Beyond Speculation: Applying AI in Sanctions Compliance
-
2026年2月25日
-
Three years after ChatGPT burst into the public eye, the world is still trying to separate the hype from reality.1 During this time, speculation has often outpaced reality, from predictions of artificial general intelligence (“AGI”) to fears of widespread professional displacement. Three years on, AGI still feels distant and while large language models (“LLMs”) have certainly transformed the way many professionals work, the displacement of entire professions predicted by many has not yet materialised.
In the financial crime compliance space, we have spent the past three years hearing variations of the same questions: “Is AI the silver bullet for financial crime prevention?” and “Will AI replace compliance teams?”. AI is neither the magic solution for financial crime compliance nor a replacement of human expertise. Instead, it is an enhancer of processes and people. When used well, AI has the potential to make processes more efficient, scalable and consistent, freeing up professionals from repetitive tasks, so they can focus on the hard challenges that require nuanced judgement, accountability and contextual understanding that only humans can deliver.
Just as AI enhances the effectiveness of compliance teams, it will at the same time be exploited by criminals, making its adoption urgent. Moving away from speculation, where can AI be realistically and expertly applied today to strengthen sanctions compliance?
Gen AI in Payment Screening
One of the big challenges of payment screening is data quality. Take international payments transmitted over the SWIFT2 network as an example. SWIFT data can be messy. Even though MX messages (ISO 20022)3 are designed to be structured and machine-readable, in practice they often contain unstructured and inconsistent information. Free-text fields are commonly used for remittance details, customer references or narrative descriptions, and depending on how the counterparty enters the data, the quality can vary substantially. On top of that, optional or repeatable MX fields are used differently across organisations, which makes the data even harder to work with.
Traditional screening systems leverage fuzzy matching algorithms and entity resolution to identify potential matches. But poor data quality and ever-increasing regulatory pressure often leads to low screening thresholds, leading to high number of false positives that overwhelms teams and shifts focus away from high-risk and high-value activities.
Generative AI (“GenAI”) can interrupt this chain of poor data quality that leads to low quality alerts. Its strength lies in interpreting messy, unstructured inputs. When applied to payment data (such as SWIFT and SEPA4), GenAI can infer missing context, normalise inconsistent fields and produce structured representations that improve matching accuracy.
By adding this contextual layer, GenAI enables fewer false positives, higher-quality alerts, reduced reliance on low thresholds and more time spent on high-risk cases. The result is a more scalable, human-centred screening process that strengthens both efficiency and investigative quality.
Predictive AI
Not all AI is generative AI. Until the GenAI explosion, when people spoke about AI, most were referring to predictive AI. Predictive AI analyses historical data to forecast future events or behaviours. By identifying patterns, trends and correlations, it estimates the likelihood of outcomes such as fraudulent or suspicious transactions. Unlike generative AI, which creates new content, predictive AI focuses on anticipation and decision support, enabling proactive actions based on data-driven insights.
In financial crime, predictive AI is long established. Firms have used it for decades, with fraud prevention and Anti-Money-Laundering transaction monitoring prediction among the classic use cases. In sanctions compliance, however, adoption has been more limited. A key challenge is explainability, an area where some AI models fall short. Compliance teams must be able to explain why a customer, transaction or activity is, or is not, indicative of a sanctions breach.
This is where GenAI complements predictive AI. While GenAI outputs are not inherently explainable and may not perfectly reflect model logic or vary between runs, GenAI can still translate complex model outputs into clearer, more accessible explanations for compliance teams.
By pairing GenAI’s ability to generate contextual summaries with predictive AI’s statistical pattern recognition, institutions can create processes that are both more automated and easier to document. GenAI cannot make an opaque model explainable, the predictive model must already offer interpretable signals such as feature attributions, weights, similarity scores or rule-based paths. Instead, GenAI’s role is to turn these structured and explainable elements into clearer narratives, improving documentation and operational efficiency.
Practical, low-risk applications include automating alert-disposition documentation and supporting risk scoring of screening alerts. Predictive AI drives accuracy, while GenAI produces human-readable narratives that enhance clarity and defensibility required in sanctions compliance.
Example 1: Automating Alert Disposition
A predictive AI model can be trained on historical data to classify screening alerts based on patterns learned from past decisions. Building on this, GenAI can be integrated to link the decision to business rules, decision trees or regulatory expectations while reasoning through the context of each case. In this way, GenAI can document why an alert was dispositioned in a particular manner, bridging the explainability gap and providing the transparency and defensibility required.
Example 2: Risk Scoring
Not all alerts carry the same level of risk: some stem from data-quality issues or common false positives, while others require deeper investigation. Predictive AI models can be trained on historical alert data to assign risk scores, distinguishing high-risk alerts from those likely to be low-value.
GenAI again enhances this process by adding explainability and flexibility. While the predictive model generates the score, GenAI can produce clear, auditable rationales showing why an alert is classified as low, medium or high risk. The result is a scalable triage process that reduces alert fatigue, improves investigative focus and strengthens regulatory defensibility.
A key strength of predictive-AI-driven processes such as automated alert disposition and risk scoring is that they are not static. Unlike traditional rule-based systems, predictive models can be retrained on new data as patterns evolve. Automated retraining enables ongoing monitoring and validation, though adequate oversight remains essential to maintain model integrity and ensure outcomes align with expectations.
Over time, this allows models to improve accuracy and adjust to changing behaviours and business needs. Paired with GenAI, this dynamic capability is reinforced by contextual reasoning and explainability, ensuring the system not only evolves but also documents and justifies how decisions change, supporting oversight and maintaining a robust audit trail.
Agentic AI
Another promising use case is the integration of AI agents in the compliance stack. Unlike traditional predictive or generative AI, which analyse data or produce content when prompted, agentic AI acts with a degree of autonomy toward a defined goal. An AI agent can plan, make decisions and take actions in pursuit of specific objectives, combining reasoning, memory and tools to function more like a “agent” that performs tasks with minimal intervention while remaining governed by organisational rules and controls.
Although AI agents are still early in adoption, they are well suited to sanctions compliance. In a screening ecosystem where predictive AI has already scored alerts, an agent could route low-risk, high-confidence cases for automated disposition and determine how to handle the remaining alerts. Some may require additional enrichment, such as researching counterparties or identifying missing information, which the agent could perform by accessing internal systems or third-party data sources. Higher-risk or low-confidence alerts would be escalated to human investigators in line with the institution’s risk appetite.
The key advantage of such setups is adaptability. As patterns evolve, the system can be retrained, exceptions become clearer and both efficiency and accuracy improve over time.
Moving Forward with AI . . . But Responsibly
Because compliance is not a straight flowchart of decisions, its judgement is honed by years of experience and guided by the firm’s policies. Deploying AI requires strong governance. Human oversight, audit trails and well-defined guardrails are essential to ensure results are aligned with the firm’s intentions. AI will not eliminate the complexity of sanctions compliance, but it will increasingly shape how that complexity is managed. From interpreting messy payments data with GenAI, to scaling triage with predictive models or experimenting with agentic systems that take on workflow tasks, the trajectory is clear. Compliance will become more augmented by AI, but not necessarily less human. What suits one institution may not suit another. The type and scale of AI adoption must reflect each institution’s risk appetite, operating model and regulatory environment. To stay ahead, firms should adopt AI with urgency but also discipline, embedding strong governance, ensuring transparency and bringing in the rights teams an experts along the journey so expert judgement remains central.
Footnotes:
1: ChatGPT was first made publicly available by OpenAI on November 30, 2022 as a free research preview. “Introducing ChatGPT,” OpenAI (30 November, 2022)
2: The Society for Worldwide Interbank Financial Telecommunication (SWIFT) is a global messaging network that enables banks and financial institutions to securely exchange standardized payment instructions and transaction information across borders.
3: MX messages are XML-based financial messaging formats defined by the ISO 20022 standard, which SWIFT has adopted for structured communication between financial institutions.
4: The Single Euro Payments Area (“SEPA”) is a European payment system that standardises euro-denominated electronic payments across participating countries.
相关服务
发布于
2026年2月25日
主要联络人