.svg)
The Napier AI / AML Index 2025-2026 outlines the impact of sanctions inflation on the total cost of compliance, with an average global increase of 5%. But major financial hubs bear the brunt of this, with the cost of compliance outpacing the growth rate of money laundering losses, even in markets that reported reduced losses to illicit finance.
Country
France
Money laundering growth rate: 3%
Cost of compliance growth rate: 8%
Germany
Money laundering growth rate: 4%
Cost of compliance growth rate: 8%
United Kingdom
Money laundering growth rate: 8%
Cost of compliance growth rate: 15%
United States
Money laundering growth rate: 6%
Cost of compliance growth rate: 12%
Singapore
Money laundering growth rate: 4%
Cost of compliance growth rate: 9%
Australia
Money laundering growth rate: 3%
Cost of compliance growth rate: 9%
United Arab Emirates
Money laundering growth rate: 0%
Cost of compliance growth rate: 8%
Saudi Arabia
Money laundering growth rate: -3%
Cost of compliance growth rate 9%
So what’s driving the rising cost of compliance?
1. Sanctions inflation and acceleration
The increase in sanctioned entities is well documented, but it is not just the sheer volume that poses a challenge, it is also the velocity of those changes. Unlike in anti money-laundering transaction monitoring, where regulators often offer consultation periods with financial institutions to determine the optimum approach for legislative updates, sanctions lists are updated daily, often multiple times per day.
And the speed of the list updates is just one component of the challenge. Increasingly digitised government and financial services has made it easier of organisations register changes to beneficial ownership.
In the financial year ending (FYE) March 2024, the UK business registrar Companies House accepted 14.3 million total filings, with 13.1 million submitted digitally. These filings include changes to named directors and corporate structure, and it is within these changes that nefarious actors hide.
2. Screening for PEPs and RCAs
The biggest challenge is not just looking for name matching hits against sanctions lists, but for the names of those entities and individuals that contradict the financial institutions risk based assessment.
Politically Exposed Persons (PEPs) or Relatively Close Associates (RCAs) are more complicated to identify than those explicitly designated on sanctions watchlists. The use of augmented lists or internal whitelists support a conservative risk-appetite approach to screening risk, but it can create risk exposure in other ways. Applying a UK-centric configuration to name and payments screening in all jurisdictions can lead to litigation when it prevents transactions in regions where those entities or assets are not sanctioned. A blanket approach is bad for business and ineffective in truly tackling financial crime.
3. High risk jurisdictions
As geo-political tensions shift, conflicts emerge, or peace is achieved, sanctions may be lifted on markets and regulatory instruments designed to encourage rebuilding and reinvestment. When a conflict ends, a major next step is for financial institutions to repatriate funds, facilitate reparations payments, or process the transactions for rebuilding and reconstructions – all critical components of a peace plan. This is even more challenging for markets without robust data to inform a risk based assessment. For example, Syria has not been ranked on the Basel AML Index since 2012 because no mutual evaluation could be performed. Without quantifiable data, these regions often remain on internal blacklists due to lack of necessary insights to evaluate them against the risk appetite of the financial institution.
But the challenge for banks, insurers, and asset managers is the lingering risk of the previous regime and any continuing sanctions. Allowing legitimate funds to pass to those conducting the good work, without allowing members of former regimes to gain access to their frozen assets requires extremely detailed and precise screening across a wider dataset. The individuals in question may not be named on watchlists, but would be considered sanctioned under the restrictions on their previous political affiliation.
4. Regulatory variance
Many financial institutions will be subject to multiple regulatory regimes due to the nature of their clients’ businesses and international payment flows. While some markets are pursuing a reduction in regulatory complexity - such as the United States – others are amping up their penalties for AML failings, with the regulators in the European Union issuing record fines in over the last year. Key components of AML and CFT rules include the varying definitions of control. Regulation 4 of the UK's Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017, includes the requirement for a risk-based approach and proportionate controls, but evidencing proportionate controls is not an explicitly defined process.
Appropriate applications for AI
When tackling these sanctions screening challenges, artificial intelligence (AI) can support improving accuracy and operational efficiency.
- Secondary scoring: AI can be used to alongside name-matching algorithms to enable auto-discounting further reducing false positives.
- Regulatory research: AI can be used to summarise prohibitions by regimes, find the nuances between jurisdictions, generating research reports very efficiently to support a risk based approach. However, the outputs need validating by expert humans.
- Edge cases: the most complex name and payment screening cases require AI to analyse disparate data points against evolving underlying risk by segments and product lines.
- Rule writing: automated rule recommendations based on analyst behaviour analysis around alert discounting can write suggested new rules or offer updated configurations to reduce repeated false positives and making FTEs more effective in identifying real risk.
- Intelligence sharing: improved data sharing between financial institutions could facilitate stronger defences against financial crime schemes, but regulatory controls make this challenge. AI can generate synthetic data from masked, shared data upon which to train models and improve outcomes.
