Blog Beyond compliance: why and how financial crime models fit within your model risk framework

The opinions expressed here are those of the authors. They do not necessarily reflect the views or positions of UK Finance or its members.

This blog is a collaboration between Aleksandra Bojarzyn, Ashley Lai, Rachel Olson and Alisheik Akbar Ali.

Read the Wolfsberg Group paper.

Our client work and broader industry insights show that firms are now moving decisively to strengthen how these models are governed, validated, and embedded within their broader model risk frameworks.

Many firms are still operating with a considerable blind spot: the absence of robust, proportionate model risk management over their financial crime risk models. Across the industry, we're seeing a clear shift as banks and financial institutions strengthen their governance and validation efforts. However, turning that intent into consistent, day-to-day practice remains a challenge for many organisations.

What makes embedding financial crime models into MRM frameworks so difficult?

A uniform, "one-size-fits-all"MRM approach often treats financial crime models as if they behave like credit or market models when in reality, they require their own tailored treatment. Applying prudential and financial risk model standards universally can undermine proportionality, slow innovation, delay deployment, and limit firms' ability to respond rapidly to emerging money laundering, fraud or terrorist financing threats.

A proportionate MRM framework recognises that financial crime models operate in a fundamentally different risk landscape that is highly dynamic, heavily dependent on qualitative intelligence and adversarial behaviour rather than predictable financial patterns.

This means both governance and model validation need to be flexible, risk-based, and tailored to the unique nature of financial crime threats. Proportionality should guide decisions around documentation expectations, validation approaches, performance monitoring, and model change processes, recognising the specialist skillsets required to validate these models. Overly rigid governance designed for stable, data-rich prudential models can create unnecessary bottlenecks for financial crime models, where rapid iteration and SME-driven judgement are often essential.

Why this matters now

At the same time, financial crime risk is evolving at a pace that outstrips traditional monitoring capabilities with financial crime models becoming increasingly sophisticated. More foundational controls - such as rule based AML or fraud detection still play an important role but are increasingly delivering diminishing returns and generating large volumes of false positive alerts. To stay ahead, firms are beginning to adopt more advanced detection models and introducing innovative approaches to support alert triage and improve efficiency.

As a result, financial crime models are becoming more complex and more demanding. They often require deeper SME involvement throughout their lifecycle - from development and deployment to documentation, validation, and ongoing monitoring. This growing complexity makes proportionate, fit for purpose model risk management not just helpful, but essential.

So, for firms looking to stay ahead of the curve, what does the future of proportionality and good practice look like?

Integrate financial crime models into your MRM framework.

This means categorising them in your model inventory, defining adequate documentation standards, assigning model owners, and defining clear intended uses.

Define a distinct financial crime model family to support validation.

Define a distinct financial crime model family by identifying and mapping relevant models and apply tailored validation approach across the group, tailored to the specific nature of these models.

Tailor governance.

Avoid governance processes that slow down innovation without adding meaningful value or risk coverage and apply a streamlined, proportionate approach.

Enhance transparency.

Advanced analytical, detection or alert treatment models must be explainable to regulators, MLROs, investigators and relevant risk teams. Clear articulation of model features, risk drivers, behavioural indicators, and alert logic is key.

What comes next

However 2026 evolves, it's clear that firms face a pivotal challenge: aligning SS1/23 compliance with proportionate governance of financial crime models.