At the same time , the challenges linked to the widescale adoption of AI are equally as often voiced . Some are linked to skepticism of stakeholders due to the lack of transparency attached to AI models as well as reservations around data protection and privacy .
As early as 2017 , McKinsey & Company published a study 1 outlining the various inefficiencies it had identified within compliance teams , which included fragmented efforts , manual processes and mountains of data . 2 The adoption of AI has been slow , however , and only very recently have large banks started to explore and test the integration of AI into their AFC programs . Fintechs have been bolder in that regard . 3 Fast and tailored adoption can be expected in the coming years across the financial sector given that the European Union ( EU ) has introduced data protection and AI regulation in 2018 and 2024 , respectively , providing the necessary assurance through a robust regulatory framework .
This article will assess how AI and data privacy regulation have sought to address the concerns linked to the adoption of AI , and how obliged entities that consider the appropriate implementation of governance around their AI models and regulatory technology ( regtech ) tools should be able optimize their AFC programs , while at the same time safeguarding privacy rights and mitigating other risks linked to AI .
EU ’ s Artificial Intelligence Act and its applicability to AFC programs
In the EU ’ s Artificial Intelligence Act ( AI Act ), which entered into force on August 1 , 2024 , the EU described a key characteristic of an AI system as by using machine learning the system has the capability to learn , reason and model . It can derive models and algorithms from inputs or data and can generate outputs such as predictions , content , recommendations or decisions that can influence physical and virtual environments . AI systems are designed to operate with varying levels of autonomy depending on the AI system ’ s self-learning capabilities that allow it to change while in use , according to Article 12 of the AI Act . 4
Like with the anti-money laundering / counter-terrorist financing ( AML / CTF ) regime , the core principles of the EU AI Act are based on the risk-based approach .
Annex III of the EU AI Act assigns different risk categories to AI systems ( see Graphic 1 below ). High-risk AI systems include “ those intended to be used by or on behalf of law enforcement authorities , or by Union institutions , bodies , offices or agencies in support of law enforcement authorities or on their behalf to assess the risk of a natural person becoming the victim of criminal offences ,” e . g ., those that could form part of AML / CTF compliance programs . 5
AI systems used for AML / CTF would be considered high-risk systems and therefore subject to the following obligations prior to being allowed to be sold on the market . 6 The regulation of high-risk AI systems will take effect between 2026 and 2027 . 7
The risk areas are set out in Graphic 1 below . 8
Graphic 1 : AI system risk categories according the EU AI Act
NO RISK LOW RISK
HIGH RISK
AI Act allows the free use of minimal-risk AI . This includes applications such as AI-enabled video games or spam filters |
AI systems with specific transparency obligations such as chatbots with the obligation to notify humans that they are interacting with an AI system |
AI systems identified as high-risk include :
▪ critical infrastructures
▪ educational or vocational training
▪ safety components of products
▪ employment , management of workers and access to self-employment
▪ essential private and public services
▪ law enforcement that may interfere with people ’ s fundamental rights
▪ migration , asylum and border control management
▪ administration of justice and democratic processes
|
UNACCEPTABLE RISK
AI systems considered a clear threat to the safety , livelihoods and rights of people are banned , from social scoring by government to toys using voice assistance that encourage dangerous behavior .
|
Source : The AI Act 9 and the European Commission 10 ; Visualization by : Jennifer Hanley-Giersch
ACAMS Today | March – May 2025 51