AI Moves Compliance From Detection to Investigation

AI Moves Compliance From Detection to Investigation

Watch more: The Digital Shift With Flagright’s Baran Ozkan

Financial institutions have traditionally treated compliance as a detection problem.

And, for years, they’ve put their money where their mouth is. Banks have invested heavily in transaction monitoring systems, sanctions screening engines, fraud platforms and machine learning models designed to identify suspicious behavior faster and more accurately.

But Baran Ozkan, co-founder and CEO at Flagright, told PYMNTS that the industry’s bottleneck has already shifted from detection to investigation.

“The bigger value for AI is on the investigation side,” Ozkan said during a recent discussion. “Detection doesn’t resolve the operational burden that follows.”

Even as detection systems improve, banks, FinTechs and crypto firms continue to face overwhelming alert volumes, forcing compliance teams to absorb rising downstream costs. Every alert still requires review, documentation, escalation decisions and audit-ready reasoning. Even false positives create operational expense because investigators still need to prove that no meaningful risk exists.

Advertisement: Scroll to Continue

“Every single false positive has a cost associated to it because someone actually has to work on it,” Ozkan said. “They have to investigate, make sure it’s not a true positive, there is no real risk and dispose it. But that all takes time. And time means money.”

For large institutions processing millions of alerts annually, those costs scale quickly. Ozkan estimated that resolving a single false positive can cost between $10 and $30, creating a burden traditional compliance infrastructure was not designed to absorb.

Those resolution workflows, he added, are becoming one of the clearest applications for generative artificial intelligence.

Shift From Detection to Resolution

Historically, compliance technology providers focused on improving detection quality through better data inputs, stronger behavioral models and more refined analytics. That work remains critical, but it addresses only part of today’s problem.

“There are few things we can do to minimize the number of false positives at the detection layer,” Ozkan said. “But downstream, we also need to worry about how do we actually do alert management, case management, so that when we are going through an audit, everything is explainable.”

That downstream investigation layer has historically remained highly manual. In many compliance functions, traditional machine learning systems and deterministic rules remain more reliable than generative AI.

But investigations present a different challenge — one centered on synthesis, contextualization and workflow acceleration. Analysts often spend significant time pulling fragmented information from onboarding systems, transaction records, customer relationship management platforms, spreadsheets and external databases before they can even begin evaluating risk. With AI, they no longer need to.

“With LLMs [large language models], we got a lot more firepower,” Ozkan said. “We can process many more signals. We can do basic reasoning. We can write narratives on behalf of humans, but still keep humans in the loop.”

He described a common Level 2 investigation in which a customer’s transaction behavior diverges from onboarding expectations. Historically, investigators might spend 15 or 20 minutes exporting CSV files, consolidating datasets and identifying anomalies before substantive analysis could even begin.

Today, many of those preparatory tasks can be automated.

“We already know what humans are looking for,” Ozkan said. “They’re looking for outliers.”

Rather than replacing investigators, AI is functioning as a force multiplier, compressing time spent gathering information while allowing analysts to focus on judgment and escalation decisions.

“All that’s left is for the human analyst to apply their judgment,” he added.

For Ozkan, the future of compliance AI depends less on replacing existing systems than on coordinating them intelligently — combining deterministic controls, machine learning models and generative reasoning inside workflows that remain defensible under regulatory scrutiny.

Solving for AI’s Explainability Problem

Still, the AI shift introduces a new challenge for compliance organizations: explainability.

“If you think about LLMs, they are inherently unexplainable,” Ozkan said. “In a regulated environment, everything needs to be explainable.”

The issue is becoming important as regulators demand clearer audit trails around how investigations are conducted and why decisions are made.

According to Ozkan, simply attaching a public LLM to a compliance workflow is insufficient.

“You need to have this full-blown infrastructure that can orchestrate mathematical functions, explainability, and how it reflects back to your standard operating procedures,” he said.

In modern compliance operations, finding risk is only the beginning. Resolving it efficiently and defensibly is becoming the real competitive advantage.

Watch the full interview with Flagright’s Baran Ozkan to hear more about:

Baran Ozkan is co-founder and CEO at Flagright, which offers an AI operating system for financial crime compliance.