The profession is at an inflection point. Here is what the room was saying.
A reflection from the ICA Future of FinCrime & Compliance Summit, May 2026
The ICA Future of FinCrime and Compliance Summit this May felt different , not louder, just more urgent. Six hundred senior leaders, three days, and a recurring sense that the gap between where regulation is heading and where most firms actually are is wider than boards want to acknowledge.
That gap was the undercurrent of almost every session.
The regulatory conversation has changed tone. The FCA's AML expectations are not softening. The EU's AMLA framework , with its ambition to create a single directly applicable rulebook across member states , is going to demand a level of consistency that many institutions are nowhere near ready for. Colleagues from mid,sized firms were candid about it: frameworks built five years ago, controls that made sense then, and a creeping sense that the next supervisory review will ask questions the current setup cannot easily answer. The pace of change is no longer just fast. It is compounding.
Then there was AI. It came up in almost every session , not as a horizon topic, but as an operational reality compliance teams are being asked to absorb faster than most can manage. The debate about whether AI belongs in compliance is over. The harder debate , the one that kept surfacing , is about governance. Who is accountable when an AI,assisted decision turns out to be wrong? How do you explain a model's output to a regulator? What does human oversight actually mean in practice, rather than on paper?
One scenario from the Leaders Forum crystallised it well. An AI system flags a transaction. A human analyst overrules it. The transaction turns out to be suspicious. Who owns that decision , the analyst, or the firm that deployed a tool it could not fully explain? There was no clean answer. That is precisely the problem. The EU AI Act is going to force that conversation into boardrooms whether firms are ready or not, and right now, most are not.
Personal accountability ran as a quieter thread through the whole event, but it was no less significant. Under SMCR, MLROs and senior managers are named individuals with documented responsibilities , and increasingly, documented decisions. The message across sessions was consistent: if the audit trail does not show reasonable steps, proportionate judgement, and clear governance, the exposure is real. That is not new in principle. In practice, too many firms are still treating documentation as a formality rather than a professional safeguard.
Third,party and supply chain risk got more substantive airtime than in previous years, and rightly so. The financial crime perimeter does not end at the boundary of a regulated firm. It runs through every vendor, agent, intermediary, and outsourced function. Non,financial sectors , shipping, legal, real estate , are coming under greater regulatory scrutiny, and some of the most significant money laundering vulnerabilities sit precisely there, in sectors that have historically operated with lighter oversight. That is changing. Firms that assume their exposure ends with their own controls are going to find that assumption challenged.
Benchmarking surfaced as something more than a housekeeping exercise. Compliance leaders are using peer data to inform investment decisions, justify headcount requests, and make the case to boards that still, in some organisations, treat compliance as cost rather than infrastructure. It is a shift in how the function positions itself , from reporting risk upward to actively shaping strategic decisions around it.
Which brings the sharpest theme of the summit into focus: the compliance function is changing. Not just in what it does, but in what it is expected to be. The framing that resonated most was the move from gatekeeper to strategic partner , sitting alongside business units at the point decisions are made, not reviewing them afterward. That shift requires different skills, different communication, and a different relationship with the rest of the organisation.
The firms that navigate the next few years well will not necessarily be the ones with the most sophisticated tools. They will be the ones where compliance is genuinely embedded in how decisions get made , present at the beginning of a process, not appended to the end of it. As an industry, we are not fully there yet. But the direction of travel, at least in that room, was clear.
Insight from ICA Future of FinCrime & Compliance Summit, May 2026