What AI agents do, how they work, and what results to expect
There’s a question I hear often from compliance leaders across Southeast Asia: “We understand AI is the direction of travel but what does it actually do in practice?”
It’s the right question to ask. The conversation around artificial intelligence in financial crime compliance has matured significantly over the past 12 months. We’ve moved beyond the early hype and into a space where institutions are actively piloting, testing, and in some cases deploying AI-driven workflows. Yet for many compliance professionals, the gap between what’s promised and what’s demonstrable remains frustratingly wide.
That’s why a recent webinar we co-hosted with AICB stood out. Rather than presenting slides about potential, our experts Craig Robertson and Jordan Hoo walked through exactly how AI agents are being applied today in real investigations, with real workflows, and real outcomes. Here are the key takeaways I think every compliance leader in the region should understand.
First, let’s clarify what “AI Agents” actually means
The terminology in this space is used loosely, and that matters more than people realize. There’s a meaningful difference between a co-pilot (a tool that assists a human with queries and information retrieval), generative AI (which produces content based on prompts), and agentic AI (which autonomously executes multi-step tasks, makes decisions within defined parameters, and adapts based on outcomes).
In a financial crime context, that distinction has direct implications for governance, model risk management, and regulatory accountability. Regulators across the region, including Bank Negara Malaysia are already providing guidance that differentiates between these use cases, and they expect institutions to be equally precise in how they deploy and oversee them.
AI agents are not a replacement for human judgement. They are systems designed to handle the structured, repeatable, data-intensive tasks that currently consume the majority of an investigator’s time so that human expertise can be directed where it matters most.
The problem AI Agents are solving
To understand the value, consider a standard AML investigation today. An alert is triggered. A Level 1 analyst spends 15 minutes gathering KYC data, reviewing previous screening events, and documenting enough context to make an initial escalation decision.
The case moves to Level 2, where another 17 minutes are spent running transaction analysis often via manual SQL queries followed by up to 25 minutes drafting a case report. A final QC review adds close to an hour.
End-to-end: approximately three hours per case.
Multiply that across alert volumes at a Tier 1 or Tier 2 institution, and you begin to understand why compliance teams are stretched, why false positives are a persistent drain, and why talented investigators spend the majority of their time on process rather than risk.
This is the operational reality that agentic AI is designed to address.
What AI Agents can do in an investigation — three practical use cases
- Automated data gathering and case preparation
The moment an alert is triggered and a case is opened, an AI agent can immediately begin executing the information-gathering steps that would otherwise fall to a human analyst. This includes pulling KYC and CDD data, retrieving prior screening events, running counterparty reviews, and assessing relevant fraud typologies all before the investigator has opened the case file.
In practice, this means an investigator logging into a case finds it already pre-populated with structured context, a risk score, and a preliminary case summary. Zero minutes spent on data collection. The analyst starts at analysis, not at admin.
- Transaction analysis and pattern recognition
At the Level 2 investigation stage, AI agents can execute complex transaction analysis identifying structuring behaviour, flagging high-risk jurisdictions, mapping fund flows across entities, and visualising network relationships in a fraction of the time a manual process would require.
What previously took 17 minutes of SQL querying and interpretation can be reduced to approximately five minutes, with the agent surfacing key patterns and presenting findings in plain language alongside visual network diagrams. For junior investigators in particular, this provides a level of analytical depth and contextual guidance that would otherwise require significant senior oversight.
- AI-generated SAR and STR drafting
Perhaps the most impactful use case for compliance operations is the AI-assisted drafting of Suspicious Activity Reports and Suspicious Transaction Reports. Using a narrative agent trained on the specific reporting requirements of a given jurisdiction, the system can generate a regulator-ready draft report based on the evidence gathered throughout the investigation incorporating transaction details, entity relationships, typology classifications, and key risk indicators.
The investigator reviews, refines, and approves. The human remains in the loop and accountable. But the hours previously spent constructing that narrative from scratch are largely eliminated.
The outcome: 60% reduction in investigation time
Across these three use cases, the aggregate impact is significant. Institutions piloting agentic AI in their investigation workflows are seeing up to a 60% reduction in total case investigation time without increasing headcount. Teams can handle more than double the case volume. QC failure rates decline as consistency replaces manual variability. And investigators are freed to focus on the complex, high-judgement work they were trained for.
Critically, every action taken by an AI agent is logged, auditable, and explainable. The evidence trail is preserved. Human oversight is built into the workflow by design, which is precisely what regulators expect.
What this means for your institution
The question is no longer whether AI agents have a role in financial crime compliance. The evidence from regulatory guidance, from industry pilots, and from operational results makes that clear. The more pressing question is how to adopt this capability responsibly: with the right governance frameworks, the right data foundations, and the right sequencing of deployment.
That process starts with understanding what these systems actually do.
Want to see this in action? The webinar, From Theory to Action: Agents Transforming Financial Crime Compliance in Real-Time, includes a live walkthrough of the complete agentic investigation workflow, from alert triage through to SAR drafting. It’s the clearest demonstration I’ve seen of what this technology looks like in a real compliance environment.
Recent resources
From Theory to Action: AI Agents Transforming Financial Crime Compliance in Real-Time
Whitepaper: The New Financial Crime Ecosystem
Reinventing the compliance operating model
Agentic AI, Data, and Financial Crime Control
Case study: 90% reduction in manual effort: The power of AI agents in sanctions compliance
Learn more about Symphony Risk Intelligence
Find out more about Symphony Risk Intelligence and Always-on Compliance, and how it can improve your approach to transaction monitoring, KYC/CDD, fraud, and screening.
FAQs
Generative AI produces content based on prompts, while agentic AI autonomously executes multi-step tasks, makes decisions within defined parameters, and adapts based on outcomes, with direct implications for governance and regulatory accountability.
Institutions piloting agentic AI are seeing up to a 60% reduction in total case investigation time, allowing teams to handle more than double the case volume without increasing headcount.
Yes. A narrative agent trained on jurisdiction-specific reporting requirements can generate a regulator-ready SAR draft incorporating transaction details, entity relationships, and risk indicators. The investigator reviews and approves, still being the person accountable.
No. It handles repetitive, data-intensive tasks so investigators can focus on complex, high-judgement work. Every agent action is logged, auditable, and explainable, with human oversight built into the workflow by design.
