Keeping humans in the loop: What AI can't do in financial crime compliance

AI is changing the nature of compliance work. Routine activity like alert triage, manual data entry, and even building transaction monitoring rules is increasingly handled by AI, which frees capacity for the work that genuinely needs human judgment. But that shift raises a harder question. If junior professionals no longer build their skills through routine work, how do they develop the judgment they will need for the cases AI can’t handle? And as oversight requirements tighten, the compliance officer’s role is moving from user of the software to supervisor of it: someone who knows when to trust the output and when to override it.

In the closing session of The Future of Compliance Europe, our Executive Director of Financial Crime Compliance Strategy, Iain Armstrong, was joined by Haim Levi, who leads financial crime business architecture and transformation at Deloitte, Kelly Cliffe, Senior Financial Crime Manager/Deputy MLRO at AJ Bell, and Rebecca Robinson, Chief Risk and Compliance Officer at Tenora. 

Drawing on that discussion, this article looks at what AI can’t do, and what that means for how compliance teams hire, train, and oversee in an AI-augmented world.

The gap between expectation and execution

Appetite for agentic AI is near universal, but adoption is not. In ComplyAdvantage’s 2026 State of Financial Crime survey, 100% of respondents expect to see benefits from agentic or predictive AI, yet only around a third are currently using agentic AI for customer screening. That gap is less a technology problem than a people one, starting with a proficiency gap: firms are still hiring and training for entry-level roles that AI is already reshaping.

Understanding lags adoption, too. The Bank of England and FCA found that 75% of UK firms were already using AI, but only 34% fully understood the systems they relied on, with 46% reporting only partial understanding. Add regulatory uncertainty, legacy systems, and the cultural shift of new ways of working, and the hesitation starts to make sense.

“A lot of why firms can see the benefit of agentic AI but haven’t started using it comes down to a lack of understanding, and we have a duty to upskill the people coming into the industry.”

Rebecca Robinson, Chief Risk and Compliance Officer at Tenora 

What AI can’t do: Judgment and accountability

Regulators across the EU and UK, from BaFin to the EU AI Act, have long insisted that AI systems carry human oversight by design, to guard against bias and to keep decisions explainable. That principle is not going away, and it points to a real change in the job. The compliance professional becomes less an operator of software and more a supervisor of it, applying a structured skepticism to its output. That is harder than it sounds, especially as systems improve, because it is difficult to stay skeptical of a tool that is usually right. And the judgment experienced professionals bring to complex cases, the pattern recognition and the instinct for when something does not add up, was largely built through years of the routine work AI is now absorbing.

“AI is there to increase our efficiency, but it can’t take any of the accountability. We are still accountable, so we have to keep that human in the loop and that oversight.”

Kelly Cliffe, Senior Financial Crime Manager/Deputy MLRO at AJ Bell

That is why oversight and governance become more important as automation grows, not less.

When AI works against you

AI does not only sit on the compliance side of the table. The same tools that make customer due diligence and know your customer (KYC) checks more efficient can be turned against it. Criminals have always been quick to adopt new technology, and they are not the only ones: customers now have easy access to tools that can produce convincing documentation on demand, and a model checking that evidence has no instinct for whether it rings true. 

“AI can make collecting KYC much more efficient, but it can also be used against you. A client can now mock up a document they couldn’t have before with ChatGPT, just to tick a box.”

Rebecca Robinson, Chief Risk and Compliance Officer at Tenora

That raises the value of human judgment rather than lowering it, and it may push firms toward more direct verification, including on-site checks where they rely on a customer’s own controls.

Training for the role compliance is becoming

If the routine work is changing, so must the way firms train for it. The traditional apprenticeship path, where judgment was built through repetition, needs rethinking. A few principles stand out: teach people why they are doing the work, not just how, so they can question and challenge the tools later; use real examples of AI getting things wrong, because polished, confident output is easy to take at face value; and treat AI literacy as something to assess at the hiring stage rather than bolt on afterward. There is an irony worth noting. The people getting the most from these tools today are often the most senior, precisely because they have the domain expertise to tell when the output is wrong.

“No one feels they are accomplishing something good if they spend their entire day closing false positives. These technologies have the promise to make the role the thing most of us got into it wanting it to be.”

Iain Armstrong, Executive Director of Financial Crime Compliance Strategy at ComplyAdvantage

Handled well, this is a more demanding version of the compliance role, but a more interesting one. The work that remains is the work that does not fit a pattern: the difficult cases, the judgment calls, the conversations with the business. For many people, that is closer to why they joined the profession in the first place.