Financial crime grows more sophisticated, interconnected, and technology-driven,while the anti-money laundering (AML) industry finds itself at a pivotal moment. Traditional compliance models built around static rules, manual reviews, and regulatory box-ticking are rapidly giving way to a new era defined by intelligence, automation, and outcomes-based oversight. Few leaders have witnessed this transformation from as many angles as Joseph Martin, CEO of Kinectify.
With years of experience in national security, financial crime investigations, and compliance innovation, Martin has become a prominent voice on the future of risk intelligence. His perspective challenges long-held assumptions about how organisations detect illicit activity, arguing that the next generation of AML programmes will be built not around larger compliance teams, but around smarter systems that enable human expertise to focus on judgement rather than administration.
In this exclusive interview with TechBullion, Martin shares his views on the evolution of regulatory expectations, the growing role of artificial intelligence in compliance, the shortcomings of legacy risk management approaches, and why the future belongs to organisations that treat AML not as a regulatory obligation, but as a strategic intelligence capability.
You have worked across gaming, banking, and financial crime compliance throughout your career. What first drew you into the AML and risk intelligence space, and what keeps you passionate about it today?
My path here was anything but a straight line. I joined the Marine Corps at seventeen, which sparked a lasting interest in national security. That led me to learn Arabic, live in Egypt and Oman, and work on Middle East policy during the democratic uprisings in the region. I loved the complexity of those problems, but I wanted to be somewhere faster-moving, where I could build solutions rather than just analyze problems.
AML turned out to be the perfect fit, as it sits right at the intersection of national security, geopolitics, and business. The threats I’d studied on the policy side, from organized crime to sanctions evasion, all depend on one thing: the ability to move money. That eventually led me AML compliance and financial crime investigations, where I saw firsthand that financial crime rarely looks the way people imagine. It’s not one bad actor moving a big sum, it’s networks moving smaller amounts across many people and transactions. The tools available to compliance teams weren’t built to see those patterns, and that gap became the idea behind Kinectify.
What keeps me passionate is that the mission still matters — behind every undetected financial flow is real harm to communities — and the technology is finally catching up to the problem. With AI, compliance professionals can now orchestrate intelligent systems that surface risk across entire networks while they focus on judgment. After years of watching the tools lag behind the criminals, getting to build what comes next is what gets me up in the morning.
2) Many people still think of AML as a compliance checkbox. From your perspective, how has the role of AML evolved over the past decade?
The biggest shift is that the checkbox era is over, and regulators are the ones ending it. A decade ago, you could satisfy expectations with armies of analysts working through static rules and manual processes. Today, regulatory expectations have simply outgrown what legacy approaches can deliver, and the enforcement record proves it.
Across banking, payments, fintech, and other regulated industries, recent enforcement actions continue to highlight many of the same issues: weak customer due diligence, ineffective transaction monitoring, gaps in suspicious activity reporting, and failures to address risks that regulators had already identified. The common thread isn’t a lack of effort. It’s that traditional compliance programs often struggle to keep pace with the scale, complexity, and speed of modern financial crime.
At the same time, regulators are increasingly signaling that technology should play a larger role in financial crime prevention. FinCEN and federal banking agencies have proposed guidance encouraging institutions to evaluate technologies such as machine learning, generative AI, digital identity solutions, and blockchain analytics as part of their AML programs. The message is clear: regulators are increasingly focused on outcomes rather than effort.
As a result, AML has evolved from a back-office compliance function into something much closer to financial intelligence. The question is no longer, “Do you have a program?” It’s, “Can your program effectively identify, understand, and respond to risk?” Meeting that standard requires scalable monitoring, stronger customer due diligence, real-time intelligence, and greater visibility across the organization—not simply adding more people to existing processes.
Organizations that view AML as a strategic capability rather than a regulatory obligation will be far better positioned for the future. Those that continue treating it as a checkbox exercise will find regulators increasingly unwilling to accept that approach.
Recent enforcement actions have generated significant headlines. What do these cases tell us about how regulators are approaching AML oversight today?
The throughline across AML enforcement actions is that regulators are no longer focused solely on whether an organization has a compliance program. They’re increasingly evaluating whether that program is effective.
Without that lens three things stand out.
First, accountability has become personal. Regulators increasingly expect senior leaders and compliance professionals to have direct visibility into their organization’s AML risks and controls. Compliance is no longer viewed as a back-office function that can operate in isolation. Leadership teams are expected to understand where risk exists, how it’s being managed, and whether remediation efforts are producing measurable results.
Second, regulators are paying closer attention to risks that were visible but not acted upon. In many enforcement actions, the underlying issue wasn’t that suspicious activity was impossible to detect. The warning signs often existed across multiple systems, departments, or business units. The challenge was that information remained fragmented, preventing organizations from developing a complete view of customer risk. Increasingly, regulators are asking a simple question: Did your organization have the information necessary to identify the risk, and what actions were taken once that information was available?
Third, regulators are becoming more supportive of innovation as part of the solution. We are seeing growing recognition that modern financial crime cannot be effectively addressed using entirely manual processes. Regulators around the world are encouraging institutions to evaluate technologies such as machine learning, AI-driven monitoring, digital identity verification, and advanced analytics to strengthen compliance programs. The expectation is not simply to invest in technology for technology’s sake, but to demonstrate that programs can effectively identify, investigate, and mitigate risk at scale.
The broader message is clear: regulators are moving beyond assessing effort and are increasingly focused on outcomes. Organizations that modernize their AML programs, improve visibility across the enterprise, and leverage technology to enhance decision-making will be far better positioned than those relying on legacy approaches designed for a very different risk environment.
You have described financial crime as increasingly sophisticated and networked. How should regulated industries rethink risk detection in response to that reality?
The first step is letting go of the myth of the big bad actor. Financial crime almost never shows up as one suspicious person moving one large sum of money. It operates as systematic money movement through the economy: criminal organizations moving smaller increments, $20,000 here, $50,000 there, across many people, properties, and transactions. Each transaction looks unremarkable on its own. Collectively, they represent enormous flows of illicit funds moving through legitimate businesses.
That reality breaks the traditional detection model. Legacy approaches were built to evaluate transactions in isolation against static rules. If the individual transaction doesn’t trip a threshold, nothing happens. But networked crime is specifically designed to stay under those thresholds. You cannot catch a network by looking at one node.
So, the rethink comes down to two things. The first is visibility across the enterprise. Risk signals rarely live in one place. A customer’s transaction history sits in one system, their source-of-funds documentation in another, their host relationships and marketing touchpoints in a third. When that information is fragmented, every department sees a partial picture, and nobody sees the pattern. The organizations that detect networked crime are the ones that bring those signals together into a single view of customer risk.
The second is systematic monitoring and risk mitigation rather than episodic review. Risk isn’t something you assess at onboarding and revisit when an alert fires. It has to be monitored continuously, across relationships and behaviors, with the ability to surface connections between people and transactions that would never look related to a human reviewing them one at a time. This is exactly where modern technology earns its place. AI can analyze activity across entire networks and flag patterns no individual analyst could see, while compliance professionals focus their judgment on what those patterns mean and what to do about them.
When you make that shift, detection stops being a filter at the end of the pipeline and becomes intelligence built into how the enterprise operates. That’s the difference between reacting to financial crime and actually seeing it.
Financial institutions, fintechs, payments companies, and other regulated organizations all face growing AML challenges. What lessons can these industries learn from one another when it comes to risk management and compliance?
What strikes me most is how similar the two industries’ challenges have become, and how identically regulators are responding to them.
Whether you look at banking, payments, fintech, gaming, or other regulated sectors, recent enforcement actions tend to reveal the same underlying issues: gaps in customer due diligence, weaknesses in transaction monitoring, insufficient visibility into customer behavior, and failures to identify suspicious activity despite the presence of warning signs. Different industries may have different products and customer relationships, but the underlying financial crime risks are often remarkably similar.
What’s changing is that organizations are increasingly recognizing that effective AML programs require both strong governance and modern technology. Regulators are looking for programs that can identify risk across the enterprise, connect information from multiple sources, and support timely, well-documented decisions. That expectation applies whether you’re a bank onboarding customers, a fintech processing payments, or any organization managing large volumes of financial transactions.
One lesson organizations can learn from one another is how to balance compliance effectiveness with customer experience. The most successful institutions understand that compliance and growth are not competing priorities. A well-designed compliance program can reduce friction by helping organizations focus resources on genuinely high-risk activity rather than creating unnecessary reviews for every customer.
Another lesson is the importance of breaking down operational silos. Financial crime rarely exists within a single department or business unit. Risk signals often appear across customer onboarding, transaction activity, investigations, customer support, and other functions. Organizations that can bring those signals together into a unified view are far more effective at detecting and managing risk than those operating with fragmented systems and disconnected processes.
Ultimately, financial crime doesn’t respect industry boundaries. The same criminal networks often move funds through banks, payment platforms, fintech providers, and other institutions as part of a single scheme. The organizations best positioned for the future will be those that treat AML as a form of financial intelligence—combining technology, data, and human expertise to see risk more clearly and act on it more effectively.
False positives and alert fatigue remain ongoing challenges across compliance teams. Why has this problem persisted for so long, and what changes are needed to improve operational effectiveness?
Here’s the uncomfortable truth: this is no longer a technology problem. The technology exists today to bring false positive rates down to single digits or low double digits, and regulators know it. The problem persists because of institutional inertia, and the gulf between regulatory expectations and organizational capability is widening because of it.
The inertia has rational roots. Compliance professionals are evaluated on defensibility. If an approach has survived ten years of exams, changing it feels like risk, even when the new approach is demonstrably better. So legacy systems stay in place far longer than they should, not because anyone believes they’re effective, but because they’re familiar to everyone involved, including the examiners.
The organizational structure compounds it. Compliance often rolls up under legal, and meaningful change has to survive committees, policy reviews, and sign-offs from stakeholders across the legal function. Many of the people with influence over these decisions are talented professionals, but they’re far from operational AML. They’ve never worked an alert queue or built a detection scenario. So new technologies get evaluated through frameworks designed for a previous era, and approaches that don’t fit the old template get slowed down or pigeonholed, regardless of merit.
Technology companies share responsibility here too. These are politically sensitive environments, and how a capability is described matters enormously. I’ve seen sound, safe, fully defensible features stall because of word choice alone. The phrasing in the software raised flags with internal audit or external auditors even though the underlying methodology would have withstood any scrutiny. Vendors who want to move this industry forward need to speak the language of defensibility, not just innovation.
So, what needs to change? Three things. Organizations need to put people who deeply understand operational AML in the room when technology decisions get made. They need to redefine defensibility, because regulators are now explicitly encouraging innovative approaches and have said institutions won’t be penalized simply for responsibly adopting them, which means the status quo is quickly becoming the harder position to defend. And they need to measure their programs on effectiveness, not on continuity with last year’s program.
Alert fatigue used to be an unavoidable cost of compliance. Today it’s a choice. The teams that recognize that will free their best people to do the work that actually matters: investigating real risk.
Collaboration and information sharing are becoming bigger themes in AML conversations, including frameworks like 314(b). How important is industry collaboration in combating financial crime?
In principle, it’s essential. Financial crime operates through networks that span institutions, and no single bank or casino can see the whole picture from inside its own walls. A customer structuring transaction across multiple institutions looks unremarkable to each one individually. Information sharing is the only way to see that network, and frameworks like 314(b) exist for exactly that reason.
But I’ll be candid: today, much of the collaboration conversation remains aspirational. It sounds great in press releases and on conference panels. The operational reality is very different. Ask practitioners and they’ll tell you the same thing: information-sharing requests frequently go unanswered or take significant time to process. That’s not because organizations don’t want to collaborate. It’s because the process itself remains cumbersome and largely manual.
The problem is that we’ve treated information sharing as correspondence instead of infrastructure. A request is often sent through email, routed between teams, researched manually, documented for compliance purposes, and eventually answered. None of that is integrated into the systems where investigators actually conduct their work. As a result, collaboration becomes an additional operational burden layered on top of already stretched compliance teams.
So, the challenge isn’t a lack of intent. Most compliance teams genuinely want to collaborate. It’s a gap of operational capability. Until information sharing is built into the systems where investigations actually happen, with requests that are easy to send, easy to answer, automatically logged, and connected to the case in front of the investigator, collaboration will remain something the industry says more than something it does.
That matters because the criminals don’t have this problem. Their networks are their advantage, and they exploit the fact that institutions can’t see across each other’s walls. Right now, we’re fighting networks with silos. The industry that closes that gap operationally, not rhetorically, will take away the single biggest advantage financial criminals have.
We are seeing rapid advances in AI and automation across financial services. Where do you see AI making the greatest impact in AML and risk monitoring, and where should organizations remain cautious?
People ask me which AML features AI will improve, and the honest answer is that it’s the wrong question. It’s like asking how the internet impacts a business. It doesn’t improve a feature. It changes every single aspect of how the work gets done.
Here’s the uncomfortable truth about AML operations: the vast majority of work these teams do has never been AML analysis. It’s data entry. Gathering information from a dozen systems, transcribing it, organizing it, formatting it, writing it up. For years, software companies promised to move teams “from data entry to decision making,” but it never really happened, because high false positive rates kept analysts buried in assembling cases that were never risky in the first place.
That’s what has changed. False positive rates can now be driven down dramatically, and AI handles the work that consumed everyone’s time: categorizing information, grouping related activity, summarizing findings, and narrating them. SAR narratives, KYC write-ups, enhanced due diligence reports, case summaries. Analysts no longer have to write. They edit what’s already written, and frankly, the drafts are often better prose than most analysts produce on their own. When you remove the data entry and the noise at the same time, what’s left is the actual job: judgment about risk.
Where should organizations be cautious? On exactly that last point. The operational work can be handed to intelligent systems. The decisions cannot. An experienced compliance professional must own the judgment: whether activity is suspicious, whether to file, whether to exit a relationship. Organizations should also hold every AI capability to the same standard as any other part of their program, meaning they can explain how it works, validate that it works, and defend it to an examiner. AI that helps an investigator see and articulate risk is transformative. AI treated as a black box that makes decisions nobody can explain is a liability.
The model going forward is clear: experienced professionals orchestrating intelligent systems that handle the operational load, while humans focus entirely on decision-making. The teams that embrace that will do more genuine risk work in a day than legacy teams do in a week.
Kinectify has expanded internationally, including recent momentum in Australia. What are you seeing globally when it comes to regulatory expectations and the future of AML compliance?
One of the clearest global trends is that regulators are increasingly focused on outcomes rather than effort.
Historically, organizations could often demonstrate compliance through policies, procedures, staffing levels, and periodic reviews. Today, regulators are asking a different question: can your program effectively identify, assess, and respond to risk? That shift is driving significant investment in technology, data integration, and intelligence-led compliance programs across the world.
We’re also seeing growing convergence across jurisdictions. While every regulator has its own priorities, there is increasing alignment around key themes such as customer due diligence, beneficial ownership transparency, transaction monitoring, suspicious activity reporting, and the responsible use of technology to strengthen risk management. Whether you’re looking at North America, Europe, Asia-Pacific, or Australia, the direction of travel is remarkably consistent.
Australia is particularly interesting because it offers a glimpse into where many markets may be headed. Regulators there have been exceptionally clear about their expectations and have emphasized the importance of modernization, risk visibility, and technology-enabled compliance. That clarity has accelerated adoption and created a strong sense of urgency across the market.
More broadly, organizations are beginning to recognize that AML is no longer just a regulatory requirement—it’s becoming a core business capability. The institutions that can effectively identify risk, understand customer behavior, and respond quickly to emerging threats are better positioned not only from a compliance perspective, but also from an operational and strategic one.
Looking ahead, I expect continued growth in the use of AI, advanced analytics, digital identity technologies, and automated investigations. The challenge for organizations won’t be deciding whether these technologies matter. It will be determining how to implement them responsibly, transparently, and in ways that can be clearly explained to regulators.
Ultimately, the future of AML belongs to organizations that can combine technology, data, and human expertise into a unified approach to risk management.
Looking ahead five years, what do you believe the AML and risk intelligence landscape will look like, and what should compliance leaders be preparing for today?
Five years from now, AML teams will be significantly smaller, and the work will be fundamentally different. I say that with confidence because the driver is already visible: data entry, which makes up the majority of AML work today, is disappearing from the process. Systems are becoming intelligent and increasingly self-sustaining across detection, monitoring, escalation, and processing. What remains for humans is what should have been the job all along: risk decisions.
There’s enormous inertia and friction on the path there. We see it even among our own clients. But the software marches forward regardless. The feature requests get more ambitious every quarter, the capabilities compound, and AI’s impact on this profession will ultimately match the impact of the internet itself. Organizations can move slowly, but they can’t opt out.
The biggest implication isn’t for analysts. It’s for leadership. AML evolved as a data management function, so the leadership role evolved to match: managing large workforces, running committees, standardizing processes, building board presentations. A significant portion of compliance leadership today spends most of its time in process rather than content, because that’s what managing a 200-person operation demands. That model breaks when the team shrinks and technology becomes the backbone of the program. When there’s no army to manage, the value of a leader is no longer organizational. It’s expertise. Leaders will need to be operationally proficient, genuinely expert in AML risk management, and capable of owning judgments rather than overseeing workflows.
Regulators are already pushing in this direction. Increasingly, regulators are holding senior compliance leaders personally accountable for the effectiveness of AML programs. That’s a preview of the future: programs designed around content over process, with named experts answerable for the quality of risk decisions, not the smoothness of the machinery around them.
So, what should compliance leaders prepare for today? Invest in your own operational expertise, not just your management skills. Get close to the actual work of detection and investigation before the systems make that knowledge the entire job. Build your program so technology carries the operational load, and your people carry the judgment. The leaders who make that transition will run leaner, sharper, more defensible programs than anything that exists today. The ones who don’t will find that the thing they were best at, managing the machine, no longer needs managing.
As a former AML practitioner and now CEO, how has your leadership style evolved, and what advice would you give founders building companies in highly regulated industries?
My leadership style has evolved substantially, and the honest reason is that everything we just discussed about AI changing our clients’ work has changed our work too. We live by what we preach.
I now see leadership as orchestrating systems rather than managing people who do work manually. Take software engineering. We used to write thousands, hundreds of thousands, millions of lines of code by hand, all that syntax. We don’t anymore. The AI writes the code, and our people orchestrate it. They architect, they design, they make decisions. The same is true across the company. We let technology carry the day-to-day, the data entry, the processing, and we’ve built a company of individual contributors instead of layers of management, committees, and policy apparatus. Nobody at Kinectify manages process for a living. Everyone contributes something.
That includes me. If I’m asking compliance leaders to be operationally expert rather than process managers, I have to hold myself to the same standard. So, I work hard at staying sharp on AML, the industries we serve, and the regulatory changes. I attend conferences and take them seriously. I’ll clear my schedule, sit in the sessions, listen, and get trained, because I have to be an individual contributor as well as a leader. I think that’s where everything is heading: the question for everyone, including CEOs, becomes what value you personally bring, what responsibility you hold, and what decisions you make, not what processes you manage.
For founders building in regulated industries, I’d offer three things.
First, deep domain expertise is the price of entry. You cannot build for compliance professionals from the outside. The product decisions, the workflows, even the words on the screen have to come from people who have actually done the work, because in this world a single poorly chosen phrase can stall a deployment with internal audit even when the underlying approach is sound. Speak the language of defensibility, not just innovation.
Second, respect the inertia, but don’t let it set your pace. Your buyers operate inside committees, policy reviews, and legitimate regulatory caution. Sales cycles are long and change is slow. Build for that reality: make your product defensible by design, make adoption low-risk, and be patient with the institution while staying relentless with the technology. The software marches forward even when organizations don’t.
Third, run your company on the principles you sell. If your product promises that technology can carry the operational load so humans can focus on judgment, your own company should be living proof. Nothing builds credibility with skeptical, risk-averse buyers like a vendor that visibly operates the way it’s asking them to operate.
