Considering these principles ensures the integration of GDPR requirements into an AML / CTF compliance program . Appropriate controls support in identifying and addressing potential gaps and risk areas that can reduce the likelihood of noncompliance leading to regulatory and legal ramifications .
Setting a governance and data protection framework around an AFC program by aligning AML / CTF , GDPR and AI requirements , as set out in the graphic on the opposite page , provides a holistic approach , strengthening the effectiveness and resilience of an organization ’ s risk management framework . Besides reducing their exposure to regulatory risk , organizations can build confidence and trust with their customers who value a commitment to safeguarding privacy rights , thus gaining a competitive advantage .
Regtech and AI governance
Some of the main concerns around data privacy during the digital transformation of AFC programs are linked to the following :
▪ Data privacy and security : AI systems often require large datasets for training and operation . The collection , storage and processing of personal information is at the core of the concerns linked to AI systems .
▪ Bias and fairness : AI systems can inherit biases from training data , leading to unfair treatment of certain groups or regions . For example , certain customer profiles may be unfairly flagged as high-risk due to biased datasets .
▪ Transparency and explainability : Many AI models , especially deep learning systems , are considered “ black boxes .” Lack of explainability raises issues in terms of understanding the reasoning resulting from AI systems . In addition , AI systems may generate excessive false positives which could lead to increased work on administrative tasks rather than focusing on strategic and high-risk matters . False negatives ,
Errors in AI systems may propagate unnoticed if there is not adequate human supervision
where suspicious activities go undetected , can also increase an institution ’ s risk exposure .
▪ Overdependence on technology : Relying too heavily on AI could lead to complacency among human compliance officers , reducing critical thinking and oversight . Errors in AI systems may propagate unnoticed if there is not adequate human supervision .
Practitioners , supervisors and academics 16 agree that adequate governance , i . e ., the establishment of effective mechanisms for informed oversight , is a must in order to take advantage of opportunities offered by the widespread adoption of AI in AFC programs . Although the Organisation for Economic Co-operation and Development principles urge for “ transparency and responsible disclosure around AI systems ” to allow people to challenge outcomes , AI models are not always properly explained and communicated so that authorities and supervisors can assess the suitability of the models and identify any risks associated to their implementation . 17 Carolin Gardner , head of AML / CTF at the European Banking Authority ( EBA ) noted that FIs frequently fail to deploy the latest transaction monitoring software and other innovative tools effectively , creating longer-term gaps in their compliance programs rather than strengthening them . 18 An opinion on this topic is expected to be published by the EBA in 2025 .
In advance of adopting AI in AML / CTF programs , several risks must therefore be considered in order to ensure that not only is the AI system adequate and fit-for-purpose but also that it is operating in an ethical manner . The following should be included as a checklist in advance of implementing any AI system :
AI system checklist
▪ Request documentation explaining relevant information about the AI system .
▪ Conduct risk assessment of the AI system including an assessment of mitigation measures .
▪ Ensure high-quality datasets .
▪ Ensure traceability of results .
▪ Ensure human oversight and adequate training of the team .
▪ Gain assurance around the robustness , security and accuracy of the AI system .
Conclusion
Understanding the boundaries that need to be considered and the necessary controls , while at the same time leveraging the efficiencies AI systems have to offer , is something we need to discuss at length as an AFC / CTF community .
AFC professionals need to implement AI systems in their processes in the right way and ensure that proper fit-forpurpose governance is in place to mitigate the risk on a continuing basis .
Therefore , those responsible for overseeing AML / CTF compliance programs need to understand their AI systems in detail and monitor and test the way in which they are being deployed in order to retain adequate oversight .
With a successful implementation of AI , the resources freed up as a result of process optimization can be used to address more pressing risk issues by allocating human judgement and management skills accordingly .
Jennifer Hanley-Giersch , CAMS , managing partner , Berlin Risk Ltd ., Berlin , Germany , jennifer . hanley @ berlinrisk . com
ACAMS Today | March – May 2025 53