Reframing Financial Crime Compliance for the Mid-Market — WorkFusion — January 21, 2026

By Staff Reports - January 21st, 2026

Financial crime compliance has long been treated as a necessary but burdensome function within banks. Many have suggested that these initiatives represent an operational cost center designed to satisfy regulators rather than actively reduce risk. For mid-market financial institutions, that model is under increasing strain. Regulatory expectations that once applied primarily to global banks have steadily cascaded downstream, while staffing shortages, rising alert volumes, and expanding data requirements make traditional operating models difficult to sustain.

At the same time, regulators and policymakers are signaling a growing interest in effectiveness rather than procedural box-checking. Advances in artificial intelligence are accelerating that shift, not by eliminating compliance work, but by forcing banks to reconsider how it is structured, governed, and integrated with broader risk management functions such as fraud prevention and customer due diligence.

In this BizTechReports executive Q&A, David Caruso, vice president of financial crimes and compliance at WorkFusion, discusses how AI is reshaping compliance operations at mid-market banks, why workforce and operating-model challenges are becoming structural, and what it will take for institutions to move from reactive compliance toward more integrated, intelligence-driven risk management.

NOTE: This interview has been edited for clarity and length. The Q&A has been organized into four sections — Strategic Assessments, Operational Imperatives, Financial Implications, and Technology Development — to highlight the most pressing issues for mid-market financial services executives.

 Strategic Assessments

BTR: Regulatory expectations around financial crime have increasingly moved from large global banks down to regional and super-regional institutions. From your perspective, how has that shift changed the strategic posture of mid-market banks?

Caruso: Financial crime compliance has been heavily regulated for about 25 years, and the core obligation hasn’t changed: banks are required to identify suspicious activity, investigate it, and report it to the government. What has changed is the breadth of institutions expected to meet those standards at a high level of consistency and rigor.

Historically, the largest banks bore the brunt of that pressure first. Over time, those expectations have moved downstream, and today mid-market banks are being examined against frameworks that look very similar to what money-center banks face. Strategically, that puts mid-market institutions in a difficult position because they don’t have the same scale, staffing depth, or technology budgets.

The result is that compliance is no longer something banks can treat as a static obligation. It has become a risk-management issue that affects how they allocate resources, how they design operating models, and how they think about technology adoption.

 BTR: You’ve described the industry as being at something of an inflection point. What’s driving that shift now, after decades of incremental change?

Caruso: We’re roughly a generation into modern financial crime regulation, and there’s growing recognition—among regulators and within banks—that the current system isn’t especially effective. Despite enormous investment, we’re detecting only a very small fraction of illicit activity globally.

That reality is prompting a deeper conversation about outcomes versus process. Regulators are still focused on consistency and control, but there’s also a clear push to ask whether programs are actually identifying meaningful risk. That’s where modern technology, including AI, comes into the picture. Not as a silver bullet, but as a way to rethink how work gets done.

 Operational Imperatives

BTR: Many mid-market banks are dealing with chronic alert backlogs and staffing shortages. How is AI changing day-to-day compliance operations?

 Caruso: In the near term, AI is best thought of as a co-worker. There’s simply too much work for the number of people most banks have, and that imbalance has existed for decades. AI helps absorb high-volume, repetitive tasks—things like document gathering, sanctions screening resolution, adverse media review—so teams can keep up with demand.

This has a particularly big impact on the front end of the operating model. Traditionally, compliance teams rely on a two-tier structure: junior analysts do initial reviews, and senior investigators handle complex cases. That model evolved to manage volume. As AI begins to handle much of that initial triage, banks are starting to question whether those layers are still necessary in the same way.

BTR: Does that mean operating models will fundamentally change?

Caruso: Yes, though not overnight. When volume stops being the primary constraint, you can redesign processes around judgment and expertise rather than filtering. Over time, that can collapse or reshape the traditional level-one and level-two structure.

What’s important is that this isn’t just about efficiency. It’s about consistency and quality. Machines are very good at following defined procedures exactly the same way every time, which is something regulators care deeply about. That frees human investigators to focus on higher-order analysis.

BTR: You mentioned adverse media monitoring as an example of something that’s now becoming feasible. Why is that significant?

Caruso: Adverse media is often one of the strongest indicators of potential risk, but historically it’s been handled reactively because of scale. The amount of news published every day is enormous. Without AI, the only way to monitor it continuously would be to hire thousands of people, which isn’t realistic.

With AI, banks can monitor adverse media on an ongoing basis and surface relevant risk signals without expanding headcount. That changes compliance from a reactive function to a more proactive one, which aligns better with the intent of regulation.

 Financial Implications

BTR: How are the economics of compliance changing as AI becomes more embedded?

Caruso: Compliance has always been expensive, particularly in financial crime. Banks spend heavily on both technology and human capital. Legacy transaction monitoring systems, especially at large regional banks, can require tens of millions of dollars in upfront investment and millions more each year to maintain.

 What we’re seeing now is a gradual shift away from those systems. Initially, AI is layered on top to improve performance, but over time it can replace legacy platforms entirely. That changes the cost structure. Investigations that once took hours can be completed in minutes.

There will be increased compute costs, and data processing isn’t free. But overall, the economics should improve. The bigger question is how banks choose to deploy the savings—whether they reduce cost, expand monitoring, or invest in deeper risk analysis.

BTR: Does this shift change how compliance is viewed internally—as overhead versus value creation?

Caruso: In AML and sanctions compliance, it’s still largely viewed as overhead, and that’s understandable. Banks don’t make money by catching money laundering. They do it because it’s a societal and regulatory obligation and because it is good business to be recognized as a reputable institution.

Fraud is a bit different, because stopping fraud directly saves money. What’s interesting now is the growing overlap between fraud and AML. Criminals don’t operate in silos. If you defraud someone, you still have to move and launder the money. As detection capabilities converge, there’s an opportunity to think about compliance more holistically as part of enterprise risk management.

 Technology Development

BTR: Regulators are often cautious about AI. How are banks navigating concerns around explainability and control?

Caruso: Explainability is critical. Regulators need to understand how decisions are made and what data informed them. In financial crime compliance, AI is typically used in a directed way. It’s automating reasoning steps that human analysts already perform, not inventing new logic on its own.

We think in terms of a “glass box,” not a black box. You can see the steps the system took, the data it used, and the rationale behind the outcome. That transparency is essential, especially for mid-market banks that don’t have the same regulatory leverage as global institutions.

BTR: There’s also concern about workforce development. If AI absorbs entry-level work, how do banks develop future experts?

Caruso: That’s one of the most interesting and challenging questions. Traditionally, people learned this field by doing repetitive work early in their careers and gradually building judgment. If AI does much of that work, banks will need new training and development models.

Otherwise, you risk hollowing out the pipeline of experienced investigators. This isn’t unique to compliance—it’s happening across many professions—but it’s something banks need to think about proactively.

BTR: Looking ahead, do you see fraud and AML detection fully converging?

Caruso: I think so. Today, banks often have separate systems for fraud and AML, even if they share case management tools. With AI, it’s increasingly possible to use a unified detection platform that looks at different types of risk using the same underlying data and analytics.

That could simplify technology stacks and improve insight, especially for mid-market banks that can’t afford a patchwork of specialized systems.

BizTechReports Conclusion

 AI will not eliminate the compliance burden for mid-market financial institutions, nor will it resolve policy debates about how much illicit activity banks are expected to detect. What it is doing is forcing a long-overdue reassessment of operating models built on incremental staffing and procedural conformity.

As regulatory expectations continue to rise and labor markets tighten, mid-market banks are under pressure to integrate compliance, fraud, and risk management functions more tightly. The institutions that succeed will be those that treat AI not as a shortcut, but as a catalyst for structural change—rethinking how work is organized, how talent is developed, and how compliance contributes to enterprise-wide risk intelligence.