INSIGHT: Reflections and future vision after 25 years of evolution in AML compliance

IT WAS Y2K, or the year 2000 when I started my first job. I had joined India’s largest public sector bank along with a fresh batch of recruits and trained across all the different banking functions.

We started with account opening and moved across various desks – deposits, withdrawals, loans, accounting & ledgers (including trial balance), forex and so on.

This was a time when the bank was moving from manual entries to computerization of banking operations, and I do not recall hearing the words KYC or AML. Account opening simply comprised of filling up a physical form in the branch which was just 2 pages for individuals, slightly lengthy for entities. There was no core banking at that time, so branches were standalone.

As we approach the middle of 2025, I cannot think of any other banking function that has transformed as dramatically and on the road to more disruption as KYC-AML, while acquiring the name ‘financial crime compliance’ (FCC) somewhere along this journey!

What Changed and How

The 9/11 incident of 2001 has arguably been the most pivotal moment in transforming how KYC and AML were performed, which also prompted including CTF (countering terrorist financing) in its fold. USA enacted the USA PATRIOT ACT in response to this tragedy. The rest of the world followed suit, and a slew of AML Regulations were enacted in every part of the world. Global organisations like UN, FATF and Wolfsberg Group came up with more comprehensive guidelines and recommendations on AML, now including CTF in scope.

New Regulations meant Financial Institutions (FIs) had to reimagine their processes, standards, documentation and enhanced scrutiny in the KYC-CDD and AML lifecycle. The 3 Lines of Defense (3LoD), which was formulated in 2013 as a risk management framework, was soon adopted to manage AML risks and has been the backbone of AML compliance function since.  New aspects of due diligence emerged, e.g. Correspondent Banking, the loopholes in which had been exploited by 9/11 attackers. Sanctions lists from OFAC, UN, UK, EU and others grew more stringent in listing errant individuals, entities and nations.

The Panama Papers leak of 2016 was another watershed moment which brought Corporate Transparency and Beneficial Ownership to the forefront of KYC-AML. EU’s legislation on the establishment of UBO Registers in each of its member countries became effective from 2017. This was meant to centralize corporate records and improve transparency on beneficial ownerships. US’ announcement of the FinCEN Registry (2021) and UK’s overhaul of Companies House (2024) have been steps in the same direction.

The Strengthening Pillars: Regulations, Technology, Processes

The scope of AML expanded from tracking illicit money movements to identifying the source of such dirty money – the criminal activities themselves! Terrorism, drug trafficking, fraud and tax evasion had emerged as the biggest financial crimes in the first decade. The next decade witnessed bribery & corruption, human trafficking, cybercrime and environmental crimes as growing threats. EU’s 6^th MLD codified 22 predicate crimes in 2020 which harmonized the scope of crimes for money laundering.

From a ‘one size fits all’ standard approach in AML monitoring in the early 2000s, adoption of risk based approach as laid down by FATF in 2007 was a paradigm shift that now drives every FCC process. Consumer demands have made FIs move towards 24×7, anywhere, omnichannel services. As a result, monitoring transactions and customer behaviour have also become very dynamic. KYC reviews moved from periodic to ongoing/perpetual, customer risk ratings are now event driven. Sanctions lists are updated for screening within 30 mins of official publication – an activity that took days earlier! Transaction monitoring to detect money laundering are now based on unusual behaviour patterns and suspicious linkages rather than breaching a set of static rules.

AML technology has undergone a massive change in the last 25 years. During the early 2000s, we worked with standalone onboarding, Sanctions screening and rule-based transaction monitoring tools, and most of the tasks were manual. It slowly transitioned to integrated platforms with well connected data sources and workflows and lesser manual effort. And today the ecosystem is heavily digitized, with high-end automation. From digital onboarding to AI powered Sanctions screening and complex transaction monitoring, intelligent corporate structure and beneficial ownership discovery – the fincrime technology landscape has matured tremendously in digital sophistication.

From Unification to Fragmentation: The 2 New Worlds Tackling FinCrime

As technology started progressing and the world’s financial sector got more interconnected, criminals went global in moving dirty money across countries more easily. But FIs and Regulators continue to monitor locally, leaving a gap that can be addressed only through global collaboration.

World leaders acknowledged this gap, and started speaking in a united voice against financial crime. Laws were harmonized across jurisdictions, best practices were emulated across borders, countries started running joint operations in tracking down criminals through shared intelligence.

And then a wave of deregulation started in US in 2025! Key fincrime regulations including  anti-bribery laws and corporate transparency obligations have now been made redundant. This step set us back by several decades, as this again creates a weak link in the global defense chain that countries have been trying to build collaboratively. Has the world now been broken into 2 – one that does not see financial crime prevention as a priority, and the other that is fighting relentlessly, collectively to make the world a safer place?

What Does The Future Hold: My Vision for The Next Decade

There is no doubt that criminals will exploit the US deregulation now to open bogus corporate networks in the country and move dirty money through them without being discovered or reported! The rest of the world is wary and will move towards greater collaboration, just like the recent partnership announced between UK, France and Switzerland to tackle financial crimes.

Regulations will continue to bring more clarity on one hand and added stringency on the other. EU’s AMLA is one such example – it will start direct supervision of 40 high risk FIs in EU from 2028, in addition to creating a cohesive FCC framework for its 27 member states.

Technology advancement will continue to create opportunities for all – criminals, FIs and Regulators. GenAI, Agentic AI are already making waves, while Quantum Computing in its infancy is showing a lot of promise in this space. The UK Government’s recent £121mn investment on Quantum R&D focused on tackling financial crime will probably be the turning point in this disruption!

It is never easy to predict what new kinds of crimes will emerge, and FIs are in a tough spot to future-proof their systems from such unknown risks. But the latter will continue to invest heavily in building stronger systems and processes – projecting from the global FCC spend of over USD 206 billion in 2023 alone and growing at ~20% annually. With 25 years of robust development behind us, we are confidently stepping into the next decade with a vision of a more secure and resilient financial system!