In 2026, the line between fraud and AML is getting harder to separate, and that is changing what regulators expect. Banks and fintechs are operating in a more connected threat environment, where bad actors move quickly across faster payments, digital onboarding, AI-enabled tactics, and linked channels. Traditional controls are struggling to keep up. The scale of the challenge is hard to ignore: industry research estimates global illicit financial activity reached $4.4 trillion in 2025, while global fraud losses climbed to $579.4 billion.

In early April 2026, FinCEN issued a proposed rule aimed at strengthening Anti-Money Laundering (AML) and Countering the Financing of Terrorism (CFT) programs across regulated institutions. This proposal reflects an effort to modernize AML/CFT compliance frameworks and better align them with the evolving threat environment. Most importantly, the proposal reinforces that compliance is not a static procedural obligation, but a dynamic, risk-informed function that must mature alongside the institution’s business model, risk profile, and external threat landscape.

For financial institutions, that raises a simple question: is the program built for the risk environment we have now, or the one we had a few years ago?

• Speed has changed the risk equation. Instant and near-real-time payments leave institutions with far less time to detect and stop fraud and laundering activity, raising both financial loss and regulatory exposure.
• Fraud and AML risks are converging. Many significant AML issues now begin as fraud, often involving mule networks, account takeover, synthetic identities, or cross-border movement of illicit funds. Institutions that still manage fraud and AML separately risk missing the full pattern and understating exposure.
• Legacy monitoring models are under pressure. Rules-based and batch-driven systems struggle to keep pace with modern typologies, driving high false positives while still missing sophisticated activity. That increases pressure to modernize detection and triage.
• Regulators expect evolution, not explanations. Supervisors increasingly expect institutions to show how their financial crime programs are adapting to emerging threats, especially in payments, fintech partnerships, and technology-enabled services. That direction is reinforced by FinCEN’s proposed AML/CFT program rule, which would further emphasize effective, risk-based, and reasonably designed programs aligned to an institution’s risk profile and broader AML/CFT priorities.
• AI is becoming unavoidable, but not ungoverned. Advanced analytics and AI are becoming core capabilities in financial crime programs, but innovation without governance will not withstand scrutiny. The market is moving from AI that supports investigators to AI that can orchestrate parts of the workflow. FIS, in partnership with Anthropic, has announced a Financial Crimes AI Agent designed to compress AML alert and case investigations by assembling evidence across systems, evaluating activity against typologies, and surfacing higher-risk cases for investigator review. Just as important, FIS frames the deployment model as governed: client data remains within FIS-controlled infrastructure, and agent decisions are traceable and auditable. The direction is clear for AML: faster triage, more structured investigations, and more automated documentation, with stronger expectations for oversight, validation, security, and auditability from the start.

The institutions getting ahead are not the ones chasing every new buzzword. They are making a few important moves early: connecting fraud and AML, modernizing monitoring for more speed and complexity, and putting real governance around analytics and AI as these tools move from supporting investigators to shaping parts of the financial crime workflow. More and more, the regulatory question is not whether institutions are innovating. It is whether that innovation is controlled, traceable, and defensible.

So, what are examiners actually looking for?

This is where the conversation gets more practical. In an exam, the question is rarely whether a program exists on paper. It is whether an institution can show that its controls, governance, and decision-making are keeping pace with how financial crime risk is changing, including where AI and advanced analytics are starting to influence alert triage, investigations, and case management.

A few of the areas where that tends to show up:

• Risk assessments that reflect today’s threat landscape
  Risk assessments should be updated, well‑supported, and explicitly address emerging risks such as faster payments, mule networks, synthetic identity fraud, fintech partnerships, and technology‑enabled crime. That expectation also aligns with FinCEN’s proposed AML/CFT program rule, which would further emphasize effective, risk-based, and reasonably designed programs grounded in the institution’s risk profile.
• Evidence of integrated financial crime oversight
  Examiners are paying closer attention to whether fraud, AML, sanctions, and cyber risk insights are shared across teams, or remain siloed in ways that obscure end‑to‑end risk.
• Monitoring programs aligned to product and payment risk
  Institutions should demonstrate that transaction monitoring and fraud controls are tailored to payment speed, customer type, delivery channel, and geographic exposure, rather than relying on static or legacy models.
• Governance over models, advanced analytics, and emerging agentic AI use cases
  Where AI or advanced analytics are used, examiners expect clear documentation of governance, validation, explainability, human oversight, and ongoing performance monitoring. As institutions begin exploring more agentic use cases in AML such as evidence gathering, typology evaluation, alert prioritization, and draft case documentation, they should also be able to explain what the technology is allowed to do, what it is not allowed to do, how investigator review is built in, and how every action, recommendation, and data source is logged for audit and regulatory purposes. The key issue is not fully autonomous compliance decisioning, but whether these tools operate as governed, traceable, and controlled execution inside regulated workflows.
• Clear documentation and defensible decision‑making
  Policies, procedures, tuning decisions, alert thresholds, and risk acceptance rationales should be well-documented and traceable to the institution’s risk profile. That expectation becomes even more important where AI or agentic capabilities are involved, since institutions may need to explain not only the outcome of a decision, but also the data inputs, logic, human review points, and controls surrounding the workflow.

That leads to the bigger question: if your institution had to explain and defend decisions related to tuning, thresholds, escalations, model outputs, or AI-enabled actions tomorrow, could it do so clearly and consistently as products, partners, and payment rails continue to evolve?

How Eliassen Group Can Help

This is where Eliassen Group works with banks and fintechs every day. We help institutions strengthen financial crime programs for the environment they are operating in now, where fraud and AML risks are converging, payment speed is compressing response times, and AI is beginning to reshape alert triage, investigations, and documentation. The goal is not modernization for its own sake. It is building capabilities that are governed, practical, and exam-defensible in ways that support a more effective, risk-based program.

Financial Crime & Compliance Frameworks aligned to your products, payment rails, fintech partnerships, and evolving AI strategy, so governance keeps pace as you scale.

Integrated Oversight across fraud, AML, sanctions, and cyber, breaking down silos, sharpening escalation, and improving end-to-end decisioning.

Monitoring Modernization for fraud and transaction monitoring tuned to faster payments and current typologies, improving detection while reducing false positives.

Targeted Training on evolving typologies (mule networks, synthetic identity, account takeover) and practical examiner expectations.

Exam Readiness & Governance Support including documentation, tuning rationale, remediation, and support for AI/model governance, validation, explainability, and controlled deployment of emerging agentic capabilities.

Author

Miguel Garcia

Senior Manager, Risk & Compliance Solutions

MGarcia@eliassen.com

Miguel Garcia | LinkedIn