Innovation with Intention: Including Emerging Technologies in BSA/AML Policies

By: Timothy Stokes, CRCM, Managing Director

Financial institutions are operating in an environment where technological development is occurring at an unprecedented rate. The combination of advanced criminal tactics and increasing regulatory support for responsible innovation is creating a challenging and interestingly dichotomous BSA/AML environment. Despite this, many BSA/AML policies fail to recognize and incorporate the potential and risks of artificial intelligence (AI), machine learning, automation, and other new or emerging technologies.

It is easy for us as compliance professionals to focus on the current requirements of our programs without contemplating their future potential. The practice of considering innovation and incorporating its implications in our operations is changing from optional to essential.

AI and Emerging Technologies in BSA/AML

Use of AI and its practical application in ensuring financial crimes compliance is no longer science fiction, it’s science fact. We are already seeing use of AI proliferate in transaction monitoring, customer due diligence, sanctions screening and name matching, and new typology discovery. Traditional rules-based systems may miss complex patterns that AI could pick up. The manual collection of data associated with CDD/EDD can be focused through the use of machine learning to identify higher risk customers and activity. Advanced algorithms in new technologies can improve accuracy and reduce false positives often associated with screening and name matching. Most importantly, AI has shown an ability to identify new fraud and money laundering patterns.

While these emerging technologies are proving more valuable than manual processes alone, they are not without their challenges. Governance gaps, bias, hallucination, and explainability concerns are associated with their use, and it is critical that financial institutions remember AI should only complement human oversight and not replace it.

Why Policies Should Explicitly Address Emerging Technology

The first pillar of the BSA requires a system of policies and internal controls, which are the backbone of a strong BSA/AML Compliance Program. Policies definitively state the institution’s position on compliance requirements, establish roles and responsibilities, and ensure effective management of risks.  However, policies have historically stopped short of explicitly addressing emerging technologies and can put institutions at risk of insufficient oversight and accountability, inconsistent adoption across the organization, and missed opportunities for enhancement and efficiency.

It would serve institutions well to consider embedding a policy requirement for the routine assessment of emerging technologies. For example, consider a policy statement like:

The BSA/AML/CFT Officer or their designee will assess emerging technologies for potential applicability to enhance program efficiency and effectiveness at least annually. Such technologies may include AI, machine learning, data analytics, or automation.

This straightforward statement provides a powerful message that the institution acknowledges the current technological environment, takes innovation seriously while maintaining a focus on effective risk management.

Steps for Implementation

This relatively simple addition can yield several benefits. Institutions should plan to update their policies and incorporate the following elements:

  • Policy Statements that explicitly acknowledge leveraging emerging technologies to enhance program effectiveness;
  • Documented Evaluations of new technologies or vendors and how they may be incorporated into the institution’s existing third-party risk management processes;
  • Governance Checkpoints with stakeholders to ensure cross-functional reviews and proper oversight, transparency, and accountability where potential use of AI or other new technologies may be appropriate;
  • Periodic Updates that make the evaluation of emerging technologies a routine, documented activity and not a one-time initiative; and
  • Training staff to ensure an understanding of the capabilities and limitations of new technologies.

It is important to remember that acknowledgement of controls associated with the use of AI and emerging technologies must remain top of mind for institutions. This acknowledgement should be memorialized in policies as well to demonstrate to regulators a solid understanding of both the benefits and risks of technology.

Regulatory Perspective

We are seeing regulators be increasingly supportive of responsible innovation. FinCEN’s BSA modernization initiative, regulatory offices of financial technology, the FDIC’s Tech Sprints, and the OCC’s guidance on responsible innovation are indicators to the industry that regulators understand how technology is reshaping our industry. Regulators understand that the rapid growth of technology and increased use of AI and machine learning are all but inevitable. As long as effective risk management and responsible use of these technological capabilities are maintained, the industry will likely be permitted (maybe encouraged) to consider and adopt technology driven solutions.

When an institution’s BSA/AML/CFT Compliance Program includes the consideration, use, and management of emerging technologies, it shows a proactive rather than reactive approach in a rapidly evolving environment.

Looking Ahead

While we tend to view policies as stable and for the most part unchanging, technological advancements have created the need for us to consider them more dynamic now than in the past. Integrating emerging technologies and AI implications into BSA/AML Policies demonstrates adaptability and resilience. It also prepares institutions to mitigate future risks, embrace opportunities, and meet regulatory expectations.

Creating sound policy statements, ensuring ongoing evaluations, involving appropriate stakeholders, and proactively evaluating technology moves the needle towards strategic and innovative-driven risk management. The future of BSA/AML is not only about detecting today’s threats, but also about preparing for the unknown challenges of tomorrow.

ABOUT THE AUTHOR

Tim Stokes is a Managing Director at Asurity Advisors with nearly 25 years of experience in the financial services industry. He has extensive knowledge and expertise in both anti-money laundering and consumer protection financial laws and regulations. He has served in roles as Bank Secrecy Act (BSA) Officer at institutions of varying sizes and was a Senior Outreach Specialist and Regulatory Liaison with the Financial Crimes Enforcement Network (FinCEN). Tim works with clients on all facets of their BSA/AML/CFT programs, including risk assessments, program builds and optimization, KYC/CDD/EDD programs, and training. Tim holds a B.S. in Organizational Psychology and is a Certified Regulatory Compliance Manager.

If you would like more information please, provide your email address

Related Insights

FinCEN’s SAR FAQ Update: Clarity, Common Sense, and Compliance Reform
By Timothy Stokes, CRCM, Managing Director Recently, FinCEN published another piece of guidance for the industry outlining substantial updates to […]
Read more
Summer of Servicemembers: Recapping DOJ’s SCRA Activity
By Ryan Labriola, Senior Manager Over the course of this past summer, the United States Department of Justice (DOJ) pursued […]
Read more
Debanking: A Compliance Tightrope
By Lynn Woosley, Managing Director, Asurity Advisors On August 7, 2025, President Trump issued Executive Order 14331, “Guaranteeing Fair Banking […]
Read more