Compliance Chiefs Face New Dilemma: When to Trust AI Agents With Money Laundering Alerts

Financial institutions are grappling with a thorny question that's moved from theoretical to urgent: how do you evaluate whether an AI agent is actually ready to handle anti-money laundering decisions, and what do you tell your examiner when they ask about it?

Peter Piatetsky, cofounder and CEO of Castellum.AI, spent a recent podcast interview walking through the practical realities of deploying agentic AI in compliance workflows—a conversation that matters because "agentic AI" has become, in his words, "undeniably one of the hottest topics in fintech, banking and compliance." The discussion, hosted by Fintech Business Weekly's Jason Mikula and published January 21, focused less on the promise of AI agents and more on the mechanics: what compliance leaders should actually look for, what regulators are signaling, and how firms should document these systems when the examiner shows up.

The timing is notable. Castellum.AI is already powering AML and know-your-customer workflows with AI agents, which means Piatetsky isn't speculating about future use cases—he's describing current implementations. That puts him in the interesting position of explaining how to turn regulatory signals about AI adoption into "governance, documentation, and examiner-ready controls," which is the kind of phrase that makes compliance officers sit up straight.

The core challenge, as Piatetsky and Mikula discussed, is that "agent-based solutions" require a different evaluation framework than traditional software. When an AI agent is making decisions about suspicious activity reports or customer risk ratings, compliance leaders need to understand not just whether it works, but how to explain to regulators why they trust it. That's where model governance comes in—a topic the pair spent time unpacking in the context of agents specifically.

What makes this conversation particularly relevant for CFOs is the forward-looking piece: how agents will "reshape compliance programs over the coming years." Compliance has historically been a cost center that scales linearly with transaction volume and customer count. If agents can genuinely automate parts of AML and KYC workflows without creating new regulatory risk, that changes the unit economics of growth. But if they create new examination headaches or model risk management burdens, the math gets complicated fast.

Piatetsky's perspective is worth noting because Castellum.AI is building these systems in real time, which means the company is presumably having the conversations with compliance teams and regulators that everyone else is about to have. The discussion touched on what regulators are actually signaling—not what the industry hopes they're signaling—about AI agent adoption. For compliance leaders trying to figure out whether to pilot these tools or wait for clearer guidance, that distinction matters enormously.

The broader implication is that agentic AI in compliance is moving from "interesting technology" to "thing we need a plan for." Financial institutions that haven't started thinking about how to evaluate these tools, document their governance, and explain their use to examiners are going to find themselves behind. The question isn't whether AI agents will handle compliance workflows—Castellum.AI's existence suggests that's already happening—but rather which firms will figure out the governance piece first and turn it into a competitive advantage.

For CFOs watching compliance budgets, the calculus is straightforward: agents could either dramatically improve efficiency or create a new category of operational and regulatory risk. Piatetsky's interview suggests the answer depends entirely on how well firms handle the evaluation and governance piece upfront. Which means the real question isn't "should we use AI agents for AML?"—it's "do we know how to explain our answer to that question when the examiner asks?"