AI, Escalation, and the Boardroom: Redefining Human Leadership in Financial Crime Risk and Compliance

People at the Core

With regulatory change and technology often taking center stage, the foundation of a successful AML program still lies with subject matter experts (SMEs) and human interaction, making judgment calls, advocating for and executing policy, and striking the balance between cost efficiency, risk mitigation, and regulatory compliance. The future of Artificial Intelligence (AI) is here, but at the heart of every program are the “People.” 

The Human Imperative

1. Defining People

The longstanding framework of People, Process, and Technology remains the backbone of AML programs. Institutions continually ask: Do we have enough people? Do we have the right people? Can processes be automated?

The concept of a “human in the loop” undersells the reality. In financial crime risk and compliance, humans are not checkpoints in an automated process; they are the ones who must sit across from regulators, auditors, and Boards, and be accountable for decisions and escalations that technology cannot shoulder.

2. Accountability and Authority

At its core, the BSA/AML Officer is accountable for coordinating and overseeing the institution’s day-to-day program. Effectiveness in this role is anchored in three critical factors: (1) authority and independence, (2) access to adequate resources, and (3) the competence to discharge responsibilities effectively. Beyond program oversight, the BSA/AML Officer also serves as a strategic business partner who is equally fluent in the institution’s operations and the regulatory framework, with the ability to translate complex laws into practical execution. While the Board of Directors establishes the tone from the top, the BSA/AML Officer bears responsibility for understanding, managing, and owning the regulatory consequences of any shortcomings. 

Board Expectations and Reporting Structures

1. Winning Reporting Structures

There are many possible organizational structures, but regulators are clear: the BSA/AML Officer must be able to report directly to the Board. Per FFIEC guidance: “The Board of Directors is ultimately responsible for the bank’s BSA/AML compliance and should provide oversight for senior management and the BSA compliance officer in the implementation of the bank’s Board-approved program.”

Too often, BSA/AML Officers are buried in chains of command that prevent them from fulfilling these requirements. While reporting to a Chief Compliance Officer or Chief Risk Officer may make sense from an HR perspective, direct access to the Board is non-negotiable. 

Whether at a $200 million community bank or a $20 billion institution, regulators expect the BSA/AML Officer to have a direct pathway to the Board. In practice, however, effective access is less about “unfiltered” reporting and more about judgment. A skilled BSA/AML Officer earns their seat at the table by knowing how to elevate risks appropriately, frame issues in terms the Board can act on, and balance transparency with governance discipline. This is a craft honed over years that involves navigating competing agendas, reading the room, and discerning what the Board needs to hear versus what can be managed at the management level. It is precisely this human judgment that current AI cannot replicate.

2. Regulatory Lessons

The risks of misalignment are not hypothetical. In 2024 alone, FinCEN and federal regulators issued more than 36 enforcement actions, the majority included a lack of Board oversight, staffing, and training. These actions underscore a consistent regulatory message: programmatic, reporting, and governance failures will not be tolerated. Institutions that learn from these cases can convert others’ failures into strategic lessons, protecting their own programs from similar vulnerabilities.

Building Effective Financial Crime Risk and Compliance Programs

1. Staffing Assessments

One priority area for any organization is ensuring adequate staffing. Whether through internal assessment or third-party review, institutions need robust frameworks to identify gaps in coverage (overstaffing is rarely the issue) and provide actionable insights for the Board and executive management. These assessments inform hiring, resource allocation, and decisions around automation and AI.

2. Balancing the Right Mix of Resources

Staffing strategy extends beyond numbers. Institutions must balance skill tiers and sourcing models. Additionally, onshore vs. offshore models should be considered. Skill tiers may correlate to workflows at the alert level vs. the investigation or EDD level.

Onshore resources provide regulatory familiarity but come at a higher cost; offshore models can add capacity but require stronger training, SOPs, quality control, and oversight.

Risk tolerance drives the mix, but training, quality control, and role clarity remain essential regardless of approach.

AI Enablement vs. Replacement

1. AI Limitations

As highlighted in ExCo’s June 19th release, “Failure to adopt is your biggest risk” outlines a reality that will only grow. Financial institutions are investing heavily in AI to detect, prevent, and report suspicious activity. Yet, AI has clear limitations. False positives and negatives remain unavoidable, and robust frameworks for validation, oversight, maintenance, training, cybersecurity, and third-party risk management are essential. Regulators are not interested in debating algorithms; they expect to hold conversations with BSA/AML Officers who can explain decisions, justify escalations, and demonstrate accountability. In practice, it is the human voice, not the machine’s logic, that carries weight in the Boardroom and across the regulatory table.

2. Management Oversight

The marketplace for AI-related roles is growing, from Chief Digital Officers selecting vendors to analytic consultants transforming AML data. For most FIs, AI will soon be a reality in financial crime risk and compliance teams. But its success hinges on governance, transparency, and accountability. AI must be implemented with careful oversight, not as an autopilot.

3. Cost Considerations

Many financial crime risk and compliance organizations are viewed as cost centers, yet are best understood as an accelerator, like brakes on a car that allow you to move faster, but safely. While resources are costly, effective risk mitigation is necessary for survival. Scalability and efficiency come from leveraging technology without undermining the human oversight that ensures accuracy and accountability.

Human Judgment and Knowledge Sharing – A Call to Action

1. Critical Thinking Beyond Rules

Identifying patterns that extend beyond rule-based systems requires human judgment. AI may sift volumes of data, but it is people who define workflows that align with regulatory requirements, feed models with quality data, and apply experience when alerts demand escalation. Without this human context, even the most advanced models risk missing the signal within the noise.

2. The Right People, Not Just More People

Staffing is not about filling seats.  It is about ensuring the right individuals are in the right roles. These organizations thrive when financial crime risk and compliance professionals bring expertise, adaptability, and integrity to the table. The future of effective risk management will not be decided by how many people an institution employs, but by whether those people are empowered to lead, to think critically, and to challenge both technology and process when necessary.

3. Training and Knowledge Sharing

AI adoption raises the stakes for training. Role-specific education must now encompass not only regulatory requirements but also model governance, validation, and oversight. Teams must be prepared to ask hard questions of algorithms and understand when human escalation overrides automated outputs. Institutions that build regulatory change logs, designate liaisons, and keep their Boards informed create the feedback loops that regulators expect to see.

Equally, collaboration has never been more important. Cohorts, committees, and associations provide channels for financial crime risk and compliance professionals to share lessons, benchmark programs, and shape policy. Regulators reward proactive collaboration, and criminals thrive when financial institutions work in silos. To harness the full value of AI, professionals must champion a culture of shared knowledge, not only about risks and typologies, but also about technology strategies, vendor performance, and emerging best practices.

4. The Call to Action

The industry is at an inflection point. AI will define the next generation of financial crime risk and compliance programs, but only if guided by human leadership. Professionals must seize this moment: to lead conversations with regulators, to ensure ethical oversight, to insist on accountability, and to translate AI’s promise into sustainable compliance.

AI can augment our work, but it cannot replace the courage, judgment, and strategic vision of the professionals who lead. The future of financial crime risk and compliance demands both. Technology at scale, and people with the authority to shape it.

Leadership at the Center

As FIs embrace AI, they must remember: technology is only as effective as the people who guide it. Human judgment, institutional culture, and regulatory understanding remain the cornerstones of financial crime risk and compliance.

By investing in both innovation and subject matter expertise, and by ensuring the BSA/AML Officer has not only direct access to the Board but also a prominent and consistent seat at the table, institutions can build programs that effectively mitigate risk, are compliant, resilient, and future-ready. Escalations and concerns cannot be allowed to filter upward through layers of management like a game of telephone; they must be heard directly, clearly, and in context. And while AI may enhance efficiency, accountability rests with people, and in governance forums, accountability has no substitutes.

---

Principal Authors: Mike Florence (Founding Member and Co-Chair, ExCo) and Tyler Wickman (Founding Member, ExCo).

Review and Editorial Process: Members of ExCo

What is ExCo, by i3strategies®?

ExCo is an Executive Council comprised of members who have held the board-appointed BSA Officer (or equivalent title) designation and are active contributors in the financial crime risk and compliance space.