Something we said? Don’t leave just yet!

For more information about latest events, news and insights, leave us your email address below.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form
Dismiss

Rethinking compliance in a cashless society

As real-time payments go mainstream, compliance must evolve fast. Explore why legacy systems fall short – and what’s needed to thrive in a cashless world.

Gordon Friedrich
May 2, 2025

At this year’s Smarter Faster Payments conference in New Orleans, I joined Benjamin Alexander from Column Bank and Michael Joseph from Napier AI to explore a deceptively simple question:

Can compliance keep pace with an increasingly cashless world?

The challenge isn’t new, but the urgency is growing. Financial institutions are adapting to the shift toward a cashless economy – where physical currency is replaced by digital wallets, mobile payments, and real-time settlement. As a result, compliance teams are having to adapt fast.

Many institutions have tried to meet these demands by layering on middleware, introducing data abstractions, or building fragmented technical workarounds. But these often result in a bloated tech stack, i.e., systems that are inflexible, siloed, and poorly suited to evolving risk profiles.

In the transition to a digital payments ecosystem, end-users expect speed, convenience, and 24/7 availability. Meanwhile, regulators are raising the bar, demanding more transparency for sanctions compliance, transaction monitoring, and customer due diligence. As the global shift toward cashless societies accelerates, and as instant payments become the default expectation, the compliance function must evolve – not incrementally, but fundamentally.

Real-time payments aren’t just faster – they’re fundamentally different

Unlike traditional payment rails, real-time transactions offer space for review or remediation. The window for intervention is compressed to milliseconds. OFAC’s Sanctions Compliance Guidance for Instant Payment Systems and the EU’s evolving Instant Payments Regulation (IPR) both reinforce this. Although the OFAC guidance suggests both name and payment screening for sanctions compliance, the IPR from the European Commission directs what it refers to as ‘Simplified Sanctions Screening’ and specifically mandates a shift away from screening individual payments, and places the emphasis on pre-transaction name screening. But both the US guidance and EU mandate for a risk-based approach to financial crime compliance that’s tailored to the speed and scope of real-time money movement.

Financial institutions across the US and beyond are expected to build controls that reflect their individual risk landscape, including: jurisdictional exposure, customer behavior, product mix, and volume.

How can financial institutions best achieve compliance for instant payments?

There’s a growing gap between how regulators talk about innovation and how they support it in practice. Terms like “risk-based,” “intelligent,” and “innovative” now appear routinely in compliance guidance, but the operational path to implement them remains blurry. Practitioners aren’t just interpreting rules, they're being forced to build entirely new frameworks that make those rules real-time, explainable, and scalable.

To stay ahead, institutions need capabilities that go beyond compliance checklists and instead enable continuous, context-aware decision-making:

· Real-time transaction monitoring that can flag anomalous behavior instantly, without interrupting the flow of legitimate payments.
· Dynamic risk scoring that adapts based on behavioral patterns, geographies, counterparties, and emerging typologies—rather than relying on static thresholds.
· Entity resolution and network analytics to uncover indirect relationships, such as those relevant to OFAC’s 50% rule or EU ownership controls.
· Explainable AI models, which allow compliance teams to understand and justify decisions—essential for audits, regulatory scrutiny, and internal confidence.
· Automated screening against sanctions, PEP, and adverse media lists—capable of handling volume without inflating false positives.
· Integrated data infrastructure that brings together third-party risk data, internal transaction data, and structured customer profiles in a single view.

Most importantly, these capabilities must be aligned with a financial institution’s specific risk exposure and business model. AI that’s misaligned with regulatory expectations or internal controls can create more risk, not less.

The most forward-thinking financial institutions are now experimenting with regulatory sandboxes, exploring the use of large language models for deep research tasks, and investing in tooling that can minimize “hallucinations” while maximizing transparency.

Before adopting any AI or machine learning system, institutions should perform a maturity and readiness assessment. This includes understanding the regulatory environment, mapping internal data flows, and defining clear business objectives. Innovation can only succeed when it’s tied to both operational relevance and regulatory resilience.

In short, waiting for clarity from regulators on instant payments isn’t a viable strategy. In an increasingly cashless society with instant payments, innovation must be proactive, tested, and measurable from day one.

Photo by Denny Müller on Unsplash

By clicking “Accept All Cookies”, you agree to the storing of cookies on your device to enhance site navigation, analyse site usage, and assist in our marketing efforts. View our Privacy Policy for more information.