80% of organised crime hides in corporate structures, with Adam McLaughlin

Why this conversation matters now: #

Anti-money laundering and financial crime are not new topics. What is new is the standard by which regulated institutions are now being assessed. In this episode of the Fintech Garden Podcast, Adam McLaughlin — Director of Financial Crime Product at Fenergo and former UK police detective, JP Morgan AML compliance lead, and global financial crime strategy director at NICE Actimize — walks host Dumitru Condrea through what has actually shifted in the last three to four years. The headline is structural: the regulatory frame is moving from “technical compliance” to “outcome-based assessment,” and most institutions are still operating on the architecture of the old model.

From rules-based silos to contextual monitoring: #

Compliance technology entered the banking sector in the mid-1990s as rules-based, siloed, vendor-specific systems. Big banks could easily end up with four KYC systems — retail, wholesale, investment, trade — that never spoke to each other, with the same customer recorded four times across the institution. The criminals, in parallel, learned exactly what those static systems looked for and routed around them. The shift Adam describes is the move from this fragmented, rules-based posture to contextual monitoring: consolidated data, unified customer view, and the ability to answer one foundational question — do we actually understand the customer in front of us? The technology to do this exists. The organisational reality is that most institutions are still working through the legacy.

“Do I understand my customer?” is the right question: #

Adam reframes the entire compliance conversation around a single question that most institutions cannot honestly answer with yes. KYC, as a regulatory artefact, has been treated as a tick-box exercise — collect documents, verify identity, file the SAR, generate the alert. The deeper question — do we understand who this customer actually is, what they do, who they associate with, what abnormal looks like for this particular profile — gets lost in the operational mechanics. The further an institution can move toward genuinely answering yes to that question, the easier it becomes to identify abnormal activity. The simple fact, Adam notes, is that criminals have not fundamentally changed how they operate in decades. New typologies emerge, but the underlying playbook remains.

From technical compliance to outcome-based regulation: #

The FATF — while not itself a regulator — sets the standards that influence national regulators globally. The direction of travel is now explicit. Do you have a KYC system? Yes. Have you got transaction monitoring? Yes. Are you generating SARs? Yes. Under the old model, that was enough. Under the new model, regulators are asking what outcomes you are actually achieving. Are you identifying financial crime? Are you stopping it? The shift turns compliance from a checklist exercise into a measurable performance discipline, and it materially changes how regulators assess an institution’s posture.

The honest answer to whether the good guys are winning: #

This is where the episode lands its sharpest point. Asked whether AML technology, AI, and better data have shifted the balance, Adam’s answer is the one most vendors and consultants are reluctant to give. We are not winning. We are holding the line. Crime evolves alongside the controls. New schemes emerge as soon as old schemes are closed. Sanctions add friction but do not eliminate the problem. The honest framing — that the goal is to make the cost of doing business higher for criminals, not to eliminate financial crime — is more useful than the marketing one, and it changes how institutions should set their internal expectations.

The two real gaps are data and information sharing: #

A common assumption is that the gap in financial crime is technological. Adam pushes back. The technology — AI, network graph analytics, anomaly detection — is mature. The gaps are upstream. The first is data: the contextual information needed to answer “do we understand this customer” is often outdated, missing, or fragmented across systems that don’t talk to each other. The second is information sharing across institutions. Criminals don’t put all their eggs in one basket. They operate across multiple banks, sometimes within the same jurisdiction, deliberately spreading the operational risk. Banks, constrained by data protection regimes, have historically been unable to share private information about suspicious customers between themselves. That is changing — Article 75 in Europe, new legislation in Canada, the existing US 314(b) framework — but the pace is slow relative to the criminal adoption curve.

Sanctions still matter, but evasion is now the battleground: #

The conversation pushes hard on a question many in compliance privately ask but rarely say out loud: do sanctions lists still matter? Adam’s answer is yes, but with a clear evolution. The point of sanctions is to add the cost of doing business for those listed. Sanctioned individuals cannot freely move money into Western financial systems. They have to find alternative routes, third-party companies, neutral jurisdictions — all of which are more expensive and slower than direct access. The new front is sanctions evasion through neutral countries that maintain financial relationships with both sanctioned states and Western economies. These jurisdictions become the structural weak point, and network analytics, pattern analysis, and AI applied to them are the tools that close the gap.

The professional services network around organised crime: #

A central insight Adam offers is that organised crime does not operate in isolation. Around the criminal enterprise sits a network of designated non-financial businesses and professions (DNFBPs) — accountants, law firms, notaries, incorporation agents, formation specialists. Often, family businesses serve multiple criminal enterprises simultaneously without filing a SAR on any of them. This services ecosystem is the structural layer that allows organised crime to interface with the regulated financial system. The compliance question, therefore, evolves. It is no longer just “Is this customer a criminal?” It is “Is this customer supporting a criminal enterprise?” Most KYC systems are not yet built to answer the second question.

Where AI is overhyped, and where it earns its place: #

The episode is direct about AI’s actual role in financial crime. AI is use-case driven, not a silver bullet. Different problems require different AI: supervised machine learning for known patterns, unsupervised for anomaly detection, agentic for orchestration. The pervasive misconception — that AI will solve financial crime — is one Adam pushes back on hard. AI cannot replace bad governance or inexperienced staff. It cannot make a poor process work. What it can do is augment good people: assess data at scale much faster than humans, point investigators in the right direction, surface the data points that matter, and automate repetitive work. The human-in-the-loop remains essential for high-touch decisions. AI guides; the human decides.

Crypto is easier and harder to investigate at the same time: #

Asked whether crypto makes investigation easier or harder, Adam’s answer is both. Easier, because the blockchain is the most traceable financial ledger ever built. Every transaction, every hop, every wallet is recorded permanently. The early myth that crypto was untraceable has largely collapsed. Harder, because there is no equivalent of the travel rule. In fiat payments, every transaction carries identifying metadata — sender, receiver, amount, accounts, message — passed through Swift or similar centralised infrastructure. Crypto, as a decentralised system, has no central owner of the format. Implementing a travel rule equivalent is structurally difficult. Investigators must request KYC from each Virtual Asset Service Provider individually, which slows the cycle. The visibility points that matter most are the on-ramps and off-ramps, where crypto converts to or from fiat.

What the next ten years actually look like: #

Adam’s view of the decade ahead is concrete. More collaboration between financial institutions, including private-sector cooperation that goes beyond formal information-sharing legislation. Shared KYC databases where multiple banks validate against a centralised customer profile. Joint transaction monitoring assessments are conducted at the network level rather than within individual institutions. AI applied to pattern analysis at a scale and speed that’s currently impossible. Real-time suspicious activity flagging across the ecosystem. And, on the other hand, criminals using the same AI to find the holes in the new controls. The endpoint is not victory. It is a more expensive, more contested, and more transparent operating environment for organised crime — one that may reduce, though not eliminate, the volume of criminal activity that successfully completes.

Why listen: #

This is one of the most operationally grounded conversations on financial crime in fintech this year. Adam’s combination of police, banking, and technology vendor experience produces a perspective that avoids both the hype of AI marketing and the resignation of veteran compliance practitioners. For founders building in regulated spaces, compliance leaders rebuilding their data foundations, and product teams designing AML and KYC tooling, the episode delivers a structured map of what the regulatory frontier actually looks like, where the real gaps sit, and what should be on the next two to three years of the roadmap.