FluxForce AI publishes 2026 compliance guide on graph-based AML detection

FluxForce AI has released a compliance guide for financial institutions detailing graph-based detection methods for AML systems under the incoming EU AI Act framework. The guide emphasises network analytics to map relationships between accounts and beneficial owners, positioning relationship mapping as a core capability for institutions operating under the regulation's transparency and oversight rules.

• EU AI Act requirement: Systems flagging customers for SAR filing must demonstrate human oversight, model transparency, and active bias monitoring for any decision impacting customer treatment.
• The metric: SAR filing efficiency is now used as a proxy indicator of compliance system maturity. Institutions should track SAR-to-alert ratios as evidence of explainability.
• Graph-based detection: Network analytics map indirect relationships between accounts and owners to surface layered structures that rule-based systems miss.
• Deadline pressure: The EU AI Act's full compliance window closes in 2026. Institutions must audit current AML systems for audit trail completeness and decision explainability now.

This guidance signals that regulators will scrutinise not just AML detection performance but the reasoning layer underneath. Compliance teams should audit whether your current system can produce human-readable justifications for each alert. Graph-based detection alone won't satisfy the regulation, you need documented human review and bias testing. Institutions should begin mapping their current system's decision logic and bias sources against the guide's checklist. The focus on SAR efficiency metrics means poor alert quality will become visible to regulators through your own filing patterns. Start the audit now.

FinCEN, the SEC, and FINRA have jointly imposed an $80 million civil penalty on broker-dealer Canaccord Genuity LLC for willful anti-money laundering violations spanning its over-the-counter market-making operations. The firm failed to establish adequate AML controls and did not file approximately 150 required Suspicious Activity Reports. This represents the largest penalty ever assessed against a broker-dealer for AML breaches.

• Regulator's line: The agencies found willful failure to implement controls and file SARs in OTC market-making, indicating systemic rather than isolated lapses in AML governance.
• The number: $80 million marks the ceiling for broker-dealer AML penalties and exceeds previous enforcement actions against the sector by a substantial margin.
• For compliance teams: OTC market-making desks now face heightened scrutiny; regulators expect equivalent AML infrastructure across all business lines, not tiered controls by asset class.

This action signals FinCEN's shift toward enforcement against established firms with operational failures rather than small entities. Compliance teams should audit OTC trading controls immediately, particularly SAR filing protocols and customer due diligence chains. Broker-dealers with decentralised AML functions should consolidate oversight and establish clear escalation paths for suspicious activity detection in lower-volume segments.

Sanja Ilic, 58, of Carlsbad, California, pleaded guilty in the District of Massachusetts in March 2026 to conspiracy to commit healthcare fraud, conspiracy to commit money laundering, and four counts of money laundering. The scheme generated over $6 million in fraudulent Medicare funds. Ilic's guilty plea resolves charges tied to ExThera Medical and related clinical research operations.

• The fraud: Ilic conspired to obtain Medicare reimbursements through false claims connected to clinical trial and medical device operations, triggering both healthcare fraud and money laundering charges.
• The penalty: A $6 million fine and restitution obligation now sits against Ilic personally, with potential seizure of proceeds from the scheme.
• For compliance teams: Clinical research organisations and medical device firms must verify Medicare billing triggers against actual patient protocols and trial enrolment records quarterly.

This case underscores persistent vulnerabilities in Medicare verification workflows for clinical research sites. Compliance officers at CROs should audit billing controls for alignment with IRB-approved protocols and patient eligibility. Watch for follow-up charges against ExThera Medical itself and other scheme participants. The guilty plea signals DoJ focus on healthcare fraud in the research sector.

OFAC designated new cryptocurrency addresses belonging to Iran's Central Bank on 24 April 2026, citing the bank's financing of the IRGC and Hezbollah. Tether immediately froze $344 million in USDT held in Iranian exchange wallets and CBI-controlled addresses. The action marks OFAC's first major crypto designation update targeting Iranian state financial infrastructure in 18 months.

• Regulator's line: OFAC added multiple blockchain wallet addresses to the SDN list, identifying them as CBI-controlled accounts used for sanctions evasion and terrorist financing.
• The number: Tether froze $344 million in USDT across Iranian exchanges and central bank wallets within hours of the designation.
• For compliance teams: Review your crypto screening automation for SDN list update lag. Real-time blockchain monitoring tools may detect suspicious movement faster than daily list synchronisation.

Compliance teams must assess whether their transaction monitoring covers decentralised exchanges and peer-to-peer crypto transfers, where Iranian entities may shift assets post-freezing. The speed of Tether's response signals stablecoin issuers now monitor OFAC updates actively. Institutions holding or transacting in crypto must tighten SDN screening intervals and document wallet ownership verification protocols.