Retour au blog
Réglementation 11 min

AI and Anti-Money Laundering: KYC, Transaction Monitoring and AMLA in 2026

In 2025, an estimated 4.4 trillion dollars of illicit funds flowed through the global financial system, growing 19.2% a year since 2023 (Nasdaq Verafin). Against that tide, legacy tooling is running out of breath: more than 95% of alerts generated by rules-based systems are false positives. Banks that switch to machine-learning detection reverse the balance of power: HSBC identifies 2 to 4 times more suspicious activity with over 60% fewer alerts. With AMLA ramping up in Frankfurt and the AMLR regulation applying from July 2027, here is what AI changes for anti-money laundering compliance, seen from Belgium.

Article generated by AI. Content written with the help of an artificial intelligence model and reviewed by a human before publication. The figures cited point to their sources, listed at the end of the article.

Money Laundering by the Numbers

$4.4T
Estimated illicit financial flows worldwide in 2025, up 19.2% a year since 2023 (Nasdaq Verafin)
×2-4
Additional suspicious activity detected by AI at HSBC, with over 60% fewer alerts (Google Cloud)
$3.1B
Penalties paid by TD Bank in 2024 for AML failures, including a record $1.3 billion to FinCEN

The order of magnitude has been known for a long time: according to the UNODC, 2 to 5% of global GDP is laundered every year, that is 800 billion to 2 trillion dollars. Recent estimates confirm the scale: Nasdaq Verafin's 2026 report puts illicit flows at $4.4 trillion in 2025, growing 19.2% a year since 2023, including $579.4 billion in fraud and scams. And the threat is tooling up: 90% of surveyed financial crime professionals report an increase in AI-driven attacks over the past two years.

On the other side, the regulatory arsenal is hardening. Banks, but also payment institutions, insurers, accounting firms, notaries and estate agents must detect and report suspicious transactions. The cost of failure is spelled out in the TD Bank case: in October 2024, the bank pleaded guilty to money laundering conspiracy in the United States and paid $3.1 billion in penalties. Between 2018 and April 2024, 92% of its transaction volume, roughly $18.3 trillion, went unmonitored.

The rules-based paradox

Legacy monitoring engines rely on fixed rules (amount thresholds, countries, frequency). The documented result: more than 95% of generated alerts are false positives at first review, and about 98% never culminate in a suspicious activity report. Entire teams spend their days closing useless alerts while the genuinely dangerous patterns, split and distributed, slip under the thresholds.

What AI Actually Changes

Machine learning does not replace compliance: it shifts the effort from alert review to value-added investigation. Four uses are mature today.

The 2026-2028 Framework: AMLR, AMLA, AI Act

The European calendar gives AML AI projects a precise horizon: the system you design in 2026 will be judged by the standards of 2027-2028.

AMLR: the single rulebook (10 July 2027)

Regulation (EU) 2024/1624 replaces the directive logic with a single, directly applicable rulebook: harmonised due diligence obligations across the 27 Member States, beneficial ownership transparency and an EU-wide cap of 10,000 euros on cash payments. National divergences largely disappear.

AMLA: the European supervisor

Operational in Frankfurt since 1 July 2025, the EU anti-money laundering authority will select around forty high-risk cross-border financial groups in 2027 and supervise them directly from 2028. For the others, it harmonises the practices of national supervisors, including Belgium's NBB.

EU AI Act: the fraud exemption

Annex III of the AI Act classifies credit scoring as high risk but explicitly exempts AI systems used to detect financial fraud. AML detection therefore escapes the high-risk regime in principle; GDPR, model governance and explainability still apply in full. Our sector-by-sector analysis of the EU AI Act details the timeline.

Belgium: CTIF-CFI under pressure

Belgium's financial intelligence unit received 91,487 reports in 2024, up from 79,211 in 2023, including nearly 42,000 from the payment institutions sector alone. It forwarded 1,347 new cases to the judicial authorities, worth 1.96 billion euros. The volumes speak for themselves: automation is needed on both the reporting and the authority side.

The Method: Move to AI Without Losing the Regulator

The risk is not moving to AI too fast, but moving without governance. Supervisors do not ban models: they demand to be able to audit them. Four steps structure a defensible migration.

1

Measure the existing system

False positive rate, cost per alert, conversion rate into reports, case backlog: without a quantified baseline, you cannot prove to the regulator that the new system performs better.

2

Hybridise before you replace

The low-risk first step: a prioritisation model that ranks the alerts produced by existing rules and hibernates the lowest-risk ones. Only then does scoring-based detection complement, and progressively replace, blocks of rules.

3

Document explainability

Full model governance: training data, performance per segment, per-alert explanations for investigators, bias testing, retraining procedure. That is the file the NBB or AMLA will want to see.

4

Close the loop with investigators

Every investigator decision (dismissal or report to the FIU) feeds back into the model. The step 1 indicators are tracked continuously and reported to the compliance committee.

The right reflex

Start with the alert queue, not the detection engine. A prioritisation model on top of existing alerts delivers a return on investment within months, without touching the declared regulatory baseline, and builds the foundations (data quality, governance, team trust) for full AI detection.

What It Changes for the Belgian Company

The subject reaches far beyond the big banks. The Belgian law of 18 September 2017 also covers payment institutions, insurers, accounting and trust firms, notaries, bailiffs, estate agents, diamond dealers and crypto-asset service providers. The explosion of reports from the payment sector (nearly 42,000 in 2024) shows where the volumes are shifting: towards players often smaller than banks, with lean compliance teams, for whom manually triaging alerts is simply no longer tenable.

Concretely: a Brussels payment institution can drastically shrink its alert queue with a prioritisation model on top of its current rules; a fiduciary can automate KYC collection and adverse media monitoring for its clients; a cross-border group is better off anticipating AMLA standards at design time than rebuilding its system in 2028. In every case, the logic matches what we describe in our article on AI in audit and continuous control: test 100% of transactions, and reserve humans for the cases that deserve them.

Frequently Asked Questions

Can AI replace transaction monitoring rules?

Not overnight. The dominant practice is hybrid: rules remain the documented regulatory baseline, while machine-learning models prioritise alerts and then detect patterns the rules cannot see. HSBC made AI its primary engine in its key markets, but with full model governance: documentation, explainability and human oversight.

What does the AMLR regulation change in 2027?

Regulation (EU) 2024/1624 applies from 10 July 2027. It introduces a single, directly applicable rulebook for the 27 Member States: harmonised due diligence obligations, beneficial ownership transparency and an EU-wide cap of 10,000 euros on cash payments.

What is AMLA?

The new European anti-money laundering authority, based in Frankfurt and operational since 1 July 2025. In 2027 it will select around forty high-risk cross-border institutions for direct supervision from 2028, and it harmonises national supervision, including that of the NBB and the CTIF-CFI in Belgium.

Is AI-based AML detection high risk under the EU AI Act?

Annex III classifies credit scoring as high risk but explicitly exempts AI systems used to detect financial fraud. AML detection therefore escapes that classification in principle. GDPR, supervisors' explainability expectations and model governance remain fully applicable.

Sources

  1. Nasdaq Verafin, 2026 Global Financial Crime Report, 11 March 2026 ($4.4 trillion in illicit flows in 2025; +19.2% a year since 2023; $579.4B in fraud and scams; 90% of professionals report more AI-driven attacks; 75% of institutions plan to increase AI use). ir.nasdaq.com
  2. UNODC, Money Laundering Overview (2 to 5% of global GDP laundered each year, that is $800 billion to $2 trillion). unodc.org
  3. Google Cloud, Google Cloud Launches AI-Powered Anti Money Laundering Product for Financial Institutions, 21 June 2023 (more than 95% false positives and about 98% never culminating in a SAR, per Reuters; HSBC: 2-4x more true positives measured in SARs filed, over 60% fewer alerts, processing from weeks to days). googlecloudpresscorner.com
  4. U.S. Department of Justice, United States of America v. TD Bank, N.A., October 2024 (guilty plea; about $3.1 billion in penalties including $1.3 billion to FinCEN; 92% of transaction volume unmonitored between 2018 and April 2024, roughly $18.3 trillion). justice.gov
  5. AMLA, AMLA takes major step in preparing for direct supervision, 2025-2026 (operational in Frankfurt since 1 July 2025; selection in 2027 of around 40 high-risk entities; direct supervision from 2028). amla.europa.eu
  6. Regulation (EU) 2024/1624 of 31 May 2024 (AMLR, single rulebook; applicable from 10 July 2027; 10,000 euro cap on cash payments). eur-lex.europa.eu
  7. CTIF-CFI, Annual activity report 2024 (91,487 reports received in 2024 versus 79,211 in 2023; nearly 42,000 reports from the payment sector; 1,347 new cases forwarded to the judicial authorities for 1.96 billion euros; 2.3 billion euros in total including supplementary reports). ctif-cfi.be
  8. Regulation (EU) 2024/1689 (EU AI Act), Annex III, point 5(b) (credit scoring high risk, except AI systems used to detect financial fraud). eur-lex.europa.eu

Is your AML system ready for 2027?

Molderez Consult helps banks, payment institutions and obliged professions in Belgium assess their AML system, prioritise AI use cases (alert triage, KYC, screening), frame model governance and prepare for the AMLR and AMLA deadlines.

Assess my system
Article generated by AI. Content written with the help of an artificial intelligence model and reviewed by a human before publication. The figures cited point to their sources, listed at the end of the article.
Partager