Is strategy alone enough?
Most organisations can clearly articulate their anti-financial crime strategy. They understand regulatory expectations, design and document operating models, and formally sign off on them. These strategies are robust and unshakable on paper.
Yet in practice, many operating models struggle to deliver consistently. Controls weaken under pressure, ownership blurs, and decision-making slows. Issues reappear across reviews, audits, and regulatory interactions in different forms, but with familiar root causes.
Design does not equal delivery.
The common assumption is understandable: if operating models are well designed and robust on paper, execution will follow automatically.
Anti-financial crime operating models are inherently complex. They span multiple functions, lines of defence, technologies, and regulatory regimes. They rely on judgement and people just as much as they rely on process. And they must perform under conditions of constant change — the financial crime environment continues to evolve with new threats, new typologies, and new regulatory expectations.
Unclear ownership
A consistent weakness in anti-financial crime operating models is unclear ownership. On paper, responsibilities are allocated and governance is defined, but in reality accountability shifts and escalation paths are used inconsistently.
Everyone may be involved when a failure occurs, yet no one assumes true ownership or responsibility. Leaders and teams often struggle to define which decisions they are required to make and where to escalate when the need arises. The operating model shows its fractures under stress and no operating model can explicitly anticipate every pressure it will encounter.
Concept versus practice
It is easy to understand the intent of an operating model and the instructions it provides without fully understanding how it applies at the point of action.
Frontline and mid-level leaders often experience the model as a set of processes rather than something they were involved in shaping. It is imposed upon them and becomes something they follow not to manage risk to the business, but to avoid reprimand. This often leads to decisions defaulting to precedent rather than being actively considered — even when the process no longer makes sense.
Operating models only work when people understand why they work, not just what they require.
Assumed capability
When implementing anti-financial crime transformations, it is often assumed that the capability to operate within the new structure already exists or will naturally develop over time. This rarely proves true, because capability is not static.
Effective capability requires:
- Judgement under uncertainty
- The ability to make trade-offs between risk, efficiency, and customer impact
- Confidence to escalate, challenge, and intervene
- The ability to interpret regulatory expectations in context
Instead, capability is frequently treated as a one-off training event — or worse, as something detached from the operating model itself.
This results in capability being concentrated in a small number of key individuals, after which organisational resilience disappears as people move on or shift focus. As the saying goes, a chain is only as strong as its weakest link — and a few strong links will not hold for long.
Structural change versus behavioural change
New regulations, supervisory communications, and new technologies mean that anti-financial crime functions operate in a state of near-constant change. Organisations respond by updating policies, processes, and governance structures to remain up to date — but far less attention is paid to how leaders and teams absorb what those changes mean in practice.
The organisation may technically comply with change, but behaviour lags behind. Old ways of working persist under new labels, and while the theory advances, practice is left behind. Over time, this creates a widening gap between how the operating model is intended to function and what actually happens in practice.
How success is measured
How is the success of an anti-financial crime operating model judged?
Too often, success is assumed because the model has been implemented, not because it functions effectively. Once in place, milestones are considered met, yet few organisations return months later to assess whether the model is delivering as intended.
Operating models quietly degrade over time. Without regular review, decision-making slows, ownership weakens, and control effectiveness erodes. Real stress events offer the best opportunity to identify cracks in the foundation before the house falls — but too often, models are simply left untouched once implemented.
The challenge facing anti-financial crime operating models is rarely poor design. Instead, they struggle in execution because execution itself requires understanding, ownership, capability, and behavioural change. These elements must be built in just as deliberately as governance structures and process flows, and they must be tested and observed as the model embeds across the organisation.
Supervisors are no longer satisfied with theoretically sound frameworks or technical compliance alone. Increasingly, they expect to see consistent execution, sustainable capability, and genuine ownership of financial crime risk.
Our next article will explore where leadership intent is most often lost between strategy and execution — and why even well-designed operating models struggle to take hold.