Now Is the Time to Make Your Financial Crimes Program More Efficient

Actions to further the deregulation agenda began shortly after the new administration took office. On February 19, 2025, President Trump signed an executive order directing government agency heads to review and identify regulations under their purview that they consider to be “unlawful” or undermine national interest; and work with the Office of Information and Regulatory Affairs to rescind or modify such regulations. This EO followed an order on January 20 that established the Department of Government Efficiency (DOGE), a cost-cutting initiative that has resulted in trimming the workforce of many agencies. On January 31, shortly following the establishment of DOGE, EO 14192 ordered that for every new regulation passed, ten rules or regulations must be identified for elimination. Additional memoranda promulgated throughout April and May furthered these aims, including a White House memorandum on Directing the Repeal of Unlawful Regulations, which prioritized evaluating regulations that conflict with Supreme Court decisions, as well as requests from the Office of Management and Budget and Internal Revenue Service for the public to comment on regulatory priorities.

Reputational risk controls were an area targeted early in the quest for regulatory streamlining, a potential indication of the new approach financial institutions can expect. In the first few months of the new administration, primary federal banking regulators including the Office of the Comptroller of the Currency (OCC), Federal Reserve Board (FRB), and Federal Deposit Insurance Corporation (FDIC) announced the elimination of reputational risk as a component of examination programs in their bank supervision mandates.

2. The Innovation Agenda

In parallel with deregulation efforts, the administration is focused on promoting innovation in the financial sector, particularly with respect to digital assets and artificial intelligence (AI). 

Digital assets—specifically the growth and legitimization of cryptocurrency and the distributed ledger technology that underpins the digital assets ecosystem—are at the forefront of the administration’s agenda. As technology evolves, digital assets and how they are treated in the financial sector also evolve. The goal of EO 14178, Strengthening American Leadership in Digital Financial Technology, is to enable “individual citizens and private-sector entities alike to access and use for lawful purposes open public blockchain networks without persecution” and “fair and open access to banking services for all law-abiding individual citizens and private-sector entities alike.” In response to this EO, the Justice Department indicated that it plans to limit investigations in this space to focus specifically on those in the virtual asset ecosystem that victimize investors or promote certain criminal behavior (such as terrorism, human trafficking and smuggling, fentanyl trafficking, and cartel activity), rather than focus on regulatory violations or those that fail to prevent their platforms from being used for illicit activity by end users. The shift from the previous administration’s less-lenient stance on regulation is already changing the digital assets landscape, with traditional financial institutions increasingly adding cryptocurrency offerings that were once limited to crypto-native firms.  

The administration is also committed to eliminating barriers that hinder US leadership in AI. On July 10, the White House released Winning the Race: America’s AI Action Plan. The stated purpose of this plan is to achieve global dominance in AI by reducing barriers imposed by prior administrations and various states that have hindered AI development or deployment. For financial institutions, this redoubling on AI in the public sector means, among other things, a potential for greater access to tools that make financial crimes compliance efforts both more effective and efficient. 

As with the deregulation agenda, the focus on innovation already has permeated the regulatory agencies. Paul Atkins, chairman of the US Securities and Exchange Commission (SEC), announced at an SEC Speaks event in May that he wanted to get back to the roots of promoting innovation rather than stifle it. According to Atkins, “The SEC, in its regulatory capacity, is tasked to balance investor protection with promoting capital formation and market efficiency. In years past, the Commission has unfortunately demonstrated a tendency to prioritize regulatory expansion over meticulous economic analysis, potentially jeopardizing this delicate balance.” Crypto assets are at the forefront of the SEC’s 2025 regulatory agenda.

Within the banking sector, reiterating joint agency guidance from 2018, the OCC stated that it “encourage[s] banks to take innovative approaches to meet their Bank Secrecy Act/Anti-Money Laundering (BSA/AML) compliance obligations and further strengthen the financial system against illicit financial activity.” The regulator cautioned that it expects financial institutions to remain vigilant with regard to their safety and soundness obligations, but has indicated a willingness to allow them to consider how new technologies might be deployed to efficiently further those goals. 

Many financial institutions have built financial crimes compliance programs piecemeal over time, often to manage immediate risk or regulatory exposure and resulting in cumbersome or duplicative tactical solutions. The current federal regulatory climate may seem like a great time to reduce compliance and risk controls to realize cost savings. However, any cost savings could be short term if other supervisors, such as state agencies and foreign regulators, heighten oversight in response to any perceived gap. Additionally, financial crimes controls in particular form the basis of sound risk management to reduce litigation exposure. As the same resources that manage financial crimes compliance within the financial institution likely also will be considering how to design controls for the unique risks that new cryptocurrency offerings present, now is the time to holistically assess the existing program and identify opportunities for improvement.

3. Paving the Way for Strategic Enhancements and Realizing Benefits in the Process

The recent shift in the US regulatory environment presents financial institutions with a unique opportunity to explore avenues for enhancing efficiency in their financial crimes risk and compliance programs. Moving from tactical fixes to strategic solutions allows financial institutions to streamline operations, eliminate redundancies, and ensure tasks are completed efficiently. This can involve integrating new technologies and systems to enhance productivity and reduce the manual workload, but many compliance officers may be challenged with understanding where to begin.

When assessing the financial crimes program, as with all functional areas within a financial institution, it is important to remember the relationship between people, process, and technology and consider how inefficiencies on one side of the equation can impact the other. Typically, investments in technology or streamlining processes on one side can eliminate the need for human resources on the other side. Similarly, inefficient processes or technologies typically result in outsized headcount and additional managerial oversight responsibilities that detract from executing on the department’s mission.

The organization’s risk assessment underpins a sound financial crimes program. A well-executed risk assessment should allow leadership to identify those areas that pose the highest risk to the organization and require the most attention and, proportionally, the most resources. It is also important to remember that data is a tool that can be used to measure both productivity (key productivity indicators or KPIs) and risk (key risk indicators or KRIs). Both KPIs and KRIs are critical to informing your efforts to be more efficient without losing effectiveness; such data, and specifically KRIs, are vital to a meaningful risk assessment.

Even as financial institutions consider how advancements in AI and other new technologies can speed up operational tasks, compliance officers and senior leadership can focus on areas today that can help both accelerate efficiency gains and pave the way to use these more sophisticated tools.

4. Key Areas to Focus on Today

Compliance officers and their operations and technology partners can focus on a number of areas for “quick wins” to both improve near–term efficiency and effectiveness and prepare for future growth.

A. Organizational Design

Create a flexible and adaptive organizational structure that can respond quickly to market changes and internal needs. This includes designing roles with clear responsibilities and reporting lines that promote efficient communication. Additionally, assess whether any organizational silos impede end-to-end flow of data, information, or escalation processes. Ensure clarity on the organization’s three lines of defense framework by verifying that functions are being appropriately positioned and program elements are being executed in the appropriate areas. By aligning tasks to the responsible lines of defense, the financial institution enforces accountability throughout the organization and positions the second line of defense as a risk oversight function, fostering the constructive guidance and challenge needed for effective risk management. 

B. Risk and Coverage Assessments

Perform both enterprise risk assessments and regulatory coverage assessments to identify potential threats and vulnerabilities. This involves first evaluating risk factors associated with the nature of the financial institution’s business, including its products and services, the markets it serves, and its geographic footprint.

An enterprise risk assessment should be a comprehensive review of the organization in its entirety. Leadership should use it to allocate resources to target areas of higher risk and identify any ineffective controls or redundant processes for optimization. 

A coverage assessment focuses specifically on monitoring programs. Depending on the size and complexity of the financial institution, monitoring may be automated, manual, or a combination of both methods. By cataloging the risk indicators or red flags associated with each product and service and mapping elements of the monitoring program to the institution’s actual risks, a coverage assessment can identify gaps in coverage, areas of duplication, and unnecessary coverage for risks that do not apply to the institution.

A financial institution should treat both risk assessments and coverage assessments as living documents and update them as its business and operations change and as new risks and typologies are identified.

C. System Design and Connectivity

Conduct thorough assessments of existing systems to identify strengths, weaknesses, and areas for improvement. This includes current technologies, workflows, and user requirements. Often financial institutions are unaware of enhanced functionality offered by legacy vendor systems, particularly if the individuals who implemented the system are no longer with the firm. 

Start by identifying pain points for day-to-day processes, specifically those that involve the largest number of resources. Areas to focus on include:

• • Evaluating the frequency with which staff must exit the system to perform tasks, and aim to integrate these tasks into a single system to minimize disruptions and enhance workflow efficiency. Many systems can integrate approvals and other requests for information, rather than spending time to find, save, and upload emails or other communications generated outside of the system.
  • Determine whether basic robotic process automation (RPA) routines can automate repetitive tasks to speed up end-to-end workflow.
  • Identify areas to enhance data integrity and cleanliness, including:
    • Analyze fixed-field versus free-form data fields.
    • Provide drop-downs for common answers or dispositions to alerts. Periodically analyze responses to choices that include “Other” to determine whether additional drop-downs may be necessary. 
    • Ensure systems are updated with changes to policies or procedures. System enhancements often do not keep pace with program changes, making it difficult to easily compile metrics necessary for oversight.
  • Consider whether system connectivity is designed to ensure seamless integration across platforms including case Management, transaction monitoring, screening, and know your customer (KYC) systems. An optimal target operating model allows for the seamless flow of data between different elements of the program.

By cataloging potential system enhancements in an assessment, the financial institution can determine which to prioritize—and the order of operations in which to do so—when evaluating competing priorities. Additionally, consideration should be given to whether existing tools are fit for purpose and meet the needs of your business, both now and in the future. This is particularly important for companies in a growth stage, whether that growth is organic or through acquisitions. If choosing a new vendor or solution, evaluate the flexibility of the system. For example, if you need to query the system or make changes as your business grows, can the financial institution do that without relying on the vendor to make changes?

D. Process Flows

Visualize workflows and identify bottlenecks by understanding how tasks and information move through each stage of the process. An insightful way to do this involves measuring handle times and the duration to complete individual tasks or activities. Tracking handle times helps pinpoint where delays or inefficiencies occur, offering a data-driven foundation for improvement. These measurements help highlight specific focus areas where time is lost due to resource constraints, unclear responsibilities, system limitations, or redundant steps. 

Additionally, detailing workflows can reveal dependencies between departments or functions, highlighting opportunities for better coordination and communication. Using a holistic approach that incorporates both qualitative mapping and quantitative timing ensures enhancement of overall efficiency and effectiveness, rather than just addressing isolated issues. Detailed process mapping can also help identify duplication and eliminate redundant steps to create streamlined alternatives.

E. Manual Processing

As you document or update process flows, inventory manual processes. These may have been implemented due to an immediate need, such as an imminent product launch, or regulatory pressure to remediate an issue immediately. Assess whether such processes still provide the needed risk coverage, and eliminate or automate such processes as appropriate.

Replacing manual processes can have benefits in addition to efficiency, including reducing operational and human error risk, increasing employee engagement on more meaningful tasks, and providing a platform for future growth.

F. Integration of New Products, Services, and Regulations

Prepare a strategic plan for integrating new products, services, and regulations. Identify key stakeholders and document a plan with clear goals, timelines, and resources needed for successful integration. Early planning allows the financial institution to consider the best path for integration, rather than employ a tactical solution not suited for long-term growth. Further, proactively ensuring the business or regulatory change is fully integrated within the program can save time and money on post-implementation remediation.

G. AI Governance

Focus on emerging risk areas such as the use of AI, and ensure you implement a comprehensive program to address these risks. Financial institutions should establish a mandate within the institution’s governance structure that is responsible for defining acceptable tools and use cases when using AI for job-related tasks, drafting and implementing AI policies and procedures, and establishing an AI training program. Responsibility for AI oversight within the financial institution should belong to a cross-functional team or committee with sufficient authority and resources, responsible for detailing guidelines for acceptable use, and mandating attribution and validation protocols. The parties responsible for oversight need to understand how employees are using AI—as they likely are even if no official tools have been deployed—and how AI tools can be safely deployed to harness efficiencies within the financial crimes program itself, as well as where the organization intends to use AI more broadly that may impact financial crimes risk and controls. The institution should also assess third-party oversight and due diligence on vendors and update diligence and/or contracts based on new challenges presented by AI.