INSIGHT: AI as a cost-saver and dealing with ‘tainted’ crypto wallets – key lessons from #IAFCS2025

FINANCIAL crime isn’t just evolving. It’s going through a full-blown metamorphosis – that reality was palpable at the 2025 International Anti-Financial Crime Summit (IAFCS).

The event assembled regulators, compliance specialists, law enforcement, and technologists under one roof, each bringing lessons from an everchanging frontline. What followed was a sequence of open exchanges, hard truths, and genuine optimism about the art and science of financial crime control in an age of complexity.

Role of AI

One of the most invigorating threads of the day revolved around the role of artificial intelligence in compliance – and its real-world limitations. Despite years of hype, compliance leaders at the summit rebuffed the notion that AI is a silver bullet. Instead, they discussed it as an incredibly potent, but often problematic, tool.

A particularly memorable moment came when a panellist described how a bank that deployed AI without robust oversight or explainability ended up under the regulatory spotlight. Not because of the tech itself, but because humans failed to maintain accountability and proper governance.

AI, it seems can illuminate new risks and typologies. But it cannot replace critical scrutiny, audit trails, and seasoned human judgment.

AI as a cost saver – or not?

Institutions tend to imagine AI as a cost-saver, but the truth emerging from the summit was much more nuanced. As one compliance executive described, the introduction of a sophisticated AI-based monitoring system didn’t decrease workload. Instead, it grew the demand for skilled analysts.

The machine flagged a higher volume and variety of intricate alerts. In a paradoxical twist, the better the detection capabilities, the more need there is for Level 1 and Level 2 human investigators to triage and resolve what AI flags. For compliance leaders, any AI rollout should come with an imperative for “supercharged UAT”, especially in transaction monitoring or screening.

This means simultaneous, side-by-side running with legacy systems, methodical comparison, a rigorously documented audit trail, and extensive tweaking before putting AI in the critical path. Regulators are unimpressed with black-box reasoning: every alert must be justifiable, accessible, and reviewable. Human oversight remains the alpha and omega of effective modern compliance.

AMLA

This message was echoed at the European level, where the arrival of the Anti-Money Laundering Authority (AMLA) was a focal point of several panels. Launched mid-2025 and soon to directly supervise 40 of the bloc’s largest banks, AMLA represents a formidable shift. From patchwork rules and fragmented supervision, to a single European rulebook.

Its formation, triggered by several high-profile scandals, is meant to usher in an era of convergence: data-driven, outcome-oriented, and risk-based scrutiny. AMLA’s aspiration is to blend direct and thematic supervision, enforce tougher accountability, and support national FIUs with advanced data science capability.

Appropriately, the summit’s regulators emphasised that neither AI nor any other technological innovation alters the fundamental expectations: what comes in and out of an institution must be explicable, the full chain of events must be traceable. And executives retain final responsibility for the decisions.

International cooperation

Law enforcement and regulatory speakers spent no time on nostalgia. The pace at which organised criminal networks exploit technology means that operational agility has become a non-negotiable norm. Law enforcement, such as the UK’s National Economic Crime Centre (NECC), highlighted a new gold standard for inter-agency collaboration.

Instead of the traditional, resource-intensive approach of raiding phone banks and physical targets, the NECC now blends digital operations, cross-agency data sharing, and remote “fusion” of SARs. They described operations identifying shell companies and fraudulent barbershops set up for large-scale money laundering, illustrating how criminal typologies constantly adapt to new commercial and technological environments. The summit was a reminder that, for criminals, innovation pays off unless private and public sector actors evolve equally quickly.

Public private partnerships

One recurring lament and challenge was the lack of mature partnerships with non-banking sectors. Banks and certain payment players may be fully integrated into information-sharing ecosystems. But there remains a gap when it comes to Money Service Businesses (MSBs), fintechs, legal professionals, crypto exchanges. As well as tech and social media platforms.

Law enforcement and state representatives were clear. Defeating criminal paradigms requires persistent outreach to all actors who touch the flow, custody, or analysis of money.

The future of successful public-private partnerships (PPPs) lies in breadth and depth. Bringing unconventional stakeholders to the table, establishing bolder information-sharing protocols, and making operational analysis as collaborative as possible.

Yet, the summit repeatedly acknowledged that building these relationships can be a challenge. Whereas in some countries, banks are empowered to communicate directly with each other (sometimes by phone hotlines facilitated by regulators), information flows between law enforcement and regulators, or between competitive fintechs, are still fraught with cultural and technical barriers. PPPs that work are typically the result of consistent operational support, the steady hand of neutral secretariats, and a willingness, on all sides, to accept a degree of risk in the interest of collective benefit.

Crypto

Nowhere was this necessity for outside-the-box partnerships more pronounced than in discussions of crypto and emerging financial technologies. AML professionals described the growing challenges of defining exposure to “tainted” wallets once. Rather than constantly recalibrating as blockchain interconnections evolved.

As panellists put it, despite the transparency of the ledger, extracting actionable evidence or responding to law enforcement action remains tortuous. This is especially with astute criminals mimicking police requests. Crypto risk teams face the catch-22 of getting faster and more robust at screening. But simultaneously, they are handling a swelling volume of compliance requests. There are also ever-higher expectations around customer due diligence. Best practice in 2025 is to invest boldly in red teaming, to map the imaginative attacks that fraudsters will almost certainly deploy, especially those harnessing AI.

‘I-Checkit’

One of the most future-facing moments of the event came in the announcement of Interpol’s “I-Checkit” a tool as much about trust as it is about technology. This global, API-based identity check plugs participating financial institutions directly into real-time law enforcement data. The information covers stolen documents, wanted persons, and red, blue, and silver notices.

Designed to be privacy-first (requiring only document metadata, not full client info), the platform allows financial institutions to validate prospective and existing customer identities. This cann be done in a way that is seamless, but also instantly actionable if a criminal connection is made. Managed properly, this has the potential to become a new gold standard in public-private cooperation.

‘Check-box’ compliance

Underpinning every session was an increasingly sharp line drawn by the regulators themselves. The days of check-box compliance are fast receding. Whether the topic was AI, new information-sharing partnerships, or the role of emerging payment rails, the message was consistent: outcome-focused, effectiveness-driven compliance is becoming the norm. That means measuring not the volume of suspicious activity reported or risk alerts triggered, but their strategic value, relevance to active investigations, and ultimate outcomes for both customer protection and system integrity.

There was more sombre realism, too. Data, in criminal contexts, is often overabundant but underutilised. Public actors lamented that for all the headline-grabbing technology now available, only 2% of the data collected might end up directly relevant to prosecutions.

Meanwhile, criminals continue to exploit gaps with astonishing speed, running scam centres in Eastern Europe with rotating phone numbers, synthetic IDs, and sham e-commerce. In that world, the core message from the summit is both a warning and a challenge: the compliance function will only succeed if it remains as adaptable, collaborative, and critically inquisitive as the threats it faces.

Future focus

For financial crime compliance professionals, the summit offered both a reality check and a roadmap. The latest tools, from supercharged UATs to police-grade ID verification APIs, are pushing the sector forward faster than ever. But they come with new obligations: to stay transparent, to keep humans firmly in the loop, to advocate for operational alliances extending far beyond the financial sector, and above all, to never lose sight of the core mission: trust, value, and effectiveness above all else.

If this is the new era of financial crime defence, it is less about abstract policy and more about lived agility, real accountability, and the readiness to question even our cleverest machines. In this race, complacency is not just a risk but an open invitation to the sharpest criminals.

THE AUTHOR: Tom Vidović is a Senior Financial Crime Compliance Specialist