Half of all banks replaced their AML transaction monitoring vendor in the past 12 months. Another 51% say they’re likely to switch in the next 12. That’s not normal vendor churn; that’s an entire market deciding its existing tooling was built for a different era of financial crime.
That was the backdrop for Liminal’s AML Demo Day: Deploying the New AML Playbook, which I moderated alongside Filip Verley, Liminal’s Chief Innovation Officer. Seven vendors demoed how they’re applying AI to the workflows compliance teams have been drowning in for years: alert triage, case investigation, and continuous risk assessment. Here’s what stood out:
Key takeaways
- Agentic AI for Level 1 alert remediation is shipping in production, not stuck in pilots. Multiple vendors showed autonomous agents that triage, investigate, and close false positives with full audit trails.
- Explainability is embedded in the architecture. Regulators are writing it into law, and the vendors gaining traction are the ones whose AI can show each step, data source, and reasoning decision.
- Hybrid rules-plus-AI is the credible adoption path. The most convincing solutions layer AI on top of existing rule-based systems, rather than asking institutions to rip and replace.
- Prompt and task transparency is becoming a feature, not a liability. When compliance teams can see and edit the AI’s instructions, it earns institutional trust faster than a black box with better metrics.
- Dynamic risk scoring is replacing periodic reviews. Transaction behavior is feeding back into customer risk ratings in real time, making the static “onboarding snapshot” approach obsolete.
AI agents aren’t merely assisting analysts, they’re replacing the first pass
The most consistent theme was that AI agents are no longer copilots sitting next to an analyst; they’re performing the Level 1 investigation start to finish and documenting every step along the way.
That sounds like a bold claim until you watch it happen. Skylight demoed an agent that works through a standard operating procedure but decides on its own how deep to look. If a 30-day lookback surfaces an anomaly, it extends to 60 days. Each decision and data query is logged in an investigation journal. The output is a narrative summary written in consistent formatting across each alert, which addresses one of the more mundane but real problems in compliance: 25 analysts writing up the same type of alert in 25 different ways.
Unit21 takes a different approach. Instead of a pre-built copilot, they offer infrastructure for compliance teams to create their own agents, tuned to specific risk profiles and regulatory contexts, with full control over what data each agent can access per queue.
Castellum AI’s Arbiter agent can resolve thousands of screening alerts, including sanctions, PEPs, and adverse media, in under a minute. That’s interesting in isolation, but the more telling detail is the context: one compliance officer reported a 99% false positive rate on their screening alerts, each taking 3 to 15 minutes of manual review. The technology question here is secondary to the operational one. How many compliance hours are being burned on work that a machine can do with higher consistency?
ThetaRay generates a full investigation report automatically: customer profile, findings, evidence, counterparty analysis, adverse media, and a recommended narrative. Analysts don’t start from scratch; they start from a 70% complete investigation and focus on the 30% that actually requires human judgment.
The workforce conversation is already underway and most compliance leaders we talk to are running the math. They’re framing it as redeployment. If 99% of your screening alerts are noise and your analysts spend 3 to 15 minutes per review, you don’t have a staffing problem, you have a team trapped in triage that was never hired for triage. Move them up the stack to the 30% of investigation that requires real judgment, and you finally get the analytical function the org was supposed to have.
Explainability is embedded in the architecture
The OCC’s revised model risk guidance now explicitly scopes in agentic AI. FinCEN’s April 2026 NPRM shifts evaluation to whether AI-driven programs are actually effective. The FCA expects explainability and governance frameworks for any AI used in regulated decisions. The EU AI Act goes further, embedding these requirements directly into law.
What came through in every demo is a deliberate architectural choice. The vendors taking this seriously have built explainability into the investigation flow, not appended it as an afterthought.
RelyComply’s ML model surfaces the specific factors from a customer’s transaction history that drive each prediction, with the full reasoning chain available for audit.
The practical question for anyone evaluating AI vendors right now isn’t “does it use AI?” It’s narrower and harder: can you show a regulator exactly why this alert was closed, who or what closed it, and what evidence was considered? If the answer requires an engineering team to extract the data, that’s a red flag.
The case for hybrid: why rip-and-replace isn’t winning
The most convincing demos didn’t ask institutions to abandon their existing detection logic. They layered AI on top of it.
ThetaRay described a phased journey: start by having AI retriage alerts your legacy system already produces, run both in parallel, and gradually shift detection weight toward behavioral analysis as confidence builds. Some organizations may leapfrog ahead, but the staged path is where most institutions feel comfortable starting, and where regulators feel comfortable seeing institutions start.
Unit21 builds AI recommendations directly into rule tuning. Their system identifies the worst-performing rules in your environment, the ones producing the most noise, and generates specific replacement recommendations with full justification. They also add a natural-language rule builder: describe what you want to detect in plain text, and the system translates it into detection logic mapped to your actual data schema.
Sumsub showed a different on-ramp: a rules library with pre-built, compliance-vetted bundles that can be installed in two clicks, plus an AI copilot that acts as a compliance consultant. You can ask it about regulatory requirements and it suggests which rules to implement and how to configure outcomes.
Castellum AI’s Arbiter agent slots into any existing screening provider. The integration lift is minimal, and the bulk of the work is tuning the agent to match an institution’s adjudication policies, not rebuilding the screening stack.
The pattern across all of them: meet institutions where they are because at some point, adding intelligence to a fundamentally noisy foundation hits diminishing returns.
When vendors show you the prompt, pay attention to what’s around it
One of the more interesting tensions in the session surfaced around transparency. When vendors expose the actual prompts and task configurations driving their agents, the natural question is: if this is just an LLM with a prompt wrapper, what’s proprietary?
That framing is worth interrogating. Every vendor showing AI agents also showed the governance shell that keeps those agents within policy bounds. The institutions getting adoption right tend to share a common trait, and it has very little to do with model sophistication. Their compliance teams can open the hood, understand what the agent is doing, and adjust it without filing an engineering ticket.
For buyers, this is a useful filter: who controls the AI’s behavior, your team or the vendor’s? The answer tells you more about the product’s maturity than any feature list.
The onboarding snapshot is dying
Here’s a counterintuitive fact about how most institutions assess customer risk: they make their biggest judgments at the moment they know the least.
A risk rating assigned at onboarding is, almost by definition, an educated guess. Meanwhile, the actual signal, how the customer transacts, who they pay, what patterns emerge, is sitting in the transaction monitoring system, disconnected from the risk score it should be informing.
Several vendors made the case for collapsing that gap. RelyComply demonstrated feeding transaction signals directly back into the customer risk rating, with the score updating automatically as behavior changes or STRs get filed.
Shufti showed the connection in the other direction, using the identity verified at onboarding as a live reference point. When transaction patterns diverge from declared behavior, the system can re-authenticate before approving the activity.
Periodic risk review isn’t just a process; it’s an audit expectation, a staffing model, and in many cases a regulatory artifact. Moving to continuous risk assessment means rewriting the governance around it, not just deploying a new tool.
What this means for compliance teams
A few things became clear across two hours of demos.
The technology question is settled. AI for AML transaction monitoring is live, measurable, and producing results: faster investigations, meaningful false positive reduction, and more consistent documentation. The remaining barrier is institutional, not technical.
At the same time, the underlying technology is collapsing operational silos. The same anomaly detection and behavioral analysis powering AML monitoring is being applied to fraud typologies, even where regulatory frameworks still treat them separately. The engineering lift to test any of this is dramatically lower than it was two years ago: days to weeks, not months.
What lingered after the session was something narrower: whether compliance organizations can move at the pace these tools now allow. That gap, between technical readiness and institutional readiness, is the story to watch.
Missed the live session? Watch the full AML Demo Day recording, including all seven vendor demos and Q&A, on our Demo Day page.
