Fraud and AML teams that still operate as two separate systems are already behind
I've spent the last few weeks going down a rabbit hole on fintech compliance architecture ,partly for work, partly because the more I read, the more convinced I became that most companies are solving this problem wrong. Not "slightly inefficient" wrong. Structurally wrong.
Here's the claim I'll defend: if your fraud detection system and your AML monitoring system are still separate pipelines reporting to separate teams, you are not behind on a nice-to-have. You are running a compliance architecture that's already obsolete, and the data backing that up is not subtle.
The numbers that changed my mind
Start with the scale of what's being missed. Despite everything the industry spends on detection, the financial system reportedly catches only 2% of global financial crime flows, according to Interpol figures cited in a McKinsey analysis on agentic AI in banking. Two percent. That's not a tuning problem. That's a structural blind spot.
Now layer in the fraud side. US consumer fraud losses hit \(12.5 billion in 2024, up 25% year-over-year, per FTC data. AI-enabled fraud tactics reportedly grew 1,210% in a single year. Global banking fraud losses are projected to hit \)58.3 billion by 2030. Meanwhile, illicit financial activity globally was estimated at $4.4 trillion in 2025 ,up $1.3 trillion in just two years ,and AML enforcement penalties hit $4.6 billion in 2024, with fines spiking 417% in the first half of 2025 alone versus the prior year.
Here's the part that should bother anyone running a compliance org: fraud and AML are being treated as separate disciplines, but they're being fed by the same behavioral data. Same transactions. Same customers. Same anomalies. When you split that data into two systems that don't talk to each other, you're not adding redundancy ,you're guaranteeing blind spots. A pattern that looks like low-grade fraud in isolation might be the early signature of a laundering structure when cross-referenced against AML signals. Split the pipelines, and nobody ever makes that connection until a regulator does.
Why "rule-based" is the wrong foundation for either problem
The industry's default posture ,rule-based monitoring ,fails in a specific, well-documented way: it can only catch what it's already been told to look for. Rule-based AML systems generate false positive rates as high as 95%. That's not a rounding error; that's a system that is wrong nineteen times out of twenty, burying small compliance teams in noise before the product even reaches meaningful volume.
The fraud side tells the same story from a different angle. Traditional detection takes roughly 72 hours on average to identify a fraudulent pattern. Machine learning systems that build a model of normal behavior ,rather than checking against a fixed rule list ,bring that down to under five minutes. That gap isn't an efficiency win, it's the difference between stopping a transaction and chasing the money after it's gone.
And the institutions that have actually made the shift aren't being subtle about the results. HSBC's AI-driven system processes 1.35 billion transactions a month, cut false positives by 60%, and now catches two to four times more suspicious activity than its predecessor ,with review cycles dropping from weeks to days. The US Treasury's AI-enhanced detection recovered $4 billion in fraudulent payments in FY2024, compared to $652.7 million the year before. Visa's AI authorization layer is associated with a 35% drop in fraud losses and a 25% reduction in manual review costs. Forter's clients report up to a 70% cut in false declines.
None of those numbers come from a fraud-only or AML-only system. They come from architectures built around the assumption that fraud signals and AML signals are the same data asked two different questions.
The part most teams get wrong: this isn't a tooling decision, it's an architecture decision
This is where I'll push back on how a lot of teams are framing the FRAML conversation. It's not "should we buy a unified vendor platform." It's whether your product's compliance architecture treats risk as one continuous signal or as two disconnected checklists bolted onto the same transaction flow.
I came across a fairly detailed breakdown of this from GeekyAnts that frames FRAML convergence as a "structural expectation rather than an architectural preference" ,which is a more precise way of saying what I'm arguing here: this stopped being optional. Their point that a product running separate, disconnected fraud and AML pipelines will miss the patterns that only surface when both data streams are analyzed together lines up with everything in the numbers above. It's also one of the few writeups I've seen that treats KYB ,business verification, beneficial ownership, entity structure mapping ,as the bigger and more neglected gap compared to individual KYC, which tracks with what I've seen in B2B and embedded finance products specifically.
Where I'd go further than most of the compliance-architecture writing out there: explainability isn't a regulatory checkbox you bolt on for audit season. If your AI-driven risk model can't produce a reasoning chain for why it flagged or cleared something, you don't have a working system ,you have a faster way to be wrong without knowing it. The EU AI Act classifying fraud detection, AML monitoring, and risk scoring as high-risk applications (enforceable from August 2026, penalties up to €35 million or 7% of global turnover) isn't a paperwork exercise. It's a forcing function for something that should have been an engineering default years ago: every AI-assisted compliance decision needs a human override point, a logged rationale, and a model version trail that survives an audit.
Where this leaves teams building right now
If you're building or scaling a fintech product in 2026 and your fraud and AML monitoring are still architecturally separate ,different vendors, different data pipelines, different teams that meet quarterly instead of sharing a queue ,you're not behind on a trend. You're carrying a blind spot that the data says is actively being exploited, and "we'll unify it later" is a much more expensive sentence to say after a sponsor bank review or a regulatory exam than before one.
The case for FRAML isn't theoretical anymore. It's sitting in the numbers from HSBC, Visa, Forter, and the US Treasury. The only real question left is how much it costs your team to keep treating these as two problems instead of one.
