AML Fatigue: Has Compliance Lost Sight of Criminal Purpose?

When the Financial Action Task Force (FATF) published its original forty Recommendations in 1990, the objective was unambiguous: to deny criminals the ability to launder the proceeds of drug trafficking through the international financial system. Over the three decades that followed, this mandate expanded to encompass terrorist financing, proliferation finance, corruption, tax evasion and a widening catalogue of predicate offences. Successive rounds of mutual evaluations, new directives, enhanced due diligence requirements and ever more granular reporting obligations have produced what is now one of the most extensive regulatory architectures in global finance.

Yet for all its weight, the system remains strikingly poor at achieving its stated aim. The United Nations Office on Drugs and Crime (UNODC) estimates that between two and five per cent of global GDP is laundered annually. That figure has remained largely unchanged for over a decade. The question is no longer whether the framework is comprehensive enough. It is whether its sheer volume has become part of the problem.

Regulatory accumulation has outpaced regulatory coherence

The scale of the modern anti-money laundering (AML) apparatus is difficult to overstate. In the European Union alone, six successive Anti-Money Laundering Directives have been enacted since 1991, each layering new obligations on top of existing ones. The establishment of the EU Anti-Money Laundering Authority (AMLA), confirmed in 2024, represents the latest institutional addition to a structure that already encompasses national financial intelligence units, sector-specific supervisors and supranational standard-setting bodies.

Domestically, firms must navigate the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLRs), which have been amended multiple times since their introduction, alongside the Proceeds of Crime Act 2002, the Terrorism Act 2000, and a growing body of Financial Conduct Authority (FCA) guidance, thematic reviews and enforcement notices. Across the Atlantic, the US Anti-Money Laundering Act of 2020 and the Corporate Transparency Act have added further layers overseen by the Financial Crimes Enforcement Network (FinCEN), the Office of Foreign Assets Control (OFAC) and a patchwork of state-level regulators. The regulatory estate is vast. Its coherence is not.

The cumulative effect is not merely complexity. It is fatigue. Compliance teams, particularly in mid-sized institutions, report spending the vast majority of their time managing procedure rather than analysing risk. A 2023 survey by LexisNexis Risk Solutions found that global financial institutions spent an estimated $274 billion annually on financial crime compliance. The rate of illicit funds successfully intercepted remains vanishingly small. The investment is enormous. The return, by any honest accounting, is not.

Audit comfort has replaced operational intent

At the heart of this dysfunction lies a structural misalignment between what regulators measure and what the AML regime was created to achieve. Supervisory examinations, whether conducted by the FCA, the European Banking Authority (EBA) or FinCEN, overwhelmingly focus on the existence and documentation of controls: whether customer due diligence has been performed, whether screening has been conducted, whether policies have been updated. What they far less frequently assess is whether those controls have identified, prevented or disrupted actual money laundering. The distinction matters.

A compliance function can maintain impeccable records, pass every supervisory review and still fail to detect a single instance of illicit finance flowing through the institution it serves. Under the prevailing model, that firm is compliant. Whether it is effective is a question the model rarely asks. Risk appetite statements gather dust in board packs. Policies are updated on schedule but tested against scenarios that bear little resemblance to how criminals actually operate.

The FATF itself acknowledged this tension in its 2023 report on the effectiveness of AML systems, noting that technical compliance with the Recommendations does not necessarily translate into meaningful outcomes. The gap between procedural rigour and practical impact has become one of the defining weaknesses of the global regime.

Defensive filing has overwhelmed the intelligence model

Nowhere is this gap more visible than in suspicious activity reporting (SARs). The original concept was sound: financial institutions, as gatekeepers, would flag transactions inconsistent with a customer’s known profile and report them for analysis and, where appropriate, investigation. In practice, the system has buckled under its own weight. In the US, FinCEN received over 4.6 million SARs in 2023 alone. Domestically, the National Crime Agency’s (NCA) UK Financial Intelligence Unit processed over 900,000 in the 2022–23 reporting year. These are not signs of vigilance. They are signs of a system in distress.

The incentive structures are well understood. Filing carries minimal cost; failing to file carries significant regulatory and reputational risk. The rational response is to over-report. The Wolfsberg Group has repeatedly argued for a more targeted approach, and with good reason. When intelligence units are buried under reports that far exceed their analytical capacity, the genuinely suspicious is diluted rather than detected. The institution is protected. The financial system is not.

Technology scales the model it is given

The industry’s answer to compliance overload has been investment in technology: automated screening, transaction monitoring, artificial intelligence and machine learning designed to reduce alert noise and improve detection rates. The promise is seductive. Firms will do more with less. Efficiency will close the gap between obligation and outcome.

The reality is more instructive. Technology applied to a flawed model does not correct the model. It scales it. Transaction monitoring calibrated against arbitrary numerical triggers will continue to generate noise until those rules reflect how criminals actually move money. Alert volumes rise, investigation queues lengthen, and the compliance function devotes ever more resource to processing ever less meaningful output. The machinery accelerates, but the destination does not change.

The EBA noted in its 2023 opinion on innovative solutions for AML and counter-terrorist financing (CTF) that technology’s value depends on the quality of the underlying risk models and the willingness of firms to move beyond tick-box compliance. Artificial intelligence deployed without a clear understanding of the behaviours it is intended to detect risks becoming another layer of sophisticated but misdirected infrastructure. Automation is not a defence. It is only as effective as the assumptions it encodes.

Proportionality informed by intelligence is no longer theoretical

The alternative is not deregulation. No serious participant in this debate argues that AML obligations should be reduced or that the threat of financial crime has diminished. The argument is for recalibration: directing the greatest scrutiny toward the areas of highest risk, informed by law enforcement intelligence, typology analysis and a genuine understanding of how illicit finance operates in practice. It means abandoning the pretence that every customer, every transaction and every jurisdiction warrants the same mechanistic treatment regardless of the actual threat presented.

Several jurisdictions have begun to move in this direction. The Monetary Authority of Singapore (MAS) has actively encouraged financial institutions to adopt more sophisticated, data-driven approaches to risk assessment, moving beyond formulaic compliance toward genuine risk understanding. The Netherlands has experimented with public-private partnerships through the Transaction Monitoring Netherlands (TMNL) initiative, enabling participating banks to share transaction data to identify cross-institutional laundering patterns.

The FATF’s own strategic priorities for 2024–28 emphasise effectiveness over technical compliance and call for greater focus on outcomes: asset recovery, criminal prosecution and the dismantling of professional laundering networks. The direction of travel is clear. The pace is not.

Firms must ask whether their controls detect or merely document

For compliance leaders, the practical question is not whether to comply but how to comply with greater precision. What firms can do is interrogate the rationale behind each control. Is a particular screening threshold informed by typology analysis, or inherited from a vendor default? Does the firm’s SAR practice reflect genuine suspicion, or a reflex to file defensively? Are customer risk ratings calibrated against current threat indicators, or against broad-brush categorisations that have not been revisited in years? These are not comfortable questions. They are necessary ones.

The firms that will emerge strongest from this period are those building compliance functions around evidence of impact: monitoring scenarios that reflect known laundering methodologies, risk assessments that draw on current intelligence, and governance structures that treat financial crime prevention as an operational discipline rather than an administrative exercise. That standard is demanding. It is also increasingly the standard that regulators and enforcement agencies apply.

The measure of a regime is not its weight but its effect

Three decades of regulatory expansion have produced a framework of extraordinary breadth but questionable depth. Compliance fatigue is not a symptom of insufficient regulation. It is a symptom of regulation that has lost its connection to criminal reality.

The challenge now is not to legislate further but to restore the intelligence and intentionality that the system was always meant to embody. If the global AML regime is to retain credibility, it must be judged not by the volume of its activity but by the quality of its results. Until then, the paradox endures: an architecture designed to fight financial crime that has become, in too many instances, a burden borne primarily by those it was meant to protect.

Is your AML framework designed to satisfy regulators, or to disrupt criminals?

At OpusDatum, we work with firms seeking to move beyond process-oriented compliance toward frameworks that deliver genuine criminal disruption. Our advisory services support the recalibration of AML controls around risk intelligence, operational realism and regulatory effectiveness, ensuring that compliance functions serve their intended purpose.

If you are ready to recalibrate your compliance approach around intelligence-led proportionality, contact us to discuss how we can support your firm.