Quantexa Survey Reveals Confidence Gap in Community Bank AML Defences

On paper, mid-size and community banks in the United States should feel secure. A recent survey found that 94% of anti-money laundering (AML) professionals at these institutions are confident in their ability to spot criminal activity. But confidence can be deceptive. Nearly half of those same professionals admitted their investigations are slow, inefficient, and undermined by outdated technology.

This tension – between confidence and capability – sits at the heart of a new study conducted by Quantexa, which surveyed 200 AML specialists. The findings shed light on an industry segment that rarely makes headlines yet plays a critical role in the American economy. These banks are the lenders of choice for small businesses and local communities. They are also increasingly on the front lines of a global financial crime problem that the United Nations Office on Drugs and Crime estimates drains $800 billion to $2 trillion each year, or roughly 2–5% of global GDP.

Large international banks often attract regulatory attention and media scrutiny, but smaller regional institutions face the same compliance expectations – with far fewer resources to meet them. Their teams are lean, their systems often dated, and their budgets stretched thin. That leaves them vulnerable to increasingly sophisticated criminal networks that exploit technological gaps as readily as legal ones.

The survey findings make the challenge clear. Almost half of respondents pointed to outdated systems, fragmented data, and the absence of real-time monitoring as their biggest barriers to effective AML. Others highlighted operational inefficiencies: investigations bogged down by high false positives and manual processes that drain limited staff capacity. Nearly half also acknowledged a lack of in-house expertise to modernise AML programmes.

“Mid-size and community banks are the heart of Main Street America, powering small business growth and local economies,” said Chris Bagnall, Head of Financial Crime Solutions for North America at Quantexa. “With financial crime evolving faster than ever and outdated systems leaving them exposed, these banks have a critical opportunity to harness better data and AI to make smarter decisions and protect the communities and businesses they serve.”

Yet technology is only part of the equation. Regulatory uncertainty compounds the problem. Forty-five percent of AML professionals surveyed said unclear guidance around new tools such as AI is slowing progress. The result is what many describe as “decision paralysis” – a reluctance to invest in innovation without clearer signals from regulators.

Despite these headwinds, there are signs of optimism. The vast majority of respondents see AI, contextual data, and real-time monitoring as essential to modernising their programmes. Nearly all (93%) said that information sharing between banks under Section 314(b) of the USA PATRIOT Act is critical for detecting illicit activity. Collaboration – both across institutions and with regulators – is increasingly seen as a way to level the playing field.

The report concludes with a call to action: modernise outdated systems, invest in people and processes, and move beyond static monitoring to dynamic, data-driven defences. The message is clear – failing to adapt risks leaving the institutions that power America’s local economies exposed to growing threats.

What emerges is more than a snapshot of survey data. It is a story of resilience under strain. Mid-size and community banks may be confident, but unless they bridge the gap between perception and reality, their confidence could prove misplaced. In an era when financial crime is evolving faster than ever, standing still is not an option.

Droit Expands Cloud Data Privacy Safeguards with ISO 27018 Certification

Droit, a RegTech firm best known for applying computational law to complex financial regulation, has added another layer of assurance to its cloud services. The company has achieved ISO/IEC 27018:2019 certification, an international benchmark for protecting personally identifiable information (PII) in public cloud environments.

This new certification sits alongside Droit’s existing ISO/IEC 27001:2022 and ISO/IEC 27017:2015 credentials, both of which were recently renewed. Together, the trio provides a framework that strengthens security and privacy practices for global financial institutions moving more of their infrastructure to the cloud.

Why ISO 27018 Matters

Data privacy is a regulatory priority across markets. ISO/IEC 27018 was developed specifically to help cloud service providers demonstrate that they manage personal data responsibly and in line with evolving global rules. Importantly, the standard aligns with the EU’s General Data Protection Regulation (GDPR), covering how organizations process and safeguard personal data.

Kaveh Moravej, Head of Information Security at Droit, said, “ISO 27018 is the world’s best-known privacy standard for the cloud and is a natural evolution from our ISO/IEC 27001 and ISO/IEC 27017 certifications. To successfully achieve ISO 27018, we augmented our existing security and privacy programs. This included working across the business on new protocols and raising awareness to ensure all the requirements of the standard were met. We are now able to more easily address existing and future, ever-changing global data privacy regulations and give our clients the confidence that we are fully aligned with their data privacy needs.”

For financial institutions, independent certifications are a form of assurance. They help firms demonstrate compliance while relying on vendors like Droit for cloud services. The external audit process confirmed that Droit’s controls meet internationally recognized benchmarks.

Peter Bals, Chief Technology Officer at Droit, said, “Droit’s ISO certifications underscore our commitment to the safeguarding of both cloud security and data privacy to build trust with the global financial institutions we serve. Achieving ISO 27018 provides independent validation of our focus on security and cements our position as a major cloud services provider. These best practice controls are integral to supporting clients on their cloud journeys.”

Broader Context

Droit’s step reflects a broader industry trend: as financial services continue to migrate sensitive processes into public cloud environments, clients expect not only robust security but also compliance with a patchwork of privacy regulations worldwide. Independent standards like ISO 27018 offer a common baseline, reducing complexity for firms operating across multiple jurisdictions.

By layering ISO 27018 onto its existing security certifications, Droit signals that its cloud services are designed with both resilience and regulatory alignment in mind – a factor that increasingly influences vendor selection in regulated financial markets.

Droit was audited by an external, independent, and accredited team as part of the ISO certification process.

CITGO Petroleum Implements Behavox Platform for Regulatory Archiving and Communications Surveillance

Behavox, the AI-powered communications surveillance provider, has announced that CITGO Petroleum Corporation has gone live with its platform for Regulatory Archiving and Communications Surveillance. CITGO, a major U.S.-based oil refiner, adopted the solution to strengthen its compliance programme and address evolving regulatory risks.

With the new platform, CITGO gains access to AI-driven risk policies, high-quality alerts, and advanced testing tools aimed at improving both protection and operational efficiency. Behavox deployed a dedicated implementation team to ensure rapid onboarding while minimising the workload for CITGO’s staff.

The launch highlights Behavox’s growing presence in the energy and commodities sector, where more organisations are seeking intelligent, scalable solutions to meet complex compliance requirements and operational challenges.

RepRisk Feeds Business Conduct Data into BlackRock’s Aladdin to Bolster ESG Oversight

Reputational risk specialist RepRisk has integrated its AI driven dataset—covering 100?+ risk factors across 400,000?+ public and private entities—into BlackRock’s Aladdin investment platform. The link gives portfolio managers real-time “outside in” alerts on corporate misconduct directly inside their trading and risk workflows.

“We are proud to serve the global asset management and asset owner community through BlackRock’s Aladdin® platform with RepRisk’s global standard for business conduct data, increasing performance and peace of mind,” said CEO Philipp?Aeby.

“We’re excited to expand our collaboration with RepRisk and provide our clients with access to comprehensive business conduct data,” commented Bernadette Rivosecchi, Managing Director and Head of Aladdin Sustainability. She continued, “The integration of RepRisk’s data into the Aladdin® platform expands the coverage of companies – especially in private markets – and risk factors, enabling our clients to make more informed investment decisions.”

The move complements RepRisk’s existing presence on BlackRock’s eFront platform for alternatives and tightens ESG surveillance amid rising regulatory scrutiny.

Nasdaq Verafin Pilots Agentic AI AML-Workers

Nasdaq’s anti financial crime arm, Verafin, is piloting a set of agentic AI ‘digital workers’ designed to handle the labour-intensive parts of anti money laundering (AML) compliance – tasks such as clearing false positive sanctions alerts and performing routine enhanced due diligence (EDD) reviews.

Financial crime teams remain under heavy pressure. In a survey of more than 200 industry professionals, Verafin found that threequarters of respondents had hired more staff over the past year, yet almost half still felt short of the resources and technology needed to keep pace with regulators. Automating low risk, high volume work promises a way to redeploy scarce human investigators to the complex cases that matter most.

What the AI Workers Do

• Sanctions screening agent: Reviews alert queues, fully documents low risk false positives, and escalates genuine matches for human follow up.
• EDD analyst: Automates scheduled customer risk reviews, closing straightforward low risk cases and flagging those that warrant deeper scrutiny.

Nasdaq’s anti financial crime arm, Verafin, is piloting a set of agentic AI ‘digital workers’ designed to handle the labour-intensive parts of anti money laundering (AML) compliance – tasks such as clearing false positive sanctions alerts and performing routine enhanced due diligence (EDD) reviews.

Financial crime teams remain under heavy pressure. In a survey of more than 200 industry professionals, Verafin found that threequarters of respondents had hired more staff over the past year, yet almost half still felt short of the resources and technology needed to keep pace with regulators. Automating low risk, high volume work promises a way to redeploy scarce human investigators to the complex cases that matter most.

What the AI Workers Do

• Sanctions screening agent: Reviews alert queues, fully documents low risk false positives, and escalates genuine matches for human follow up.
• EDD analyst: Automates scheduled customer risk reviews, closing straightforward low risk cases and flagging those that warrant deeper scrutiny.

Both tools are in beta, with a broader rollout expected later in the year.

Regulators have signalled growing tolerance for responsible AI deployment in compliance, provided firms maintain robust oversight. Independent AML consultants note that digital co-workers can cut investigation times but caution that firms will need clear audit trails if decisions are challenged.

Rob Norris, Verafin’s head of product, framed the initiative as a way to let compliance teams focus on “the important work of tackling serious financial crimes such as human trafficking, drug trafficking, and other facets of organized crime.”

If the beta proves reliable, banks could see a double benefit: reduced operational spend on routine alert handling and faster escalation of true risk, a combination some analysts say is essential as sanctions regimes and criminal typologies rapidly evolve. Both tools are in beta, with a broader rollout expected later in the year.

Regulators have signalled growing tolerance for responsible AI deployment in compliance, provided firms maintain robust oversight. Independent AML consultants note that digital co-workers can cut investigation times but caution that firms will need clear audit trails if decisions are challenged.

Rob Norris, Verafin’s head of product, framed the initiative as a way to let compliance teams focus on “the important work of tackling serious financial crimes such as human trafficking, drug trafficking, and other facets of organized crime.”

If the beta proves reliable, banks could see a double benefit: reduced operational spend on routine alert handling and faster escalation of true risk, a combination some analysts say is essential as sanctions regimes and criminal typologies rapidly evolve.

HK Government Backs ESG Compliance Provider Diginex

ESG reporting technology provider Diginex has received funding from the Hong Kong government to expand its artificial intelligence-driven functionality to help financial institutions meet sustainability compliance obligations.

The investment of an undisclosed sum follows the company’s US$2 billion acquisition of AI-driven data management and customer engagement business Resulticks Global Companies early in June.

Diginex said its expanded AI features will streamline ESG reporting processes. It will be “jointly developed with a leading financial institution through a co-creation collaboration model promoting commercialisation and wider adoption,” the company said.

The technology is built to enable compliance with regulations based on the Sustainability Standards Board (ISSB) and International Financial Reporting Standards (IFRS) frameworks.

KGI Securities Singapore Implements Scila Risk for Enhanced Multi-Asset Risk Management

Scila AB, the risk and surveillance solutions provider, has successfully deployed Scila Risk at KGI Securities Singapore, to support its equities and derivatives operations. The implementation consolidates KGI’s legacy risk systems into a single, multi-asset platform, covering equities, commodities, FX derivatives, and Spot FX. This move enhances operational efficiency, optimises collateral usage, and provides a unified view of risk exposure across asset classes.

Scila Risk’s real-time capabilities enable KGI to monitor and calculate risk across various instruments and markets, offering greater flexibility and scalability. The platform features advanced tools such as “time warp” analysis and “what-if” simulations, equipping KGI with deeper insights into market scenarios. The adoption of Scila’s solution marks a significant step in strengthening KGI’s risk management framework, positioning it for greater agility in responding to market changes and regulatory developments.

NeoXam Enhances Gérifonds’ Regulatory Compliance Capabilities

Gérifonds, a fund management subsidiary of Banque Cantonale Vaudoise (BCV), has expanded its long-standing relationship with software provider NeoXam, aiming to improve regulatory compliance and operational efficiency.

Operating in Switzerland’s demanding regulatory environment, Gérifonds manages 138 funds totalling CHF 21.6 billion. To navigate complex regulations – such as the Collective Investment Schemes Act (CISA) and associated ordinances (CISO and CISO-FINMA) – Gérifonds has adopted NeoXam’s Compliance solution to automate regulatory oversight.

NeoXam Compliance acts like an automated monitoring system, continuously evaluating portfolio positions for compliance breaches. If an issue arises, the system issues immediate alerts accompanied by a detailed audit trail, enabling Gérifonds to swiftly resolve breaches and maintain robust regulatory adherence.

The new capabilities build upon Gérifonds’ use of NeoXam’s GP investment accounting software, which has been in place for two decades. The combined solutions provide a streamlined workflow where anomalies are rapidly identified and resolved.

Philipp Sfeir, NeoXam’s Head of EMEA North, explained that while NeoXam Compliance comes pre-loaded with the “Swiss Rule Package,” users can add customized rules, enabling tailored compliance monitoring for investment-specific policies, including asset-type distributions and issuer concentration limits.

“In addition to the compliance offering, Gérifonds successfully utilises the latest generation of our investment accounting solution, GP4,” added Sfeir, highlighting the integrated approach Gérifonds employs to maintain operational effectiveness.

LeapXpert Acquires StartADAM and Broadens Channel Compliance Coverage

Communications compliance provider LeapXpert has acquired cross-platform messaging startup StartADAM extending its reach in the governed-messaging niche. Announced in New York on June 3, the deal folds StartADAM’s people, intellectual property, and product into The LeapXpert Communications Platform, adding fresh AI muscle, two new messaging channels, and three CRM connectors.

By integrating StartADAM’s agentic AI into LeapXpert’s existing intelligence layer (Maxen), the combined platform now auto-summarises threads and extracts action items in real time—functions that compliance and front-office teams typically bolt on via third-party add-ins.

“This is a natural evolution for our product and mission,” said Dima Gutzeit, Founder and CEO of LeapXpert. “StartADAM’s innovations in AI, Slack, Discord, and CRM will be deeply embedded into our platform—unlocking powerful new capabilities for our customers. It’s another important step as we scale the platform across new verticals, channels, and intelligence layers.”

New and expanded channels

Discord (in beta): Popular with gaming studios and crypto firms, Discord is edging into mainstream business use. LeapXpert says governed Discord support will shortly join its roster of WhatsApp, iMessage, SMS, Telegram, Signal, WeChat, and LINE.

Deeper integration with Slack: Corporate users can already route external chats through Slack, but the strengthened “Governed Mode” keeps them inside Slack while handling WhatsApp or other consumer apps in the background—key for advisors who live in channel-centric workflows.

CRM synchronisation: Native two-way sync with Salesforce, HubSpot, and Microsoft Dynamics means contacts, chat history, and context now flow automatically between front-office systems and messaging channels. Closing that loop is a common pain-point for firms juggling relationship data and retention rules.

“StartADAM shares our belief in intelligent, responsible business communication,” noted Avi Pardo, Co-Founder and CBO of LeapXpert. “We built StartADAM to reduce friction in business communications and add a layer of collective intelligence to conversations,” added Adam Stone, Co-Founder of StartADAM. “Joining LeapXpert gives us the reach and infrastructure to deliver on that mission at a global, enterprise scale.”

The announcement lands a few months after LeapXpert’s Portage-led Series B and a run of analyst recognition—including Most Innovative Trade Surveillance Solution in A-Team Group’s Innovation Awards 2025 and Visionary status in Gartner’s 2025 Digital Communications Governance & Archiving Magic Quadrant.

Less than 3 Months until Canadian OTC-Derivatives Trade Reporting Rewrite Enters Force

Canada’s long-awaited rewrite of its OTC-derivatives trade-reporting regime enters force on 25 July 2025, completing a multi-year effort by the Canadian Securities Administrators (CSA) to bring national rules into line with global data standards and the U.S. CFTC’s 2024 “swap-data” overhaul.? 

The amendments—first published in final form on 25 July 2024—touch every province and territory and will require virtually all swap dealers, clearing venues and many buy-side end- 

The new framework more than doubles the number of reportable data fields (from 72 to 148) and embeds the CPMI-IOSCO Common Data Elements alongside mandatory Unique Transaction and Product Identifiers, closing long-criticised cross-border gaps in the Canadian dataset.? 

A revised hierarchy now makes the “financial entity” among two Canadian dealers the default reporting party, while certain trades executed on recognised derivatives trading facilities shift the burden from dealers to the venue itself—moves designed to curb duplicate submissions and align with CFTC practice.? 

Error-handling rules have also tightened: firms must alert regulators to any “significant” inaccuracy as soon as practicable—and no later than the close of the next business day—bringing Canada into step with U.S. swap-data rules.? 

Technical specifications for every field, including XML schemas, sit in a new CSA Derivatives Data Technical Manual, giving market participants a single source of truth for permissible values and file formats. 

Implementation testing is already under way. DTCC’s designated Canadian repository opened a simulator on in March and followed with full end-to-end certification in April. Rival repositories have published near-identical schedules, leaving firms less than three months for defect remediation.? 

Legal advisers warn that buy-side entities relying on delegated arrangements will need to verify that new collateral, margin and lifecycle fields are correctly captured, while wealth-management affiliates may face position-level reporting for the first time.? 

For global dealers, the rewrite should simplify cross-border reporting once initial re-tooling costs are absorbed. By mirroring CFTC rule-text and embedding international Common Data Elements (CDEs), Canada removes a long-standing source of fragmentation that forced firms to maintain parallel mappings for ostensibly identical swaps.? 

Regulators, meanwhile, gain cleaner, more comparable data for systemic-risk surveillance—particularly valuable as interest-rate, commodities and crypto-linked derivatives volumes migrate between North American venues. With the clock ticking, market participants now face a tight—but achievable—window to finish development, certify with their trade repositories and lock down operational playbooks before the 25 July go-live. Failure to do so could leave firms unable to submit day-one reports and expose them to enforcement action from provincial regulators.?