AboutBlogBusiness First AIFounder FreedomBook a conversation

The first AI win in a financial services firm sits inside the compliance function

Two professionals reviewing documents and data at a conference table in a modern office
TL;DR

Financial services firms asked to find an early AI win should start in the compliance function, but the win condition differs from other sectors. AML triage, fraud scoring, and regulatory-change monitoring pay back fastest because they work on structured data the firm already holds. Human review remains mandatory under the Bank Secrecy Act and equivalent UK law. The board case works best when framed as a control improvement and a throughput gain together.

Key takeaways

- Financial services firms have an AI starting point that differs from most other sectors: the back office is the regulated control surface, so AI wins there must strengthen controls, not just reduce cost. - AML and customer due diligence triage, fraud scoring, and regulatory-change monitoring are the three use cases that pay back fastest in a 10-60 person financial services firm. - Human-in-the-loop review is a regulatory requirement in AML and transaction monitoring. AI surfaces candidates; the compliance officer makes the determination. - The correct board framing is throughput gain plus a stronger control architecture, with accountability remaining where regulators expect to find it. - Before scoping vendors, verify that customer data is clean and accessible, that the compliance officer is bought in, and that the applicable regulatory obligations are clearly mapped.

If you have been given an AI mandate in a payments or advisory firm, the standard advice is to start in the back office. Low visibility, unglamorous, but solid returns before you go anywhere near anything customer-facing. The complication in financial services is that your back office is your regulated control surface. Starting there is still the right call. The win condition, though, is different from any other sector you have come across.

Why does the back-office rule land differently in financial services?

In sectors like retail or construction, the back office handles scheduling, invoicing, and admin. You can improve throughput there without touching anything that sits under a regulator’s scrutiny. In financial services, the same functions include anti-money laundering checks, customer due diligence, fraud monitoring, and regulatory reporting. These form the firm’s compliance control surface. Any AI you introduce here has to strengthen the control, not simply process it faster.

That distinction matters more than it might appear at first. A logistics firm deploying AI on its routing runs some operational risk if the model makes poor choices. A financial services firm deploying AI on its compliance function runs regulatory, reputational, and in some cases criminal risk, because the law requires those checks to meet a defined standard. The starting point has to be chosen accordingly.

The Federal Reserve’s monitoring of AI adoption across US industry placed the financial sector at around 30 per cent active AI use by the end of 2025, with 30 per cent year-on-year growth. Adoption is accelerating. For a 10-60 person financial services firm, the delegate running the AI programme needs a specific question to ask inside the compliance function. Where is the volume of manual review that a model could surface candidates for, with a human making the final call?

Which three use cases pay back first?

Three areas consistently surface when financial services firms put AI to work in compliance: anti-money laundering and customer due diligence triage, real-time fraud scoring, and regulatory-change monitoring. Each operates on structured data the firm already generates. None requires building new data pipelines from scratch. All three show measurable returns in weeks rather than months when scoped correctly from the start.

AML and customer due diligence are the most labour-intensive of the three. A firm onboarding 100-200 customers per month spends considerable staff time on manual checks. An AI model can assess risk profiles against defined criteria and flag transactions that deviate from baseline behaviour. The compliance team reviews flagged cases rather than processing every record manually. Research on AML automation consistently shows payback on CDD triage landing in eight to twelve weeks once the underlying data is clean.

Fraud scoring operates in real time rather than at onboarding. For a payments firm processing thousands of transactions daily, the model scores transactions as they happen and routes high-risk cases to human review. The structured data already exists in the transaction logs. The work is configuration and threshold-setting, not data collection.

Regulatory-change monitoring is often underestimated. Tracking FCA updates, guidance revisions, and relevant rule changes manually is time-consuming and easily deprioritised when pressure builds. An AI system scanning for updates and summarising them for the compliance team recovers several hours per week without any change to the firm’s core processes.

When does the compliance officer make the call and when does the AI?

In every one of these use cases, the model surfaces candidates and the compliance officer makes the determination. Regulators require it. Under the Bank Secrecy Act in the US, and under equivalent Money Laundering Regulations in the UK, any AI system used for transaction monitoring must remain reasonably designed to detect suspicious activity. The human-in-the-loop shape is part of the compliance design, not an afterthought.

Vendor selection needs to reflect that constraint from the start. The tool you are looking for surfaces, ranks, and documents suspicious activity for human review, with a clear audit trail showing who reviewed what and when. A tool marketed as a full autonomous decision engine for AML is the wrong choice, regardless of its accuracy claims.

The audit trail matters beyond good practice. In a regulatory examination, the firm needs to show not only that it flagged suspicious activity but that a qualified compliance officer assessed each flag and made a documented determination. That record is the evidence of a reasonably designed system. Without it, deploying AI could weaken the firm’s regulatory position rather than strengthen it.

Fraud detection sits in a slightly different position because the real-time nature of the work makes full human review of every flag impractical. Many firms use a tiered approach: high-confidence, low-value fraud flags are actioned automatically; higher-risk or ambiguous cases route to human review. The threshold design is the key decision, and it needs compliance sign-off before the model goes live.

How do you frame this to the board without it looking like a headcount play?

When presenting AI compliance investment to the board, lead with the control improvement rather than the cost story. The firm currently processes a defined volume of compliance checks manually. AI allows the same team to handle more volume with greater consistency, while maintaining human accountability on every determination. That argument is accurate, it plays well with compliance leadership, and it is what regulators will want to see.

The Bank of England has published a framework for AI deployment in financial services, using the acronym TRUSTED, which stands for Targeted, Reliable, Secure, Understood, Ethical, Stress-tested, and Durable. The FCA is running a parallel programme, using generative AI in its own regulatory work. Anchoring a board paper to the TRUSTED framework provides external validation from the regulator responsible for supervising the firm, which makes the internal approval process substantially easier.

The control quality argument should be specific. With a well-scoped AML pilot, the compliance team processes the same volume with fewer missed flags and a documented audit trail. With fraud scoring, false decline rates drop alongside fraud losses. With regulatory-change monitoring, nothing material gets missed because someone was too busy. Those are concrete outcomes a board can assess, and none of them requires framing the work as a reduction in compliance headcount.

What do you need in place before the first model goes live?

Before you scope a vendor or write a brief, three things need to be in place. Your customer data and transaction records need to be accessible and structured well enough to feed the model. Your compliance officer needs to be bought in, because they carry the regulatory accountability and will be making the final calls. And you need to know which specific regulations apply to this firm.

Data quality is the most common cause of delayed deployment. CDD automation requires clean customer records and accessible transaction history. Fraud detection requires structured transaction logs with enough volume to train the model meaningfully. Regulatory-change monitoring is less data-intensive, which is part of why it can be a sensible starting point if the other two are blocked by data problems.

On regulation, the applicable framework depends on the firm’s activities. UK-regulated firms fall under FCA rules and Money Laundering Regulations. US firms or cross-border businesses add the Bank Secrecy Act, state-level AI obligations including the Colorado AI Act effective June 2026, and potentially SEC requirements for investment services. Knowing the specific obligations before vendor selection means you can assess compliance readiness in the vendor contract, not discover gaps after deployment.

If you go into this with clean data, a bought-in compliance officer, and a clear read of the applicable regulation, the first use case should be working within ten to fourteen weeks. That is the realistic window for a well-scoped AML or fraud pilot. The board case and the regulatory framing are the variables that typically slow things down, not the technology.

Sources

- Federal Reserve (2026). Monitoring AI Adoption in the US Economy. Financial sector at approximately 30% AI adoption end of 2025; 30% year-on-year growth in active AI use. https://www.federalreserve.gov/econres/notes/feds-notes/monitoring-ai-adoption-in-the-u-s-economy-20260403.html - McKinsey (2025). The State of AI: Global Survey. Adoption gap between large and small firms; financial sector patterns; scaling phase by firm size and revenue band. https://www.mckinsey.com/capabilities/quantumblack/our-insights/the-state-of-ai - Bank of England (April 2025). Financial Stability in Focus. TRUSTED principles for AI in financial services; FCA supervisory engagement on AI-related risks. https://www.bankofengland.co.uk/financial-stability-in-focus/2025/april-2025 - Venable (2026). AI in Financial Services. Federal and state regulatory frameworks: UDAAP, FCRA, GLBA, BSA/AML; BSA/AML model must remain reasonably designed to detect suspicious activity; Colorado AI Act effective June 2026. https://www.venable.com/insights/publications/2026/02/ai-in-financial-services-popular-use-cases - Strategy.com (2025). How AI is Enhancing AML Compliance in Financial Institutions. Machine learning for transaction monitoring; customer due diligence automation; suspicious activity reporting; human review requirement. https://www.strategy.com/software/blog/how-ai-is-enhancing-anti-money-laundering-aml-compliance-in-financial-institutions - FCA (2026). FCA sets out next phase of smarter, more effective regulation. Generative AI in FCA's own 2026 work programme; document review and regulatory decision support. https://www.fca.org.uk/news/news-stories/fca-sets-out-next-phase-smarter-more-effective-regulation - Moody's KYC (2025). AML in 2025. AI-driven transaction monitoring and analytical frameworks for AML compliance in financial services. https://www.moodys.com/web/en/us/kyc/resources/insights/aml-in-2025.html - NYSBA (2025). Regulating AI Deception in Financial Markets. SEC enforcement on unsubstantiated AI capability claims; audit trail requirements; transparency obligations for AI in securities. https://nysba.org/regulating-ai-deception-in-financial-markets-how-the-sec-can-combat-ai-washing-through-aggressive-enforcement/ - Goldman Sachs (2026). Small Businesses Embrace AI but Need Training and Support. SME AI adoption rates; productivity gains in owner-managed firms deploying AI in operations. https://www.goldmansachs.com/pressroom/press-releases/2026/small-businesses-embrace-ai-but-need-training-and-support-to-fully-harness-it

Frequently asked questions

What are the best first AI use cases for a financial services compliance team?

AML and customer due diligence triage, real-time fraud scoring, and regulatory-change monitoring are the most consistent early wins. Each works on structured data the firm already generates, so there are no new data pipelines to build before you start. Payback on AML and CDD automation typically runs to eight to twelve weeks once the data is clean and the model is scoped correctly.

Does AI in AML compliance have to include human review?

Yes. Under the Bank Secrecy Act in the United States, and under equivalent Money Laundering Regulations in the UK, any AI model used for transaction monitoring must remain reasonably designed to detect suspicious activity. In practice that means the AI surfaces candidates and a compliance officer makes the final determination. Removing that human step would put the firm outside regulatory requirements, regardless of how accurate the model is.

How should a delegate present AI compliance investment to the board?

Frame it as a throughput gain combined with a stronger control. Boards in regulated financial services firms respond better to risk reduction arguments than to efficiency arguments alone, and a stronger control is both. The Bank of England publishes principles for AI deployment that regulators recognise, abbreviated as TRUSTED, standing for Targeted, Reliable, Secure, Understood, Ethical, Stress-tested, and Durable. Anchoring your board paper to that framework makes it substantially easier to defend.

Written by Dr Dave Heath, AI consultant and business strategist.

This post is general information and education only, not legal, regulatory, financial, or other professional advice. Regulations evolve, fee benchmarks shift, and every situation is different, so please take qualified professional advice before acting on anything you read here. See the Terms of Use for the full position.

Ready to talk it through?

Book a free 30 minute conversation. No pitch, no pressure, just a useful chat about where AI fits in your business.

Book a conversation

Related reading

Person reviewing a printed financial report at a desk with a pen in hand and a closed laptop to one side

Why the time AI saves never reaches the bottom line

Your team is saving time with AI, your margin line has not moved, and here is why that gap exists, where the hours actually went, and what to model before you make the investment case.

Two professionals reviewing documents at a desk in a well-lit office, one pointing to a page

Where AI pays back first in a professional services firm

In a firm that bills by the hour, the fastest AI return is not a client portal. It is the document-heavy work your fee earners are drowning in right now.

A project manager reviewing printed cost estimate documents at a desk with architectural drawings behind them

Where AI pays back first on a construction project

Cost estimation is where AI most plainly protects a contractor's margin, but the return only shows at project completion. Here is how to pick the right first win and manage the measurement cycle.

If any of this sounds familiar, let's talk.

The next step is a conversation. No pitch, no pressure. Just an honest discussion about where you are and whether I can help.

Book a conversation
AboutBlogBusiness First AIFounder FreedomContactBook a conversation
Privacy PolicyTermsCookie Policy

© 2026 Larocca Consulting Ltd