The AML maturity curve: Navigating the path to agentic excellence

Financial institutions, ranging from established banks to newer FinTechs, consistently face regulatory and commercial pressure to enhance their anti-money laundering and countering the financing of terrorism (AML/CFT) compliance frameworks. However, this technology transformation is not always straightforward. It requires an understanding of both your current capabilities and how to continually improve the sophistication of your AML solutions, moving from manual processes to automated, intelligence-driven systems. 

The concept of a ‘compliance maturity curve’ was discussed at our 2025 Future of Payments Summit, an event that explored the critical role of compliance in the payments revolution, by Patrick Craig (EMEIA Financial Crime Technology Lead at EY) and Andrew Davies (Global Head of FCC Strategy at ComplyAdvantage). 

This article explores some of their insights, highlighting the technological and strategic shifts necessary for transforming compliance into a driver of business growth. 

What is the AML compliance maturity curve?

The compliance maturity curve is a way of understanding the different stages of organizations’ compliance capabilities, consisting of: 

1. Manual approaches using legacy tools, with an overreliance on spreadsheets, a lack of data curation, and a reactive approach to compliance. 
2. Partial automation using multiple tools and data sources and custom integrations for a slight shift away from purely manual processes, but an overall poor performance level. 
3. Automation in silos, characterized by a degree of sophistication but without holistic integration. This stage may include vertically integrated case management, an API-centric workflow, entity resolution, and configurable screening and monitoring sessions. 
4. AI-enabled automation, which typically involves AI-enabled real-time data ingestion, AI-powered matching algorithms, and dynamic risk scoring. At this stage, firms have started to capitalize on AI’s potential, but have not yet moved ahead of the market. 
5. Agentic intelligence, which adds features like agentic case remediation and behavioral anomaly detection to create a truly risk-based platform based around advanced automation. 
6. Agentic excellence, involving full-stack automation across data gathering, analysis, and decision-making, consortium sharing via feedback loops, and behavioral risk assessments. The closer firms get to this stage, the greater the benefits across revenue generation, cost-efficiency, and regulatory risk management. 

For industry leaders, the objective is to maintain a state of continuous improvement and transformation driven by a desire to mitigate risk more effectively, enhance customer experience, and control the cost of compliance.

How can firms transition away from manual compliance?

The most significant step firms can take in their AML technology transformation is the transition from manual, labor-intensive systems to solutions driven by integrated AI and unified data. 

Common triggers for AML modernization

Several common factors can lead organizations to seek upgrades to their AML solutions, including: 

• Regulatory reviews and audits: Direct feedback or even penalties from regulators are a strong short-term incentive for change, while effective internal or external processes will uncover weaknesses in AML controls and the need for modernization.
• Escalating costs: Manual processes lead to significant operational overhead and threaten to overwhelm compliance teams with false positives. Advanced automated systems can significantly improve operational efficiency and reduce the cost of compliance. 
• Slow business growth: Slow onboarding procedures and compliance checks can frustrate customers and impede business growth, leading to commercial pressure to seek higher-performing solutions.
• Executive directives: Promoting awareness at the board level about the strategic importance of effective financial crime prevention and its impact on reputation and business growth is often an effective strategy to secure buy-in for modernization. Investment in AML technology is a business imperative that requires alignment across the organization. 

Key principles for AML tech upgrades 

While each organization’s upgrade process will look different depending on business structures and requirements, you should use a few essential principles to guide your transition to a more advanced AML compliance setup:

• Move from siloed to unified data: Transitioning from fragmented data sources and siloed systems to a more unified view of customer risk enables you to maximize the value of both internal and external data assets.
• Swap rules-based for risk-based systems: Evolving from rigid, rules-based systems that often generate high false positives to more adaptive, intelligence-driven frameworks enables you to make more precise and targeted decisions.
• Strengthen governance: Integrate technology and compliance oversight to ensure a coherent and robust compliance framework, underpinning a data-driven, explainable approach to compliance. 
• Measure outcomes: Crucially, you should measure the effectiveness of new tech solutions against your expected outcomes, including by tracking key performance indicators (KPIs) such as reduced false positive alerts and remediation times, or improved customer acquisition rates. 

The benefits for firms can be profound: greater productivity, enhanced risk detection and prevention, and a significantly improved customer experience.

The State of Financial Crime 2026

Be among the first to receive our latest annual report, based on a survey of over 600 global compliance leaders and packed with expert insights.

Sign up now

What are the technologies driving next-level performance? 

As firms develop the sophistication of their AML systems, specific technologies and data strategies become essential for unlocking higher levels of performance and truly scalable AML compliance, such as: 

• Advanced analytics: Applying AI and machine learning at all stages of the risk management lifecycle, from screening and onboarding to transaction monitoring and investigations, helps you move beyond traditional rules to identify complex patterns and reduce false positives.
• Agentic AI: Autonomous AI systems that can work towards goals independently of human oversight represent a significant leap from earlier forms of automation. AI agents excel in tasks such as alert triaging and case summarization, allowing low-risk alerts to be remediated automatically and freeing human experts for more complex decision-making.
• Entity and network analytics: Graph analytics is crucial for linking disparate or disconnected views of data and information. By establishing a comprehensive network of entities and their relationships, institutions can identify hidden risks and gain a deeper understanding of broader criminal networks. 
• Straight-through processing and cloud-native architectures: Moving from batch-based operations to real-time responses is vital given the speed at which financial crime operates. Modern architectures, such as API-first designs and cloud infrastructure, enable rapid responses to new risks and improved scalability.
• Data dashboards: Measuring and analyzing your compliance performance using key KPIs and analytics enables you to continuously improve your team’s productivity with actionable insights and identify areas for future improvement. 

You need to know how well you’re doing to be able to improve, and to continue to see that you’re improving. Having access to data and being able to report on it and look at things like alert-to-case-to-SAR ratios is a super interesting point that you can get.

Andrew Davies, Global Head of FCC Strategy, ComplyAdvantage

Modernization myths and the importance of progressive renovation

The idea of a compliance maturity curve fundamentally runs counter to a misconception about upgrading compliance systems: that modernization means a sudden and comprehensive replacement of existing tools and frameworks. An approach centered on progressive renovation rather than ‘big bang’ replacements is actually a more effective and realistic prospect for most businesses. This modular approach involves: 

• Augmentation and improvement: Building on established capabilities by augmenting them with newer technologies allows firms to demonstrate quick wins and build an appetite for further investment.
• Targeted pilots: Focusing on known pain points and introducing technologies that directly address these and can be scaled later. Examples include automating alert triage, streamlining case closure workflows, or integrating new data pipelines via APIs.
• Vendor roadmaps and innovation: Actively engaging with vendors, providing feedback on evolving needs, and being open to new technology capabilities from RegTech innovators is essential, given the rapid rate of change in the market.
• Holistic change management: Transformation is fundamentally about technology, but it also extends beyond this to include policy adjustments and organizational restructuring, ensuring the successful adoption and effective use of new tools.

Establishing a transformation pathway to continually improve your ability to prevent, detect, and investigate financial crime should be part and parcel of every organization as they think about their compliance transformation journey.

Patrick Craig, EMEIA Financial Crime Technology Lead, EY

This continuous improvement cycle is vital – not only because the financial services landscape is only becoming more competitive, but also because criminal threats are constantly evolving.

Firms towards the top end of the compliance maturity curve view compliance in a similar way to product development, which means continuously committing resources to compliance capabilities, promoting continuous innovation based on evolving technological and regulatory landscapes, and ensuring strategic alignment on the importance of compliance across the business. Adopting this mindset is crucial in helping firms to stay ahead of the market. 

Upgrade with advanced AI capabilities on ComplyAdvantage Mesh

By embracing strategic modernization, leveraging advanced technologies like agentic AI, and building a culture of continuous optimization, FIs can achieve effective, scalable compliance. ComplyAdvantage Mesh is a modular, SaaS-based risk platform that helps you achieve full-stack automation, with applications including: 

• Customer Screening: Manage risks across sanctions, watchlists, political exposure, and adverse media with real-time data and enhanced by in-house financial crime expertise. Customer Screening on Mesh lets you tailor your procedures for full alignment with your risk and growth targets and gives you complete control over your data. 
• Ongoing Monitoring: Continuously manage risk across the entire customer lifecycle with automated, ongoing monitoring. Our platform monitors over 500 million customers annually, reflecting new information and changes to risk statuses in real-time. 
• Transaction Monitoring: Stay ahead of the ever-changing financial crime landscape by automatically analyzing transactions for patterns that indicate suspicious behavior. It helps financial institutions worldwide manage their risks with unmatched adaptability, streamlined workflows, and scalability to billions of transactions. 
• Agentic auto-remediation: Our dedicated case remediation agent is embedded directly within Mesh, acting as a tireless first line of defense. It reviews profiles, remediates low-risk alerts and false positives, and escalates more complex cases to human analysts for further review and analysis.