AML Partners

Why Compliance fails in execution — and how governed automation closes the gap

Frank Cummings — Tue, 10 Mar 2026 19:35:58 +0000

AML Compliance doesn’t fail in theory–it fails in execution

Policies exist. Risk models exist. Procedures exist.

Yet enforcement actions continue across the financial industry.

The problem is rarely the design of a compliance program. Most institutions have well-developed policies, documented procedures, and experienced Compliance professionals.

Where compliance breaks down is execution. Between policy and action sits a long operational chain — investigators gathering information, systems pulling data, documentation being assembled, reviews being conducted, and decisions being recorded. Every step introduces the possibility of inconsistency, delay, or error.

Compliance programs do not fail because institutions lack rules. They fail because those rules are not executed consistently.

The missing layer in AML Compliance technology

The financial industry has spent years investing in detection. Transaction monitoring systems generate alerts. Case management tools organize investigations. Data platforms aggregate information.

But detection is only the beginning of the process.

The real operational burden of compliance occurs after an alert is generated. Analysts must collect information, validate activity, confirm documentation, and ensure procedures are followed. Much of that work still depends on manual effort spread across multiple systems.

This creates unavoidable operational risk:

• Steps may be skipped or applied inconsistently.
• Documentation may be incomplete.
• Evidence chains may be difficult to reconstruct.
• Control gaps may appear between systems.

None of these challenges reflect a lack of diligence by Compliance professionals. They reflect the structural limitations of systems that stop at analysis instead of execution.

Compliance requires orchestration–and execution

What compliance programs actually require is operational orchestration.

Every step of a compliance workflow should be structured, governed, and executed in a controlled sequence across systems, teams, and data sources.

But orchestration alone is not enough. The critical capability is execution. This is where robotic process automation (RPA) plays a foundational role.

Within RegTechONE, RPA performs the operational steps of compliance workflows directly — gathering data, validating conditions, initiating actions, documenting outcomes, and advancing processes according to institutional policy.

When workflows execute automatically:

• procedures run exactly as defined
• required steps cannot be skipped
• documentation is generated as the work occurs
• evidence is preserved
• control gaps disappear

In practical terms, the compliance program runs the way it was designed to run.

The RPA foundation beneath the AI conversation

Much of the technology conversation today focuses on agentic AI and autonomous systems. These developments are exciting and will shape the future of financial crime prevention.

But autonomous systems require a stable operational foundation.

Before intelligence can guide decisions, systems must be able to execute those decisions reliably and consistently. Governed automation provides that foundation.

Robotic process automation represents the first practical layer of machine learning in compliance operations — structured execution based on defined institutional rules and policies.

Without reliable execution, intelligence has nowhere to operate.

The power of proving legitimate activity

Ultimately, a compliance program exists to answer a simple question: Is this activity legitimate?

The challenge is that legitimacy must be demonstrated. That requires documentation, verification, and evidence.

When workflows execute automatically and consistently, institutions can close the loop on legitimate business activity. Documentation is generated in real time. Evidence chains remain intact. Decisions are provable.

And when legitimate activity is fully accounted for, what remains becomes much easier to identify.

That is when institutions find the crime.

Compliance that governs itself

The goal of modern compliance technology should not simply be faster investigations or more alerts.

It should be governed execution.

When an AML Compliance platform orchestrates workflows and executes them through governed automation, the institution gains something far more powerful than efficiency. It gains a compliance program that runs exactly as designed–with transparency, documentation, and provability built into every step.

The post Why Compliance fails in execution — and how governed automation closes the gap appeared first on AML Partners.

Drag-and-drop agents: Now inside no-code AML Compliance workflows on RegTechONE

Frank Cummings — Mon, 02 Feb 2026 20:48:03 +0000

Compliance teams: You can now drag and drop governed agents directly into your workflows—without code, without IT handoffs, and without sacrificing governance.

With the release of RegTechONE v5.0, agents now operate inside no-code AML Compliance workflows—and are placed and controlled by front-end users where investigations, reviews, alerts, and collections actually happen. This shift is not about replacing judgment—it’s about removing friction around it.

Drag-and-drop agents represent more than a feature release. They change who controls automation, where it operates, and how quickly Compliance teams can adapt as risk, volume, and regulatory expectations evolve. With RegTechONE, workflows function as living systems that respond faster and work harder against financial crime.

Drag-and-drop agents available today

With drag-and-drop deployment, these agents can be inserted exactly where they add value—inside governed Compliance workflows, at the moment work is done.

Summarization agent: Summarizes documents or images into clear, concise outputs that support faster review and triage. This agent helps Compliance teams quickly surface relevant information without losing context or detail.

OCR agent: Extracts raw text from documents or images, converting unstructured content into usable data within Compliance workflows. This enables downstream actions, review steps, and automation without manual rekeying.

Entity extraction agent: Identifies and extracts structured information from documents or images—such as company names, addresses, principal or key personnel, and other critical data points—supporting consistency and reducing manual effort during analysis.

Full item report agent: Generates a comprehensive item report, including an executive summary of the current workflow and profile, be it a customer, a vendor, etc. This agent supports more efficient decision-making by consolidating relevant information into a single, review-ready view.

What’s coming next: Workflows built from institutional requirements

One upcoming agent translates institution-specific requirements directly into executable workflows. By ingesting an Excel-based requirements document maintained by the institution, the agent generates a RegTechONE workflow that reflects how that institution actually operates—reducing build time while preserving governance.

The resulting workflow can be reviewed, refined, and governed like any other RegTechONE workflow before being placed into production.

Agents where Compliance actually works—inside workflows

Compliance work happens inside workflows—investigations, reviews, alerts, collections. Until now, advanced automation often lived alongside that work, requiring integration steps or technical intervention.

RegTechONE v5.0 brings agents directly into the workflow itself.

Using the same no-code, drag-and-drop interface teams already rely on, front-end users can place agents exactly where they add value: at a decision point, after a trigger event, or as part of a multi-step orchestration.

No-code flexibility with built-in governance

RegTechONE v5.0 was designed around a simple principle: Speed without loss of control.

Front-end users decide where to invoke agents, what conditions trigger execution, and how outputs flow through workflows. Institutions retain full governance over agent behavior, usage, and outcomes.

Agent results that activate the platform

Every agent action flows back into RegTechONE’s data orchestration layer, becoming part of the platform’s system of events, actions, and triggers.

Agent outputs can initiate new workflow paths, invoke additional actions, update records, or drive downstream processes automatically.

Replacing work-intensive AML Compliance processes

AML Compliance has long been constrained by processes that are manual, fragmented, and slow to change. Even small adjustments—introducing a new review step, refining how information is summarized, or applying consistent extraction logic—often require technical intervention, workarounds, or parallel tools.

By eliminating the need for IT involvement to deploy and adjust agents, RegTechONE shifts that control back to Compliance teams. Front-end users can now refine workflows as operational realities change, placing agents exactly where they reduce friction and increase consistency—without waiting on development cycles or compromising oversight.

This does not replace professional judgment. It removes the mechanical burden that surrounds it. Agents handle repeatable, work-intensive steps inside governed workflows, allowing Compliance professionals to focus their time and attention on analysis, escalation, and decision-making. The result is a more resilient Compliance operation—one that adapts faster while remaining firmly grounded in institutional standards.

Available now, expanding soon

Drag-and-drop agents are available today for use across RegTechONE workflows, giving front-end Compliance teams immediate, practical control over how automation supports their daily work.

More importantly, this model is designed to grow. Additional agents will be introduced using the same governed, no-code approach—allowing institutions to expand automation deliberately, without redesigning workflows or introducing new operational risk. As new agents become available, they can be placed directly into existing workflows, tested, refined, and governed using the same controls Compliance teams already rely on.

This approach avoids the disruption that often accompanies new technology releases. Instead of forcing teams to adopt new tools or rewire established processes, RegTechONE allows automation to evolve alongside institutional practice.

Why RegTechONE v5.0 matters

AML Compliance is demanding work. Front-end users carry the responsibility of making defensible decisions under time pressure, regulatory scrutiny, and increasing data volumes. Tools that slow that work down—or push it into opaque automation layers—create risk rather than reducing it.

Drag-and-drop agents change that dynamic. They support the best work of Compliance professionals by embedding automation directly into governed workflows, where judgment, review, and institutional standards already live. Front-end users gain flexibility to shape how work is performed, while leadership retains visibility, control, and accountability.

The result is not just faster execution, but stronger alignment between people, process, and platform. Automation becomes an extension of Compliance practice, rather than a substitute for it—and that is where real, sustainable impact is created.

The post Drag-and-drop agents: Now inside no-code AML Compliance workflows on RegTechONE appeared first on AML Partners.

From alerts to execution: Event-driven RPA in AML Compliance

Frank Cummings — Mon, 19 Jan 2026 21:48:01 +0000

How event-driven automation changes Compliance execution

Modern AML Compliance does not fail because institutions lack rules. It fails when those rules are not executed consistently at the precise moments when risk changes.

This is where robotic process automation, when designed correctly, becomes foundational to modern AML Compliance execution. Not as fragile bots or bolt-on scripts, but as a governed, event-driven system that executes policy automatically.

In a market increasingly focused on AI and machine-learning agents, it’s important to draw a clear distinction. Effective agents can assist with judgment and execution within defined boundaries. In contrast, robotic processing automation (RPA) is designed to enforce policy deterministically.

These technologies are all important, but they serve different purposes—and in AML Compliance, the distinction matters. While agents perform crucial functions that help drive speed and efficiency, it is event-driven RPA that delivers the consistency, auditability, and control that regulators and institutions rely on for in-the-moment AML Compliance.

How RegTechONE operationalizes event-driven RPA

On the RegTechONE platform, Compliance teams leverage RPA via three core components: the Events Library, the Actions Library, and the triggering system.

Together, these platform tools form a Compliance automation triangle that allows Compliance and Audit teams to pre-define mandatory responses to risk—responses that execute automatically, without relying on analyst memory, discretion, or downstream review.

This is not a theoretical construct. This is how RegTechONE executes Compliance policy in production environments.

The Compliance automation triangle: Events, actions, and triggers

Events are meaningful moments within a Compliance workflow—saving a customer record, adding a new entity, updating ownership information, or modifying key customer data.

Actions are the policy-approved steps that must occur when those events introduce or change risk.

Triggers are the governance logic that binds actions to events, ensuring that execution happens automatically and consistently.

This is RPA purpose-built for Compliance execution inside RegTechONE: Deterministic, auditable, and controlled by Compliance and Audit. It is not IT-driven, and it does not rely on analysts remembering what must happen next.

From alerts to execution inside RegTechONE

Traditional Compliance technology is built around alerts and reviews. Something happens; a notification is generated; an analyst is expected to respond.

At scale, that model breaks down. Workflows grow complex. Data changes frequently. Risk recalculation lags behind reality.

We designed RegTechONE to invert that model. Instead of waiting for human intervention, policy-defined actions execute immediately when a risk-relevant event occurs.

In RegTechONE, policy does not suggest. It executes.

Event-driven Compliance in practice: The “on customer save” example

Consider a simple but critical event: An analyst saves a customer record in RegTechONE.

That single action can introduce new names, entities, or relationships—each with potential implications for sanctions screening, adverse media exposure, PEP status, and overall customer risk.

In RegTechONE, the “on customer save” event automatically triggers a set of mandatory actions pre-configured by an institution’s Compliance specialists. These actions might include the following:

• Required data is recorded and maintained with version control for audit and review.
• Relevant names are screened against applicable sources.
• Screening outcomes are evaluated according to institution-defined rules, including what can be waived and what must be escalated.
• Customer risk is recalculated using pre-defined logic to determine whether the new information materially changes the risk profile.

Some of these actions are visible to analysts. Others execute silently in the background. What matters is not visibility—it is that Compliance policy executes every time the underlying risk changes.

Mandatory actions versus optional workflows

Many systems rely on optional workflows—alerts that can be dismissed, steps that can be deferred, processes that depend on training and memory.

RegTechONE’s event-driven RPA enforces mandatory execution. If policy requires an action when risk changes, the system enforces it. If governance dictates escalation thresholds, those thresholds are applied automatically. If Audit needs transparency, the full execution path is visible.

This is not about accelerating analysts. It is about removing inconsistency from Compliance execution.

Perpetual KYC as governed execution

When events, actions, and triggers operate together inside RegTechONE, institutions achieve what is often described—but rarely implemented correctly—as perpetual KYC.

This does not mean constant human review or perpetual re-adjudication. It means that whenever relevant information changes, the appropriate Compliance logic executes immediately, according to governance.

Risk does not wait for periodic reviews. Governance should not either.

Where machine-learning agents fit in RegTechONE

Because RegTechONE captures every event, decision, and action as part of governed execution, institutions build a structured, auditable record of how Compliance actually operates.

That operational truth becomes the foundation for bounded agents—trained on real institutional behavior, not abstract assumptions.

In this model, agents assist with execution within defined limits. Compliance retains control of policy, logic, and accountability.

The future of Compliance execution

The future of Compliance automation is not smarter machines making independent judgments. It is encoding institutional judgment so precisely that execution becomes consistent, defensible, and scalable.

That is what RegTechONE was built to do—by turning Compliance policy into lived operational reality, executed every time risk changes.

The post From alerts to execution: Event-driven RPA in AML Compliance appeared first on AML Partners.

AML rule delay for investment advisers: FinCEN grants two-year extension

Jennifer Montgomery — Fri, 09 Jan 2026 20:14:31 +0000

On January 2, 2026, the U.S. Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN) published a final rule delaying the effective date of its Anti-Money Laundering/Countering the Financing of Terrorism (AML/CFT) requirements for investment advisers.

The rule postpones the compliance deadline for Registered Investment Advisers (RIAs) and Exempt Reporting Advisers (ERAs) by two years—from January 1, 2026, to January 1, 2028. While the extension may appear procedural, it reflects a longstanding structural challenge in applying bank-centric AML frameworks to the investment adviser sector.

Why applying bank-style AML rules to investment advisers is complex

Unlike banks and broker-dealers, many investment advisers do not custody assets, execute transactions, or directly handle client funds. Advisers often operate within complex delegation chains involving custodians, fund administrators, and other intermediaries.

This structural difference has long complicated how traditional AML obligations—such as transaction monitoring, suspicious activity detection, and SAR filing—should be assigned and operationalized within the adviser model. That challenge is likely a key factor in FinCEN’s decision to delay the rule’s effective date.

What FinCEN delayed—but did not rescind

The delayed rule applies to the AML/CFT program and Suspicious Activity Report (SAR) filing obligations established under FinCEN’s 2024 final rule that formally brought certain investment advisers within the definition of “financial institutions” under the Bank Secrecy Act (BSA).

As a result of the delay, FinCEN will not require covered investment advisers to implement a full AML/CFT program by Jan. 1, 2026. The new AML Compliance start date is Jan. 1, 2028. FinCEN also delayed SAR filing obligations for advisers.

Importantly, the delay does not rescind or weaken the underlying rule. FinCEN has made clear that the obligations remain intact; only the effective date has changed.

Why FinCEN extended the Compliance timeline

FinCEN cited several interrelated reasons for the two-year extension, most of which center on implementation reality rather than regulatory retreat.

Many commenters emphasized that standing up a compliant AML/CFT program is a multi-year operational effort requiring governance design, policy development, technology integration, and staff training. FinCEN also acknowledged the diversity of adviser business models and the need to ensure AML obligations are appropriately calibrated to firms that may not directly touch client funds or transactions.

The agency further noted the importance of coordinating the adviser AML rule with other pending regulatory initiatives, including customer identification and beneficial ownership frameworks, to avoid duplication and misalignment across Compliance programs.

Economic and Compliance impact

FinCEN’s regulatory analysis estimated that delaying the effective date could defer significant near-term Compliance costs across the adviser sector. While estimates vary, the agency projected that aggregate cost deferrals over the two-year period could approach $1.45 billion. These costs are deferred, not eliminated; the underlying Compliance expectations remain unchanged.

What advisers should take from the delay

The extension should not be interpreted as a signal to pause AML preparation. Periods of regulatory transition have historically increased enforcement risk for firms that assume postponement equals diminished expectation.

Instead, the delay provides time for advisers to design AML programs deliberately—clarifying ownership, aligning controls with actual risk exposure, and ensuring governance structures can support auditability and regulatory scrutiny.

Looking ahead

FinCEN has signaled that it will continue evaluating how AML/CFT requirements apply across the investment adviser landscape. While further guidance may follow, the direction of travel is clear: investment advisers will be expected to operate within the core AML framework. The delay represents a recalibration of timing—not a retreat from Compliance obligations.

The post AML rule delay for investment advisers: FinCEN grants two-year extension appeared first on AML Partners.

2026 in focus: What real AI innovation in Compliance looks like

Frank Cummings — Thu, 08 Jan 2026 17:02:06 +0000

The year ahead in Compliance innovation and governance

As 2026 gets underway, the RegTech and AI landscape remains as noisy—and as consequential—as ever. New tools continue to emerge, accompanied by ambitious claims about speed, scale, and transformation. Some of these advances are genuinely useful. Others introduce new forms of risk under the banner of progress.

At AML Partners, we remain anchored in a simple question: Does this innovation actually help Compliance teams do their work better—as in more accurately, more defensibly, and under real regulatory pressure?

That question shaped the progress we made last year. It now serves as the foundation for where we are headed next.

From AI features to operational control in Compliance workflows

One of the most important lessons reinforced over the past year is that AI delivers value in Compliance only when it operates as an embedded control—not as a detached feature layer.

We at AML Partners have focused on building permissioned, no-code agents that Compliance teams can deploy directly within their workflows on the RegTechONE platform. These agents are not autonomous black boxes. They are constrained by design, transparent in execution, and built for audit defe n sibility—executing specific Compliance tasks within institution-approved boundaries.

This distinction matters even more in 2026. Much of the AI conversation in our industry still centers on replacement: Replacing analysts, replacing judgment, replacing process. In real Compliance environments, that framing is not only unrealistic; it is risky.

Our approach is different. Agents operationalize approved human judgment within defined controls; they do not replace ongoing oversight or supervisory responsibility. Instead, they reduce manual effort, increase consistency, and allow teams to scale without surrendering control. The result is faster case handling, reduced friction, and stronger confidence in regulatory defensibility.

Why workflow orchestration matters as much as AI models

Another reality becoming clearer in 2026 is that AI without workflow discipline creates exposure, not efficiency.

We continue to see tools that generate impressive outputs but operate outside the systems where Compliance work actually happens. These tools often lack clear policy alignment, ownership, or accountability trails. When decisions cannot be reliably explained, reproduced, or reviewed, risk accumulates quietly.

Compliance rarely fails because teams lack intelligence. It fails at the seams—between systems, between handoffs, and between decisions that are not properly captured in the case record or aligned to policy rationale.

That is why orchestration remains foundational to our platform philosophy. When AI and machine learning operate inside a governed workflow—where actions are permissioned, logged, reviewable, and subject to change control—it becomes a force multiplier rather than a liability. Discipline, not novelty, is what makes AI defensible.

The best and worst of AI in Compliance in 2026

Financial institutions face many Compliance challenges in 2026, but one dual challenge stands out.

On one side, AI continues to improve efficiency, pattern recognition, and scale across AML and KYC operations. On the other, those same technologies are increasingly being used by fraudsters and bad actors—leveraging automation, scale, and synthetic techniques to exploit the financial system.

The uncomfortable truth is that AI-driven risk is no longer theoretical. Institutions must now defend not only against human behavior, but against machine-assisted abuse that moves faster and hides more effectively.

Some of our focus areas for 2026 reflect this reality:
• Expanding agent-based execution that remains transparent and audit-ready
• Strengthening safeguards that help institutions detect and defend against malicious AI use
• Preserving Compliance-team control over how, where, and when AI is applied and governed

Responsible AI in Compliance is not about who adopts fastest. It is about who deploys with governance, clarity, and discipline. That includes model governance, change management, and clear accountability—because AI that cannot be governed cannot be defended.

Innovation grounded in real Compliance operations

If there is one principle that will continue to anchor our work in 2026, it is operational empathy.

We build the RegTechONE platform the way we do because we have done the work. We understand the pressures Compliance teams face in today’s financial crime environment—expectations are high, scrutiny is constant, and margins for error are thin.

That experience keeps our innovation pragmatic. It keeps us focused on reducing friction, increasing clarity, and ensuring that every tool fits into how Compliance actually operates. Technology must evolve alongside policy, risk appetite, and regulatory expectations—not force teams into rigid, hard-coded paths.

Scaling Compliance with confidence in 2026 and beyond

The progress we made last year was meaningful, but it was not the destination. As 2026 unfolds, our priority remains practical innovation—grounded in real Compliance work—that improves outcomes for our clients.

We know that complexity will continue to increase. Our commitment is to help Compliance teams meet that complexity with systems that evolve alongside them: Configurable, governed, and built for regulatory reality. That is how we think about AI. That is how we think about innovation. And that is how we will continue to move forward.

The post 2026 in focus: What real AI innovation in Compliance looks like appeared first on AML Partners.

Agents at the workflow layer: Why governed execution matters in AML workflow agents

Frank Cummings — Fri, 02 Jan 2026 17:21:35 +0000

Why execution risk matters as AML programs adopt agents

Across this series, we have traced a consistent arc. Stablecoins and fragmented fintech ecosystems have reshaped how illicit value moves. Sanctions enforcement has weakened as activity migrates beyond supervised rails. Compliance programs are struggling to adapt workflows fast enough. And institutions increasingly depend on their ability to reason — not just detect — in unfamiliar risk environments. [Scroll to bottom to see links to all the articles in this series.]

That trajectory leads naturally to a final question: How should institutions execute Compliance decisions at scale without losing governance?

The answer is not unchecked automation. It is agents embedded at the workflow layer, operating under explicit institutional logic and continuous oversight.

The difference between reasoning, design, and execution

Even when institutions successfully identify emerging risks and articulate sound investigative reasoning, they often encounter a practical barrier: Execution does not scale easily.

Manual processes slow response times, introduce inconsistency, and amplify operational fatigue.

At the same time, traditional automation approaches tend to encode static assumptions, obscure decision logic, and reduce human oversight once deployed.

This creates an execution gap: Institutions know what they want to do, but they struggle to operationalize that intent reliably and defensibly across growing volumes and evolving typologies.

Agents as execution tools, not decision-makers

Automation is frequently framed as a solution to scale. In Compliance contexts, however, scale without governance can be dangerous.

Unbounded automation risks are many. Examples include amplifying flawed assumptions, creating opaque decision chains, embedding outdated logic into production systems, and undermining auditability.

In regulated environments, the question is not whether automation is used, but how it is constrained, directed, and explained.

This is where agents must be treated not as independent actors, but as extensions of institutional decision-making.

Agents as governed execution, not autonomous intelligence

In the context of AML, agents should be understood narrowly and precisely.

Agents are not independent decision-makers, substitutes for compliance judgment, or systems that invent logic on the fly.

Properly designed, agents are task-specific execution modules, derived from explicitly defined workflows and policies, operating within bounded authority, and continuously auditable.

Their role is to execute institutional reasoning consistently, not to replace it.

Governance, auditability, and control at the workflow layer

Embedding agents directly into Compliance workflows is critical for governance. When agents operate at the workflow layer, their actions are contextualized by policy and process, escalation paths are explicit, dependencies are visible, and outcomes are traceable to upstream reasoning.

This contrasts with bolt-on automation, where agents act outside core processes, lack shared context, and create parallel decision systems that are difficult to govern.

Workflow-embedded agents ensure that automation remains subordinate to institutional control, rather than competing with it.

Why human-defined logic—Directed Intelligence—must precede automation

As discussed in the previous article, Directed Intelligence captures how humans at an institution reason about risk: The decisions made, the logic applied, and the workflows followed.

This captured reasoning becomes the foundation for agents that execute actions according to defined governance. In practice, Directed Intelligence provides the curriculum, agents provide the execution, and workflows provide the guardrails.

Because agents are generated from explicitly defined institutional logic rather than vendor assumptions, their behavior reflects the organization’s actual compliance posture — and can evolve as that posture changes.

Why institutional reasoning, bounded automation, and governed execution are crucial for crypto-era risk

Stablecoin-enabled money laundering typologies evolve rapidly, but they also exhibit patterns once identified. Institutions need a way to respond quickly without re-litigating every operational step.

Agents support this by executing defined tasks consistently, reducing operational friction, and freeing human investigators to focus on interpretation and judgment.

Crucially, because agents remain embedded in workflows, changes to logic are deliberate, deviations are visible, and accountability is preserved.

This balance allows institutions to move faster without sacrificing defensibility.

Execution with accountability—not speed for its own sake

The temptation in emerging-risk environments is to automate aggressively in pursuit of speed. But speed alone does not create resilience.

Resilient Compliance programs are those that adapt workflows thoughtfully, preserve institutional reasoning, document how decisions are made, and govern execution as rigorously as detection.

Agents, when properly designed and constrained, support this model. When poorly governed, they undermine it.

Closing the loop: From insight to action

This series has traced the evolution of financial crime risk from stablecoins and sanctions evasion to fragmentation, workflow adaptability, and institutional reasoning.

Agents represent the final link in that chain — not as autonomous systems, but as governed executors of institutional intent.

In a Compliance landscape defined by uncertainty, fragmentation, and rapid change, the institutions best positioned to succeed will be those that reason clearly, remember how they reasoned, and execute consistently within well-defined guardrails.

That is not a technological aspiration. In fact, it is a governance imperative.

This article is part of a leadership series examining how stablecoin-driven risk and fragmented fintech ecosystems are forcing Compliance programs to evolve—from static controls toward adaptive workflows, institutional reasoning, and governed execution. Click the titles below to read each article in the full series.

The post Agents at the workflow layer: Why governed execution matters in AML workflow agents appeared first on AML Partners.

Directed Intelligence and the rise of institutional reasoning in AML

Frank Cummings — Fri, 02 Jan 2026 16:54:26 +0000

Why AML programs are being asked to show judgment, not just results

Across the previous articles in this series, a clear pattern has emerged. Stablecoins and fragmented fintech ecosystems have accelerated the pace and complexity of financial crime. Levers for sanctions enforcement are weakening as illicit value moves outside traditional controls. And Compliance teams are struggling to adapt workflows fast enough to keep pace with evolving typologies. [Scroll down to bottom to see links to all articles in the series.]

Beneath these challenges lies a deeper issue—one that technology alone cannot solve. As financial crime grows more dynamic, Compliance increasingly depends on how institutions reason, not just on what they detect.

This article, the fifth in the series of six, explores the rise of institutional reasoning in AML: Why it matters, why it is now a governance requirement, and how capturing that reasoning has become essential in a rapidly changing risk environment.

The limits of outcome-based Compliance monitoring

For decades, AML specialists have optimized AML systems around detection. They designed rules, thresholds, scenarios, and alerts to surface suspicious activity based on known patterns. Investigators then applied judgment—often undocumented—to determine outcomes.

That division worked when typologies were stable, regulatory expectations were well defined, and investigative logic changed slowly.

In today’s environment, that separation is breaking down. Detection alone cannot account for emerging typologies with no historical precedent, fragmented transaction chains that obscure context, or ambiguous risk signals that require interpretation rather than binary classification.

What matters now is not simply what an institution flagged, but how it interpreted and acted on evolving risk.

Why institutional reasoning has become a Compliance requirement

As regulators confront novel risk vectors—particularly those involving digital assets and offshore intermediaries—they increasingly expect institutions to demonstrate judgment, not just adherence to static rules. Note that this is particularly true in higher-risk and novel contexts.

This expectation shows up in several ways:

1. Explainability under uncertainty

When typologies are new, there may be no clear regulatory playbook. Institutions must be able to explain why certain signals were considered higher risk, how investigative steps were chosen, and how decisions aligned with policy intent, even in the absence of explicit guidance.

2. Consistency across teams and time

In fragmented environments, different investigators may interpret similar signals differently. Without a shared reasoning framework, outcomes diverge—and so does institutional risk posture.

3. Auditability beyond outcomes

Regulators increasingly look beyond case resolutions to understand the decision pathways that produced them. The question is no longer just “what happened?” but “How did you decide?”

These demands cannot be met by alert volumes or closure statistics alone.

The problem with tacit knowledge in AML

Much of Compliance reasoning today lives in tacit form—in investigators’ heads, in informal team norms, in email threads or verbal guidance, or in one-off decisions that are never codified.

This creates several risks—knowledge loss when staff turnover occurs, inconsistent application of evolving interpretations, limited defensibility during regulatory review, and inability to scale good judgment across the institution.

As financial crime accelerates, reliance on tacit knowledge becomes a structural weakness.

Directed Intelligence as an operational record of Compliance reasoning

To address this gap, Compliance programs must move beyond detection and toward the systematic capture of institutional reasoning.

Directed Intelligence on the RegTechONE platform represents this shift by capturing the operational decisions and workflows already occurring within Compliance programs. Rather than focusing solely on outcomes, Directed Intelligence captures investigative actions, risk-scoring logic, decision points, workflow paths, and policy interpretations applied during real cases.

Over time, this creates a durable, auditable record of how an institution actually reasons about risk—not in theory, but in practice.

Importantly, this is not about replacing human judgment. It is about preserving it, so that sound reasoning can be reviewed, refined, taught, and consistently applied as risks evolve.

Why institutional reasoning matters in a crypto-era risk landscape

In environments shaped by stablecoins and fragmented intermediaries, institutions frequently confront scenarios that fall outside established typologies. In these cases decisions must be made without full visibility, risk signals must be weighed rather than scored mechanically, and tradeoffs between false positives and false negatives become more complex.

Institutional reasoning provides the connective tissue between policy intent and operational action. It allows Compliance programs to adapt without becoming arbitrary—and to evolve without losing coherence.

From institutional reasoning to governed execution

Capturing reasoning is only the first step. Once institutional logic is explicit and auditable, it can inform how AML specialists design workflows, adjust controls, and maintain consistency across teams.

This creates a foundation for structured learning from past decisions, clearer alignment between compliance leadership and frontline teams, and more defensible responses to emerging regulatory expectations.

The next article in this series examines how this captured reasoning can be operationalized—through carefully governed automation embedded directly into compliance workflows—without sacrificing oversight or accountability.

The post Directed Intelligence and the rise of institutional reasoning in AML appeared first on AML Partners.

Designing Adaptive Compliance: Why workflows must evolve faster in era of crypto risk

Jennifer Montgomery — Fri, 02 Jan 2026 16:48:50 +0000

Across the past three decades, institutions have designed AML Compliance and related regulatory programs around a relatively stable assumption: While threats evolve, the pace of change is manageable. New typologies emerge, Compliance teams update controls and refine rules, and institutions adapt over time.

That assumption no longer holds.

As stablecoins, offshore intermediaries, and automated financial tools reshape how illicit value moves, compliance teams face a widening mismatch between the speed of risk evolution and the speed of institutional response. The result is not a lack of effort or intent, but a structural lag—one that traditional compliance architectures were never built to overcome.

This article, the fourth in our series on the stablecoin-enabled money laundering and FinCrime economy, examines why Compliance must evolve faster. And why workflow design has become a central determinant of whether institutions can keep pace with modern financial crime. [Scroll down for links to the entire series.]

The pace problem: Why traditional Compliance models fall behind

Criminal networks operating in digital-asset ecosystems innovate continuously. New typologies emerge not over years, but over weeks—or even days. Stablecoins amplify this dynamic by allowing illicit actors to test, refine, and redeploy money laundering strategies across borders with minimal friction.

By contrast, many compliance environments remain constrained. Constraints include static rule sets that require long approval cycles, rigid case-management systems that resist reconfiguration, siloed teams that interpret risk differently across functions, and many legacy AML solutions that encode yesterday’s assumptions.

The result is a persistent lag: By the time AML specialists formalize a typology and embed it into controls, adversaries have already moved on.

Why typology evolution now outpaces rule-based systems

AML software specialists designed rule-based monitoring systems for environments where behaviors changed slowly and patterns were well understood. Crypto-era typologies challenge that model in several ways:

1. Typologies are modular and re-combinable.

Illicit actors increasingly assemble laundering chains from interchangeable components:

Crypto ATMs
Stablecoins
Decentralized exchanges
Offshore wallets
Virtual cards
Lightly regulated fintech services

Criminals can rearrange these components rapidly, and these rearrangements produce new patterns that do not resemble historical cases.

2. Behavior often occurs off-platform.

Much of the most consequential activity now takes place outside traditional banking environments. Institutions may only see the final step—when value attempts to re-enter the regulated system—without visibility into the upstream behaviors that shaped the risk.

3. Typologies evolve through experimentation.

Digital ecosystems allow criminals to test controls in real time. Failed attempts generate immediate feedback; successful ones scale quickly. This experimental loop dramatically compresses the lifecycle of new money laundering and FinCrime methods.

In this environment, static controls struggle—not because they are poorly designed, but because they are too slow to adapt.

The hidden constraint: Workflow rigidity

When Compliance teams struggle to respond to new risks, analysts often frame the limitation as a data problem or a tooling problem. In practice, the constraint is frequently workflow rigidity.

Many institutions operate with workflows characterized by rigidity. For example, workflows are often tightly coupled to specific typologies, difficult to modify without technical intervention, inconsistent across lines of business, and opaque in how decisions are actually made.

These constraints make it difficult to incorporate emerging risk signals, adjust investigative logic, or document how new interpretations are applied.

In fast-moving risk environments, workflow design becomes a first-order control.

What adaptive Compliance workflows require

To keep pace with crypto-era risk, Compliance workflows must shift from static execution paths to adaptive, governable systems. This does not mean abandoning structure. It means designing workflows that can evolve without losing oversight.

Key requirements in this type of approach require the following:

1. Configurability without fragility

Compliance teams need the ability to adjust investigative steps, thresholds, and escalation paths without breaking downstream processes or introducing inconsistency.

2. Transparency in decision-making

As typologies evolve, institutions must be able to explain not just outcomes, but how decisions were reached—especially when regulatory expectations might lag behind emerging risks.

3. Cross-functional coherence

Risk interpretation should not diverge across onboarding, monitoring, investigations, and sanctions screening. Workflow design must support shared logic and coordinated responses.

4. Institutional learning over time

Adaptation is not just about reacting quickly; it’s about retaining knowledge. Institutions need workflows that preserve how risks were identified, interpreted, and resolved—creating a durable institutional memory.

Why speed alone is not the answer

It is tempting to frame this challenge as a race: Compliance must simply “move faster.” But speed without governance creates its own risks.

Unchecked automation, ad hoc process changes, or undocumented decisions can undermine auditability and regulatory trust. The goal is not acceleration for its own sake, but controlled adaptability—the ability to evolve while preserving accountability.

This is where workflow design matters most: It is the mechanism through which institutions balance responsiveness with control.

From static controls to adaptive governance

The shift underway is subtle but profound. Compliance is moving from a model based on static controls and retrospective updates to one based on adaptive governance—where workflows, decisions, and interpretations evolve continuously in response to emerging risk.

In this Compliance model, workflows are living structures—not fixed scripts; decision logic is explicit and reviewable, and institutional reasoning is preserved rather than lost.

This transition sets the stage for the next article in our series, which explores how institutions can capture and operationalize their own reasoning—thereby transforming individual compliance actions into durable, auditable intelligence.

The post Designing Adaptive Compliance: Why workflows must evolve faster in era of crypto risk appeared first on AML Partners.

Audit-ready by design: How workflow orchestration delivers transparent, explainable compliance

Jennifer Montgomery — Thu, 11 Dec 2025 18:47:48 +0000

Audit readiness in a new era of compliance

For compliance officers today, “audit readiness” no longer means scrambling to assemble reports once regulators come calling. Modern oversight demands real-time transparency, explainable automation, and continuous assurance—proof that every decision, data point, and approval is traceable at any moment.

That’s exactly what workflow orchestration on RegTechONE® delivers. Built for full auditability, the platform transforms compliance documentation from a reactive burden into a seamless, automated outcome of daily operations.

From process complexity to auditable clarity

Traditional AML systems rely on siloed tools—each generating its own data, logs, and reporting structures. Even when processes work, they often lack a unified audit trail showing how and why each step occurred. Workflow orchestration changes that.

Within RegTechONE, every compliance process—onboarding, monitoring, investigation, reporting—is orchestrated end-to-end through a configurable logic layer. Each event, action, and decision is automatically logged, timestamped, and linked to its data inputs.

This means audit trails aren’t assembled later—they’re generated continuously and ready on demand.

Explainable automation and traceable decisioning

As regulators increase scrutiny of AI and automation, institutions need systems that make decision logic visible. RegTechONE’s orchestration engine records:

• Decision pathways: who approved what, when, and under which conditions.
• Data lineage: the origin and transformation of every data element used in a decision.
• Automated triggers: how each workflow action was initiated—by a user, by a rule, or by an AI model.

This transparent structure creates explainable compliance. This means a direct line from every regulatory outcome back to the underlying data and business rules.

Audit readiness by design

Because RegTechONE was built as a unified orchestration platform, audit readiness is not a separate feature—it’s embedded architecture.

Compliance teams can:
• Generate full audit logs instantly, filtered by case, workflow, or date range.
• Demonstrate control logic to regulators with visual workflow maps.
• Produce evidence that all processes followed the institution’s risk-based approach.

The result is audit efficiency, lower regulatory stress, and stronger trust with oversight bodies.

Empowering governance at every level

Audit transparency isn’t only about passing inspections—it’s about enabling governance culture. Workflow orchestration gives leadership the ability to monitor process performance, identify operational bottlenecks, and verify adherence to policy in real time.

With configurable dashboards, compliance officers and internal auditors gain instant visibility into the following:
• Pending approvals or overdue reviews
• Volume and outcomes of automated checks
• Exceptions requiring manual escalation

Every insight is backed by the same auditable data lineage—so governance decisions are both informed and defensible.

The RegTechONE advantage

RegTechONE extends workflow orchestration beyond automation to create a living record of compliance intelligence. Each captured decision and workflow execution becomes part of the institution’s operational memory—available for internal learning, model validation, and regulatory examination alike.

This is Directed Intelligence in action: The systematic capture of decision pathways that transforms daily compliance into an ever-improving, self-documenting process.

In summary

Workflow orchestration in RegTechONE ensures that audit readiness is continuous, not episodic. Every process, every decision, every data source—connected, logged, and explainable.

For institutions facing growing regulatory complexity and AI oversight, that level of transparency isn’t just an advantage—it’s becoming essential.

The post Audit-ready by design: How workflow orchestration delivers transparent, explainable compliance appeared first on AML Partners.

The fintech fragmentation problem: How criminals exploit the gaps between systems

Jennifer Montgomery — Tue, 09 Dec 2025 00:53:16 +0000

For two decades, global AML/CTF strategy has assumed a straightforward reality: If every institution maintains robust controls across its own systems, the collective perimeter will hold. But the rapid expansion of fintech intermediaries—payment processors, card issuers, exchanges, neobanks, crypto ATMs, offshore service layers, and automated onboarding tools—has exposed critical gaps in that perimeter.

Stablecoins accelerate the problem. They move across borders effortlessly and interact with a sprawling ecosystem of third-party financial technology tools. Many of these tools are lightly regulated, partially regulated, or regulated only in limited jurisdictions. The result is fintech fragmentation—a structural condition that criminals exploit with remarkable ease.

This article, the third in our series on the new stablecoin-enabled money laundering economy, examines the fragmentation phenomenon, why it creates systemic blind spots, and what financial institutions must learn from the rapidly evolving illicit-finance ecosystem. [To read all stories in this series, see links at the bottom of this article.]

Fintech innovation has brought speed, convenience, and efficiency to consumers and businesses. But it has also multiplied the number of actors involved in moving value—and that multiplication poses governance challenges.

1. Fragmented responsibility across multiple intermediaries

In traditional banking, the institution issuing the account is responsible for the controls that govern it. In today’s fintech ecosystem, however, the customer’s value chain might include:

A crypto ATM operator
A stablecoin issuer
A wallet provider
An offshore converter or decentralized exchange
A virtual-card generator
A card-issuing fintech
And a sponsoring bank in yet another jurisdiction

Each participant may follow its own compliance framework—or none at all. Responsibility diffuses. Accountability blurs. Oversight collapses.

2. Exploiting regulatory seams and enforcement gaps

Criminals are less interested in individual weaknesses than in the seams between actors. Fragmented ecosystems create differing KYC standards and uneven sanctions screening. They also create inconsistent transaction reporting obligations, jurisdictional loopholes, and delays in cross-border information sharing.

These multiple seams form the “escape routes” through which illicit flows move from high-control environments to low-control ones.

3. Automated tools with minimal compliance obligations

The recent NY Times investigation highlighted automated Telegram bots that issue virtual Visa or Mastercard numbers funded by stablecoins. These card issuers rely on third-party fintechs, who in turn rely on sponsoring banks—each with different oversight requirements.

The automation is not the issue. The absence of unified compliance responsibility is.

A case study: The chain-of-custody problem

Consider a chain in which value moves from cash to a crypto ATM to stablecoins to a Telegram bot to a card issuer to a sponsoring bank and to global merchants.

Each step introduces a new entity in a new regulatory category. No single party sees the whole picture:

The ATM operator sees the cash.
The stablecoin issuer only sees the blockchain movement.
The bot sees the wallet.
The card issuer sees the load request.
The sponsoring bank sees card transactions—but not their origin.

Criminals understand this. They design money laundering typologies that exploit the fact that no single participant is responsible for end-to-end oversight.

This is the core of fintech fragmentation AML risk: No one has responsibility for the full decision pathway.

Why traditional compliance systems struggle in fragmented environments

Transaction monitoring is too localized

Most monitoring tools still evaluate activity in the context of one institution’s system, not across a chain of intermediaries. But money laundering typologies using stablecoins typically occur off-platform until the moment illicit value re-enters the banking system.

Rule-based systems cannot adapt to emerging typologies

Fragmented chains evolve quickly. Typologies involving cross-chain swaps, off-ramp virtual cards, offshore converters, and/or multi-layered identity obfuscation often emerge faster than rule sets can be updated.

Limited visibility into third-party dependencies

Many banks rely on fintech partners for onboarding, payments, or card issuance. These arrangements can create blind spots when compliance duties are split—or when upstream actors lack the controls that downstream banks assume are in place.

How criminals leverage fragmentation in the stablecoin ecosystem

Criminal networks have adapted faster than institutions or regulators. Their methods often include a range of strategies that keep them far ahead of friction from regulatory safeguards. These strategies might include the following:

Layering value through unregulated intermediaries

Stablecoins can be quickly routed through offshore wallets, decentralized platforms, or automated conversion tools that operate with minimal oversight.

Switching rails before detection

Illicit actors strategically hop between fintech layers—for example, from crypto ATM to a wallet to mixing service to an offshore exchange to a prepaid card—ensuring no individual actor has the full view.

Exploiting identity gaps

Where traditional banks rely on robust KYC, many fintech layers require limited or no identity verification. The chain becomes an identity-diffusion mechanism.

What fintech fragmentation means for financial institutions

The lesson here is not that fintech is inherently risky. It is that risk increasingly resides outside the institution’s direct control—yet the institution remains responsible for compliance outcomes.

Banks must now operate in an environment where control is decentralized. Customers may interact with stablecoin-based tools entirely off-platform. Onboarding and payments may rely on third-party processors. Sanctions exposures originate from unseen intermediaries. Regardless, regulators expect institutions to understand and manage risks they do not directly generate.

Fragmentation demands improved institutional reasoning—visibility, workflow agility, and governance across distributed systems.

Toward a unified approach to AML in a fragmented world

While institutions cannot control the global fintech ecosystem, they can control their internal governance. Key elements of internal governance can mitigate fragmentation risks:

Transparent, auditable decision pathways
Configurable workflows for emerging typologies
Cross-functional orchestration of alerts, investigations, and sanctions checks
Institutional memory that preserves how risk was interpreted and resolved

In future articles in our series, we examine how Compliance workflows must evolve to match the speed and complexity of stablecoin-enabled risks—and why agility is now a fundamental requirement for AML programs.

Part of a three-part series: Stablecoins and the new AML risk landscape

This article is part of a leadership series examining how stablecoins are reshaping illicit finance, weakening sanctions enforcement, and exposing compliance blind spots created by fragmented fintech ecosystems. Click the bulleted items below to read each of the three parts.

The post The fintech fragmentation problem: How criminals exploit the gaps between systems appeared first on AML Partners.

When sanctions lose their teeth: Stablecoins and the weakening of global financial controls

Jennifer Montgomery — Mon, 08 Dec 2025 19:53:43 +0000

Across the global financial system, sanctions have long functioned as one of the United States’ most effective non-military tools—an intricate architecture built on visibility, supervision, and control of dollar-denominated flows. That architecture is now under strain.

The rapid rise of stablecoins has created new channels for sanctioned actors to move value outside the reach of the traditional banking system. As these channels expand, the effectiveness of sanctions erodes—and the compliance obligations for financial institutions intensify.

This article, the second in our series on the new stablecoin money laundering economy, examines how stablecoins are reshaping the landscape of sanctions enforcement and what this means for institutions navigating today’s global risk environment. [See links to all articles in the series at the bottom of of this story.]

How stablecoins bypass sanctions infrastructure

Sanctions work because access to dollars works through regulated chokepoints—banks, correspondent networks, and payment processors required to screen customers, monitor activity, and block prohibited transactions. The enforcement layer is deeply woven into the global banking system.

Stablecoins break that pattern in three ways:

1. Stablecoins operate outside supervised dollar rails

Dollar-linked tokens such as USDT and USDC behave like digital dollars but transact on global blockchain networks where traditional KYC and transaction filtering do not apply by default. This allows sanctioned individuals, entities, and jurisdictions to move dollar-equivalent value without touching a regulated intermediary.

2. Offshore exchanges create parallel liquidity markets

Even when U.S.-based exchanges face strict AML and sanctions obligations, liquidity migrates to offshore platforms where oversight is inconsistent or nonexistent. These exchanges provide conversion pathways between crypto assets and stablecoins. This facilitates a sanctions-resistant ecosystem where illicit value can circulate freely.

3. Intermediaries obscure origin and intent

As the recent NY Times investigation highlighted, stablecoin-enabled sanctions evasion often relies on multi-layered chains of intermediaries that include crypto ATMs, Telegram-based financial services, anonymous card issuers, and offshore fintech processors.

Each actor occupies a regulatory grey zone. Collectively, they create a money laundering pathway where responsibility diffuses and detection becomes unlikely.

Stablecoin sanctions evasion in practice: A shifting typology

Emerging typologies illustrate how quickly illicit actors adapt:

Crypto-to-card conversion to mask identity

Sanctioned individuals increasingly route stablecoins into prepaid or virtual cards—tools that allow them to transact with global merchants without using identifiable bank accounts.

Stablecoin mixers and cross-chain swaps

Typologies once associated with Bitcoin now apply to stablecoins:

Cross-chain hopping to obscure origins
Routing through decentralized liquidity pools
Converting to tokens pegged to non-USD currencies before re-entering the dollar ecosystem.

Use of state-tolerated or state-aligned platforms

Certain jurisdictions have cultivated crypto ecosystems that implicitly permit—or strategically ignore—sanctions-evasion activity. Stablecoins accelerate this dynamic by allowing dollar-value transactions in regions where U.S. oversight is limited.

Regulatory responses and their limits

Recent U.S. legislation, including frameworks designed to supervise domestic stablecoin issuers and exchanges, represents an important step. But the limits are clear:

Most stablecoins circulate on offshore platforms, beyond the jurisdiction of U.S. regulators.
Enforcement against major stablecoin issuers risks spillover into traditional financial markets, given their holdings of U.S. Treasuries.
Sanctions screening relies on knowing the identity of the transactor—a control that stablecoin ecosystems often do not require or collect.

In short, regulators can constrain domestic on-ramps. They cannot fully contain a global, decentralized, and rapidly evolving liquidity system.

What stablecoin sanctions evasion means for financial institutions

For banks and financial institutions, the challenge is not hypothetical. Three strategic realities are emerging:

1. Sanctions risk now extends far beyond the institution’s perimeter

A customer may never transact in crypto through the bank’s systems, yet their exposure to stablecoin channels can materially increase sanctions risk and associated reporting obligations.

Stablecoin evasion often involves off-platform steps followed by on-platform attempts to re-enter the traditional financial system. Institutions need the ability to evaluate behavior, patterns, and decision pathways, not just transaction-level rules.

3. Compliance teams need workflow agility to keep pace

Typologies change rapidly. Threat actors innovate quickly. Compliance controls must be able to adapt without waiting for software vendors, developers, or multi-quarter release cycles.

Institutions that lack configurable investigation workflows—or that lack transparency into how investigators interpret and act on emerging risks—will struggle to maintain sanctions compliance as the threat landscape accelerates.

Why sanctions enforcement requires institutional reasoning

Sanctions evasion through stablecoins exposes a broader truth: Compliance is no longer only about screening; it’s about reasoning.

Financial institutions need the following, at a minimum:

Visibility across fragmented risk signals
Documented and auditable decision pathways
Workflows capable of adapting to unfamiliar threat vectors
Institutional-level intelligence that captures how risk is interpreted and acted upon.

These requirements set the stage for the next article in the series, where we examine how fintech fragmentation—and the collapse of unified oversight—creates AML blind spots that illicit actors exploit with increasing sophistication.

Part of a three-part series: Stablecoins and the new AML risk landscape

The post When sanctions lose their teeth: Stablecoins and the weakening of global financial controls appeared first on AML Partners.

Stablecoins and the new geography of illicit finance

Jennifer Montgomery — Mon, 08 Dec 2025 19:26:01 +0000

Bad actors leverage dollar-linked crypto for boundless gain

Across the global compliance landscape, a structural shift is underway—one that is redefining how illicit value moves across borders and how institutions must understand financial risk. The rise of stablecoins has created a new geography of illicit finance, one that operates with speed, precision, and global reach.

Criminal networks once relied on diamonds, gold, or artwork to store and move illicit wealth. Today, they rely on something far more potent: dollar‑linked cryptocurrencies that move almost instantly, often outside the supervision of any regulated financial institution.

A recent New York Times investigation documented how stablecoins now enable billions in illicit flows each year. Estimates of volume draw on blockchain tracing reports and law-enforcement data. And the potential FinCrime includes actors seeking to evade sanctions, move proceeds from narcotics and human trafficking, and obscure the origins of illicit wealth. Combined with lightly regulated intermediaries—crypto ATMs, offshore exchanges, automated card‑issuers, and Telegram‑based bots—stablecoins form a new and evolving ecosystem of financial obfuscation.

For financial institutions, the implications are profound. Stablecoins challenge traditional assumptions about visibility, traceability, and the very architecture of global compliance. They expose the limits of regulatory perimeters built around banks and supervised payment channels. And they reveal how fragmentation across fintech actors creates seams that determined adversaries can exploit.

This article is the first in a broader leadership series examining the stablecoin‑enabled laundering economy. Here, we outline the shift underway—and why it represents not a temporary aberration, but a durable change in how illicit finance operates. [For links to additional articles in the series, scroll to the bottom of this article.]

The rise of stablecoins as illicit infrastructure

Stablecoins were designed to provide digital dollars for trading, settlement, and payments in the crypto economy. But their properties—borderless transferability, instant liquidity, dollar stability—make them equally attractive to illicit actors. Criminals increasingly prefer stablecoins because they function as portable stores of value—globally liquid and able to bypass gatekeepers that oversee the movement of money.

Blockchain‑analysis firms now estimate tens of billions in illicit flows involving stablecoins annually. These flows include sanctioned oligarchs, extremist networks, and transnational criminal groups.

Stablecoins as a structural change

Three forces are converging in ways that upend existing AML/CTF Compliance structures.

The dollar’s strength is now digitally exportable. Stablecoins have become de facto digital dollars outside the U.S. banking system. This extends the global reach of the dollar but also weakens the control mechanisms that traditionally safeguarded it.
Illicit actors have adopted stablecoins faster than regulators or institutions. Sanctions regimes built on supervised banking rails cannot easily adapt when value moves through offshore wallets or pseudonymous intermediaries.
Fintech fragmentation has created AML blind spots that multiply across intermediaries that are only partially regulated—or not regulated at all. The NYT investigation documented a chain of intermediaries—crypto ATMs, offshore vendors, card issuers—each with limited or unclear compliance duties. The result is a system where responsibility diffuses and oversight collapses.

What this means for financial institutions

Financial institutions must now grapple with an environment for which their Compliance systems are not well suited. The perimeter of risk has expanded beyond traditional rails. FinCrime typologies are evolving faster than rule‑based systems can adapt. And the ability to reason across fragmented signals becomes essential—even though much of the regulatory technology in use cannot achieve that.

The compliance function is entering an era where operational agility, unified governance, and transparent decision pathways are no longer optional. Institutions must be able to capture how they make decisions, adjust workflows as threats change, and ensure that oversight is continuous—even when risks originate far outside their own infrastructure.

This series will explore these themes in depth. Next, we examine how stablecoins erode the effectiveness of global sanctions regimes—and what it means for the future of financial integrity.

Part of a three-part series: Stablecoins and the new AML risk landscape

The post Stablecoins and the new geography of illicit finance appeared first on AML Partners.

From fragmented views to a single source of truth: The case for unified Client Lifecycle Management in AML

Jennifer Montgomery — Fri, 05 Dec 2025 15:34:33 +0000

The problem with fragmented compliance journeys

Across financial institutions, lifecycle management often looks like a patchwork—one system for onboarding, another for due diligence, another for ongoing reviews. Each department maintains its own processes, its own data, and its own version of “the truth.”

That fragmentation creates real risk. When compliance teams can’t see the full picture of a client relationship, inconsistencies emerge: duplicate documentation, outdated risk ratings, missed red flags. These operational cracks become regulatory vulnerabilities.

Why fragmentation persists

Legacy systems and departmental silos didn’t start as bad decisions—they evolved over time. Institutions built solutions as regulations expanded, layering new tools over old infrastructure. The result: a network of disconnected systems that technically work, but rarely communicate.

This complexity drains resources, slows onboarding, and makes consistent compliance nearly impossible. Regulators now expect institutions to demonstrate a complete and continuous understanding of every client relationship—something fragmented architectures simply can’t provide.

What unified Client Lifecycle Management changes

A unified client lifecycle management platform like RegTechONE replaces that patchwork with one orchestrated ecosystem. Every process—onboarding, KYC/CDD, credit and legal review, monitoring, and offboarding—operates within a single data environment.

That shift creates a “single source of truth” across the institution:
•Every department sees the same verified client data.
•Risk ratings update automatically when new activity or alerts appear.
•Reviews trigger based on actual changes in client behavior, not arbitrary timelines.
•All lifecycle actions are timestamped and auditable, simplifying regulatory examinations.

Unified CLM—like CLM on the RegTechONE platform–doesn’t just integrate systems—it unites compliance logic, data integrity, and workflow visibility.

The business case for unification

Compliance teams gain reliability. Operations gain speed. Clients gain trust.

By eliminating redundant reviews and document requests, institutions accelerate onboarding without sacrificing rigor. Automated risk recalibration reduces manual errors and human lag time. And because every lifecycle event is captured in one record, investigators can respond to regulators or auditors in minutes instead of days.

A unified platform turns compliance from a cost center into a governance advantage.

Governance through connected intelligence

When lifecycle data lives in one system, it becomes a source of strategic intelligence. Trends in client risk, regional exposure, or transaction anomalies can surface instantly through analytics and reporting.

RegTechONE’s unified architecture ensures this intelligence is built in, not bolted on. Institutions can trace every compliance decision back to its data foundation—proving not only what was done, but why. That transparency strengthens institutional resilience and regulator confidence.

The case closed

Fragmentation once felt inevitable. But in a regulatory environment that demands transparency, it’s now a liability.

Unified client lifecycle management transforms compliance oversight from reactive to real time—from many disconnected systems to one coherent truth. For modern institutions, unification isn’t just an upgrade; it’s the foundation of future-ready compliance.

The post From fragmented views to a single source of truth: The case for unified Client Lifecycle Management in AML appeared first on AML Partners.

Making sense of AI in AML: Why institution-specific decision agents matter

Frank Cummings — Fri, 05 Dec 2025 14:51:20 +0000

Everyone in financial crime compliance hears the same thing right now: Use AI or get left behind. The problem is that most of what the market calls “AI” is an undifferentiated fog. Vendors blur categories. Buzzwords replace precision. And leaders are left trying to evaluate technologies that are fundamentally incomparable.

Here’s the truth: AI is not one thing. And if you treat it like one thing, your strategy will fail. Compliance leaders need clarity—and fast. Three categories matter. Only three:

General-purpose AI models
Automation tools
Institution-specific decision agents

If you can’t distinguish them, you will misjudge risk, misallocate budget, and misunderstand where real operational leverage actually lives.

General-purpose AI—Not very relevant in AML/CTF

General-purpose AI is powerful, but it’s not your system of record. Tools like ChatGPT are astonishing at what they do: language, reasoning, summarization. They can elevate productivity across your organization tomorrow morning. But they are generalists by design. And generalists do not run AML programs.

General-purpose AI does not know your institution. It does not know your policies, risk posture, or workflow logic. It does not understand the judgment patterns your teams rely on every day.

These tools support humans. They do not make compliance decisions. They should never be positioned as operational engines. When used well, they are accelerators of human thinking—not surrogates for institutional judgment.

Traditional automation: Fast, reliable, and fundamentally static

The next category is the automation layer—rules, scripts, workflows, triggers. These tools have been with us for decades, and they are essential to your work. They do what you explicitly tell them to do, every time.

But they do nothing more.

Automation cannot interpret context. It cannot adjust to nuance. It cannot learn from how your best investigators navigate complexity. It is mechanization, not intelligence.

This category is valuable, but it is also bounded. Automation scales only the parts of your program you already understand well enough to formalize.

Decision agents: The next frontier—and it’s not what the market is selling

The third category is where the field is truly shifting, though most of the industry still mislabels it. These are institution-specific decision agents—and they are nothing like general-purpose AI.

Decision agents begin with Directed Intelligence: the complete capture of your institution’s operational behavior. Not just outcomes. Not just workflow diagrams. But the actual decisions your analysts make. These include things like the following:

How your analysts move through cases
Why they escalate
What data they check and in what order
How they adjust risk
Where they apply judgment
How policy shapes each step of their workflow

This is your institutional fingerprint.

From this captured operational logic, agents are built. These agents don’t guess. They don’t hallucinate. They execute bounded tasks based entirely on the behaviors your institution already governs.

They are high-fidelity, high-integrity, and high-precision—because they’re derived from the institution itself.

This is not “AI bolted onto a product.” This is your own operational intelligence, scaled responsibly.

Why leaders must get this taxonomy right

Mistaking these categories leads to predictable leadership errors:

1. Wrong governance controls

General-purpose AI demands external-facing controls. Agents require workflow-level governance. Automation requires configuration governance. Mixing these up creates risk.

2. Wrong investment decisions

If you buy general AI hoping for operational replication, you will waste your money.

If you rely solely on automation, you will cap your program’s effectiveness.

If you ignore agents, you will fall behind institutions that can scale their decision logic without diluting integrity.

3. Wrong expectations of what “AI” can actually do

Not all AI is operational. Not all AI is institutional. Not all AI is decision-capable. Leaders who understand the distinctions make smarter moves.

The shift that’s coming

The next generation of AML/CTF programs will be built not on generic AI, but on directed, institution-specific intelligence.

Not intelligence imported from the internet.

Not intelligence buried in vendor black boxes.

But intelligence captured directly from how your people already execute the work.

That is the pivot point. From borrowed intelligence to your own directed intelligence. From abstract AI to operational agents. From hype to accountable, explainable, governed decision execution.

Institutions that make this shift will run more consistent programs, reduce manual burden, and strengthen the integrity of every decision pathway.

Which AI categories matter to you?

AI will shape the future of compliance. But only if leaders refuse to let the term “AI” blur categories that matter. General-purpose tools, automation engines, and institution-specific decision agents are not the same. They serve different purposes, carry different risks, and generate different kinds of value.

Leaders who understand that distinction will set the standard for what responsible, high-integrity AI looks like in AML and financial crime.

The post Making sense of AI in AML: Why institution-specific decision agents matter appeared first on AML Partners.

RegTechONE Wins Best Risk Calculation Engine for Regulatory Compliance

Jennifer Montgomery — Thu, 20 Nov 2025 23:00:00 +0000

AML Partners is proud to announce that we have been named Best Risk Calculation Engine for Regulatory Compliance in the 2025 RegTech Insight Awards USA. The awards, hosted by A-Team Group, recognize excellence and innovation across the RegTech industry and highlight solutions that are shaping how institutions manage compliance today.

In announcing the award, Angela Wilbraham, CEO of A-Team Group, shared:
“Congratulations to AML Partners for taking home the Best Risk Calculation Engine for Regulatory Compliance award in the 5th annual RegTech Insight Awards USA 2025. This recognition underscores how their technology is driving the standard for compliance and delivering creative solutions to regulatory challenges. It’s an outstanding achievement in this highly competitive field.”

At the center of this achievement is the Dynamic Risk Engine within RegTechONE. Designed for configurability and precision, the Dynamic Risk Engine enables users to align risk calculations with their exact operational and regulatory needs. Institutions can fine-tune models, nest risk logic, and gain a deeper and more transparent understanding of risk across their environments.

CEO Frank Cummings explained the significance of the award:
“We’re honored to receive this recognition. Our RegTech platform features a powerful Dynamic Risk Engine that allows users to fine-tune risk calculations to their precise needs—and even nest models for a deeper understanding of risk in their institution.”

AML Partners is grateful to our clients, partners, and the RegTech community for supporting our continued work to advance regulatory compliance through thoughtful design, transparency, and innovation.

The post RegTechONE Wins Best Risk Calculation Engine for Regulatory Compliance appeared first on AML Partners.

AML Partners

Why Compliance fails in execution — and how governed automation closes the gap

AML Compliance doesn’t fail in theory–it fails in execution

The missing layer in AML Compliance technology

Compliance requires orchestration–and execution

The RPA foundation beneath the AI conversation

The power of proving legitimate activity

Compliance that governs itself

Drag-and-drop agents: Now inside no-code AML Compliance workflows on RegTechONE

Drag-and-drop agents available today

What’s coming next: Workflows built from institutional requirements

Agents where Compliance actually works—inside workflows

No-code flexibility with built-in governance

Agent results that activate the platform

Replacing work-intensive AML Compliance processes

Available now, expanding soon

Why RegTechONE v5.0 matters

From alerts to execution: Event-driven RPA in AML Compliance

How event-driven automation changes Compliance execution

How RegTechONE operationalizes event-driven RPA

The Compliance automation triangle: Events, actions, and triggers

From alerts to execution inside RegTechONE

Event-driven Compliance in practice: The “on customer save” example

Mandatory actions versus optional workflows

Perpetual KYC as governed execution

Where machine-learning agents fit in RegTechONE

The future of Compliance execution

AML rule delay for investment advisers: FinCEN grants two-year extension

Why applying bank-style AML rules to investment advisers is complex

What FinCEN delayed—but did not rescind

Why FinCEN extended the Compliance timeline

Economic and Compliance impact

What advisers should take from the delay

Looking ahead

2026 in focus: What real AI innovation in Compliance looks like

The year ahead in Compliance innovation and governance

From AI features to operational control in Compliance workflows

Why workflow orchestration matters as much as AI models

The best and worst of AI in Compliance in 2026

Innovation grounded in real Compliance operations

Scaling Compliance with confidence in 2026 and beyond

Agents at the workflow layer: Why governed execution matters in AML workflow agents

Why execution risk matters as AML programs adopt agents

The difference between reasoning, design, and execution

Agents as execution tools, not decision-makers

Agents as governed execution, not autonomous intelligence

Governance, auditability, and control at the workflow layer

Why human-defined logic—Directed Intelligence—must precede automation

Why institutional reasoning, bounded automation, and governed execution are crucial for crypto-era risk

Execution with accountability—not speed for its own sake

Closing the loop: From insight to action

Directed Intelligence and the rise of institutional reasoning in AML

Why AML programs are being asked to show judgment, not just results

The limits of outcome-based Compliance monitoring

Why institutional reasoning has become a Compliance requirement

The problem with tacit knowledge in AML

Directed Intelligence as an operational record of Compliance reasoning

Why institutional reasoning matters in a crypto-era risk landscape

From institutional reasoning to governed execution

Designing Adaptive Compliance: Why workflows must evolve faster in era of crypto risk

The pace problem: Why traditional Compliance models fall behind

Why typology evolution now outpaces rule-based systems

The hidden constraint: Workflow rigidity

What adaptive Compliance workflows require

Why speed alone is not the answer

From static controls to adaptive governance

Audit-ready by design: How workflow orchestration delivers transparent, explainable compliance

Audit readiness in a new era of compliance

From process complexity to auditable clarity

Explainable automation and traceable decisioning

Audit readiness by design

Empowering governance at every level

The RegTechONE advantage

In summary

The fintech fragmentation problem: How criminals exploit the gaps between systems

How fintech fragmentation creates AML blind spots

1. Fragmented responsibility across multiple intermediaries

2. Exploiting regulatory seams and enforcement gaps

3. Automated tools with minimal compliance obligations

A case study: The chain-of-custody problem