‘The bots don’t always get it right’: Compliance officer sounds warning on automated AML

As criminals adopt increasingly sophisticated means to move money across borders, businesses are left grappling with the sheer complexity of compliance.

Writing on the evolving regulatory and technological landscape, Elise Ann Mifsud, Financial Crime Compliance Supervision Officer at the Financial Intelligence Analysis Unit (FIAU), provided a timely overview of the challenges businesses face in anti-money laundering (AML) and countering the financing of terrorism (CFT) – and what they can do about it.

“In a globalised world where money has no borders, an evolving regulatory landscape, and emerging technologies which always seem to move the goalpost, navigating regulatory obligations can present its challenges,” she said.

One major concern, she explained, is the growing reliance on advanced technologies such as Artificial Intelligence (AI) and Machine Learning (ML). These tools hold significant promise in automating tasks and identifying suspicious behaviour – yet, they’re still maturing. “The bots don’t always get it right,” Ms Mifsud warned, noting the lengthy calibration and adaptation periods required, as well as the need for highly specialised skills to manage such systems responsibly.

The rise of cryptocurrencies and decentralised finance (DeFi) only adds further complexity, she noted, especially as businesses must now deal with cyber risks and growing data volumes. “Siloed data across departments makes processes harder to conduct, limiting access and creating risks of inconsistent data which impacts risk assessments and regulatory reporting.”

Amid this increasingly data-heavy environment, the Business Risk Assessment (BRA) becomes a critical tool. However, Ms Mifsud emphasised that its usefulness depends entirely on execution. “When a BRA is done correctly, it can give the business a clear picture of the degree of risk the business is experiencing,” she said. Done poorly, it offers a “false sense of security.”

Key to this, she explained, is the use of robust, quantitative data – ensuring it’s both representative and regularly tested against emerging typologies (patterns or methods that criminals commonly use to launder money or finance terrorism, helping businesses recognise and detect suspicious activity.) She encouraged businesses to ask themselves: Does the BRA consider new typologies? Where does the business stand compared to the rest of the sector?

Ms Mifsud also highlighted the value of the Risk-Based Approach (RBA), which helps businesses allocate their limited resources more effectively. “Resources are finite, so it’s important to use them wisely,” she said. “The RBA also encourages a proactive approach to identify and address potential risks before they materialise, rather than just reacting when they occur.”

Other areas covered included the importance of a strong compliance culture, effective customer due diligence, and sound data governance. She also encouraged ongoing collaboration with regulators, such as through the AML/CFT clinics and support offered by the FIAU, and underscored the importance of keeping internal frameworks up to date.

Ultimately, Ms Mifsud’s message was clear: In an environment where technology, regulation, and criminal tactics are constantly evolving, only those businesses that remain informed, adaptive and risk-conscious will succeed in meeting their compliance obligations.