There is a moment in the adoption of any transformative technology when the early experiments give way to something harder and more serious. The industry has been through that moment with artificial intelligence, and the evidence was plain at Transform Finance's 4th Annual FinCrime Leaders Summit Europe, Amsterdam. The conversation has moved on from whether AI belongs in financial crime prevention. The conversation now is about how to deploy it without losing control of it - and whether institutions are moving fast enough to stay ahead of adversaries who face no such constraints.

The journey has three distinct phases, each building on the last.

Analytical AI arrived first. Machine learning models trained on historical transaction data to identify patterns associated with suspicious activity, suppress false positives, and surface genuine risk more efficiently. One major European institution described deploying these models as far back as 2019, using them to hibernate - not close, but set aside with a record - transaction monitoring alerts assessed as highly unlikely to result in a suspicious activity report. Thousands of alerts, suppressed daily, freeing analysts to focus on cases that warranted human attention.

Generative AI followed. Large language models applied to the compliance workflow - drafting case summaries, answering analyst queries against internal policy libraries, producing structured narratives from raw investigation data. At one institution, more than 2,000 compliance staff now interact daily with an internal AI system trained on the organisation's own regulatory standards, KYC work instructions and global policies. An analyst working a complex PEP case no longer scrolls through 155 pages of procedure looking for a footnote. They ask a question and receive a referenced, actionable answer in seconds. Feedback loops allow analysts to flag errors in real time, continuously improving the system's accuracy.

Agentic AI is the third phase - and it is where the significant step change lies.

The Multi-Agent Pipeline

Where generative AI assists an analyst working a case, agentic AI works the case itself. A framework described at the summit illustrates what this looks like in practice.

A transaction monitoring alert arrives and is passed to a first agent, which conducts an initial assessment: is this worth investigating further? If the answer is yes, the case moves to a second agent trained in AML typologies, which reviews the transactional picture against known patterns of money laundering behaviour and identifies any uncovered risk not flagged in the original alert. A third agent then enriches the investigation with open-source intelligence - corporate registry data, adverse media, network connections - before passing everything to a fourth agent tasked with synthesis: assembling the disparate findings into a coherent, evidence-based recommendation. That recommendation arrives with the human analyst alongside a draft suspicious activity report, written in the institution's own format, ready for review.

The same architecture can be applied across the financial crime function. Name screening agents that assess both list and customer-side information simultaneously, reducing false positive rates with explicit reasoning attached to every decision. Sanctions evasion agents that map the full network of connected parties to a transaction, uncovering indirect exposure that would be invisible to a rule-based system. KYC onboarding agents that gather, structure and assess client information far beyond what any manual process could achieve in comparable time.

The case for this model is compelling. The Bank Policy Institute's 2025 research found that compliance staff hours had increased 61% since 2016. Institutions are not short of people, they are short of people doing the right things. "Compliance isn't under-resourced," one speaker observed in a formulation that landed with the room. "It's misdeployed."

The Governance Imperative

But the appetite for efficiency must be matched by rigour in governance - and the summit was direct about where that rigour is currently weakest.

Three questions were posed to any institution considering agentic AI deployment. First: are your AML, fraud and sanctions functions sharing signals? Agents operating in isolation, trained only on one domain's data, will produce the same fragmented picture that human analysts working in silos produce today. The power of agentic AI is precisely in its ability to synthesise across domains, but only if the data flows are there to enable it.

Second: can your system explain its reasoning to a regulator in real time? The EU AI Act, AMLA's forthcoming guidance, and the established expectations of national supervisors all require transparency. A black box that produces good outcomes is not sufficient. Institutions must be able to demonstrate, retrospectively and prospectively, why a system flagged something and why it did not.

Third: is your system designed for always-on compliance? The risk environment changes continuously. New typologies emerge. Regulatory requirements shift. A system calibrated to the threats of today, left to run without active maintenance and challenge, will drift out of alignment with the threats of tomorrow. Several speakers drew an explicit parallel with adversarial testing in cybersecurity: the institutions that will fare best are those that probe their own systems as aggressively as criminals will.

That last point carries particular weight given the speed at which criminal actors are themselves adopting AI. Custom fraud toolkits targeting specific institutions are available on dark web forums for under $100. Fully automated scam pipelines handling the entire fraud lifecycle from first contact to fund transfer without human involvement, are already operational. The 4.5x profitability premium that AI confers on criminal operations is not a projection. It is a current reality.

The Human Remains in the Loop

None of this displaces the human analyst. The regulatory framework requires it; the nature of complex financial crime investigation demands it. But the role is changing and institutions that do not prepare their people for that change will find themselves with expensive AI systems and analysts ill-equipped to use them.

One practitioner offered a thought that captures the challenge precisely. Analysts who do not engage with AI will lose ground to those who do. But if junior analysts never develop foundational investigative skills, the institution will eventually have nobody capable of validating what the machine is doing. The development pipeline matters as much as the technology stack.

The consensus was that the transition, done well, frees experienced investigators for the work that genuinely requires human judgement: the ambiguous case, the novel typology, the decision that must be explained to a board or a regulator. The analyst becomes, in effect, a quality controller and a decision-maker rather than a data aggregator. For an industry that has long struggled to recruit and retain talent, that shift in the nature of the work may itself prove to be a competitive advantage.

This article is part of Transform Finance's coverage of the 4th Annual FinCrime Leaders Summit Europe, Amsterdam 2026.