$3 Billion and 28 Days: The End of Check-the-Box Compliance Artwork

The Compliance Coffee Break

The Compliance Coffee Break is the candid podcast for BSA officers, AML professionals, and compliance leaders navigating the collision of financial crime regulation and AI. Hosted by an AI-generated voice — by design — and grounded in 40 years of frontline expertise from Dominic Suszek, founder and CEO of Global RADAR, every episode unpacks what's actually changing in BSA, AML, KYC, sanctions screening, FinCEN priorities, and the AI agents now entering regulated workflows. What you'll get in every episode: - Plain-English breakdowns of FinCEN rulemaking, OCC bulletins, FDIC and NCUA guidance - AI in compliance: when to deploy, how to govern, where to keep your hand on the hammer - Real enforcement stories (TD Bank's three-billion-dollar guilty plea, and more) - Examiner-room playbooks for KYC, SAR filing, model risk management, and third-party oversight - The honest tension between throughput and rigor in a post-checklist effectiveness standard - Concrete "this week, this month, this quarter" action items for compliance officers Built for community banks, credit unions, MSBs, fintechs, broker-dealers, and any institution where compliance professionals have to make real judgment calls in 2026 and beyond. A Global RADAR production. Visit globalradar.com for show notes, frameworks, and the upcoming book.

All Episodes

The Compliance Coffee Break

$3 Billion and 28 Days: The End of Check-the-Box Compliance

May 20, 2026 • Dominic Suszek, CEO of Global RADAR • Season 1 • Episode 1

0:00 | 29:42

On April 7, 2026, eighteen months after TD Bank paid $3 billion to settle the largest AML enforcement action in U.S. history, FinCEN proposed the biggest rewrite of the BSA (Bank Secrecy Act) compliance framework in twenty-five years. The message to the industry: having an AML compliance program isn't enough anymore. It has to actually work. Twenty-eight days later, Anthropic shipped a pre-built KYC agent. It was the first time a frontier AI lab put a named, deploy-ready anti-money laundering tool into the hands of every U.S. bank.

In this pilot episode of The Compliance Coffee Break, host Mark (an AI-generated voice, and that's the point) sits down with Dominic Suszek, founder and CEO of Global RADAR and a four-decade veteran of the BSA framework, to get into the most consequential 28 days in financial crime compliance history.

What you'll hear:

The new effectiveness standard: why having an AML program isn't enough anymore
TD Bank's $3 billion guilty plea and what it taught regulators
Anthropic's KYC screener and 10 finance-ready AI agents: what they actually do
The five-step framework for AI governance every BSA officer needs in 2026
Where the human still has to hold the hammer: judgment, sanctions screening, SAR filings
What an examiner will ask when AI runs your KYC workflow in 2027
Three failure modes to watch for before you deploy
The "Use the hammer. Keep your hand on it." playbook

This is the conversation every U.S. bank, credit union, MSB, and fintech should be having right now. Most aren't.

Show notes, the five-step framework, and links to all primary sources at globalradar.com.

Topics covered: BSA, AML, KYC, sanctions screening, SAR filing, FinCEN AML/CFT Priorities, OCC, FDIC, NCUA, SR 11-7 model risk management, OCC Bulletin 2011-12, AI compliance, Anthropic Claude, KYC agent, AI governance, third-party risk, financial crime compliance, banking regulation, regulatory effectiveness standard.

A Global RADAR production.

SPEAKER_03 0:00

Right now, we're standing at the intersection of a massive regulatory shift and a major technological breakthrough. For over 50 years, AML compliance was a checklist. You followed the instructions, you verified the customer, you ticked the box. On April 7th, 2026, FinCEN changed the rules of the game. Your program now has to prove it actually works. Four weeks later? Anthropic released an AI agent built to execute exactly that kind of complex reasoning. FinCEN changed what we have to do. AI just changed how we can do it. Almost nobody has connected these two events yet, separated by just 28 days. And together, they're about to rewrite our industry. I'm here to break it down for you. We're broadcasting from the Global Radar Studio. This is the Compliance Coffee Break. It's May 19th, 2026. Welcome to a special kickoff episode, the first in a brand new series dedicated to raising awareness and unpacking the most critical issues in anti-money laundering compliance and technology. I'm your host, Mark. And before we go any further, full transparency. I am not a real person. I'm an AI-generated voice. This entire podcast was produced using AI. And we did that on purpose. Two reasons. One, to show you what AI is genuinely capable of in 2026. The voice you're hearing, the conversation you're about to listen to, the production around it, all of it. AI. Two, to use AI itself to carry an important message to one of the most complex, highest stakes industries in the world. Anti-money laundering compliance. A message about being deliberate with this technology, about keeping a human hand on the work that matters most. About the difference between using a tool and being used by one. One more thing, because it matters. The script itself was written by Dominic Susak, CEO and founder of Global Radar. He prepared it carefully, fully aware of how AI shapes every word a podcast like this carries. But the foundation, every observation, every framework, every line of judgment comes from his 40 years doing this work from the inside. The voices are AI. The thinking is his. That's the whole point. AI is the tool. The human is the source. You'll understand exactly what I mean as we go. Grab your coffee, let's dive in. And to break this all down, I'm joined by one of the sharpest voices in BSA and AML compliance, a four-decade veteran of the framework who started his career as a teller in Miami Beach in 1984, ground zero for money laundering, and went on to found one of the original compliance technology firms. He's the founder and CEO of Global Radar. Please welcome Dominic Sujek to the show.

SPEAKER_01 2:57

Mark, thanks. Really glad to be here. And honestly, I'm glad we're having this conversation. Because what FinCEN did in April and what Anthropic did three weeks later, that's the conversation every bank should be having right now. And from what I'm seeing, hardly any of them are.

SPEAKER_03 3:13

So let's start it. Let's start it. Alright, May 5th. What did Anthropic actually do?

SPEAKER_01 3:20

So, New York, invite-only briefing. Anthropic brings in a room full of finance industry people, and they drop three things at once. Three. Three. First, new model. Claude Opus 4.7, their most capable model tuned specifically for finance work.

SPEAKER_02 3:40

Okay.

SPEAKER_01 3:41

Second, and this is the headline: 10 pre-built AI agents specifically for financial services workflows. Not chatbots, not go figure it out yourself, production ready templates.

SPEAKER_03 3:54

Pre-built. So a bank doesn't have to engineer anything?

SPEAKER_01 3:58

That's exactly the point. And third, Microsoft 365 integration. Word, Excel, PowerPoint, Outlook coming soon. Native. So this lives inside the apps your team is already in every day.

SPEAKER_03 4:11

Okay, so back to the agents. Ten of them.

SPEAKER_01 4:14

What kinds of work? Mix of front office and back office. On the front office side, they've created a pitch deck builder that pulls comps and drafts decks. They've created a meeting prep tool. They've created an earnings reviewer that reads transcripts and flags what's changed for your model. And they've created a financial model builder.

SPEAKER_02 4:35

Okay.

SPEAKER_01 4:35

And then the back office side. This is where compliance officers need to pay attention. General ledger reconciler, month end closer, financial statement auditor, and KYC screener. KYC Screener.

SPEAKER_03 4:53

There it is. There it is. Why does that one matter more than the others?

SPEAKER_01 4:59

Okay, you gotta sit with this for a second. This is the first time, first time, a Frontier AI lab has shipped a pre-built named Ready to Deploy KYC Agent. Not use our API. Not Claude is generally capable. A template literally called KYC Screener that you plug in and run. Hmm. Why does that matter? Because Anthropic has done the workflow design. They've decided KYC is worth building an agent around. They've defined the inputs and outputs. They've packaged it.

SPEAKER_03 5:33

So previously a bank had to do all that themselves.

SPEAKER_01 5:37

Right, which means most banks didn't. Or they did a pilot that died in committee. This skips all that. It turns AI and compliance from a five-year RD conversation into a six-week procurement conversation. That's the shift.

SPEAKER_03 5:53

That's a big shift. It's a huge shift. Quick aside on the money. There's also a $1.5 billion joint venture announcement here. Anthropic, Blackstone, Hellman and Friedman, Goldman Sachs, plus a bunch of other investors. What's that about?

SPEAKER_01 6:11

That's the infrastructure that delivers all this. Anthropic, Blackstone, Hellman, they each put in about $300 million. Goldman's at $150. Apollo, General Atlantic, Sequoia, GIC, Leonard Green, they round it out to the 1.5.

SPEAKER_03 6:27

That's not a sponsorship.

SPEAKER_01 6:29

That is not a sponsorship. That's a serious operating company being built to deliver AI services into the largest banks in the world over the next two years.

SPEAKER_03 6:39

Okay, so what's the headline for the BSA officer listening right now?

SPEAKER_01 6:43

One word. Inevitable. AI and financial services compliance has gone from optional to inevitable. Not in five years, 18 months. You're going to be in a labor market where your competitor has an AI doing first pass KYC, first pass GL reconciliation, first pass financial statement work.

SPEAKER_03 7:06

The question is no longer should we use this? It's how do we use this without it blowing up in our face? Bingo. Which is the FinCEN conversation.

SPEAKER_01 7:16

Which is the FinCEN conversation.

SPEAKER_03 7:19

Walk us through the April 7th rule. What actually happened?

SPEAKER_01 7:23

Okay, April 7th, FinCEN, and this matters, jointly with the federal banking agencies. OCC, FDIC, Federal Reserve, NCUA, all of them. They propose a rule that re-anchors BSA and AML programs around an effectiveness standard.

SPEAKER_03 7:41

Effectiveness standard. Translate that for me.

SPEAKER_01 7:45

For 25 years, the question an examiner asked was: Do you have the four pillars in place? Internal controls, BSA officer, training, independent testing. Have them, your compliant.

SPEAKER_03 7:59

Right. Check the box.

SPEAKER_01 8:01

Check the box. The new rule changes the question. Now they're asking, is your program actually working? Is it implemented in all material respects? Is your risk assessment formally tied to FinCEN's AML and CFT priorities? Which are the priorities again? There are eight. Corruption, cybercrime, terrorist financing, drug trafficking, fraud, transnational crime, proliferation, human trafficking.

SPEAKER_02 8:31

Okay.

SPEAKER_01 8:32

Comments are due June 9th. Final rule, late 2026 or early 2027. Then a 12-month implementation runway. So binding effective date, late 2027, early 2028.

SPEAKER_03 8:47

And TD Bank fits in here how?

SPEAKER_01 8:49

TD Bank is the cautionary tale that forced this rewrite into existence. Okay. October 2024. $3 billion coordinated penalty. Guilty plea, an actual guilty plea to money laundering conspiracy. Largest BSA action in US history against a depository institution.

SPEAKER_03 9:10

3 billion. 3 billion. And the bank pled guilty. Pled guilty. That's not normal.

SPEAKER_01 9:19

Not normal. And here's the part every BSA officer should sit with. TD had the checklist, SARs got filed, transaction monitoring ran, KYC records on file, audits conducted, board got its reports, every procedural element of the framework in place. But there was no substance behind it. The analysis behind each box was incomplete, or miscalibrated, or just not happening at the volume their risk profile required. So the new rule? That's the regulator's direct response to that gap.

SPEAKER_03 9:55

Okay, make this concrete. Use CDD as the example. C D.

SPEAKER_01 10:01

Today, an analyst opens the customer file, reads the IDs, checks the sanctions hit, reviews source of funds documentation, makes a risk rating judgment, files the checklist.

SPEAKER_00 10:16

Yeah.

SPEAKER_01 10:17

At a community bank? That's a 30-minute job per customer. Multiply by every new account that week, every annual refresh.

SPEAKER_03 10:26

That's a staffing problem.

SPEAKER_01 10:28

It's a permanent staffing problem. Now, under the old world, your program is compliant if you have the policy and the checklist gets filled out. Under the new effectiveness standard, your program is only compliant if you can show that the CDD process is actually identifying the customers who pose the risk.

SPEAKER_03 10:48

Different bar.

SPEAKER_01 10:49

Very different bar.

SPEAKER_03 10:51

So the agent shows up.

SPEAKER_01 10:53

Agent runs the first pass, reads the documents, runs the screening, drafts the risk rating rationale, surfaces the cases that need a human. The analyst's job shifts from process every file to review the cases the agent flagged, plus a sampled population the agent cleared.

SPEAKER_03 11:11

Which is actually better.

SPEAKER_01 11:13

Done well, yeah. Structurally more effective program. Because the human attention is going where the risk actually is.

SPEAKER_03 11:22

Done well.

SPEAKER_01 11:23

There's the qualifier.

SPEAKER_03 11:25

And that's where the conversation gets serious. That's where it gets serious. Here's the tension I want to push on. The new FinCEN rule asks for more rigor. The AI agent promises more throughput. Are those compatible?

SPEAKER_01 11:39

They have to be. Both demands are real. You can't ignore the rigor. You can't ignore the throughput. The synthesis looks like this. The agent handles work that's volume-driven and pattern driven, initial KYC screening, alert triage, transaction monitoring tuning suggestions, SAR narrative drafting, documentation completeness checks. The human handles work that's judgment-driven and consequential. Final risk rating sign-off. SAR filing decisions, escalations, examiner interactions.

SPEAKER_02 12:15

Okay.

SPEAKER_01 12:16

And both tracks feed a unified governance layer. Documents who did what, why, with what oversight. That governance layer, that's the thing that makes your program defensible.

SPEAKER_03 12:27

Governance. There's the word.

SPEAKER_01 12:29

There's the word. And it's the one every BSA officer needs in their head right now.

SPEAKER_03 12:35

Why?

SPEAKER_01 12:36

Because the single most important thing you can do in 2026 is build the governance layer before you deploy the agent. Not after. Not after. Not after. If you deploy first and govern second, you're going to be in front of an examiner with an AI agent making decisions and no documented framework explaining how you supervise it. That's a finding waiting to happen. Yeah. Govern first. You stand up the AI risk management policy. Classify the use case as high risk because it touches a regulated workflow. Bring in independent model validation. Document the human in-the-loop checkpoints. Build the audit trail. Then when you deploy the agent, you're plugging it into a structure that's defensible. And the regulatory hooks for that already exist. They already exist. SR 117 from the Fed, OCC Bulletin 2011-12, the Interagency Third Party Risk Guidance. None of those are AI named yet, but an AI agent doing KYC is a model under that guidance. So treat it like one. Treat it like one. The rulebook is already there. We just have to apply it.

SPEAKER_03 13:53

Okay, let's go inside the exam room. It's late 2027. New rule is final. Your KYC workflow is powered by an AI agent. Examiner walks in. What happens?

SPEAKER_01 14:04

First question. Show me the model risk management documentation for this agent. First question. First question. And not the vendor's marketing materials. The MRM file. The whole package. And if you have that package, you're in a productive conversation.

SPEAKER_03 14:34

And if you don't?

SPEAKER_01 14:36

You're explaining to an examiner why you deployed a model that touches a regulated workflow without satisfying your own bank's existing model risk policy. Which is not a fun conversation.

SPEAKER_03 14:50

I bet. What other questions do they ask?

SPEAKER_01 14:53

Human in the loop design. And what decision points does a human review the agent's output? Consistently applied? What's the qualification of the reviewer? What percentage of agent-cleared files are sampled for human re-review?

SPEAKER_02 15:08

Okay.

SPEAKER_01 15:09

Audit trail. Every decision the agent makes, every risk rating, every disposition has to be reproducible. Examiner picks a file at random. You have to be able to trace exactly what the agent did, what data it used, what reasoning it produced.

SPEAKER_03 15:26

That's a lot of plumbing.

SPEAKER_01 15:28

It's a lot of plumbing. Third, vendor risk management. Anthropic is a third-party service provider. The interagency third-party risk guidance applies. Contractual terms covering data handling, security, continuity, a defined exit strategy if the service is discontinued.

SPEAKER_03 15:48

And SARs?

SPEAKER_01 15:50

The SAR side is the most sensitive part. The SAR filing decision is a regulated decision. FinCEN has been crystal clear over the years. Automated systems can support the decision. They can't make it.

SPEAKER_03 16:04

So the agent can draft the SAR narrative.

SPEAKER_01 16:06

An agent that drafts the SAR narrative is fine. An agent that decides whether to file an SAR is not. That line has to be designed in a deployment, documented in policy, observable in the audit trail. And the examiner is going to ask.

SPEAKER_03 16:33

Okay.

SPEAKER_01 16:34

First, every framework that governs your bank requires you to validate models before deployment and monitor them after. That's not new. That's been the rule for 15 years. Right. Second, AI agents fail in ways human analysts don't. They hallucinate. They have systematic blind spots that don't surface until you've processed enough files. They drift over time as the underlying model is updated. They behave differently on edge cases than they do on test data.

SPEAKER_03 17:04

So you can't catch the failure with intuition.

SPEAKER_01 17:07

You can't catch it with intuition. And if you deploy without validation and monitoring, your first signal that the agent failed is going to be the examiner finding the failure.

SPEAKER_03 17:17

The worst possible discovery path.

SPEAKER_01 17:20

The worst possible discovery path.

SPEAKER_03 17:23

That's the line of the episode, by the way.

SPEAKER_01 17:26

Make it the title.

SPEAKER_03 17:28

Tempting. Okay. The BSA officer listening to all this is thinking, fine, point taken. What do I do? Give me your framework. Five steps.

SPEAKER_01 17:39

Five steps. I'll go fast.

SPEAKER_03 17:41

Go.

SPEAKER_01 17:42

One, form an AI governance committee. This quarter, not next quarter. Compliance, IT, legal, model risk if you have it. First job, approve a written AI policy, acceptable use, prohibited use, risk tiering, validation requirements, human in the loop requirements.

SPEAKER_02 18:05

Okay.

SPEAKER_01 18:06

Two, inventory. Identify every place AI is already in your environment. And you will find more than you think. Chat assistants are everywhere now. Classify each use case by risk tier. KYC, SAR, Sanctions, Transaction Monitoring, all high risk.

SPEAKER_03 18:25

All high risk.

SPEAKER_01 18:27

All high risk. 3. Pilot a single use case. Don't roll out 10 agents at once. Start with alert triage in transaction monitoring. Why? The dataset is large enough to validate. The impact of error is manageable. Labor savings are visible. Run six months in shadow mode first. Agent and human both make the decision. You compare them.

SPEAKER_03 18:51

Shadow mode. I like that.

SPEAKER_01 18:53

Shadow mode. 4. Validate. Independent validation, not the vendor's white paper. Your model risk team, or a third party if you don't have one, produces a formal validation report. Stress test for edge cases. Test for bias. Test for systematic blind spots.

SPEAKER_02 19:12

Okay.

SPEAKER_01 19:13

5. Deploy with monitoring. Performance metrics. Drift detection thresholds. Alert thresholds.

SPEAKER_03 19:25

That's all standard stuff.

SPEAKER_01 19:26

All standard. And the part everyone forgets circuit breakers.

SPEAKER_03 19:32

Circuit breakers.

SPEAKER_01 19:33

Circuit breakers. What happens if the agent's false negative rate doubles overnight? Who gets paged? Who decides to pull the agent offline? What's the manual fallback?

SPEAKER_03 19:44

That feels under disgust.

SPEAKER_01 19:46

It's profoundly under-discussed. Because most banks have not asked themselves, if our AI agent stops working tomorrow morning, what happens to the work? If the answer is we have no plan, you're not ready to deploy.

SPEAKER_03 20:01

How long does this whole process take, realistically?

SPEAKER_01 20:04

Realistically, 18 to 24 months for a meaningful production deployment in a regulated workflow. Faster with a mature model risk function, faster still with low-risk use cases, but for KYC specifically, 18 months.

SPEAKER_03 20:20

And we just said this stuff is arriving in 18 months, whether we're ready or not.

SPEAKER_01 20:25

That's the squeeze. The technology is going to arrive in your environment faster than your governance can keep up. Unless you start the governance today.

SPEAKER_03 20:35

Before we get to where this goes wrong, I want to step back for a second. You've been doing this work for 40 years. How do you think about the human in all of this? The role of the human when AI is in the workflow.

SPEAKER_01 20:47

Yeah, okay, here's how I describe it. An AI tool is like a hammer.

SPEAKER_03 20:52

A hammer.

SPEAKER_01 20:54

A hammer is great, does one thing really well, drives a nail. But picture hanging a picture on the wall.

SPEAKER_02 21:01

Okay.

SPEAKER_01 21:02

You don't just grab the hammer and start swinging. You hold the hammer with one hand, the nail with the other, and before any of that, you measure. You figure out where the picture should go, you step back, you eyeball it. Is it centered? Is it level? Is it too high? That's all human work. All human work. The hammer doesn't measure. The hammer doesn't decide where the picture goes. The hammer drives the nail when you tell it to.

SPEAKER_03 21:29

AI is the hammer.

SPEAKER_01 21:31

AI is the hammer, and someone has to be the one holding it.

SPEAKER_03 21:35

How does this apply to KYC?

SPEAKER_01 21:38

KYC, sure. A, I can read the documents, run the screening, draft the rationale, but the actual risk rating judgment, that's the human. Looking at the totality of what the customer is bringing to the bank and asking, does this hold together? This person doing this business in this geography with these volumes, does it make sense? That's not a pattern match. That's not a pattern match. That's a judgment call.

SPEAKER_03 22:05

And you said this applies even more to sanction screening.

SPEAKER_01 22:09

Especially to sanctions. Sanctions is where I want people to really hear this. Because sanction screening has two halves.

SPEAKER_02 22:17

Okay.

SPEAKER_01 22:18

There's the alert generation side, the system scanning your transactions, your customers, your counterparties against the sanctions lists. And then there's the alert clearing side. Somebody actually looking at each hit and deciding, is this a real match or a false positive?

SPEAKER_03 22:35

Right.

SPEAKER_01 22:36

AI can help on both sides, big time. On alert generation, it makes the screening smarter, catches the partial matches, name variations, fuzzy logic, catches stuff a rules-based system would miss entirely.

SPEAKER_02 22:51

Okay.

SPEAKER_01 22:52

On alert clearing, it can triage, pull the obvious false positives off the analyst's cue, summarize the supporting documentation, draft the disposition narrative.

SPEAKER_03 23:03

So it's moving the process forward on both sides.

SPEAKER_01 23:06

Both sides. But neither side replaces the people in those positions. The analyst clearing the alert, they're using judgment, they're reading context, they're following their gut when something feels off about a transaction that technically matches the rules. And the gut feeling matters. The gut feeling matters. Because real sanctions evasion doesn't look like a textbook example. It looks weird. It has a story behind it that you have to piece together.

SPEAKER_00 23:35

Yeah.

SPEAKER_01 23:36

An AI agent spots the pattern it's been trained on. A human analyst with 10 years of experience, they spot the pattern that doesn't fit any trained model.

SPEAKER_03 23:46

That's the thing the tool can't do.

SPEAKER_01 23:49

That's the thing the tool can't do.

SPEAKER_03 23:51

So when you're talking about AI in compliance.

SPEAKER_01 24:06

Use the hammer, but keep your hand on it.

SPEAKER_03 24:08

That's it. That's the posture. Quick, three failure modes you're watching for.

SPEAKER_01 24:15

Three patterns. First, the vendor says it works deployment. Bank takes the vendor at their word, skips independent validation. Six months in, discovers the agent has a systematic blind spot for a particular customer type.

SPEAKER_03 24:30

SAR Lookback.

SPEAKER_01 24:33

S-A-R Lookback. Second, the no human in the loop creep. Agent gets deployed with human review of every output. Six months later, somebody decides reviewing every output is too expensive, so they sample.

SPEAKER_00 24:48

Yeah.

SPEAKER_01 24:49

Twelve months later, sampling drops to only the high-risk cases. 18 months later, the agent is effectively unsupervised on the low and medium risk population. Then the model drifts, or a new customer type appears, and the agent fails in the unsupervised space.

SPEAKER_03 25:06

And nobody sees it.

SPEAKER_01 25:08

Nobody sees it. That's a typology you would not have caught.

SPEAKER_03 25:12

Third one?

SPEAKER_01 25:13

Model drift without monitoring. Vendor updates the model. Performance on your specific customer base changes in ways the release notes don't predict. Without monitoring, you don't notice for months. Without circuit breakers, you can't pull it offline when you do notice. All three of those? All three are governance failures, not technology failures. The technology will get better every quarter. The governance discipline is what separates the banks that benefit from this from the banks that get burned by it.

SPEAKER_03 25:43

Before we close out, I understand you've got a book coming out. Tell the audience about it briefly, and how to get a copy.

SPEAKER_01 25:50

Sure. The book is the long form version of the conversation we just had. 40 years of doing this work, distilled into one place, written for the BSA officer, the executive, the examiner, anyone who now has to make judgments in a post-checklist environment.

SPEAKER_03 26:08

When does it come out?

SPEAKER_01 26:09

Very soon. The pre-order link and launch details are going up on the Global Radar website, globalradar.com, and on our YouTube channel. If today's conversation was useful, the book is the deep version. Keep an eye on both channels in the next few weeks.

SPEAKER_03 26:25

We'll link to both in the show notes. Okay, final segment. Three concrete actions. Take it.

SPEAKER_01 26:32

Three actions. One, this week. Schedule a meeting with your IT or technology counterpart. Ask one question. Do we have an inventory of where AI is currently being used in our environment? If the answer is no, that becomes the first project on your AI governance roadmap. This week. This week. Two. This month. Convene the first meeting of an AI governance committee. Compliance. IT, legal, model risk, business sponsor, first agenda item, charter and scope. Second, approve a written AI policy that at minimum prohibits unsanctioned use of generative AI tools on customer data and requires risk tiering for any new AI use case.

SPEAKER_03 27:19

This month.

SPEAKER_01 27:20

3. This quarter. Pilot 1 low-risk AI use case, not KYC, start somewhere safer. Internal policy retrieval, training material drafting, regulatory horizon scanning, build the muscle, document the governance gaps, move to a higher risk use case in Q4. This quarter. And the watch list? Three dates. Pen ready.

SPEAKER_02 27:45

Go.

SPEAKER_01 27:46

June 9th. Comments due on the FinCEN AML and CFT program NPRM. That's the regulatory frame for everything we discussed today. If your firm is submitting, your draft should be in legal review now.

SPEAKER_03 28:01

June 9th.

SPEAKER_01 28:02

November 2026. Expected supervisory guidance from at least one federal banking agency, specifically on AI use in regulated workflows. Can't promise the date, but it's the most watched piece of guidance in compliance right now.

SPEAKER_02 28:18

November.

SPEAKER_01 28:19

And set your own internal deadline. Pick a date in the next 60 days by which you will have an AI policy approved by your committee. No date, no policy.

SPEAKER_03 28:30

That's the one, that's the action. Dominic, before I let you go, if a BSA officer takes one thing away from today, what is it?

SPEAKER_01 28:39

One thing. FinCEN changed the bar. Your program has to actually work, not just exist on paper. And AI just handed you the tool to clear that bar. But the program is yours, the judgment is yours, the accountability is yours. Use the hammer, keep your hand on it.

SPEAKER_03 28:58

Use the hammer, keep your hand on it. That's the episode. Dominic, thank you.

SPEAKER_01 29:04

Mark, thanks for having me. To the listeners, if any of this landed, do one thing. Send the episode to one BSA officer or compliance executive you respect. This is the conversation banks should be having on every floor, and most of them aren't. Help us start it. And keep an eye on globalradar.com and our YouTube channel for the book launch. It's coming very soon.

SPEAKER_03 29:29

Show notes have the cheat sheet, links to Global Radar and the YouTube channel for Dominic's book, and every primary source we cited. Subscribe, leave a review. We'll see you next week. Stay compliant. Stay curious.