Thought LEADERSHIP · ACAMS Frankfurt 2025
Insights from ACAMS Frankfurt and a strategic analysis of where financial crime prevention must go next, from data abundance to actionable intelligence.
Walking the floor at ACAMS Frankfurt this May, one theme surfaced repeatedly in conversations between compliance officers, investigators, payment risk leads, and technology executives: the traditional model of managing financial crime, one discipline, one team, one system at a time, is no longer fit for the threat landscape we are operating in.
This is not a warning about a future disruption. It is a description of what is happening now. Financial crime has already converged. The question facing every institution is whether its operating model, technology architecture, and team structures have kept pace.
|
$3.1T Estimated annual value of money laundered globally (UNODC) |
~95% Of AML alerts estimated to be false positives at many institutions |
68% Of fraud cases now involve a cyber-enabled or digital asset element |
01, THE Convergence Reality
For decades, financial institutions have managed compliance through discrete functions: an AML team running transaction monitoring, a fraud team managing authorised push payment losses, a cybersecurity team responding to incidents, and an investigations unit working cases in near isolation. Each function had its own data, its own tools, its own KPIs, and, crucially ,its own blind spots.
Organised criminal networks have learned to exploit exactly those blind spots. Consider what a modern mule account network looks like today: it begins with a phishing campaign orchestrated by a cybercriminal group, moves through a layering structure that spans multiple jurisdictions and correspondent banking relationships, often touches digital asset conversion, and concludes with proceeds being integrated through legitimate-looking trade transactions. At which point in that chain does it become
At which point in that chain does it become an 'AML problem' rather than a 'fraud problem' or a 'cyber problem'?
Sanctions evasion has followed the same pattern. What was once a relatively straightforward screening exercise has become a multidimensional challenge involving shell company networks, beneficial ownership obscuration, use of digital assets to circumvent payment rails, and front companies with seemingly legitimate counterparts. The OFAC SDN list is necessary but nowhere near sufficient. Effective sanctions compliance today requires network intelligence, not just name matching.
The convergence is regulatory, too. The EU's AMLR and AMLD6, the Financial Action Task Force's updated recommendations, and the evolving guidance from the EBA and national competent authorities all point in the same direction: integrated financial crime risk management, not siloed compliance programmes.
02 ,The Intelligence Gap
A common misconception is that institutions lack data. In practice, the opposite is true. Most tier-one and tier-two banks are sitting on extraordinary volumes of transaction records, KYC documentation, behavioural history, network relationship data, and operational event logs. The challenge is not collection, it is conversion.
|
Where intelligence breaks down ,what teams tell us |
|
Fragmented systems: AML monitoring platforms, fraud detection engines, and case management tools that do not share entity resolution or risk context, meaning the same suspicious actor can be active in all three without anyone seeing the full picture. |
|
False positive overload: Alert queues so saturated that genuine signals are buried in noise. Analysts burn investigation capacity triaging alerts that should never have been generated. |
|
Disconnected investigations: Cases opened in isolation, without access to adjacent intelligence, prior SARs, network links, cross-border correspondent relationships, that would transform a single suspicious transaction into a pattern of organised criminal activity. |
|
Lack of contextual risk visibility: Risk scores calculated on individual events rather than on the full behavioural and network context of an entity, leading to both over-alerting on legitimate customers and under-alerting on sophisticated actors. |
What institutions need, and what regulators are increasingly expecting, is an intelligence layer that connects systems, disciplines, and data sources to transform raw transactional data into contextual, actionable, operationally useful risk insight. This is not a single product. It is an architectural and organisational capability.
The practical implication for compliance, payments, and risk teams is significant. Rather than adding more alert volumes or deploying yet another point solution, the investment priority must shift toward entity resolution, unified data architecture, and the enrichment of existing data assets with contextual intelligence.
The acceleration of SEPA Instant payments, the transition to ISO 20022-rich data environments, and the emergence of new forms of digital money, including stablecoins, are fundamentally compressing intervention and investigation windows. Financial institutions are increasingly required to make contextual compliance and risk decisions in real time, across increasingly complex and interconnected payment ecosystems. This structural shift makes the intelligence gap not just an operational inconvenience, but an acute vulnerability.
03, NEXT-Generation Prevention
What does the next-generation financial crime operating model actually look like in practice? Conversations at ACAMS Frankfurt revealed a consistent set of capability investments that institutions across Europe and the Middle East are either deploying or actively evaluating.
|
Behavioural analytics Moving beyond static rules to dynamic, entity-level behavioural baselines. Detecting deviation from expected patterns rather than matching against fixed thresholds. |
Network intelligence Mapping relationships between entities ,accounts, counterparties, beneficial owners, IP addresses ,to surface hidden connections between apparently unrelated transactions. |
|
Entity resolution Resolving the same real-world actor across multiple identities, accounts, and systems ,critical for understanding true exposure to a customer, counterpart, or network. |
AI-assisted investigations Augmenting analyst capacity with AI tools that surface relevant context, suggest next investigative steps, and accelerate case resolution without replacing human judgment. |
|
Real-time risk orchestration Integrating compliance decisions directly into payment flows, screening, scoring, and routing in milliseconds across Swift, ISO 20022, and instant payment rails. |
Trusted data sharing Participating in privacy-preserving intelligence networks that allow institutions to identify shared threat actors without exposing customer data, a model gaining regulatory support across the EU and GCC. |
Consider a scenario that illustrates the point: a mid-sized European bank recently connected its correspondent banking transaction data with its KYC entity graph and applied network analytics to identify that three apparently unrelated business customers shared the same beneficial owner across different jurisdictions. None of the three customers had individually triggered any AML threshold. Together, they represented the layering phase of a documented trade-based money laundering scheme. No single siloed tool would have surfaced this. Entity resolution did.
04, THE Eastnets Perspective
Eastnets has operated at the intersection of financial messaging, payment compliance, and financial crime prevention for more than three decades. That positioning, embedded deeply within global financial messaging infrastructure and the cross-border payment networks that underpin international trade and correspondent banking, gives a particular vantage point on where the pressure points lie and where unified capability makes a measurable difference.
The institutions that have made the most progress in building integrated financial crime operating models share certain characteristics. They have moved away from treating compliance as a cost centre defined by alert volumes, toward a model where risk intelligence informs operational decisions in real time. They have connected their screening, monitoring, and investigation workflows so that context flows between them. And they have begun to think about financial crime prevention not as a set of regulatory obligations to meet, but as a competitive capability, one that protects revenue, reduces operational cost, and strengthens correspondent relationships.
The capabilities that support this transition are not theoretical. Across sanctions screening and AML transaction monitoring, through to payment compliance on SWIFT and ISO 20022 messaging flows, to fraud prevention and AI-enabled case management, the enabling infrastructure exists and is deployable within realistic timelines. What has historically been missing is the unifying layer that allows screening, monitoring, investigation, and network intelligence to operate as a coherent function rather than as adjacent silos.
For institutions operating across the GCC, Europe, and Africa, where cross-border payment volumes, correspondent relationships, and the pace of regulatory change are all accelerating simultaneously, the ability to manage compliance holistically, with end-to-end visibility across payment flows and entity relationships, is no longer an aspiration. It is an operational necessity.
05, STRATEGIC Outlook
|
AI Augmentation Analyst intelligence, not analyst replacement The most effective deployments of AI in financial crime prevention enhance investigator judgment- surfacing context, suggesting connections, accelerating triage - rather than automating decisions that carry significant legal and reputational consequences. |
Organisational Design Convergence of compliance and investigations Leading institutions are beginning to structurally merge financial crime intelligence functions, bringing AML, fraud, and sanctions teams under unified leadership with shared tooling, shared data, and shared escalation protocols. |
|
Data Strategy From data lakes to intelligence ecosystems The value of data is not in its volume but in its connectivity. Institutions investing in entity resolution, data enrichment, and intelligence-layer architecture will have a structural advantage as financial crime complexity increases. |
Public-Private Collaboration Intelligence flows between institutions and authorities Regulatory frameworks such as the UK's JMLIT model, the EU's AMLA framework, and emerging Gulf collaboration platforms are creating conditions for meaningful threat intelligence exchange, shifting from reactive reporting to proactive disruption. |
The compliance officer, risk director, or chief operations officer reading this faces a genuine strategic inflection point. The cost of continuing to manage financial crime through fragmented, siloed systems is rising, in regulatory exposure, in operational inefficiency, and in the very real risk of being the institution through which organised crime moves because its detection architecture has gaps that sophisticated actors have learned to exploit.
Conclusion
The conversations at ACAMS Frankfurt confirmed what Eastnets sees across its client base daily: financial crime has outpaced the organisational models built to detect and prevent it. The good news is that the solution is not a wholesale transformation requiring years of disruption. It is a deliberate, sequenced movement toward integration, connecting what already exists, enriching data with intelligence, and building the contextual risk visibility that turns fragmented alerts into coherent financial crime intelligence.
Institutions do not need to solve everything simultaneously. They need to identify their most consequential intelligence gaps, whether that is entity resolution across correspondent relationships, real-time sanctions accuracy on payment flows, or the ability to see fraud and AML signals through the same analytical lens and begin closing them with purpose and architectural intention.
That journey is underway across the industry. The question is not whether to begin, but how quickly an institution can move from reactive compliance management to proactive financial crime intelligence. The institutions that will lead over the next decade will not necessarily be those with the most data, but those capable of transforming fragmented signals into trusted, actionable intelligence in real time. In that environment, intelligence-led financial crime prevention becomes not only a regulatory necessity, but a genuine competitive advantage.
|
ENGAGE WITH EASTNETS Ready to move from data abundance to actionable financial crime intelligence? We work with financial institutions, and payment operators across the world to build integrated compliance architectures that connect screening, monitoring, investigation, and network intelligence into a unified financial crime prevention capability. If the challenges discussed in this article resonate with your current operating environment, we would welcome a direct conversation with your compliance, risk, or operations leadership. Contact Eastnets → info@eastnets.com |