Rapid regulatory and technological changes are transforming how many financial institutions’ compliance professionals operate, but there are concerns that too much change too fast may be counterproductive, if not dangerous
Key takeaways:
-
-
-
Navigating regulatory change — The Trump administration is introducing many regulatory changes that will affect how financial institutions meet their reporting obligations under the BSA.
-
AI helps and harms both sides — Advances in AI offer the promise of more accurate, efficient BSA compliance processes, but they also give criminals an ever-expanding toolkit for committing fraud and other types of financial crime.
-
Compliance pros are optimistic about AI — Corporate compliance personnel are cautiously optimistic about using AI, but insist that better guardrails, usage standards, and agreed-upon best practices still need to be developed.
-
-
LAS VEGAS — Those who assess and manage risk at financial institutions are caught in a whirlwind of change, and the health of the global financial system may very well depend upon how they manage the fallout.
At the most recent gathering of the Association of Certified Anti-Money Laundering Specialists (ACAMS), the word disruption was used frequently to describe the kind of systemic change that experts in Bank Secrecy Act (BSA) and anti-money laundering (AML) compliance are up against. And this change is coming at them in many forms: regulatory, technological, geopolitical, digital, ethical, and criminal, just to name a few.
Dissatisfaction with the status quo
In his opening keynote address, John K. Hurley, the U.S. Undersecretary of the Treasury for Terrorism and Financial Intelligence, expressed the Trump administration’s dissatisfaction with the current state of financial crime enforcement. Hurley also outlined several reforms the administration is pursuing, all of which are aimed at delivering targeted, actionable intelligence to law enforcement much faster than the current system allows.
Hurley decried the proliferation of burdensome regulations and “not-so-useful” Suspicious Activity Reports (SARs), the main method that financial institutions use to report suspicious financial activity to the U.S. Treasury’s Financial Crimes Enforcement Network (FinCEN).
To address these problems, Hurley said the administration intends to simplify the SARs filing process and overhaul the government’s regulatory oversight of financial institutions to focus on “outcomes”, such as how effectively financial institutions identify criminal activity, rather than examiner evaluations (and criticisms) of an institution’s BSA and AML compliance processes.
One of the motivations behind these moves, Hurley said, is to encourage BSA compliance personnel to apply their “experience and creative talent” to devise better crime-detection methods using new technologies.
“I believe fully that well-governed technology is a force multiplier,” Hurley explained. “When a financial institution invests the time and money to experiment with AI and successfully drops its false-positive ratio [of SARs] and escalates vital information to law enforcement more rapidly, their team should be celebrated, not written up because this new approach reveals gaps in their previous manual method.”
AI in BSA/AML compliance: A double-edge sword
Indeed, the use of AI-enhanced technologies to improve know-your-customer (KYC) protocols and other risk-management practices was another main theme of the conference. During several sessions dedicated to AI, panelists and conference attendees expressed both optimism and wariness about the use of AI in BSA/AML compliance activities.
For example, the use of agentic AI — a form of AI that essentially thinks for itself and can proceed without constant human prompting — could be extremely useful for first-level KYC risk screening, but it remains to be seen whether the technology can be adequately controlled for BSA/AML compliance purposes.
The double-edged nature of new technologies was also discussed in-depth. Carole House, an ACAMS Distinguished Senior Fellow, pointed out that while new technologies may improve our ability to detect and deter financial crime, they also give criminals a robust set of high-tech tools to use to help subvert the financial system.
“When you democratize access to these systems, it opens to the door to illicit uses,” House said, adding that new and better forms of digital malfeasance — such as fake IDs, bogus credentials, deep fakes, identity scams, crypto-based money-laundering, ransomware, and more — are all on the rise, and ever-improving forms of generative AI (GenAI) will empower criminals even more.
Despite these caveats, there was almost unanimous agreement that AI will play an increasingly important role in BSA compliance and risk management, because there is no other way to keep up with criminals in the digital economy. And because AI adoption is inevitable (and is, in fact, already happening), efforts now need to be focused on building adequate regulatory guardrails, improving digital skillsets, and establishing AI best practices to ensure responsible use of advanced technology.
New rules, old problems
On the regulatory front, several recent changes that likely will impact how AML compliance personnel do their jobs were also discussed at length during the conference.
In March, for example, FinCEN issued a new rule exempting certain United States-based companies and citizens from their previous obligation under the Corporate Transparency Act (CTA) to report beneficial ownership information to FinCEN. (Foreign entities doing business in the US still have to file beneficial ownership information.)
FinCEN claims the rule change is intended to reduce the reporting burden on small companies, but AML experts are concerned because it gives financial institutions less information to assess the legitimacy of their customers, potentially re-opening a window to fraud that had previously been closed and hindering attempts to assist law enforcement.
Support for crypto-regulation
On another matter, AML experts are generally supportive of recent efforts to regulate cryptocurrency assets. For example, the recently passed Guiding and Establishing National Innovation for US Stablecoins (GENIUS) Act creates new regulatory framework for stablecoins, which are a type of cryptocurrency whose value is backed a fiat currency such as the US dollar.
Congress is also considering passage of the Digital Asset Market Clarity Act, which would create guidelines for the classification, sale, and oversight of digital assets. And a series of new policy directives collectively known as The Blanche Memo (because they were issued by Deputy U.S. Attorney General Todd Blanche) aims to end so-called “regulation by prosecution” of crypto exchanges and shift the emphasis of law enforcement to individuals who use digital assets to support “terrorism, narcotics and human trafficking, organized crime, hacking, and cartel and gang financing.”
In addition to these changes and concerns, BSA/AML compliance professionals are also contending with Chinese money laundering, ever-shifting sanctions, tariff evasion, global regulatory volatility, worldwide financial threats, lack of institutional trust, and pervasive economic uncertainty — so by any measure, they have very full plates.
As Dan Stipano, a partner at Davis Polk & Wardwell, remarked during one panel discussion: “The big problem with the BSA is that if everything is a priority, nothing is a priority,” — and that too must change.
You can find more of our coverage of ACAMS events here
