy does not end up as yet another paper product. It will ensure your organization moves in the same direction.  

Take people seriously
Transformations fail not because the plan was wrong but because the people who need to change how they work were never genuinely brought along. Communicate early and engage with those most affected. Especially in the age of AI where the potential replacement of human functions is a real concern for people.  

Put the right people in the room
Seniority is not enough, mandate is. FCP transformation hits business divisions, technology, compliance and operations simultaneously. If the steering committee cannot make binding decisions across all areas, the program will stall at every cross-functional dependency.  

The window is open now 

The convergence of AMLR and mature AI technology is not a problem to manage. It is a strategic opportunity that many institutions will miss if defaulting to an old approach to implementation pattern. 

The key question managers and boards should be asking themselves today is not “how do we comply?” It is “what do we want our financial crime prevention to look like in 2030 and how does AMLR accelerate that journey?” 

Start with where you stand today, define where you want to be, and mobilize as soon as possible. July 2027 is closer than you think. 

Adnan AL-Khalaf Hillerberg

Senior Manager

+46702799198

Let's connect

AMLR is not a compliance exercise, it’s a transformation opportunity AMLR is not a compliance exercise, it’s a transformation opportunity
I want an Advisense expert to contact me about:
AMLR is not a compliance exercise, it’s a transformation opportunity

By submitting, you consent to our privacy policy

Thank you for connecting with us

An error occurred, please try again later

Offices

This is Advisense