What was said at the largest AML event of the year in the Nordics
Everyone agrees. Data quality and data analysis is king. Tick the box- compliance is so yesteryear. AML legislation is risk-based, it ‘has to be’ geared towards effectiveness. Even with the Single Rulebook, however there are no paragraphs that will tell you how effective you are.
At Penningtvättsdagarna 15-16 April, Jonas Karlsson and Daniel Bardun from Advisense talked about “Governing AI Correctly in the Service of Anti-Money Laundering”, taking a practical perspective on managing models and control frameworks for AI within AML, including when and why a human needed to remain in the loop. All this framed around the implementation of the AMLR and data reporting, with a focus on identifying the areas where AI could deliver the highest return.
The relationship between AML compliance and impact
A stone´s throw from the central station in Stockholm, more than one thousand AML-professionals gathered 15-16 April. This year’s major gathering the AML Days (Penningtvättsdagarna) excelled in bringing together more than one thousand people – regulators, law enforcement, financial and non-financial companies under a shared ambition: to strengthen the fight against money laundering. A majority of financial institutes have already rolled up their organisational sleeves to implement the forthcoming AML Regulation, noted as a historical shift by some, the conference was more timely than ever.
Overall, a general sentiment is that the financial industry remains far better at describing the problem than we are at solving it. As was pointed out by representatives from law enforcement, including the Swedish Financial Intelligence Unit, the fundamental issue is rarely a lack of tools. More often, it is a question of how effectively those tools are used. Compliance, in itself, does not equate to impact. If anything, there is a growing sense that large parts of the industry are still “ticking the box”, rather than translating regulatory intent into risk-based, outcome-driven work.
Panels and discussions were dominated by familiar themes. Collaboration is essential. Information sharing must improve. Sanctions risks are becoming more complex. Few would disagree. However, a lot of conversations remained at a conceptual level. There is agreement on what needs to happen, but less so on how it should be done in practice.
Familiar themes
Continuing to approach regulation as a compliance exercise rather than as a framework for effectiveness will not work. The upcoming AML regulatory package featured prominently in discussions, often with a sense of cautious optimism. Many expect it to unlock greater information sharing between public and private actors. But there is also a risk that too much faith is placed on what´s coming, instead of utilising the tools and frameworks already available.
Gold-plated KYC
One of the more candid discussions at the event centered on KYC. The audience ranked KYC as the least well-functioning process. Several speakers challenged its effectiveness as a crime detection tool, noting that sophisticated criminal actors today are fully capable of presenting flawless customer profiles. In practice, this means that the more questions that are asked, the more convincing the answers may appear.
Johanna Bäck Managing Director at Advisense, agrees with this position, and points towards the challenge that all face, namely that perfect KYC is not proof of low risk—it may be the opposite, to follow the behaviour, not the paperwork.
Overall, this suggests an uncomfortable implication: If the customer looks perfect on paper, the real risk must be identified elsewhere.
Perfect KYC is not proof of low risk – it may be the opposite. Let’s follow the behaviour, not the paperwork
Johanna Bäck, Managing Director Advisense
This shifts the focus towards behaviour, towards how customers act rather than how they present themselves. Transaction monitoring, behavioural analysis, and a deeper understanding of typologies become critical. Nevertheless, here the regulatory landscape appears less prescriptive. While KYC requirements are detailed and heavily scrutinised, expectations around what constitutes effective detection are less defined.
Managing the expectation gap between efforts and outcome? Can less do more?
Perhaps one of the most practical challenges raised during the event relates to something far less conceptual: time. AML teams are expected to manage risk, deliver on compliance, implement change, and drive innovation, ideally simultaneously. Every new initiative, every regulatory requirement, every improvement effort is layered on top of already demanding day-to-day operations. Great ideas are great, does the organisation have the capacity to convert ambitions into actions driving change?
No one is interested in doing more, unless more is actually achieved. The industry is not lacking awareness or commitment. Significant resources are being invested, and the level of engagement is high. But there remains a gap between effort and outcome. Too much energy is spent on meeting requirements, and too little on evaluating whether those efforts actually make a difference.
Closing that gap requires a shift in mindset. It requires moving beyond general principles and towards concrete practice. It requires a willingness to question established approaches, to rebalance focus away from activities that deliver limited value, and to invest in those that demonstrably improve detection and prevention.
Above all, it requires the industry to become more honest with itself. Not just about what is necessary for the sake of compliance, but about what is effective.
Towards the next generation of AML
The forthcoming AMLR was discussed during several sessions at the conference. Advisense has argued early on that the AMLR should be regarded as a transformation opportunity. Unlike previous regulations, AMLR combined with AMLA’s data-driven supervision will require robust data infrastructure, real-time capabilities, and the ability to evidence a truly risk-based approach.
“- In our assignments, we have seen how the data challenge manifests itself in concrete ways,” says Daniel Bardun Senior Manager at Advisense. “For example, an organization may technically be able to produce all the requested information, but the extraction required manual work across seven different systems, where reconciliations took several days and yielded different results depending on who performed the task. It is precisely this type of operational risk that AMLA is looking to identify.”
Advances in AI are creating a unique opportunity to redesign financial crime prevention from the ground up. During Advisense session at the conference, Jonas Karlsson and Daniel Bardun discussed that AMLR compliance and AI adoption must not be regarded as separate efforts. They must be regarded as outcomes of the same underlying investment in data, integration, and automation. Institutions that use AMLR as a catalyst to modernise their architecture will be able to unlock efficiency and effectiveness gains, while those that follow the traditional “gap analysis and patchwork” approach risk falling behind in both supervisory outcomes and operational capability.
