Amy Barbieri
•
April, 2026
The New Wave in Compliance Intelligence
Why the Biggest Opportunity in a Generation Is Opening Right Now - and Who Will Capture It
This is not alert clearing. This is the end of every technical limitation that has constrained compliance intelligence for thirty years.
There have been three defining waves of compliance technology in financial services. The first was the rules based alert monitoring era - the deployment of rules-based transaction monitoring systems that gave financial institutions their first real infrastructure for AML and financial crime detection. The second was the Machine learning era - the rise of data analytics, entity resolution, and machine learning that promised to make those systems smarter.
Both waves created enormous value for advisory firms. Big 4 and specialist consultancies built multi-year, high-margin engagements around deploying, tuning, validating, and auditing these systems - for every line of business, every customer segment, every geography, and every regulator. The billable hours were extraordinary. The engagements ran for three, four years at a stretch.
A third wave is beginning now. It is bigger than either of the first two. And unlike those waves, it is not driven by a single new tool or a marginal improvement in analytics. It is driven by the collapse of the fundamental constraint that has limited every previous generation of compliance technology: data and entity resolution.
For the first time in the history of this industry, data is no longer the limiting factor. And that changes everything.
I. Three Waves: What Each One Built, and What It Left Unfinished
Wave
Wave 1 Rules based alert monitoring (2000s–2015)
Wave 2 Machine Learning (2015–2023)
Wave 3 Agentic AI Orchestration (2024–Present)
What It Delivered
Rules-based transaction monitoring. The first scalable AML infrastructure. FIs finally had systems to generate alerts across large transaction volumes.
Data analytics, entity resolution, ML-based scoring. Smarter alert prioritization. Better linkage across internal data. Reduced false positives at L1/L2.
Any data source, any language, any structure – integrated in hours, not years. Full workflow orchestration across every level, line of business, and geography. The intelligence layer that Wave 1 and Wave 2 were always trying to build.
This is the wave that is just beginning. The question is who builds the workflows, who validates the models, and who captures the multi-year engagement revenue that follows.
Entity resolution still required years of integration work. Leading entity resolution platforms took 2 years to integrate major commercial and investigative data providers – then 2 more years to resolve internal customer data against those sets. Hard jurisdictions remained opaque. L3/FIU/EDD still manual and slow.
Alert volumes were unmanageable. False positive rates above 95%. L1/L2 teams drowning in noise. No entity resolution across data silos. No cross-border intelligence.
What It Left Unsolved
The transition from Wave 2 to Wave 3 is not a modest upgrade. It is a structural shift in what is technically possible. And it opens a commercial opportunity for advisory firms that is as large as - arguably larger than - anything the industry has seen before.
II. The Constraint That Just Disappeared
To understand why this moment is different, it helps to understand precisely what the constraint was - and what its disappearance means in practice.
Leading Wave 2 platforms took two years to integrate major commercial and investigative data providers. Then two more years to resolve internal customer data with those datasets. That was the state of the art.
The fundamental problem of compliance intelligence has always been entity resolution: the ability to recognize that the “Beihai Industrial Holdings Ltd” in a trade finance record is the same entity as “北海工业控股有限公司” in a Chinese registry, which is controlled by the same beneficial owner as three other entities registered in the British Virgin Islands, one of which appears in the ICIJ Offshore Leaks database. Getting those connections to resolve reliably, across structured and unstructured data, across languages and jurisdictions, used to take years of engineering work and cost tens of millions of dollars.
That is no longer true. Integrating a new data source - any source, in any language, structured or unstructured - now takes hours or days, not years. Entity resolution that once required dedicated data engineering teams and multi-year timelines now happens automatically. The data layer that Wave 2 tools spent years trying to build can now be assembled in a fraction of the time.
The downstream consequence of this is profound: if data is no longer the constraint, then workflow is the frontier. And workflow - designing, tuning, validating, and auditing the intelligence processes that run on top of this data layer - is exactly where advisory firms create their highest-margin, longest-duration value.
The Technical Shift in Plain Terms
Wave 1 and Wave 2 compliance tools were built on the assumption that integrating data was hard. The entire architecture - the pre-built connectors, the entity resolution frameworks, the data partnerships - existed because assembling a coherent intelligence picture from disparate sources was an engineering problem that took years to solve. That assumption is now false. The engineering problem is solved. What remains is the judgment problem: what workflows should run on this data, for which use cases, which lines of business, which geographies, and which regulators. That judgment problem is the next decade of advisory revenue.
III. The Analyst’s Journey: Where the Value Really Lives
To understand where Tesari fits - and where it does not - it helps to understand the reality of how compliance investigations actually work inside a financial institution.
The investigation lifecycle has four levels, each with a different time budget and a different decision:
Level
L2
L3 / FIU
Time Budget
~60 minutes per alert
~120 minutes per case
Hours to days. Complex. Multi-source.
EDD / Special Investigations
Days to weeks. High-stakes. Board-level.
Not our fight. Commoditized. Many vendors. High competition.
Marginal. Increasingly commoditized. Not a differentiated play.
THIS IS WHERE TESARI EXCELS. Unique data, cross-border intelligence, ownership tracing, hard jurisdictions. Every other system fails here.
Where Tesari Plays
Decision
Escalate or NFA
Escalate + evidence or NFA
Escalate + SAR or NFA + evidence
Report + regulatory action or exit
L1
Tesari’s highest-value use case. Evidence-grade intelligence, fully traceable, hard jurisdictions, national security-level depth.
The L1 and L2 alert-clearing market is crowded, commoditizing rapidly, and already being built in-house by major financial institutions. Entering that fight as a new entrant is an uphill battle for a platform with no unique advantage at those levels. Competing there is a strategic mistake.
The highest-value, least-contested, most defensible position in compliance intelligence is L3, FIU, and above - where unique data, unique workflows, and cross-border investigative depth are the only things that matter.
At L3, FIU, and EDD levels, the intelligence requirements are categorically different: unique data sources, hard jurisdictions, cross-border ownership structures, hyper-local media in languages most tools cannot process, and investigative workflows that vary by line of business, customer segment, geography, and regulator. No two cases are alike. No pre-built rule set handles them. This is precisely where Tesari’s architecture is designed to excel - and where every previous generation of compliance technology has failed.
III. The Analyst’s Journey: Where the Value Really Lives
Every compliance technology wave has created an advisory wave of equal or greater size. When the first generation of rules-based monitoring platforms deployed, Big 4 firms built practices around implementation, tuning, model validation, and regulatory audit. When entity resolution and network analytics platforms arrived, those same firms rebuilt their practices around the new architecture. The pattern is consistent: the platform enables; the advisory layer captures the sustained commercial value.
The Wave 3 advisory opportunity follows the same pattern - but the scope is materially larger. Here is why:
- The technical constraints of Wave 1 and Wave 2 artificially limited what workflows could be built. With those constraints removed, the workflow design space expands dramatically - every line of business, every customer segment, every geography, every regulator now has a uniquely tunable compliance intelligence workflow. That is a vastly larger surface area for advisory engagement than anything that came before.
- The regulatory environment is simultaneously demanding more sophistication. The shift from name-based to ownership-based screening, the Treasury’s cross-border trade monitoring requirements, the 2026 NDAA’s supply chain provisions, and the EU AMLA single rulebook all require new compliance program design - not just tuning existing ones.
- The DOJ’s voluntary disclosure framework is pulling entirely new industries into the compliance intelligence market: energy, oil and gas, manufacturing, IT, cloud services, and government contractors that have historically had minimal compliance infrastructure now face real incentives to build robust investigative and compliance functions. Big 4 firms with broad sectoral reach are ideally positioned to capture this demand.
- The target audience is broader than before. Corporate Intelligence, Special Investigations, Private Intelligence, Third Party Risk, and Deep Due Diligence practices - not just AML/KYC teams - are natural buyers. These practitioners understand immediately what this capability enables because they have been doing it manually, expensively, and slowly for years.
The Revenue Pattern: Why Speed Multiplies Advisory Opportunity
A firm deploying Tesari for a global financial institution’s L3/FIU operations would typically begin with workflow design: mapping the institution’s investigation requirements by line of business (correspondent banking, wealth management, corporate and investment banking), by geography, and by applicable regulator (FinCEN, OCC, NYDFS all want different things). Unlike previous waves, this does not take years. Design and pilot can be completed in weeks to months - not because corners are cut, but because the platform requires no integration work. There is no multi-year data engineering phase. Deployment is fast and lightweight, and validation, model testing, and optimization are straightforward by design. The sustained advisory revenue comes not from dragging out implementation, but from the breadth of what can now be built: every line of business, every geography, every regulator represents a distinct workflow engagement. The advisory surface area is larger than anything that came before - and the speed of delivery means firms can run more engagements, across more clients, in less time.
V. National Security Compliance: The New Language of the Field
There is a language shift happening in compliance that practitioners are beginning to notice. The old framing - AML, KYC, financial crime - is being supplemented by a new one: National Security Compliance. Compliance with National Priorities.
This is not semantic. It reflects a genuine structural change in what compliance functions are being asked to do. The Bureau of Industry and Security now requires organizations to understand ownership, not just screen names. The U.S. Treasury has made financial institutions a second line of enforcement in export controls. The 2026 NDAA has embedded national security logic into corporate supply chain obligations. The DOJ’s voluntary disclosure framework ties corporate behavior to national security priorities.
The question is no longer whether a counterparty is on a list. The question is who owns them, what they do across jurisdictions, and whether their network touches adversarial states or sanctioned interests.
This shift matters for advisory firms for a specific reason: it moves the compliance intelligence conversation out of the domain of operational efficiency - where it has lived, and where commoditization is advanced - and into the domain of strategic risk. Board-level. Reputational. Geopolitical. The clients who need to understand this are not just compliance officers. They are Chief Risk Officers, General Counsels, and in many cases, CEOs.
Advisory firms that learn to speak this language - and that have the tools to deliver on it - will capture the next decade of this market. Those that remain focused on alert-clearing efficiency and domestic KYC optimization will find themselves in an increasingly competitive, margin-compressed space.
VI. The Audience That Gets It Immediately
Not everyone in a large advisory firm will immediately understand the Wave 3 opportunity. The practitioners who get it instantly - because they have been living the problem - are the ones who have spent their careers doing complex investigations with inadequate tools:
Practice / Team Name
Third Party Risk
Corporate Intelligence
Why They Immediately Understand Tesari’s Value
Have been doing cross-border investigations manually for years. Know exactly how long it takes. Will immediately calculate the time savings.
Manage vendor and counterparty intelligence workflows that are slow, fragmented, and hard to scale. Tesari solves their core operational problem.
Deep Due Diligence
Conduct high-stakes investigative research where evidence quality and traceability are non-negotiable. Tesari speaks their language.
Private Intelligence
Operate in hard jurisdictions with limited tool support. The jurisdiction-specific architecture is immediately compelling.
Special Investigations
Handle the L3/FIU/EDD cases where every existing tool fails. They have felt this failure in practice. They know what is missing.
M&A / PE Diligence Teams
Conduct counterparty intelligence under time pressure. The speed advantage is immediately commercially significant.
The AML/KYC and AFC functions within large financial institutions are a secondary audience - valuable, but more complex to engage. Their initial instinct when hearing about AI-powered compliance intelligence is to ask whether it clears alerts. That question leads immediately into a commoditized space crowded with in-house development efforts and well-funded vendors. The conversation needs to be redirected: this is not about L1 and L2. This is about what happens above that - where no system works well and where the most consequential decisions are made.
VII. Why the Timing Is Now
The Wave 3 opportunity has a window. It is open now. It will not remain open indefinitely. Here is why the timing is specific to this moment:
- The regulatory environment has just crossed a threshold. The BIS enhanced due diligence requirements, the Treasury’s cross-border trade monitoring expansion, the 2026 NDAA supply chain provisions, and the EU AMLA single rulebook are all new - or newly enforced. Institutions are scrambling to understand what compliance actually looks like under these frameworks. Advisory firms that have the tools and the methodology to answer that question right now will capture the first-mover engagements.
- The AI moment is creating urgency on both sides. Every major financial institution and advisory firm is under pressure to demonstrate AI strategy in compliance. The institutions that invest in understanding Wave 3 tools now will define the standard that others follow. The advisory firms that build Wave 3 practices now will be the ones called when institutions realize they need help.
- The competitive window for advisory firms is short. Once the Wave 3 methodology is established - once the first set of large institutions has deployed L3/FIU workflows built on agentic AI - the late movers will be buying a capability that the early movers are already selling. The multi-year engagement revenue goes to whoever gets there first.
- The DOJ voluntary disclosure angle is happening in real time. The industries being pulled into compliance for the first time - energy, manufacturing, defense contractors, IT, cloud - need advisory firms to build their compliance functions from scratch. That is not a future opportunity. It is happening now.
The firms that define Wave 3 will not be the ones who waited to see how it unfolded. They will be the ones who recognized the moment, built the methodology, and brought the right platform to their clients before anyone else did.
VIII. A Final Note: What “Not Alert Clearing” Actually Means
It is worth being explicit about what this platform is not, because the misunderstanding is common and consequential.
Tesari AI is not an alert-clearing tool. It does not sit at L1 or L2. It does not compete with the in-house development efforts that major financial institutions are running to automate their highest-volume, lowest-complexity investigative tasks. That market is real, it is large, and it is also rapidly commoditizing in ways that will make it less valuable over time.
What Tesari does is solve the problem that has never been solved: the L3, FIU, EDD, and Special Investigations cases where the intelligence requirements are unique, the jurisdictions are hard, the data is unstructured and multilingual, the ownership structures are deliberately opaque, and the stakes - financial, regulatory, reputational, and in some cases national security - are at their highest.
That is the problem that every compliance professional above L2 has lived with for their entire career. It is the problem that Wave 1 and Wave 2 compliance technology never adequately addressed, because the data and entity resolution constraints made it technically impossible. Those constraints no longer exist.
Intelligence is no longer a function. It is infrastructure. The question is who builds it – and who helps the world’s most complex organizations run it.
Tesari AI - The First Resort for High-Stakes Intelligence tesari.ai
