The General Exclusion
Recital 58 of Regulation 2024/1689 explicitly states that AI systems used for detecting financial fraud and for prudential purposes should not be considered high-risk AI systems. The recital is designed to exclude standard transaction monitoring from the high-risk classification framework. Most rule-based and machine-learning-based transaction monitoring systems, those that detect patterns in payment data to identify potentially suspicious activity, fall within this exclusion.
The rationale is that financial fraud detection and prudential supervision serve legitimate public interest purposes and are already subject to sector-specific regulation. The AI Act's high-risk classification is reserved for AI systems that create significant risks of harm to individuals. A transaction monitoring system that flags a payment for review does not, in itself, create the kind of individual impact that warrants high-risk classification.
The Profiling Exception
Article 6(3) and Annex III, Point 5(b) of Regulation 2024/1689 create an exception to the general exclusion. AI systems that perform profiling of natural persons are high-risk, regardless of the domain in which they operate. Profiling means automated processing of personal data to evaluate, analyse, or predict aspects of a natural person's economic situation, behaviour, reliability, or movements.
Customer risk scoring based on behavioural analysis of an individual customer's transaction history is likely to constitute profiling under this definition. The system processes personal data, specifically transaction behaviour, to assess reliability, specifically the likelihood that the customer is engaged in money laundering or financial crime. This assessment is about the person, not just the transaction.
The profiling exception applies regardless of Recital 58. A bank whose AML system generates individual customer risk scores based on AI analysis of transaction behaviour should assume, until the Commission publishes classification guidelines, that those scores constitute profiling within the meaning of Article 6(3) and Annex III, Point 5(b).
Where the Boundary Lies
The classification question turns on what the AI system is doing. Three categories illustrate the distinction.
Transaction monitoring, meaning pattern detection applied to transaction data without generating individual customer assessments, is likely excluded under Recital 58. The system identifies suspicious transactions, not suspicious people. The output is an alert about a specific payment, not an assessment of the customer behind it.
Customer risk scoring, meaning AI-generated assessments of individual customers' AML risk based on analysis of their behaviour, is likely high-risk under Article 6(3) and Annex III, Point 5(b). The output is an assessment of a person. That assessment affects decisions about the customer relationship: enhanced due diligence, account restrictions, exit decisions.
Cross-institutional risk comparison, meaning mathematical comparison of pre-computed risk scores across banks without generating new individual assessments, is likely excluded. The comparison is between scores. It does not involve automated processing of personal data to generate a new assessment of a natural person. The risk scores were generated upstream, within each institution's own monitoring. The comparison layer adds a cross-institutional dimension to an existing assessment without creating a new one.
The Commission is expected to publish classification guidelines in 2026. Until those guidelines are available, banks should document their classification analysis and the reasoning behind it.
High-Risk Requirements
Banks that determine their AML AI system is high-risk under Article 6(3) must meet five categories of obligation from August 2, 2026.
Data governance requirements under Article 10 require that training, validation, and testing data sets be representative, complete, and free of significant errors. Banks using machine-learning-based customer risk scoring must document their training data, the steps taken to address bias, and the validation results. Regulators will ask for this documentation.
Technical documentation under Article 11 requires a full record of the system's development, including the general logic, the training data characteristics, the performance metrics, and the risk management measures applied. The documentation must be available to national supervisors on request.
Transparency and explainability under Article 13 requires that the system provide sufficient information to allow users to interpret its outputs. For AML risk scores, this means compliance analysts must be able to understand what drove a specific score. Black-box scores that cannot be explained at the case level do not satisfy Article 13.
Human oversight under Article 14 requires that effective human intervention remain possible. Automated risk scoring must not produce final decisions about customers without human review. The compliance analyst must be able to override, adjust, or reject the AI-generated assessment.
Cybersecurity and robustness under Article 15 requires resilience against adversarial attacks and performance degradation. Banks must test how their AML AI systems respond to inputs designed to evade detection, and must maintain accuracy metrics within defined tolerances.
Explainability and Encrypted Computation
A specific question arises for MPC-based cross-institutional monitoring. The computation involves cryptographic operations on encrypted inputs. Some commentators have argued that encrypted computation is incompatible with AI Act explainability requirements because the computation cannot be inspected.
The ACPR, the French banking supervisor, has acknowledged in published guidance that AI models for AML do not always require full algorithmic transparency. Level 1 and Level 2 explanation, meaning observation of inputs and outputs with justification of the logic applied, may be sufficient. For MPC-based systems, the logic can be documented and explained: two banks' risk scores are compared; if both exceed a threshold, a cross-institutional alert is generated. The computation is encrypted to protect each bank's input from the other bank. The logic is not hidden. The encryption protects competitive and privacy-sensitive data, not the compliance methodology.
Regulators and banks should understand this distinction. MPC encryption is by design, applied to preserve privacy between institutions. It does not make the system opaque to supervisors or compliance analysts.
The Timeline
Three AI Act dates are relevant for AML compliance teams. Prohibited AI practices have applied since February 2, 2025. High-risk AI requirements under Annex III, including those applicable to profiling-based AML systems, apply from August 2, 2026. Requirements for AI systems embedded in product safety legislation apply from August 2, 2027.
Banks using AI for customer risk scoring have until August 2, 2026 to complete their classification analysis, prepare technical documentation, implement human oversight procedures, and validate explainability mechanisms. That is 14 months from today. For institutions that have not yet begun their AI Act assessment, that deadline is tighter than it appears.
What Banks Should Do Now
Most AML transaction monitoring systems will not be classified as high-risk under the AI Act. Banks using standard rule-based or ML-based monitoring that flags transactions rather than scoring individuals can document the Recital 58 exclusion and move on.
Banks using AI for individual customer risk scoring should assume a high-risk classification applies until the Commission provides guidance. AI Act compliance documentation, data governance records, explainability mechanisms, and human oversight procedures should be prepared now. Banks that build these capabilities before the August 2026 deadline will be better positioned when classification guidelines are published. Those guidelines will either confirm the high-risk classification, validating the preparation work, or confirm the exclusion, in which case the documentation effort is modest and the risk of having been under-prepared is avoided.