Spend enough time in the sessions from the 6th Annual FinCrime Leaders Summit, London, and a pattern begins to emerge. The same themes surface repeatedly, often from different angles, sometimes using different language, but pointing in a broadly consistent direction. Fraud is being pushed further upstream. Financial crime is increasingly organised in ways that make individual events appear benign. Artificial intelligence is accelerating activity on both sides. Identity, once treated as a relatively stable anchor, is proving far less reliable over time.

None of this lands as particularly surprising. The people in the room are already working within these constraints.

What becomes harder to pin down is what follows from that shared understanding. There is a sense that the industry has moved past identifying the problem, yet has not fully settled on how to respond to it. The conversations carry that tension. Agreement on the direction of change does not translate into clarity on execution.

An operating model that no longer quite fits

Much of the friction traces back to how financial crime functions have been built. Risk is expected to present itself in ways that can be assessed at specific points. Transactions are evaluated individually. Identity is established at onboarding, then revisited at intervals. Controls are positioned to respond once activity crosses a defined threshold.

Those ideas still hold, up to a point. The difficulty is that the environment around them has shifted.

Criminal activity does not respect those boundaries. It moves across systems, accounts, and jurisdictions, often deliberately structured so that each individual element looks ordinary. What matters sits in the connections between those elements, and those connections are not always visible in time.

This leads to a form of delayed clarity. Institutions can see what has happened, sometimes with a high degree of confidence, but only once enough pieces have come together. By then, the opportunity to intervene in a meaningful way has often narrowed.

The issue is less about whether controls exist, and more about whether the surrounding structure allows those controls to operate at the right moment.

The difficulty of intervening early

There is a clear pull towards acting earlier in the lifecycle of financial crime. Preventing an event carries a different weight to responding after it has taken place. That much is widely accepted.

Where the discussion becomes less settled is at the point where theory meets practice.

Early indicators of risk rarely present themselves cleanly. They emerge as small shifts in behaviour, fragments of information that may or may not connect. The context is incomplete. The signal is there, but it does not carry the same level of certainty as a confirmed event.

Deciding what to do at that stage introduces a different kind of risk. Intervening too quickly can create friction where none was necessary, with consequences for customer experience and trust. Waiting for stronger confirmation reduces that risk, but also reduces the value of intervention.

This is not a purely technical problem. It sits at the intersection of judgement, tolerance, and accountability. The discussions reflected that. There is recognition that earlier action is necessary, alongside an unease about how far that can be taken without creating new issues.

Speed reshaping the problem

Artificial intelligence runs through much of this, though often indirectly. The focus is less on individual capabilities and more on how quickly those capabilities can be deployed.

Techniques that once required time and resource can now be repeated, adapted, and scaled with very little delay. Approaches evolve faster. Feedback loops tighten. What works is reinforced quickly, what fails is adjusted just as quickly.

That changes the shape of the problem.

Controls that depend on relatively stable patterns begin to fall behind when those patterns shift continuously. The gap between emerging risk and institutional response becomes more visible. The question shifts towards whether systems can keep pace with the speed at which activity is changing.

Where the gap now sits

By the end of the event, the contours of the challenge are reasonably well defined. There is no shortage of awareness. The direction of travel is understood. The limitations of existing approaches are openly discussed.

What remains less developed is how those insights come together into a coherent response.

Different parts of the system continue to operate on slightly different assumptions. Data exists, though it is not always connected in ways that support timely decisions. Identity is recognised as central, yet still often handled as a discrete process. Fraud, AML, and KYC increasingly overlap in practice, while remaining partially separated in structure.

The distance between understanding and execution has become more visible. That distance is where much of the current tension sits.