Regulators around the world have been ramping up their investigative efforts into how some of the world’s major banks are handling financial crime risks. What’s striking isn’t just the institutions involved. It’s also the signals that these regulatory efforts are sending regarding the direction of anti-financial crime (AFC) compliance expectations. Financial institutions should heed these signals and prepare for heightened scrutiny of the anti-financial crime programs, including their Bank Secrecy Act (BSA), anti-money laundering (AML), counter-terrorism financing (CFT) and sanctions compliance programs.

Regulatory concerns aren’t just about failures in transaction monitoring or delays in filing suspicious activity reports. Regulators are taking a more thorough approach and asking banking and other financial institutions to consider deeper, foundational questions: Did you really know your customer (KYC)? Did you appropriately act on red flags? Was your governance strong enough to challenge high-risk business decisions in a timely and effective manner? This article will explore regulatory developments, changes in the banking compliance landscape and strategies to consider.

Recent Regulatory Trends and Findings

Some recent investigative efforts have included scrutinizing financial activities with allegations of evasive practices and potentially illicit activities, leading investigators to examine whether these practices led to wide-scale fraud and money laundering. In addition, financial institutions have faced penalties for inadequate disclosure of financial crime risks in their investment communications.

Other ongoing investigations in the financial sector include scrutinizing client evaluation and onboarding processes, particularly related to digital and wealth management businesses, as well as legacy client relationships tied to cross-border fund movements. Several other financial institutions with historical exposure to sanctioned regions and complex offshore structures are also undergoing regulatory examination with respect to legacy exposures. These examinations are evaluating their ongoing compliance posture and remediation effectiveness in light of ongoing geopolitical risk.

The cases underscore the growing regulatory focus on whether red flags were missed or ignored, how internal concerns were addressed and transparency to investors regarding the effectiveness of AFC. These aren’t just concerns about procedural compliance failures; they’re also concerns about governance breakdowns.

Behind each investigative probe is a bigger story, e.g., clients weren’t risk-rated properly, front-line staff weren’t empowered or informed enough to escalate, and control functions couldn’t challenge fast-moving business decisions. In some cases, red flags were raised and buried.

The future of compliance will depend less on policies and more on governance framework, including the credibility of a firm’s culture and internal challenge functions.

Where Compliance Is Potentially Headed

Here are four emerging themes that firms should consider acting on now:

1. Substance Over Structure
   Regulators want more than a documented framework. They want to see how your systems actually respond in real time. Are your risk models adaptive? Do your front-line teams really own the risk, or are they just deferring to compliance? Static controls won’t survive dynamic risk.
   
   
2. Historic Risk Is Still Risk
   Just because a client hasn’t triggered alerts in several years doesn’t mean that your organization is safe. As legacy files are reexamined, expect more scrutiny over dormant accounts, incomplete documentation and historical onboarding that didn’t meet today’s standards.
   
   
3. Cross-Functional Accountability
   The age of siloed compliance is over. Successful programs integrate AML, sanctions, fraud and similar risks into one coherent framework, including a framework that is well supported by credible audit functions and real-time data governance.
   
   
4. Artificial Intelligence With Oversight
   AI can help detect complex financial crime patterns and improve efficiency in monitoring, but it’s not a silver bullet. Financial institutions must enable the explainability of AI models and make sure they’re subject to appropriate model governance and human oversight. AI models must avoid bias and compliance blind spots. Financial institutions should not have overreliance on AI tools and need to have suitable AI governance so that the underlying data and compliance controls are not compromised.

How Forvis Mazars Can Help

At Forvis Mazars, we’ve supported clients as they reviewed and overhauled their AFC systems; remediated examination, audit and investigative findings; and prepared for compliance program examinations and reviews. We can assist financial institutions with:

• Independent reviews of high-risk customer populations and risk-scoring methodologies.
• Control testing and validation of suspicious activity escalation procedures.
• Rapid response staffing to support onboarding, alert clearance or exam prep.
• Strategic alignment across compliance, risk, legal and the front office.
• Data remediation and governance across platforms, vendors and partners.
• Vendor selection, including AI and other technology partnerships to streamline compliance.

AFC investigations and examinations aren’t just about what’s gone wrong — they’re about what’s expected next. Financial institutions that take a proactive, transparent and data-driven approach to compliance are more likely to withstand scrutiny and earn the trust of regulators, clients and investors.