Confidence or Complacency?

Rising financial crime risk is casting a shadow over the global economy, as bad actors use the latest technologies to supercharge illicit activity and regulators expand AML and other compliance requirements across industries. Yet despite escalating threats and a higher bar for compliance, our research found a surprising degree of confidence within organizations about their abilities to combat money laundering and other financial crimes.

Nearly three-quarters of respondents, for example, say their organization is either moderately (37%) or very (36%) prepared to identify and report unusual or suspicious transactions and behavior. More than 7 in 10 (71%) agree or strongly agree their financial crime compliance program has sufficient technology and investment to address the challenges they face. And 90% have some level of confidence in their program’s ability to detect emerging geopolitical threats.

However, our experience working with organizations in financial services and other sectors suggests many entities may not be as effective as they think.

Financial Crime Makes a Splash in 2024

Recent headlines highlight the gap between perceived capabilities and actual effectiveness in curbing financial crime by bad actors, both outside and within organizations.

Take the example of a large North American bank’s USD 3 billion settlement with U.S. regulators in 2024. Prosecutors said the organization’s failure to address “long-term, pervasive, and systemic deficiencies in its U.S. AML policies, procedures, and controls” allowed money laundering networks to transfer more than USD 679 million through the bank’s accounts.

That same year, the UK’s Financial Conduct Authority fined an online bank GBP 29 million for failings related to its financial sanctions screening framework; the bank’s system had been screening new and existing customer names against only “a fraction of the full list of those subject to financial sanctions,” the regulator said. In Germany, regulators fined a major bank USD 1.55 million in 2024 for breaching anti-money laundering duties.

Notable examples aren’t limited to the financial services sector. In Australia, a large casino group agreed to pay an AUD 450 million penalty for AML failures that allowed organized criminals to infiltrate its casinos. And in the U.S., leaders of one of the largest-no fault insurance frauds in New York state history were sentenced to prison for their roles in a USD 40 million scheme targeting insurance providers that involved bribery, false healthcare billing and money laundering, among other crimes.

Such failures to halt financial crime—including among well-resourced and highly regulated institutions in industries with significant risk exposure—suggest that despite our respondents’ strong levels of confidence in their financial crime compliance programs, such confidence may not be warranted.

There are signs that confidence may be slipping, too. Globally, only 23% rate their financial crime compliance program as “very effective,” down from 31% in 2023. One likely reason: As organizations become subject to regulatory enforcement actions and more comprehensive compliance   benchmarks, entities grow increasingly aware just how challenging it is to prevent financial crime—and how much work may lie ahead. These organizations are facing intense pressure to stay ahead as bad actors adapt their techniques—including deploying advanced technologies like AI-enabled deepfakes—to circumvent systems and controls at a much quicker pace.

How would you rate the effectiveness of your financial crime compliance program?

Maturity and Expectations Gaps

The survey findings revealed that confidence levels vary across different industries and regions. In our experience, this may stem from differences in financial crime maturity across different sectors and variations in expectations between different financial crime regulators across sectors and regions globally.

Respondents in jurisdictions with less advanced financial crime regulatory regimes, for example, may be a few years behind the curve, with compliance programs that may seem effective simply because they have yet to be fully tested. Those located in areas with more developed regulations and more forward-leaning regulators may have a more realistic view of their capabilities and/or potential exposure.

It follows, then, that nearly 4 in 10 respondents based in the Middle East and Africa rate their financial crime compliance program as very effective. That’s nearly twice as many as the share of respondents from the UK, Western Europe and APAC (India, Japan, Australia) who say the same, and still significantly higher than those in the U.S. and Singapore.

Additionally, our work with global entities sometimes finds significant differences in financial crime prevention preparedness within organizations, depending on where firms within the group are located.

How would you rate the effectiveness of your financial crime compliance program?

Misplaced confidence in financial crime fighting programs could also stem from organizations—and at times the third parties they hire to support them—not adequately understanding or having an incomplete view of their financial crime vulnerabilities. To effectively respond to financial crime threats, entities need to understand their business’s specific exposures to illicit economic activities, then implement appropriate controls to mitigate these risks. Often where we see deficiencies in financial crime compliance programs, regulated entities may be too narrow in their risk assessments, which makes it difficult to integrate the necessary controls or to evolve those controls to address new and emerging risks.

That lack of understanding creates particular vulnerabilities for non-financial industries—not just real estate and legal services, but also casinos and gaming—that are now experiencing heightened scrutiny in some regions. For instance, 70% of legal services respondents feel either very or moderately prepared to identify and report unusual or suspicious transactions; that’s the same share as those in the more highly regulated accounting sector. Are law firms as prepared as they think to comply with expanding financial crime rules?

How prepared is your organization to identify and report unusual/suspicious transactions and behavior? [“Very prepared” and “Moderately prepared” responses shown]

Technology and Data Mismatches

Technology is a critical area where overconfidence can expose organizations to significant risk. More than 9 in 10 respondents use technology, including AI, to screen for regulatory actions, fraud/bribery and corruption, and legal actions. But, while often helpful, investing in tech tools without robust integration and oversight doesn’t always effectively fight financial crime—and bolting new solutions onto legacy technology may provide an unwarranted sense of security. It’s essential that people understand not just how to integrate new technologies, but what to do with the data those systems generate and how to test and monitor their effectiveness.

Data integrity is paramount—compliance technology is only as good as the data you put into it. That’s particularly true when it comes to AI, which 57% of respondents say will benefit their financial compliance programs. In addition to providing a flow of high-quality, well-structured data, organizations must also properly design and calibrate the systems into which that data flows to ensure they’re detecting the right types of transactions and not capturing a disproportionate number of false positives.

Harnessed properly, technology can shine a light on where compliance is falling short, though careful implementation and ongoing monitoring are essential. Additional investment in such technologies may explain the eight percentage point drop in the share of respondents who consider their programs very effective since our last survey in 2023.

Good Governance and Training Set the Tone

The fight against financial crime demands more than optimism—it requires careful planning and action. Organizations must bridge the gap between their perceived and actual capabilities by embracing robust governance, ongoing training, sustained investment in compliance frameworks, advanced technology and skilled personnel. The most successful organizations will target and maintain these efforts, tailored to their unique risks and vulnerabilities.

In a recent high-profile case, a bank’s AML program failed to keep pace with expanding risks as the bank’s business grew—with senior executives choosing “profits over compliance with the law—a decision that is now costing… billions of dollars in penalties,” prosecutors said.

Effective financial crime compliance programs require buy-in across the entire organization, from the boardroom to customer-facing employees. People need confidence that reports of suspicious activities will be taken seriously by management, with clear lines of accountability and mechanisms to ensure that information makes its way up the chain to senior leaders. Training is essential, with programs that are engaging and tailored to organizations’ specific needs and points of exposure.

By investing in these foundational pillars, organizations can evolve from misplaced overconfidence to well-founded readiness to tackle financial crime head-on in today’s increasingly complex regulatory and criminal landscape.