HKMA’s report, titled “Supporting AI Adoption in Fighting Financial Crime,” was published in June 2026, and within it, HKMA states that it “expects to see more financial crime subject matter experts embedded in frontline teams, joint model governance committees, and shared accountability for A.I. performance metrics.”
Raymond Chan, Executive Director (Enforcement and AML), shared in his foreword that AI is already a part of many institutions’ processes for monitoring, analytics, and investigative processes.
Yet, with the rise of AI-driven scams and AI-powered identities, traditional approaches to transaction monitoring and static, rule-based controls are under growing strain. He elaborated,
Raymond Chan
“To remain effective, our defences must evolve at an equal pace. Banks need to adapt and constantly strive for greater efficiency and effectiveness, adopting proven technologies at scale and being prepared to explore and test new technologies as threats develop.”
The report sits within the regulator’s supervisory push under its Fintech 2030 strategy, and it documents how four banks operating in Hong Kong have built AI into transaction monitoring and customer onboarding.
How Hong Kong Banks Fight Financial Crime with AI
Drawn from the adoption journeys of four Hong Kong banks, four case studies from the report illustrate innovation, each supporting a broader strategy to combat financial crime.
Until 2020, most global banks relied on large-scale, rules-based AML systems that flagged suspicious activity but generated overwhelming volumes of false positives, each requiring manual investigation.
Recognising that incremental rule-tuning would not close the gap, the bank’s leadership pivoted to an intelligence-led, risk-based model and partnered with a cloud provider to co-develop a dynamic, AI-driven platform.
The global bank’s respective banks would likely include a cloud-based AI platform that generates risk scores for the bank, from transaction, customer, and KYC data, feeding case-management systems for analyst review.
Similarly, another core component is the domain training layer, which draws on the bank’s own crime data, typologies, and expertise to train models that detect patterns like rapid fund movements and abnormal behaviour.
Deployed within the bank’s own cloud tenant to satisfy governance and regulatory requirements, it monitors more than a billion transactions a month.
The Outcome
The results were substantial. False positives fell by 60%, detection of suspicious activity rose two- to fourfold, and case investigation ran roughly 50% faster, all underpinned by strong model governance and secure deployment.
The bank is now extending deployment across more markets and business lines, investing further in cloud analytics and AI, and reinforcing its governance and validation frameworks.
2. A Regional Bank’s Approach to Dynamic Risk Monitoring Model
Until recently, the bank relied on rules-based transaction monitoring that flagged single suspicious transactions. However, it struggled against layered schemes like multi-step, multi-product, cross-jurisdictional flows that were structured to evade detection.
A single case exposed how fragmented its systems were, which accelerated the bank’s decision to adopt risk-based intelligence.
To see the whole customer rather than isolated transactions, the bank built integrated data lakes that merged customer profiles, transactional activity, behavioural patterns and external data into a single environment.
A dynamic risk-scoring model now continuously adjusts each customer’s rating on behaviour and context, expressed as one score from 0 (lowest risk) to 1 (highest). Network analytics surface links between customers, counterparties and entities that would otherwise go unseen.
A machine-learning layer first scores and prioritises the alerts those systems generate, which is essential for taming volume. Only then does the predictive Dynamic Risk Monitoring (DRM) layer sit on top, drawing on models such as the Network Risk Model to weigh a customer’s holistic activity.
The Outcome
More accurate risk scoring meant fewer false positives and fewer unnecessary reviews. This outcome eased friction for legitimate customers, while high-risk activity was caught earlier and in the cycle, often before issues escalated.
Source: HKMA
The bank has a roadmap in place for layering in agenti AI and other tools to continuously strengthen its compliance risk management, through to 2027.
3. A Face Watch List in a Digital Bank
Faced with limited resources and a rise in mule activity across the industry, one digital bank set out to balance seamless onboarding with stronger fraud detection. Rather than attempting a sweeping overhaul, it took a building-block approach.
Using the HKMA’s GenAI Sandbox to develop and test its proof of concept, the bank built a series of modular, behaviour-led AI models through rapid, agile iteration.
The flagship use case detected fraudsters impersonating customers during remote onboarding by spotting irregularities in the backgrounds of their submitted images, findings later used to help law enforcement disrupt criminal syndicates.
The Outcome
Mule-account detection rose 30%, screening times fell to seconds, and stopping bad actors at the entry point reduced monitoring costs across the entire AML/CFT process. A proof of concept launched in June 2025 reached production within three months, aided by streamlined governance and the Sandbox infrastructure.
The human-in-the-loop element was essential, as subject-matter experts continually trained the models and translated their requirements for the technology teams, with senior management sponsorship anchoring the outcome.
Public-sector support, via the GenAI Sandbox, was invaluable in helping the bank secure the internal backing and funding to scale.
4. Disrupting Money Mules throughout the Client Life Cycle
A large bank faced rising payment fraud across its Hong Kong commercial banking portfolio, where shell companies were being used to push funds from illicit scams through its accounts.
As mule accounts multiplied and mule networks grew more sophisticated, the bank had little visibility into where incoming funds originated or the risks a customer carried when an account was opened.
While its payment-fraud detection was strong, traditional rules-based approaches struggled to identify shell companies and freeze mule funds before they moved on.
In response, the business line adopted a “Two Masters Model” that paired near-real-time payment-freezing tools with close support from investigation teams.
The aim was to stop money mules from being onboarded in the first place using data such as device biometrics and addresses, identify them through transactional and behavioural analytics, and use the bank’s fraud controls to freeze funds in near real-time.
Through iterative testing, the engine learned to reject suspected mules at the door, reducing exposure early. Running alongside it, an “In-Life Monitoring” capability watches account behaviour across the whole portfolio.
It combines human-explainable risk indicators with a machine-learning prediction model to assign risk scores and test activity against known typologies.
The Outcome
The machine-learning approach continued working, even where some data was missing or imperfect, a weak spot for rules-based detection.
It rated 42% of customers high-risk, which the old model had only flagged as medium. Of those, 70% were escalated for investigation, and 40% were ultimately exited over financial crime concerns.
Success in Hong Kong drew interest from other jurisdictions and sustained funding and executive support. The solution has since rolled out to several other markets with commercial banking portfolios, is being evaluated for retail banking while also being held up internally as a model for other financial crime projects.
Agentic AI is the Next Frontier in Mitigating Financial Crime
The report notes that while a majority of Hong Kong banks have active AI deployments in risk or compliance, only some describe these tools as supporting decisions beyond workflow optimisation. Even fewer are using autonomous analytical agents within core detection environments.
Agentic AI could help investigators generate hypotheses across linked accounts and counterparties, detect anomalies beyond fixed rule parameters, support complex case escalations in real time and identify emerging typologies earlier.
The immediate future, however, is about supervised augmentation, where AI operates as a co-pilot for investigators and risk officers.
Featured image edited by Fintech News Hong Kong based on an image by funtap on Magnific
