By Matthew Scicluna - Head, Financial Crime Compliance, MFSA

The EU AI Act which came into force on 1 August 2024, defines an AI system as a machine-based system that is designed to operate with varying levels of autonomy and may exhibit adaptiveness after deployment. These systems generate outputs such as predictions, content, recommendations or decisions that can influence physical or virtual environments.

Balancing Benefits and Risks in Emerging Technology Adoption

AI is increasingly recognised by the European Supervisory Authorities as a tool that can enhance financial institutions’ ability to detect and manage financial‑crime risks. By reducing false positives in screening and transaction‑monitoring systems, AI enhances the overall efficiency and effectiveness of risk detection. Advanced AI models can enable institutions to identify complex or unusual behavioural patterns that may be difficult to detect through traditional rule-based approaches, improving both accuracy and responsiveness. AI also supports the rapid processing and analysis of large datasets drawn from diverse sources, including customer data, transactional information and risk indicators, thereby strengthening institutions’ capacity to identify high‑risk relationships and suspicious activities. Moreover, by learning from historical datasets, AI systems can detect recurring typologies and emerging trends associated with financial crime, contributing to more proactive and intelligence‑led risk management.

At the same time, the European Supervisory Authorities emphasise that AI adoption must remain responsible and grounded in strong governance frameworks. Poor data quality, weak data governance, limited resources, legal uncertainty and operational risks remain key barriers to the effective adoption of AI‑enabled solutions. Entities must therefore understand how AI systems function, their limitations, and the safeguards required to ensure transparency, accountability and meaningful human oversight.

The ESAs’ Cross‑Sectoral Observations

The European Supervisory Authorities are adopting a measured and coordinated approach to the oversight of artificial intelligence, ensuring that innovation progresses in a controlled and responsible manner across the financial sector. Within the banking sector, the European Banking Authority is closely analysing how AI is being deployed by institutions, noting rapid growth in applications such as fraud detection, AML/CFT monitoring and customer profiling, while also assessing emerging risks linked to data quality, governance and operational resilience. European Banking Authority’s stance is that financial institutions should build on their existing foundations, such as DORA and current risk management frameworks, to meet these new AI-specific requirements

In the insurance sector, European Insurance and Occupational Pensions Authority reports widespread uptake of AI among insurers and is actively monitoring risks stemming from increasing digitalisation, with a particular focus on operational vulnerabilities, cyber resilience and the need to ensure that automated systems remain reliable and appropriately supervised. In the securities markets, European Securities and Markets Authority observes that AI adoption remains partial and uneven, with larger firms more advanced in applying AI to internal‑process optimisation while maintaining human oversight for decision‑making.

As Europe accelerates its adoption of advanced technologies, innovation must continue to be underpinned by strong governance, clear understanding of the associated risks and robust safeguards to ensure that automation enhances, rather than compromises, the quality and integrity of AML/CFT measures.