Skip to main content

Looking for Valuant? You are in the right place!

Valuant is now Abrigo, giving you a single source to Manage Risk and Drive Growth

Make yourself at home – we hope you enjoy your new web experience.

Looking for DiCOM? You are in the right place!

DiCOM Software is now part of Abrigo, giving you a single source to Manage Risk and Drive Growth. Make yourself at home – we hope you enjoy your new web experience.

Looking for TPG Software? You are in the right place!

TPG Software is now part of Abrigo. You can continue to count on the world-class Investment Accounting software and services you’ve come to expect, plus all that Abrigo has to offer.

Make yourself at home – we hope you enjoy being part of our community.

AI AML/CFT Advisory Services AML Software AML Training Artificial Intelligence BSA Rules and Regulation Customer Due Diligence Financial Crime Financial Elder Abuse OFAC SAR Fraud Prevention

AML and cybersecurity in 2026: Driven by data and AI

Terri Luttrell, CAMS-Audit, CFCS
January 14, 2026
0 min read
A panel of experts from top regulatory supervisory agencies compiled 10 AML hot topics to look out for in 2022

AML and cybersecurity in 2026

Criminals are exploiting gaps between cybersecurity defenses and anti-money laundering (AML) controls, making it critical for financial institutions to build stronger connections between these risk areas. As fraud schemes become more data-driven and cyber-enabled, the convergence of AML and cybersecurity programs is no longer optional; it is essential.

Cybercriminals are increasingly leveraging online platforms, real-time payments, and emerging technologies to move illicit funds more quickly and covertly. In 2026 and beyond, financial institutions that adopt integrated strategies and apply data-driven AI tools across cyber and AML functions will be better equipped to detect threats early, meet regulatory expectations, and maintain customer trust.

Siloed functions increase exposure

At many community financial institutions, AML and cybersecurity responsibilities have traditionally been handled in separate departments. AML and fraud teams monitor transactional activity and customer behavior, while cybersecurity teams focus on external threats, such as phishing, malware, and system vulnerabilities. This separation made sense when risks were more compartmentalized.

Today’s financial crimes are increasingly complex, often beginning with a cyber event and ending with a financial transaction. Without collaboration across teams, institutions risk missing early warning signs or failing to connect related pieces of information. In some cases, this has led to delayed investigations or missed opportunities to prevent losses.

These blind spots can have serious consequences, including regulatory scrutiny, financial impact, and reputational harm. Building stronger connections between AML, fraud, and cybersecurity teams enables institutions to develop a more comprehensive picture of risk and respond more effectively.

Staying on top of fraud is a full-time job. Let our Advisory Services team help when you need it.

Connect with an expert

Integration for better risk management

The rise in business email compromise, ransomware, cryptocurrency laundering, and data breaches underscores the need to unify AML and cybersecurity efforts. When AML and cybersecurity teams collaborate, they can correlate cyber indicators with financial activity. This strengthens detection and enhances the quality of cases filed with law enforcement or regulators.

The FBI’s Internet Crime Complaint Center (IC3) reported that U.S. institutions lost over $16 billion in fraud in 2024. These losses have persisted into 2025 with no signs of slowing. Institutions that treat these events as separate issues will fall behind. Funds obtained through cybercrime must still be laundered, underscoring the importance of connecting AML and cyber programs to manage risk effectively.

The following scenario illustrates the difference a combined program can make when it comes to investigating suspicious activity:

A financial institution may notice a surge in business email compromise attempts, including phishing emails targeting finance staff. Their cybersecurity team flags suspicious login activity tied to foreign IP addresses and unauthorized attempts to access business accounts. At the same time, AML staff may observe a pattern of new accounts conducting high-velocity transactions shortly after initial funding.

If the institution had integrated its AML and cybersecurity tools, investigators would be able to use “accept without post” functionality to delay outgoing payments and investigate further. Behavioral analytics can detect mule activity, allowing the case team to quickly file a Suspicious Activity Report (SAR) that includes critical cyber indicators, such as IP addresses and virtual wallet information. Law enforcement can then use this information to connect related cases and trace the flow of illicit funds.

Support for integrating AML and cybersecurity tools

FinCEN’s advisory on cyber-enabled crime encourages institutions to incorporate cyber elements such as IP addresses and virtual wallet IDs into suspicious activity reports. These details help law enforcement connect financial and cyber evidence, improving investigations and outcomes. Although this guidance is not new, it reflects the growing expectations of regulators. Including data-driven AI insights from threat feeds and forensic tools enhances both detection and reporting.

As institutions plan for 2026 risk management, staffing evaluations will play a critical role. Effective convergence of AML and cybersecurity requires specialized knowledge in both disciplines, especially as artificial intelligence and machine learning become increasingly common in surveillance tools.

AML staffing assessments can help institutions:

  • Identify gaps in skill sets or coverage areas
  • Allocate resources strategically across overlapping functions
  • Prepare for increased fraud activity tied to digital channels and emerging threats
  • Support continuity planning for key roles, such as the AML officer or fraud investigator

Staffing assessments also demonstrate regulatory readiness and help ensure that compliance functions remain effective, even in the face of turnover or increased workload.

The role of predictive analytics and AI in financial crime detection

As the financial crime landscape evolves, so must your institution’s approach to detection and reporting. Data-driven AI tools help institutions identify anomalies and emerging trends more quickly, but their effectiveness depends on continuous validation and refinement.

Incorporating model governance practices is now an expectation. Financial institutions should document how input variables are selected, justify threshold settings, and perform routine validations to ensure AI model outputs remain reliable. These practices not only enhance accuracy but also enable institutions to meet regulatory expectations for explainability in AI models and informed risk-based decision-making.

By applying above-the-line and below-the-line testing techniques, institutions can improve the effectiveness of their AML and fraud detection systems. These approaches allow teams to identify which alerts were missed (below the line) and which alerts were triggered but ultimately deemed irrelevant (above the line). Incorporating this type of backtesting helps fine-tune thresholds, reduce false positives, and ensure that high-risk activity is not overlooked. This ongoing validation process demonstrates a risk-based approach to monitoring that regulators increasingly expect. Predictive intelligence is a forward-looking capability that gives institutions a proactive edge in identifying and responding to new threats.

2026 readiness checklist for AML and cybersecurity

The following are key actions your institution can take now to bridge security gaps:

  • Conduct a joint staffing assessment across AML and cybersecurity teams
  • Integrate cyber threat intelligence into AML monitoring systems
  • Perform above-the-line and below-the-line testing
  • Enhance SAR narratives with cyber-related data fields
  • Invest in data-driven AI tools and backtesting capabilities to strengthen detection

The bottom line

AML and cybersecurity functions are converging out of necessity. Institutions that take steps now to integrate data, systems, and teams will be better equipped to address the risks ahead. Whether it is preventing instant payment fraud, aligning with FinCEN guidance, or navigating new regulatory scrutiny, your institution’s readiness will depend on people, processes, and technology working in harmony. With the correct data and the right tools, financial institutions will not only respond to threats but also anticipate and mitigate them.

 

Find out how Abrigo Fraud Detection stops check fraud in its tracks.

Learn more
Webinar

2026 Nacha-Ready: Navigating Nacha Rule Changes & ACH Compliance

Read More
Webinar

Hot topics in AML & fraud: What to watch in 2026

Read More
Webinar

The future of ACH Fraud: Trends, threats, and the new front line

Read More
About the Author

Terri Luttrell, CAMS-Audit, CFCS

Compliance and Engagement Director
Terri Luttrell is a seasoned AML professional and former director and AML/OFAC officer with over 20 years in the banking industry, working both in medium and large community and commercial banks ranging from $2 billion to $330 billion in asset size.

Full Bio

About Abrigo

Abrigo enables U.S. financial institutions to support their communities through technology that fights financial crime, grows loans and deposits, and optimizes risk. Abrigo's platform centralizes the institution's data, creates a digital user experience, ensures compliance, and delivers efficiency for scale and profitable growth.

Make Big Things Happen.