AI is lowering due diligence thresholds, shifting risk assessments to the start of business processes, and helping companies answer a more fundamental question: not just ‘can we?’ but ‘should we?’ But this transformation is not universal. The right AI strategy determines whether compliance hinders growth or drives it.

Three forces reshaping risk management

From compliance to strategy

Risk management has moved from a regulatory requirement to a business priority. Companies operate in data-rich environments with increasingly complex frameworks like anti-money laundering (AML) and anti-bribery and corruption (ABC). AI-powered automation processes vast amounts of data with speed and accuracy, ensuring risks are identified early.

Regulatory complexity

Rules governing ABC, environmental, social and governance (ESG) standards, trade compliance, and AI ethics continue to evolve. Some shifts disrupt entire industries, while others introduce incremental but critical compliance requirements. AI helps firms track legal updates in real time, keeping policies aligned with emerging regulations.

Beyond financial crime

Companies are expanding their risk lens to include ethical, environmental, and social factors. Investors, regulators, and consumers are scrutinising corporate accountability more than ever. AI’s ability to analyse large datasets, including media reports and regulatory filings, enables firms to assess reputational risks with greater precision and agility.

Dynamic due diligence, not a one-time check

Traditional due diligence is static, offering a snapshot in time rather than an ongoing view of risk. Yet our clients report that the greatest risks, and regulatory fines, arise from ongoing relationships, not just onboarding. Risks evolve, and due diligence must be dynamic and interactive, not a one-off exercise.

This is why dynamic due diligence is becoming a key priority. It consists of two core elements:

Real-time, interactive insights

Standard due diligence relies on static databases that are manually updated and traditional reports that take days to produce, following a fixed template. In contrast, AI-powered solutions such as Xapien deliver live, real-time data. Reports are interactive, allowing users to ask follow-up questions and interrogate the findings. If an initial report highlights a potential issue, such as a questionable business relationship, it is possible to instantly dig deeper, rather than commissioning a new report.

Additionally, reports can be customised, with users able to build their own sections. For instance, if a report flags X’s connection to Y, this insight can be expanded into a dedicated section, refining the analysis in real time.

Ongoing monitoring and alerts

Due diligence needs to extend beyond the moment of onboarding. Xapien is currently testing a monitoring functionality, with a fully customisable system expected later this year. It will allow organisations to track risks dynamically, receiving alerts when new information emerges about a subject. Whether it’s a sanction update, regulatory action, or a reputational red flag, companies will no longer be caught off guard by developments that could impact their operations.

Lowering due diligence thresholds

Traditionally, due diligence focused on high-risk entities, often based on financial thresholds, scrutinising accounts over £250,000 while ignoring smaller transactions. AI makes it possible to lower thresholds to £25,000 or less, uncovering hidden risks and reducing exposure to financial, legal, and reputational harm.

More significantly, AI enables earlier risk detection. Due diligence often happens late, after deals are already in motion, creating unnecessary risk.

A fintech company we work with previously had one MLRO handling compliance. Due diligence reports took a full day, a delay that was unsustainable for a growing business. By integrating AI, the company moved due diligence to the start of the process. Instead of sales teams finding partners only for compliance to reject them later, compliance could now screen prospects upfront.

This shifted the dynamic. Rather than saying “no” at the end, compliance guided effort in the right direction from the start, allowing the company to scale significantly faster.

Beyond checklists, toward insight

Many financial institutions conduct KYC checks but gain little real insight into their clients. At the end of the process, they have fulfilled regulatory requirements yet remain uninformed about customer backgrounds, risks, and opportunities.

AI changes this by aggregating external data sources, providing deeper visibility into client profiles. In private banking, for example, AI-powered analysis helps banks assess risk more accurately while enabling relationship managers to better serve clients. This mitigates risk while strengthening customer relationships and creates new business opportunities.

From client onboarding to client selection

Compliance teams are increasingly assessing third parties not just for AML or ABC risks but also for reputational concerns. Law firms using AI for due diligence have shifted their focus from “client onboarding” to “client selection.”

The assumption is no longer that a firm will work with every potential client. Ethical considerations, reputational risks, and strategic alignment now shape decisions. No database can answer a “should we” question, but AI makes deep due diligence possible at scale, reducing analysis time from days to minutes.

AI’s limitations in back-office operations

Despite its promise, AI in compliance’s effectiveness depends on specificity and calibration. Generic models struggle with industry complexities for several reasons:

Entity resolution and misidentification

Searching for "Chris Green" could yield hundreds of unrelated results. AI must reconcile records across sanctions lists, corporate filings, media, and legal documents while handling transliterations and multilingual variations. Errors increase regulatory and operational risk.

Inconsistent AI responses

Large language models (LLMs) vary based on phrasing. “Has Roman Abramovich been sanctioned?” may return a yes or no answer, while “Tell me about sanctions targeting Roman Abramovich” could generate a more nuanced response. In regulatory contexts, this variability is a challenge.

AI fabrications and reliability risks

AI-generated “hallucinations,” where models present false information as fact, remain a serious concern. An AI model might infer that an oligarch “loves swimming” from a mention of a pool construction. Inaccuracies undermine trust, making validation and oversight essential.

The limits of automation

AI can process vast datasets but lacks human judgment. Risk assessment requires contextual interpretation, which AI alone cannot provide. The challenge is designing AI to enhance, not replace, human expertise, balancing automation with informed decision-making.

The future of AI in compliance

AI is changing how businesses assess risk. Traditional processes were slow and reactive, often missing critical risks. Now, AI enables earlier, deeper, and more strategic risk management.

However, AI must be specific and tailored to its use case. Generic models struggle with the nuances of compliance, risk, and regulatory oversight. The effectiveness of AI depends on how well it is calibrated to industry-specific challenges, regulatory environments, and the evolving nature of risk.

As businesses adapt to regulatory complexity and shifting risk landscapes, AI will be a competitive differentiator. The companies that use it well, deploying targeted, domain-specific AI solutions, will not just stay compliant, but will make better decisions and move faster than their competitors.

For more startup news, check out the other articles on the website, and subscribe to the magazine for free. Listen to The Cereal Entrepreneur podcast for more interviews with entrepreneurs and big-hitters in the startup ecosystem.