Combatting financial crime with AI at the crossroads of the revised EU AML/CFT regime and the AI Act

The current framework and steps towards the reform

After more than thirty years of development – marked by efforts to align with global policy standards, in particular standards developed by the Financial Action Task Force (FATF), navigate the cross-pillar complexities of the EU’s institutional framework, and manage national constitutional and political constraints – the current AML/CFT regime has evolved into a complex patchwork of EU legislation. ¹¹ Currently, the framework is composed of a number of acts with two directives constituting the main, but not exclusive source of EU rules in the AML/CFT area, namely the ‘4th Anti-Money Laundering Directive’ (4AMLD) ¹² and the amending it ‘5th Anti-Money Laundering Directive’ (5AMLD). ¹³ The 4AMLD (as amended by 5AMLD), central in the AML/CFT architecture, designates the so-called obliged entities, that is, organisations and professions who are tasked with the ‘gate-keeping obligations’, assigns them customer due diligence and reporting tasks, requires Member States to establish Financial Intelligence Units (FIUs) to carry out analysis and assessment of suspicious transactions, and create an effective supervision and enforcement mechanism for the AML/CFT policy. The AML directives are complemented with other instruments, including 2019 Directive laying down rules facilitating the use of financial and other information for the prevention, detection, investigation or prosecution of certain criminal offences (‘Directive on Access to Financial and Other Information’) ¹⁴ and Regulation on controls on cash entering or leaving the Union (Regulation on cash controls) of 2018. ¹⁵ Finally, other integral components of the framework are instruments of a criminal law nature ¹⁶ to which belong Directive on combating money laundering by criminal law of 2018 ¹⁷ and Directive on freezing and confiscation of instrumentalities and proceeds of crime of 2014. ¹⁸

The above shows the abundance and variety of the regulatory instruments, which together with often incoherent transposition of the directives, in particular 4AMLD and 5AMLD, to the national laws of the EU Member States have led to considerable divergences in the way the current framework is applied throughout the Union and revealed weaknesses in its enforcement. ¹⁹ To address these shortcomings, in May 2020, the European Commission published a Communication on an Action Plan for a comprehensive Union policy on preventing money laundering and terrorism financing, where it expressed its intention to table new legislative proposals on AML/CFT. ²⁰ Pursuing the objective of creating a powerful and sustainable enforcement mechanism and eliminating regulatory gaps, in July 2021, the legislative package on the reform of the European AML/CFT framework was presented. The package encompassed: (i) Proposal for a Regulation on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing, ²¹ (ii) Proposal for a Regulation establishing the Authority for AML/CFT, ²² (iii) Proposal for a Regulation of the European Parliament and of the Council on information accompanying transfers of funds and certain crypto-assets ²³ and (iv) Proposal for a Directive of the European Parliament and of the Council on the mechanisms to be put in place by the Member States for the prevention of the use of the financial system for the purposes of money laundering or terrorist financing and repealing (4AMLD). ²⁴

The Regulation on information accompanying transfers of funds and certain crypto-assets (known as ‘Travel Rule Regulation’) ²⁵ was adopted in May 2023. The other three instruments: Regulation (EU) 2024/1624 on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing (‘AML Regulation’), ²⁶ Regulation (EU) 2024/1620 establishing the Authority for AML/CFT (‘AMLA Regulation’) ²⁷ and Directive (EU) 2024/1640 on the mechanisms to be put in place by Member States for the prevention of the use of the financial system for the purposes of money laundering or terrorist financing (‘the 6th Anti-Money Laundering Directive’ [6AMLD]) ²⁸ were adopted a year later. Together with these three, another instrument, namely Directive (EU) 2024/1654 amending (Directive on Access to Financial and Other Information) as regards access by competent authorities to centralised bank account (CBA) registries through the interconnection system and technical measures to facilitate the use of transaction records (‘Directive on Access to CBA Registries’) ²⁹ was adopted, which albeit not included in the original AML/CFT package, supplemented the revised regime.

The rationale and logic behind the reformed AML/CFT framework

The underlying rationale of the reform was to make a coherent whole: to facilitate the prevention and detection of illicit financial flows and enhance coordination and cooperation among authorities of the Member States, especially through the establishment of a new EU agency for stringent AML/CFT measures enforcement by the AMLA Regulation serving as the centrepiece of the legislative package. ³⁰ To prevent the emergence of further incongruities, which have allegedly been hampering efficiency of the AML/CFT policy thus far, the AML/CFT tasks of obliged entities were incorporated into a single directly applicable rulebook, that is, the AML Regulation. ³¹ The rules on information accompanying transfers of funds and certain crypto-assets were also introduced by a regulation. ³² In line with the primary law of the European Union, the regulations have general application, are binding in their entirety and directly applicable in all Member States without the need for the Member States to transpose them into the national legal frameworks. ³³

The other two pieces of the new AML/CFT landscape are, however, directives – the 6AMLD and the Directive on Access to CBA Registries. Those require incorporation into national legal systems, in particular, by amending relevant national laws, regulations or administrative provisions and are binding as to the results, which they aim to achieve. ³⁴ While it is understandable that directives can be best suitable to address pertinent organisational and institutional matters at the national level (such as those concerning national AML/CFT enforcement bodies or registries) leaving Member States sufficient room for accommodating inevitably country-specific circumstances, the discrepancies between Member States affecting effectiveness of the AML/CFT system may remain. One of the primary examples where this is likely to occur regards FIUs. ³⁵ The 6AMLD continues to provide only the minimum level of harmonisation and, thus, to uphold diversity of these crucial AML/CFT actors, which has already been impairing their cross-border collaboration. ³⁶ As will be discussed later, the reform of the AML/CFT framework tries to resolve this issue by assigning AMLA (under the AMLA Regulation) the task of coordination of the FIUs’ efforts and encouraging joint-analyses, but it is doubtful whether that will facilitate direct data sharing between Member States. ³⁷

The reformed AML/CFT framework’s silent invitation to AI integration

The works on the reform of the AML/CFT and the adoption of the AI Act were carried out in parallel. Surprisingly, while the interest in leveraging technological innovation for facilitation of AML/CFT tasks and obligations has been growing as the discussions on AI were taking increasingly prominent position in political agendas, only a few explicit references to AI were made in the new EU AML/CFT regime. None of such references was present in the original proposals of the European Commission from July 2021. They were added later in the legislative process and integrated into the texts of the AML Regulation ³⁸ and AMLA Regulation ³⁹ published upon the agreements between the Parliament and the Council. Hence, Article 76(5) of the AML Regulation, envisages the possibility of involving ‘AI systems’ in performing due diligence measures by obliged entities, and Article 5(5)(i) of the AMLA Regulation mentions among AMLA’s tasks the developing and making available to FIUs ‘[AI] services’. Other components of the AML/CFT reform package do not directly address the possibility of the use of AI, but as will be discussed below, this does not mean that there is no practical and legal room for the deployment of AI in the policy areas, which they govern. Conversely, the scope of tasks and responsibilities of the AML/CFT actors prescribed by the new framework – along with the spirit of the reform, which places the effectiveness of the AML/CFT system at its core – and the broader narrative around innovation dominating current public discourse may implicitly encourage greater integration of cutting-edge technologies, including AI, to better achieve this objective. ⁴⁰ With this in mind, the next section will explore how exactly the use of AI is addressed in the revised EU AML/CFT regime.

‘AI systems’ for AML/CFT compliance according to the AML Regulation: One provision, many doubts

The primary goal of the AML Regulation is to provide a single directly applicable rulebook for obliged entities and, thereby, create harmonised rules across the EU and eliminate the problem of divergences resulting from not directly applicable AML/CFT directives. ⁴¹ Besides beneficial ownership transparency requirements and measures to limit the misuse of anonymous instruments, the AML Regulation lays down the measures to be applied by obliged entities to prevent money laundering and terrorist financing. ⁴² This is an area which reveals a great potential for the engagement of AI solutions and seems to largely open up the market for such technology for the private stakeholders within the AML/CFT ecosystem. ⁴³ The measures to prevent money laundering and terrorist financing, which obliged entities are compelled to apply, are specified in Chapter II (‘Internal Policies, Procedures and Controls of Obliged Entities’) (Articles 9–18) and Chapter III (Customer Due Diligence) (Articles 19–50) of the AML Regulation. The measures encompass: risk assessment of money laundering, terrorist financing and evasion of sanctions to which obliged entities are exposed, customer or ultimate beneficial owner identification during the onboarding, ongoing customer due diligence obligations, including realisation of obligations – by practitioners – referred to as ‘Know Your Customer’ (KYC), ⁴⁴ monitoring of transactions in real time, and detection and red flagging of suspicious activities.

While the aforementioned provisions imposing the AML/CFT compliance tasks on the obliged entities remain rather technology neutral – that is, they refrain from specifying how any of these tasks should be performed technically – Article 76(5) of the AML Regulation is an exception, as it explicitly refers to the possibility of employing ‘AI systems’. ⁴⁵ The provision permits obliged entities to ‘adopt decisions resulting (. . .) from processes involving AI systems’ ⁴⁶ as defined in the AI Act. Such decisions are also allowed to be based on ‘automated processes, including profiling’ ⁴⁷ as defined in the General Data Protection Regulation (GDPR). ⁴⁸ Regrettably, there is some degree of inconsistency between Article 76(5) and – as it seems — corresponding therewith Recital 150 of the AML Regulation. The latter not only refers solely to ‘automated individual decision-making, including profiling’ as defined in the GDPR, failing to mention AI systems, but it also speaks of ‘[adopting] processes that enable automated individual decision-making, including profiling’ rather than ‘[adopting] decisions resulting from automated processes, including profiling’. ⁴⁹ The recital, albeit nonbinding, should aid in interpreting the article by clarifying regulatory objectives. ⁵⁰ Yet, these diverse formulations do not only exhibit inconsistent drafting, but, in fact, they invite a question of the intention of the legislator concerning the degree to which automated processes (whether involving AI systems or other forms of automation) can be permitted in the individual decision-making in the AML/CFT context. The recital appears to generally permit such decisions, whereas the binding provision – Article 76(5) of the AML Regulation – seems to limit the use of AI systems and automated processes to the processes preceding any AML/CFT-relevant decision made by the obliged entity.

According to Article 76(5) of the AML Regulation whenever the decision results from automation (whether it concerns the AI system or automated individual decision-making), it is necessary that three conditions are cumulatively met. Firstly, data processed by the systems at issue must be ‘limited to data obtained pursuant to Chapter III of [the AML Regulation]’. ⁵¹ This means that only information received in the course of performance of the due diligence measures can be taken into account, what leaves out the possibility of including, for instance, information received from an FIU in a form of feedback prescribed by Article 28 of the 6AMLD or instructions to monitor specific transactions or activities issued by an FIU in line with Article 25 of the 6AMLD. With a strict interpretation of this requirement also any information received in the framework of partnerships for information sharing under Article 75 of the AML Regulation would have to be excluded from the data set. This may give rise to practical problems due to the necessity of maintaining separate data sets and possibly using incomplete or decontextualised data both during the training and deploying of an AI tool, what may in turn negatively affect accuracy of the produced outcomes. ⁵²

Secondly, ‘any decision to enter or refuse to enter into or maintain a business relationship with a customer or to carry out or refuse to carry out an occasional transaction for a customer, or to increase or decrease the extent of the customer due diligence measures (. . .) [must be] subject to meaningful human intervention to ensure the accuracy and appropriateness of such a decision’. ⁵³ This requirement may suggest that there is an explicit permission in EU law to use AI systems for two – essential in the AML/CFT compliance – types of decisions, namely derisking and determining the type of applicable due diligence measures, that is, choosing between the regular, enhanced or simplified measures. The question is whether the catalogue of decisions referred to in Article 76(5)(b) of the AML Regulation is of an exhaustive nature, and the literal reading of the provision does not permit to unequivocally resolve this doubt. On the one hand, the literal interpretation implies that these two types of decisions are the only ones which require ‘meaningful human intervention’, without ruling out the possibility of using AI (without the compulsory standard of ‘meaningful human intervention’) for other types of decisions. On the other hand, Recital 150 seems to suggest the opposite, as it appears to put the emphasis on safeguarding the rights of persons subject to automated decisions regardless of their content. This shows yet another instance of inconsistency between Article 76(5) and Recital 150 of the AML Regulation, casting shadow on the possible explanatory use of the latter.

Moreover, as will be discussed further in Section ‘A “meaningful human intervention” versus “human oversight”’, the reference to ‘meaningful human intervention’ in the context of AI systems is already problematic in itself. Despite the explicit reference in Article 76(5) of the AML Regulation to the ‘AI systems as defined in [the AI Act]’, application of the AI Act may be questioned. The reason for this is that again the literal reading of the provision may suggest no room for AI system’s autonomy (which is an inherent feature of any AI system ⁵⁴ ) and consequently the exclusion from the scope of the AI Act. However, should this not be the case, there is still some degree of uncertainty emerging from the phrase ‘meaningful human intervention’ used in the discussed provision. One can wonder whether it is intended to be synonymous with the notion of ‘human oversight’ used in the AI Act (most notably in Article 14 of the AI Act) or distinct from it. ⁵⁵ This concern is further amplified by the fact that Article 75(4)(g) of the AML Regulation (the second instance, when the AML Regulation explicitly mentions ‘AI’), which acknowledges the possibility of ‘generating’ information ‘through the use of [AI], machine learning technologies or algorithms’, speaks of ‘processes (. . .) subject to adequate human oversight’. ⁵⁶ Unlike Article 76(5), Article 75(4)(g) of the AML Regulation permits sharing of such generated information in the framework of a partnership for information sharing on the condition that an oversight has been exercised over its generation. The distinction between AI, machine learning and algorithms in the wording of the discussed provision, although striking for those seeking logic and consistency in the text of the AML Regulation, does not seem to be of any practical relevance. Article 75(4)(g) may, however, influence the interpretation of Article 76(5)(b) of the AML Regulation and suggest that the requirement of the ‘meaningful human intervention’ applicable to derisking and determining the applicable degree of due diligence measures is without prejudice to the employment of AI in other AML/CFT compliance processes.

Thirdly, Article 76(5)(c) of the AML Regulation stipulates that ‘the customer may obtain an explanation of the decision reached by the obliged entity, and may challenge that decision, except in relation to a [suspicious transaction report (STR)]’. ⁵⁷ Unlike the previously discussed requirement, arguably limited to two types of decisions, this one appears to have a much broader scope of application. The provision allows the customer to receive explanation and to challenge any decision, with the only exception of a situation when such decision concerns the STR. This seems compatible with Recital 150 of the AML Regulation, which can be interpreted as allowing any processes that enable automated individual decision-making that serve the purpose of complying with the AML Regulation. Yet, despite fostering transparency and trust between a customer and financial institution, the practical implementation of this mechanism may prove problematic for two reasons. Firstly, it will inevitably have to face the well-known for most AI applications problem of explainability as a means of refuting the ‘black box’ tendency of machine learning, which is a technically challenging issue. ⁵⁸ In essence, this would imply the necessity to understand and reveal the logic behind the specific outcome of the applied AI model and to provide insights regarding its inner working. ⁵⁹ Secondly, even when there is no breach of tipping-off rules triggered by the STR submission at stake, it seems doubtful that the customer concerned will ever be able to receive a meaningful explanation, as there may always be a risk of jeopardising the policy objectives underlying the AML/CFT system. In other words, it would be rather naïve to believe that Article 76(5)(c) of the AML Regulation will unexpectedly bring a considerable change and lead to transparency of AML/CFT policies and procedures developed by obliged entities.

‘AI services’ under AMLA Regulation

The second component of the reformed AML/CFT framework is the AMLA Regulation. The creation of AMLA – the new EU body with its own legal personality – through the AMLA Regulation is a key element of the revised regime. This decentralised agency tasked with coordinating national AML/CFT authorities and ensuring the proper and consistent implementation of EU AML/CFT rules across the Union is expected to become ‘the new centre of gravity in AML policymaking and enforcement’. ⁶⁰ The tasks assigned to AMLA demonstrate multidimensional character of the agency’s activities, as they encompass tasks concerning risks of money laundering and terrorism financing faced by the internal market, ⁶¹ tasks with respect to selected obliged entities, ⁶² tasks with respect to financial and non-financial supervisors, ⁶³ as well as tasks regarding FIUs and their activities in Member States. ⁶⁴ The latter, interestingly from the AI point of view, explicitly include the obligation to ‘develop and make available to FIUs tools and services to enhance their analysis capabilities, as well as IT and artificial intelligence services and tools for secure information sharing, including by hosting FIU.net’. ⁶⁵ The corresponding recital – Recital 9 — brings clarity to the somewhat unfortunate wording of the provision, which, if read literally, could mistakenly imply that AI services should serve the purpose of information sharing. It explains instead that the AI services are meant to ‘enhance [FIUs’] data analysis capabilities’. ⁶⁶

This seems consistent with the declaration that ‘[t]he conceptual design of the [AMLA’s] ecosystem also embraces the business needs of the FIU-pillar where FIU.net is expected to become a key component of AMLA’s architecture, integrated with state-of-the-art technologies supporting data analysis to the benefit of AMLA and the competent authorities’. ⁶⁷ As regards FIU.net – a network of information exchange between FIUs, which, until the AMLA Regulation, was highly problematic from the regulatory architecture’s perspective ⁶⁸ – it must be noted that the platform should be equipped, among other things, with functionality for information cross-matching that enables real-time analysis of large data sets available, for instance, to different FIUs or EU bodies. ⁶⁹ While AMLA is still taking shape, and its overarching IT strategy – which may possibly provide more detail on the development of AI services and AMLA’s ambitions to accommodate the persisting difference between Member State’s FIUs’ models – has not yet been published, ⁷⁰ the role and potential of AI within AMLA remain topics of high-level discussions. ⁷¹

With the gradual development and operationalisation of AMLA, it is to be seen whether, or what kind of ‘AI services’ (possibly besides those for the FIUs) this new EU body will provide. Nevertheless, considering that the AMLA Regulation does not provide any further details on the use of AI in the context of the activities of AMLA itself, and no relevant cross-reference is to be found, it should be expected that the standards set out in the AI Act should apply. It is worth noting that the application of the AI Act standards comes along with the enforcement mechanism, which in this case is to be exercised by the European Data Protection Supervisor (EDPS) acting as the market surveillance authority for the EU agencies that fall within the scope of the AI Act. ⁷² On this point, it is remarkable that the EDPS has a record of the use of its corrective powers in relation to FIU.net at the time when it was administered by Europol. ⁷³ Thus, the supervision of the EDPS of AI services deployed by AMLA may open a new interesting chapter of the EDPS’ engagement with the matters related to the FIU.net.

Finally, it should be highlighted that unlike the AML Regulation, the AMLA Regulation does not refer to the definition of the AI system per AI Act leaving it open to discussion whether the ‘artificial intelligence services’ should be regarded services using AI systems (in the meaning of the AI Act) or whether, by the lack of an analogous to Article 76(1) of the AML Regulation reference, the legislator intended to differentiate such services from the AI systems under the AI Act. This is another instance of a missed chance for achieving consistency not only internally within the AML/CFT framework but also with the proceeded in parallel AI Act.

Unacknowledged room for AI in the remainder of the new EU AML/CFT framework

The other instruments of the new AML/CFT package, that is, the 6AMLD and the Travel Rule Regulation do not contain any explicit references to AI. However, given the scope of tasks and responsibilities these instruments establish, there also appears to be quite some room for the deployment of AI. To begin with the 6AMLD, it must be observed that it supplements the AML/CFT policy by addressing organisational and institutional aspects, which could not have been subjected to harmonisation through a regulation. The 6AMLD concerns the measures applicable to sectors exposed to money laundering and terrorist financing, at national level; the identification of money laundering and terrorist financing risks at the Union and national level; the requirements in relation to registration, identification, and checks on, senior management and beneficial owners of obliged entities; the set-up of and access to beneficial ownership and bank account registers and access to real estate information; responsibilities and tasks of FIUs and national AML/CFT supervisory bodies and cooperation between competent authorities and cooperation with authorities covered by other Union legal acts. ⁷⁴ As was discussed in the context of AMLA in the preceding section, considering AI’s potential for streamlining processes which require analysis of vast datasets, there has been considerable interest in the use of such technologies for the execution of anti-fraud policies by public authorities. ⁷⁵ With regard to FIUs, some have already admitted to the employment of AI, ⁷⁶ and others, including in the EU, are considering it, for instance, the FIU in Germany. ⁷⁷ At the global level, forums such as FATF or Egmont Group also eagerly explore technological possibilities for supporting FIUs and therefore it may only be a matter of time when more FIUs will commonly start using AI in their regular activities. ⁷⁸ For the EU, the key question would be whether the tools deployed by FIUs across Member States would be the ‘AI services’ developed by AMLA, or nationally developed solutions, which could risk further reinforcing existing disparities between FIUs.

The 6AMLD also regulates national-level supervision of the AML/CFT efforts. In doing so, it follows the risk-based approach leaving competent national bodies room for decisions such as the allocation and prioritisation of resources, based on their assessment of money laundering or terrorism financing risks associated with specific sectors or types of entities. This domain also presents significant potential for the application of AI. ⁷⁹ However, the 6AMLD does not provide for any rules on the deployment of AI in this context. Consequently, its deployment in the area of AML/CFT supervision is likely to be shaped primarily by the AI Act.

Finally, although not officially part of the revised AML/CFT package, the Directive on Access to CBA Registries is also worth noting. The old Directive on Access to Financial and Other Information laid down two types of measures. Firstly, measures to facilitate access to and the use of financial information and bank account information by competent authorities for the prevention, detection, investigation or prosecution of serious criminal offences; secondly, measures to facilitate access to law enforcement information by FIUs for the prevention and combating of money laundering, associate predicate offences and terrorist financing and measures to facilitate cooperation between FIUs. ⁸⁰ With the amendment, one more type of measures will be added, namely ‘technical measures to facilitate the use of transaction records by competent authorities for the prevention, detection, investigation or prosecution of serious criminal offences’. ⁸¹ In connection with this change, the Directive on Access to CBA Registries added a legal definition of the term ‘transaction records’, which refers to ‘the details of operations which have been carried out during a defined period through a specified payment account (. . .), or the details of transfers of crypto-assets (. . .)’. ⁸² In practice, this will mean detailed logs which document the specifics of financial transactions and, therefore, provide insights into the flow of funds and can help trace illicit financial activities. Under the Directive on Access to CBA Registries obliged entities across the EU will have to reply to requests for transaction records in a standardised format. ⁸³ This should enable competent authorities to more swiftly and effectively process incoming information and, thus, overcome the current challenges posed by the cumbersome analysis of inconsistently presented transaction records. Additionally, it could incentivise the development of AI tools to further streamline analytical processes.

While this last discussed instrument intends to harmonise formats of transaction records provided by relevant obliged entities to the competent (criminal justice system) authorities, similar considerations concern transaction records shared with the FIUs. The disparity of formats, in which obliged entities submit transaction records to the FIUs does not make these records readily useable for analysis. This, in addition to the institutional concerns discussed earlier, has been hampering the exchange of information among FIUs and the development of cross-border financial analyses. ⁸⁴ This means that there may still be considerable room for action by AMLA and the European Commission to, respectively, develop and adopt implementing technical standards ⁸⁵ – leaving, for the time being, certain degree of uncertainty.

It follows that even though neither the 6AMLD, nor the Directive on Access to CBA Registries, explicitly acknowledge the possibility of the use of AI, the aim to create greater coherence in the input received by competent authorities can be identified. This, in turn, can be seen as an indication that there is room and incentive for further automation of the analytical processes, which can be amplified by a positive development towards well-structured data sets.

AI Act’s ‘AI systems’ for AML/CFT purposes

To continue discussion on combatting financial crime with the use of AI, it is pertinent to illuminate the term ‘AI system’, which has been mentioned on several occasions – particularly in the part, which addressed the reference to ‘AI system’ in the AML Regulation. ⁹⁴ Article 3 point 1 of the AI Act provides that AI system is ‘a machine-based system that is designed to operate with varying levels of autonomy and that may exhibit adaptiveness after deployment, and that, for explicit or implicit objectives, infers, from the input it receives, how to generate outputs such as predictions, content, recommendations, or decisions that can influence physical or virtual environments’. ⁹⁵

The fact that technology may have the ability to generate yet unknown knowledge from large and complex datasets, such as invisible to human analysts’ fraudulent transactional patterns, makes AI systems a promising tool in the field of AML/CFT. The categories of output enumerated in the legal definition of an AI system do not seem to be exhaustive or necessarily mutually exclusive, but they may affect the reading of Article 76(5) of the AML Regulation and create further uncertainty (see discussion in Section ‘“AI systems” for AML/CFT compliance according to the AML Regulation: one provision, many doubts’). The interpretation of the word ‘decisions’ – used in the first sentence of Article 76(5) of the AML Regulation, and ‘decision’ in indent (b) is ambiguous in light of the definition of the AI system under the AI Act. In the first instance, it is unclear whether the legislator allows obliged entities to rely on AI-generated decisions, or merely to use AI-generated predictions or recommendations as input for human- (eg, AML/CFT compliance officer) made decisions. The former interpretation – closer to how Recital 150 of the AML Regulation could be read – suggests the possibility of fully automating AML/CFT processes, while the latter implies that human judgement may – or ought to – still play the dominant role in these processes. This distinction is not merely technical. Full automation could raise crucial fundamental rights concerns, such as bias resulting in discrimination, lack of transparency and accountability of AML/CFT processes, or contestability of their outcomes, and potentially infringe the obligation to enable human oversights enshrined in Article 14 of the AI Act.

As regards the word ‘decision’ referred to in Article 76(5)(b) AMLR, should it mean a decision in a sense of a type of the generated output by the AI system, then the requirement of the ‘meaningful human intervention’ would render this provision intrinsically contradictory. A logical reading of Article 3(1) of the AI Act requires to assume that the ‘varying levels of autonomy’ presume the existence of some level of autonomy. Therefore, if the ‘decision’ in Article 76(5)(b) AML Regulation was to mean a ‘decision’ under Article 3(1) of the AI Act, the ‘meaningful human intervention’ could exclude the discussed AI application from the scope of the definition of the AI system and, hence, the AI Act.

Another important feature of AI systems under the AI Act is their adaptiveness. Although it does not seem to be a compulsory characteristic of an AI system, in practice, it might be the system’s ability to adjust its behaviour during its use that would make it distinct from basic software or merely rule-based programs, which already automate certain processes in the area of AML/CFT. Based on the earlier discussion, the greatest potential for effectively and efficiently achieving the goals of the AML/CFT policy may lie in the self-learning capabilities of AI systems. This, however, comes along with a very fundamental both technical and ethical question on any AI system’s ability to identify illicit money flows (at least when the realisation of the AML policy goal is concerned) and, what seems even more problematic, ability to predict the occurrence of an illegal activity of terrorism financing (when the CFT part of the policy is concerned). ⁹⁶

Prohibited AI practices in the area of AML/CFT

As explained in Section ‘The governance of AI in the EU: a brief overview of the AI Act’, the AI Act prohibits ‘AI practices’ that present an unacceptable risk. This implies that AI systems used to perform ‘prohibited AI practices’ are restricted from accessing the EU market and must not be used, for instance, by financial institutions or public bodies such as FIUs in the EU. The prohibited AI practices enumerated in Article 5(1) of the AI Act, include one – under indent (d) – that is of great relevance to the AML/CFT policy. The prohibition in question concerns ‘an AI system for making risk assessments of natural persons in order to assess or predict the risk of a natural person committing a criminal offence, based solely on the profiling of a natural person or on assessing their personality traits and characteristics’. ⁹⁷ The corresponding Recital 42 clarifies that ‘AI systems using risk analytics to assess the likelihood of financial fraud by undertakings on the basis of suspicious transactions’ are not covered by this prohibition. Neither are ‘AI systems used to support the human assessment of the involvement of a person in a criminal activity, which is already based on objective and verifiable facts directly linked to a criminal activity’. ⁹⁸

Although at first glance the AI crime prediction prohibition appears to be primarily of interest to law enforcement authorities tasked with crime prevention, the scope of the prohibition under Article 5(1)(d) of the AI Act may extend to other actors, including private ones. Such interpretation was confirmed by the European Commission in its Guidelines on Prohibited AI Practices. ⁹⁹ The document explicitly states that the prohibition may apply to obliged entities that use AI to assess or predict a person’s risk of committing a crime when fulfilling obligations under the AML/CFT legal regime. ¹⁰⁰ However, further, the Commission drew a somewhat convoluted distinction based not on the consideration of the character of the AML/CFT tasks performed by obliged entities but on the type of data used by the AI system. Accordingly, it explained that if the assessment or prediction of risk rely on data prescribed by law, which – as it seems for the Commission – a priori constitutes objective and verifiable facts, they are not considered a prohibited practice. Conversely, when the assessment or prediction is based on individual profiling or evaluation of personality traits and characteristics, they amount to a prohibited practice. The Commission’s reasoning appears to be based on an assumption that to fall outside the scope of the prohibition established by Article 5(1)(d) of the AI Act, it is sufficient that the obliged entity acts on the basis of the binding AML/CFT framework and that the AI system produces its outcome merely on the data the collection of which is prescribed by that framework. ¹⁰¹ In a similar manner, the Commission explains that if the AI system is used by a private entity to make risk assessments in the ‘ordinary course of business and with the aim of protecting their own private interest’ – including when the assessment relates to the risk of criminal offences – it also remains outside the scope of the prohibition. ¹⁰² This approach may certainly provide a convenient assurance of compliance with Article 5(1)(d) of the AI Act for the obliged entities, but, in fact, it exemplifies a rather simplistic understanding of the much more nuanced and multifaceted nature of the AML/CFT regime, as well as the complex role obliged entities play in its architecture. While the AML/CFT legal regime makes obliged entities ‘gatekeepers’ to the legit economy, and ‘frontliners’ in the financial crime battle field, ¹⁰³ they are not entrusted public authority or powers for criminal law enforcement, as they remain profit-oriented institutions, whose economic interests cannot be entirely dissociated. Furthermore, it is doubtful and may be dangerous to assume that the data collected on the basis of the law can automatically warrant its objective and verifiable character. There is room for subjective assessment, for instance, when the ‘information on the nature of the customers’ business’ ¹⁰⁴ is concerned. In addition, the modern AML/CFT framework adopts a risk-based rather than a rule-based approach, not only demanding a considerable degree of (pro)activity of the obliged entities but also making it challenging for them to rely solely on objective and verifiable facts in fulfilling the assigned tasks. Therefore, every AI AML/CFT compliance tool should undergo a careful assessment to confirm that it does not fall under the category of prohibited AI practice under Article 5(1)(d) of the AI Act.

Having said that, it must be observed that to fall under the prohibition established by Article 5(2)(d) of the AI Act, the AI system must assess or be based on the profiling of a ‘natural person’. Thus, as also reiterated in Recital 42, an AI system used for AML/CFT compliance may be permitted when assessing risks related to corporate entities, but it could be prohibited when used to assess risks related to individuals.

High-risk AI systems in the area of AML/CFT

The AI Act accepts presence of high-risk AI systems on the EU market, imposing an array of obligations on the stakeholders, including developers and deployers, applicable throughout the lifecycle of these systems. ¹⁰⁵ In principle, the AI systems presenting high risk are divided into two categories: (1) systems that are products or safety components of products subjected to ex ante conformity assessment by existing EU law ¹⁰⁶ and (2) stand-alone systems deployed in one of the specific areas exhaustively enumerated in Annex III to the AI Act. ¹⁰⁷ Despite the system’s listing in Annex III, providers have some leeway to self-asses that their specific system ‘does not pose a significant risk of harm to (. . .) fundamental rights’, ¹⁰⁸ except where the AI system performs profiling of natural persons. In practice, this may potentially allow the industry to evade the rules applicable to high-risk AI systems, once again revealling the tensions existing between the AI Act’s objectives and suggesting that the AI Act may be insufficiently focused on fundamental rights protection. ¹⁰⁹

Among the areas included in Annex III, two appear to deserve attention in the context of discussion about AML/CFT. Firstly, the area of access to and enjoyment of essential private services and essential public services and benefits, and more specifically, the systems referred to in point 5(b) of Annex III to the AI Act are important. This point concerns high-risk ‘AI systems intended to be used to evaluate the creditworthiness of natural persons or establish their credit score, with the exception of AI systems used for the purpose of detecting financial fraud’. ¹¹⁰

While AI systems used to assess creditworthiness are classified as high-risk and, therefore, subject to a range of obligations and requirements, AI systems for detecting financial fraud are not held to the same regulatory standard. This distinction is remarkable, as the difference between the purposes of credit assessment and fraud detection does not appear to convincingly justify the exclusion of the latter from the scope of the AI Act’s rules for high-risk AI systems. ¹¹¹ In practice, both types of systems can significantly impact individuals, as they both entail risk of financial exclusion, which is exactly what point 5 of Annex III intends to prevent.

It must be noted that unlike Recital 42, which explicitly exempts ‘AI systems using risk analytics to assess the likelihood of financial fraud’ from the scope of the prohibition when such analytics concern undertakings and are performed on the basis of suspicious transactions, Point 5(b) of Annex III mentions only ‘the purpose of detecting financial fraud’ without any further specification. This makes it very broad and potentially susceptible to abuse. One cannot yet say how the exclusion of AI systems for detection of financial fraud from the category of high-risk AI system will affect the systems used for AML/CFT purposes as a whole, as the relationship between fraud detection and AML/CFT policy is not straightforward. While detecting financial fraud is certainly an essential component of the AML/CFT policy, it seems to be a significantly narrower type of activity within the financial sector. Against this backdrop, crucial questions arise concerning the rationale and practical consequences of casuistically referring to ‘fraud detection’ in Point 5(b) of Annex III while leaving out other closely related activities such as prevention of illicit money flows, which could encompass fraud prevention but also prevention of terrorism financing or evasion of sanctions.

The second area of Annex III that should be taken into consideration in the context of discussion on potentially high-risk AI systems in the realm of the AML/CFT is the one referred to in Point 6 of Annex III to the AI Act, which concerns law enforcement. ¹¹² The present analysis focuses on the AML/CFT policy and does not intend to expand onto the point where the AML/CFT efforts prompt the commencement of the national criminal procedure. Yet, such efforts inevitably encompass activities carried out by the FIUs, which are primarily focused on the analysis of information on the suspicious transactions, often acting as quasi-law enforcement authorities. Whilst the problem of diversity of FIUs across Member States and anticipated failure to resolve it by the revised AML/CFT framework, and in particular the 6AMLD, were already briefly addressed in this article, it is worth noting that – rather unexpectedly – the AI Act may come as a solution. Recital 59 of the AI Act explicitly mentions FIUs and excludes their analysis of information pursuant to EU AML/CFT from the scope of high-risk AI systems used by law enforcement authorities for the purpose of prevention, detection, investigation and prosecution of criminal offences. It does so by – somewhat, in my view, arbitrarily – stating that FIU’s analytical tasks are ‘administrative’ – as opposed to law enforcement – tasks. In practice, this means that AI systems developed or deployed by FIUs for the assessment of suspicious transactions should not be regarded as high-risk AI systems and therefore subjected to any relevant obligations. As a consequence, the safeguards developed by the AI Act will not apply, leaving individuals affected by the AI measures deployed by FIUs deprived of the standards of protection necessary for the high-risk AI systems.

A ‘meaningful human intervention’ versus ‘human oversight’

Finally, the considerations on the high-risk AI systems and fundamental rights’ aspect of the AI Act link with the central safeguard established for such systems, namely, the requirement of ‘human oversight’ laid down in Article 14 of the AI Act. The provision stipulates that ‘[h]igh-risk AI systems shall be designed and developed in such a way, including with appropriate human-machine interface tools, that they can be effectively overseen by natural persons during the period in which they are in use’. ¹¹³ Article 26(2) of the AI Act obliges to designate human oversight to a qualified and sufficiently supported natural person. Although there are some requirements formulated for the oversight, the AI Act does not prescribe them in great detail. ¹¹⁴ It requires human oversight to aim at averting or limiting the relevant risks, including to fundamental rights, and to be ‘commensurate with the risks, level of autonomy and context of use of the high-risk AI system’. ¹¹⁵

As was explained in Section ‘“AI systems” for AML/CFT compliance according to the AML Regulation: one provision, many doubts’, Article 76(5) of the AML Regulation requires the referred therein decisions to be subject to ‘meaningful human intervention to ensure [their] accuracy and appropriateness’, showing that despite the parallel developments of both frameworks little attention was given to achieving uniformity across the regulated areas. In as much as the ‘effective’ human oversight can arguably be considered synonymous with ‘meaningful’, it is far from clear what the relationship between ‘oversight’ and ‘intervention’ is. ¹¹⁶ The ‘intervention’ may possibly suggest a higher standard of protection as it implies a need for human involvement, that is, validation of an output produced by the AI system before such an output influences a physical or virtual environment (human ‘in-the-loop’). On the other hand, ‘oversight’ may require only monitoring of the decision-cycle without necessarily involving a human in the production of the output (human ‘on-the-loop’). For the deployment of AI in the AML/CFT context, this would mean that at least as far as the obliged entity’s decision on derisking or the choice of the suitable level of customer due diligence is concerned, Article 76(5) of the AML Regulation sets a potentially higher threshold than the AI Act. The same cannot be said about other types of decisions resulting from processes involving AI systems made by obliged entities or any other AI applications used for the AML/CFT purposes by other stakeholders, including FIUs or supervisory authorities – assuming that at least some of them will fall under the category of high-risk AI systems. The above shows the magnitude of the regulatory complexities, which the stakeholders deploying AI in the area of AML/CFT will have to navigate. Even more importantly, however, many of the above identified regulatory shortcomings may negatively impact the protective human rights standards.