Course Details

This module provides a comprehensive walkthrough of the regulatory frameworks that govern AI in financial crime compliance programs. It covers the BSA, PATRIOT Act, FinCEN guidance, FATF standards, SR 11-7 model risk management, the NIST AI RMF, the Financial Services AI RMF, the EU AI Act, and the Financial Services AI Lexicon. It explains how each framework applies to AI systems and what obligations they create, with particular emphasis on the principle that AI does not transfer compliance accountability and that governance obligations follow operational influence rather than vendor labeling or technical architecture. It also covers what examiners specifically look for when evaluating AI-enabled compliance programs.

This module builds the AI literacy foundation required for everything else in the curriculum. It covers the four AI system types used in financial crime; rules-based, machine learning, generative AI, and agentic AI and what governance each requires. It introduces the three core governance properties that run through the entire curriculum: explainability, defensibility, and auditability, explaining how they differ and how they can fail independently. It also covers automation bias, the AI lifecycle, risk tiering, the distinction between decision-support and automated decisioning, black-box models, and what examiners look for when evaluating AI governance in practice.

This module maps how AI is deployed across the full financial crime compliance lifecycle and what governance each use case requires. It covers AI in CIP and onboarding, customer due diligence, enhanced due diligence, transaction monitoring, alert triage and prioritization, investigations, SAR escalation, fraud detection, sanctions screening, adverse action and de-risking, correspondent banking, and emerging typologies including human trafficking and environmental crime. It explains the specific governance risks AI introduces at each stage, why upstream errors propagate downstream, what silent deprioritization looks like, and how quality assurance programs must evolve to detect AI-related compliance failures.

This module focuses on why data governance is the dominant risk factor in financial crime AI. It covers data sources and their limitations, data lineage as a regulatory expectation, label risk and why financial crime labels are not ground truth, class imbalance and why headline accuracy metrics mislead, proxy discrimination and disparate impact testing, Regulation B explainability obligations, feedback loops, workflow automation risk, model drift and regime change, and the tradeoffs between accuracy, fairness, and explainability. It explains how each of these risks manifests in practice and what governance controls address them.

This module addresses how to govern, validate, and monitor AI models in financial crime programs using the SR 11-7 framework as the primary anchor. It covers what qualifies as a model under the functional definition, model inventory requirements, roles and responsibilities across the three lines of defense, conceptual soundness assessment, effective challenge, explainability standards in validation, ongoing monitoring, outcomes analysis and backtesting, threshold governance and change control, documentation standards, and how agentic AI systems are classified and validated. It prepares practitioners to evaluate whether model governance is genuine rather than procedural.

This module deals with the institutional structures, oversight mechanisms, and lifecycle governance that make AI governance real rather than documented. It covers how to integrate AI governance into BSA/AML structures, board and senior management oversight obligations, AI governance committee design, use case approval and risk acceptance, human oversight design and automation bias management, workforce training and metrics, incident management, decommissioning, internal audit, harm assessment, and professional accountability. It also introduces the AI Governance Maturity Assessment, an eight-dimension, five-level diagnostic framework that practitioners use to evaluate where their institution stands, identify gaps, prioritize remediation, and demonstrate governance trajectory to boards and regulators.

This module addresses the most complex and heavily tested governance challenge in the curriculum: agentic AI systems that make compliance determinations autonomously across multi-step action sequences. It explains the three structural differences agentic AI creates, distributed decision authority, compounded opacity, and scale-amplified error propagation and why these require governance frameworks beyond those applicable to conventional AI. It covers action sequence mapping, threshold governance, the tripartite framework applied at institutional, decision, and action sequence levels simultaneously, human oversight design for agentic programs, board oversight obligations, incident response, examiner defense, multi-agent architectures, and vendor evaluation. Every subsequent module applies the framework established here.

This module examines what changes and what does not, when AI is deployed through vendors, fintech partners, or embedded platform arrangements. It establishes that institutional accountability is non-negotiable regardless of who built the system, then covers vendor due diligence, black-box model governance, contractual controls, fintech partnership risks, BNPL and embedded finance AI, and the specific obligations that apply to third-party AI in agentic contexts. A significant portion of the module is dedicated to recognizing and evaluating eight common vendor marketing patterns in the current AML AI market, equipping practitioners to distinguish genuine governance from governance language used as a sales tool.

This module focuses on generative AI in SAR investigations and filings, the highest-stakes AI application in financial crime compliance. It covers the SAR legal framework and why it does not accommodate AI exceptions, the distinction between AI as decisioning versus assistance, hallucination risk, and the critical difference between hallucinated facts and hallucinated legal conclusions. It then works through the controls required to make generative AI defensible in SAR workflows: source-bound drafting, human verification standards, audit trail requirements, QA sampling designed specifically for AI failure modes, governance of AI in examination responses, and record retention and e-discovery obligations for AI-generated content.

This module tackles AI governance in sanctions compliance, the most demanding environment in financial crime because strict liability means false negatives are legal violations regardless of intent or automation error. It covers OFAC’s regulatory framework, how AI enters sanctions screening through name matching and entity resolution, beneficial ownership analysis under the 50 Percent Rule, the asymmetric risk profile requiring false negative prevention over efficiency, secondary sanctions complexity, documentation and evidence standards for clearance decisions, human review and escalation governance, and how AI influences enforcement outcomes as either an aggravating or mitigating factor. The module repeatedly reinforces that AI outputs are evidence inputs, not clearance authority.

This module extends the governance framework to two distinct but connected environments: non-bank financial institutions and virtual asset service providers. It covers the non-bank regulatory landscape, how enforcement-driven supervision raises rather than lowers governance stakes, the scale-governance tradeoff that drives substitution drift in high-velocity programs, proportional governance standards for smaller institutions, and common non-bank typologies requiring AI designed for those environments. It then addresses the virtual asset ecosystem, VASP regulatory obligations, the Travel Rule, how blockchain analytics tools work and what their probabilistic limitations mean for compliance governance, cryptoasset typologies, and OFAC sanctions screening in virtual asset contexts.

This module examines how AI regulation is shifting from voluntary guidance to binding law globally, with the EU AI Act as the primary focus. It covers the Act’s extraterritorial scope, its functional definition of AI systems, the four-tier risk classification framework, prohibited practices, the mandatory obligations that attach to high-risk AI systems, and the distinction between provider and deployer responsibilities. It explains why satisfying SR 11-7 or GDPR does not satisfy EU AI Act requirements, how role creep from deployer to provider can occur without a deliberate decision, and how the EU and U.S. approaches differ in architecture while converging on the same underlying governance expectations. It equips practitioners to assess EU AI Act applicability and design governance that satisfies both frameworks simultaneously.

This module addresses the practitioner-level judgment that determines whether AI governance holds up under scrutiny. It covers how to communicate AI risk to senior management in ways that enable genuine accountability, how to engage effectively with examiners and auditors, how to defend AI-influenced decisions through the tripartite framework, and how to document tradeoffs and limitations as governance artifacts. It also addresses when AI should not be deployed, the distinction between ethics and compliance and why they cannot substitute for one another, personal professional accountability and the consequences of governance failures, and how to design AI governance frameworks that remain defensible as technology, regulation, and institutional pressure evolve.