Financial institutions, from established banks to fast-growing FinTechs, continue to face intensifying regulatory scrutiny alongside commercial pressure to improve anti-money laundering and counter-terrorist financing (AML/CFT) controls.
While investment in new technology is often positioned as the answer, the reality is that AML transformation is rarely linear, says ComplyAdvantage.
Progress depends on a clear understanding of where an organisation sits today and how it can systematically improve the sophistication of its compliance capabilities, moving away from manual processes towards intelligence-driven, automated systems.
This challenge was explored at the 2025 Future of Payments Summit, where Patrick Craig, EMEIA financial crime technology lead at EY, and Andrew Davies, global head of FCC strategy at ComplyAdvantage, discussed the idea of an AML compliance maturity curve. The concept provides a practical framework for understanding how organisations evolve their financial crime controls over time and why incremental progress is often more realistic than wholesale replacement.
At its foundation, the AML compliance maturity curve maps distinct stages of capability. The earliest stage is defined by manual approaches built on legacy tools, heavy spreadsheet use, limited data curation, and a largely reactive posture. Many organisations then move into partial automation, layering multiple tools and data sources with custom integrations. While this reduces some manual effort, performance often remains inconsistent and costly. The next phase introduces automation in silos, where individual functions such as case management or screening become more sophisticated but remain poorly integrated across the wider compliance stack.
More advanced stages introduce AI-enabled automation, including real-time data ingestion, AI-driven matching, and dynamic risk scoring. At this point, firms begin to unlock tangible value from AI, though many remain aligned with, rather than ahead of, the market.
Beyond this sits agentic intelligence, where autonomous systems support activities such as case remediation and behavioural anomaly detection, enabling a more genuinely risk-based operating model. At the highest level, agentic excellence combines full-stack automation, continuous feedback loops, consortium intelligence, and behavioural risk assessment to deliver measurable gains in efficiency, revenue protection, and regulatory resilience.
For firms still reliant on manual processes, the transition can feel daunting. However, the most impactful step is not adopting individual tools in isolation, but shifting towards integrated platforms that unify data and embed intelligence across the compliance lifecycle.
This change is often triggered by external and internal pressures, including regulatory examinations, audit findings, or enforcement actions that expose weaknesses in existing controls. Rising operational costs caused by alert backlogs and false positives also play a major role, as does commercial pressure created by slow onboarding and customer friction. In many cases, progress begins when boards and senior executives recognise AML investment as a strategic business priority rather than a purely regulatory obligation.
Successful AML technology upgrades tend to follow a small set of guiding principles. Moving from fragmented, siloed data towards a unified customer risk view allows organisations to maximise the value of both internal and external data. Replacing rigid, rules-based systems with adaptive, risk-based models improves precision and reduces unnecessary alerts. Strong governance is essential to ensure technology, policy, and oversight evolve together, while clearly defined KPIs help firms measure whether new tools are delivering outcomes such as faster remediation, lower false positives, or improved customer acquisition.
As organisations mature, specific technologies become critical enablers of scale. Advanced analytics and machine learning support more effective screening, monitoring, and investigations. Agentic AI introduces autonomous capabilities that can triage alerts and summarise cases, allowing low-risk activity to be resolved automatically. Entity and network analytics provide visibility into hidden relationships and criminal networks, while cloud-native, API-first architectures enable real-time responses and rapid scaling. Performance dashboards bring these elements together, allowing compliance leaders to continuously refine operations.
Crucially, the maturity curve challenges the idea that compliance modernisation requires a disruptive “big bang” replacement. Progressive renovation, through augmentation, targeted pilots, and close engagement with RegTech vendors, is often more effective. Firms at the top of the curve treat compliance like product development, committing to continuous improvement and strategic alignment as criminal threats and regulatory expectations evolve.
By adopting this mindset and investing in advanced capabilities such as agentic AI, organisations can move towards scalable, resilient AML operations that support both growth and regulatory confidence.
Copyright © 2026 FinTech Global
