A study published by ThetaRay on the future of Anti-Money Laundering (AML) in Europe highlights that current systems will struggle to meet upcoming supervisory expectations without AI-driven monitoring and customer-screening mechanisms.

Entitled “Next-Generation AML Solutions: An Analysis of AI-Based Tools vis-à-vis the Reform of the European AML Institutional and Substantive Architecture,” this report examines how Europe’s AML reform package and the Artificial Intelligence Act will impact compliance for European nations.

The global AML system, according to the report, suffers from structural inefficiencies, high false-positive rates, and poor conversion due to legacy rule-based systems that produce low-quality alerts, rely on outdated architectures, and lack cross-border visibility necessary for detecting modern financial crimes.

Key findings of the study

Despite increased budgets and enhanced enforcement efforts, Europe’s AML framework is underperforming. The Financial Action Task Force (FATF) reports that 96% of 120 evaluated countries exhibit low to moderate effectiveness in preventing money laundering and terrorist financing. European Financial Intelligence Units (FIUs) report notably low intelligence yields; the Netherlands had less than 3.5% of its 3.48 million suspicious activity reports (SARs) from 2024 as actionable, while France’s Tracfin reported only 5% of SARs as actionable.

Germany’s FIU data indicates that just 15% of SARs are investigated by authorities, and 95% of forwarded cases result in no prosecution. An operational risk study also found that rule-based detection scenarios reported alerts in only 2% of instances. These findings suggest that Europe’s AML system is unable to keep up with financial complexity without adopting AI technology.

The report concludes that the EU’s AML Package and the Artificial Intelligence Act represent a significant shift, strengthening due diligence responsibilities, expanding governance requirements, and establishing a new EU-level AML Authority that ensures balanced obligations among member states. The AI Act classifies transaction monitoring and screening as high-risk uses of AI, mandating transparency, human oversight, data governance, and lifecycle management for models.

The study also identifies vulnerabilities in banking and crypto flows where traditional rule engines cannot adequately detect hidden network behaviors across cross-border transaction chains. There is a potential conflict between AML regulations and General Data Protection Regulation (GDPR) constraints that could lead to overlapping regulatory and legal risks for institutions.

The report advocates for a shift from volume-driven alerting to intelligence-led detection, emphasizing the need for hybrid human-AI oversight, improved data governance in line with the AI Act, transparent models, and integrated customer and transaction screening processes.