A recent study by ThetaRay, a global leader in Cognitive AI financial crime compliance, highlights the impending structural failure of Europe’s anti-money laundering (AML) framework, asserting that financial institutions will be unable to meet evolving supervisory expectations without adopting advanced AI-driven monitoring and customer screening systems.

The report, titled “Next-Generation AML Solutions: An Analysis of AI-Based Tools vis-à-vis the Reform of the European AML Institutional and Substantive Architecture,” provides an examination of how the EU’s comprehensive AML reform package and the Artificial Intelligence Act will reshape compliance across the region. Co-authored by Prof. Andrea Minto, an authority on EU financial regulation at Ca’ Foscari University of Venice and the University of Stavanger, and Yaron Hazan, ThetaRay’s Vice President of Regulatory Affairs and an advisory board member at the AI APAC Institute, the study combines academic insight with supervisory and operational expertise.

Despite increasing budgets and stricter enforcement, the report finds that Europe’s AML framework continues to underperform. The Financial Action Task Force (FATF) indicates that 97% of 120 assessed countries show only low to moderate effectiveness in preventing money laundering and terrorist financing. Financial Intelligence Units (FIUs) across Europe report low intelligence yields; for instance, the Netherlands identified less than 3.5% of 3.48 million 2024 reports as suspicious, while France’s Tracfin reported only approximately 5% of Suspicious Activity Reports (SARs) as actionable. Germany’s FIU data shows that only 15% of SARs are investigated by law enforcement, with 95% of forwarded cases not resulting in prosecution. One operational risk study noted that rules-based detection scenarios generated reporting in just 2% of cases.

According to the study, the global AML system suffers from persistent structural inefficiencies, high false-positive rates, and poor conversion from alerts to meaningful intelligence. This is attributed to legacy rule-based systems that produce low-quality alerts, operate with siloed architectures, and lack the cross-border visibility necessary to detect modern networked financial crime.

“The data is clear: Europe’s AML system is no longer keeping pace with financial complexity,” stated Yaron Hazan, Vice President of Regulatory Affairs at ThetaRay. “For years, institutions have been trapped in a cycle of rule tuning, manual investigations, and defensive reporting, without materially improving outcomes. Under the new regulatory regime, failing to adopt AI will become a compliance vulnerability.”

The report emphasizes that the EU’s two major regulatory initiatives, the AML Package and the AI Act, collectively represent a significant shift in AML expectations. The AML Package strengthens due diligence obligations, expands governance requirements, and establishes a new EU-level Anti-Money Laundering Authority (AMLA), aiming to harmonize obligations across Member States. Concurrently, the AI Act classifies transaction monitoring and sanctions screening as “high-risk” uses of AI, imposing stringent requirements on transparency, human oversight, data governance, and model lifecycle management.

The authors also identify heightened vulnerabilities in correspondent banking and crypto-asset flows, where traditional rule engines often struggle to detect hidden network behavior across complex cross-border transaction chains. Furthermore, the study points to growing friction between the AML Regulation (AMLR) and GDPR data processing constraints, cautioning that institutions could face overlapping regulatory and legal risks without clearer guidance.

“Europe’s new AML framework fundamentally raises the standard for what effective compliance means,” commented Andrea Minto, Professor of Law and Regulation of Financial Markets at Ca’ Foscari University of Venice and the University of Stavanger. “The AML Package and the AI Act make clear that the integration of AI into customer due diligence and AML monitoring is inevitable. Financial institutions must now prepare for a world in which technological capability and legal obligation are inseparable.”

The report concludes by advocating for a fundamental shift from volume-driven alerting to intelligence-led detection. It emphasizes the need for hybrid human-AI oversight, robust data governance aligned with the AI Act, transparent and explainable models, and integrated customer and transaction screening workflows.

ThetaRay specializes in Cognitive AI for financial crime compliance, offering SaaS solutions designed to enable financial institutions to accurately identify legitimate customers while flagging illicit actors. These solutions aim to overcome the limitations of traditional rule-based systems by shortening implementation lifecycles and facilitating efficient, risk-aware compliance operations. ThetaRay’s technology is implemented at financial institutions including Santander, Clear Bank, Mashreq Bank, Payoneer, Onafriq, and Travelex, assisting organizations in combating evolving threats, maintaining regulator relationships, and enhancing customer experiences.