In 2025, an estimated 4.4 trillion dollars of illicit funds flowed through the global financial system, growing 19.2% a year since 2023 (Nasdaq Verafin). Against that tide, legacy tooling is running out of breath: more than 95% of alerts generated by rules-based systems are false positives. Banks that switch to machine-learning detection reverse the balance of power: HSBC identifies 2 to 4 times more suspicious activity with over 60% fewer alerts. With AMLA ramping up in Frankfurt and the AMLR regulation applying from July 2027, here is what AI changes for anti-money laundering compliance, seen from Belgium.
The order of magnitude has been known for a long time: according to the UNODC, 2 to 5% of global GDP is laundered every year, that is 800 billion to 2 trillion dollars. Recent estimates confirm the scale: Nasdaq Verafin's 2026 report puts illicit flows at $4.4 trillion in 2025, growing 19.2% a year since 2023, including $579.4 billion in fraud and scams. And the threat is tooling up: 90% of surveyed financial crime professionals report an increase in AI-driven attacks over the past two years.
On the other side, the regulatory arsenal is hardening. Banks, but also payment institutions, insurers, accounting firms, notaries and estate agents must detect and report suspicious transactions. The cost of failure is spelled out in the TD Bank case: in October 2024, the bank pleaded guilty to money laundering conspiracy in the United States and paid $3.1 billion in penalties. Between 2018 and April 2024, 92% of its transaction volume, roughly $18.3 trillion, went unmonitored.
Legacy monitoring engines rely on fixed rules (amount thresholds, countries, frequency). The documented result: more than 95% of generated alerts are false positives at first review, and about 98% never culminate in a suspicious activity report. Entire teams spend their days closing useless alerts while the genuinely dangerous patterns, split and distributed, slip under the thresholds.
Machine learning does not replace compliance: it shifts the effort from alert review to value-added investigation. Four uses are mature today.
The European calendar gives AML AI projects a precise horizon: the system you design in 2026 will be judged by the standards of 2027-2028.
Regulation (EU) 2024/1624 replaces the directive logic with a single, directly applicable rulebook: harmonised due diligence obligations across the 27 Member States, beneficial ownership transparency and an EU-wide cap of 10,000 euros on cash payments. National divergences largely disappear.
Operational in Frankfurt since 1 July 2025, the EU anti-money laundering authority will select around forty high-risk cross-border financial groups in 2027 and supervise them directly from 2028. For the others, it harmonises the practices of national supervisors, including Belgium's NBB.
Annex III of the AI Act classifies credit scoring as high risk but explicitly exempts AI systems used to detect financial fraud. AML detection therefore escapes the high-risk regime in principle; GDPR, model governance and explainability still apply in full. Our sector-by-sector analysis of the EU AI Act details the timeline.
Belgium's financial intelligence unit received 91,487 reports in 2024, up from 79,211 in 2023, including nearly 42,000 from the payment institutions sector alone. It forwarded 1,347 new cases to the judicial authorities, worth 1.96 billion euros. The volumes speak for themselves: automation is needed on both the reporting and the authority side.
The risk is not moving to AI too fast, but moving without governance. Supervisors do not ban models: they demand to be able to audit them. Four steps structure a defensible migration.
False positive rate, cost per alert, conversion rate into reports, case backlog: without a quantified baseline, you cannot prove to the regulator that the new system performs better.
The low-risk first step: a prioritisation model that ranks the alerts produced by existing rules and hibernates the lowest-risk ones. Only then does scoring-based detection complement, and progressively replace, blocks of rules.
Full model governance: training data, performance per segment, per-alert explanations for investigators, bias testing, retraining procedure. That is the file the NBB or AMLA will want to see.
Every investigator decision (dismissal or report to the FIU) feeds back into the model. The step 1 indicators are tracked continuously and reported to the compliance committee.
Start with the alert queue, not the detection engine. A prioritisation model on top of existing alerts delivers a return on investment within months, without touching the declared regulatory baseline, and builds the foundations (data quality, governance, team trust) for full AI detection.
The subject reaches far beyond the big banks. The Belgian law of 18 September 2017 also covers payment institutions, insurers, accounting and trust firms, notaries, bailiffs, estate agents, diamond dealers and crypto-asset service providers. The explosion of reports from the payment sector (nearly 42,000 in 2024) shows where the volumes are shifting: towards players often smaller than banks, with lean compliance teams, for whom manually triaging alerts is simply no longer tenable.
Concretely: a Brussels payment institution can drastically shrink its alert queue with a prioritisation model on top of its current rules; a fiduciary can automate KYC collection and adverse media monitoring for its clients; a cross-border group is better off anticipating AMLA standards at design time than rebuilding its system in 2028. In every case, the logic matches what we describe in our article on AI in audit and continuous control: test 100% of transactions, and reserve humans for the cases that deserve them.
Not overnight. The dominant practice is hybrid: rules remain the documented regulatory baseline, while machine-learning models prioritise alerts and then detect patterns the rules cannot see. HSBC made AI its primary engine in its key markets, but with full model governance: documentation, explainability and human oversight.
Regulation (EU) 2024/1624 applies from 10 July 2027. It introduces a single, directly applicable rulebook for the 27 Member States: harmonised due diligence obligations, beneficial ownership transparency and an EU-wide cap of 10,000 euros on cash payments.
The new European anti-money laundering authority, based in Frankfurt and operational since 1 July 2025. In 2027 it will select around forty high-risk cross-border institutions for direct supervision from 2028, and it harmonises national supervision, including that of the NBB and the CTIF-CFI in Belgium.
Annex III classifies credit scoring as high risk but explicitly exempts AI systems used to detect financial fraud. AML detection therefore escapes that classification in principle. GDPR, supervisors' explainability expectations and model governance remain fully applicable.
Molderez Consult helps banks, payment institutions and obliged professions in Belgium assess their AML system, prioritise AI use cases (alert triage, KYC, screening), frame model governance and prepare for the AMLR and AMLA deadlines.
Assess my system