EXCLUSIVE: “Fincrime: Giving It Our Best Shot” – Brad Levy, ThetaRay in ‘The Fintech Magazine’

No one knows what cybercriminals will unleash next, but with agentic AI in their arsenal at least the good guys can dodge the bullets, argues ThetaRay’s Brad Levy

Financial crime has always been an arms race. For every control, there is a workaround. For every regulatory framework, a loophole. For every institution convinced it has built a sufficiently robust perimeter, a bad actor somewhere, quietly testing the fence.

But something fundamental has changed. The speed, sophistication and scale of financial crime are accelerating at a pace that makes even seasoned compliance professionals uneasy. Criminal networks are no longer simply exploiting gaps between jurisdictions or moving suspicious funds through predictable laundering routes. They are operating in a digitally fragmented, hyperconnected global economy where money, value and identity slip across borders in increasingly fluid and opaque ways.

And now those criminals have access to the same artificially intelligent technologies as the rest of us.

Enterprise tools, like generative AI, agentic systems and autonomous workflows, are all rapidly becoming part of the offensive arsenal for organised crime groups and maverick threat actors, who have leveraged the tech to create synthetic identities, deepfakes, and worse. This is the environment that ThetaRay is helping financial institutions confront.

An AI-led anti-money laundering and financial crime detection specialist, ThetaRay built its reputation helping banks, fintechs, correspondent banking networks and cross-border payment providers identify suspicious activity that rules-based systems often miss. Its core proposition has centred on anomaly detection, using unsupervised machine learning in transaction flows rather than relying solely on static thresholds and pre-programmed typologies.

Now, however, ThetaRay is attempting something more ambitious, under the leadership of its new CEO, Brad Levy, a veteran of financial markets and enterprise technology, who was involved in the early adoption of algorithms on Wall Street. He has become known as one of the industry’s more outspoken commentators on AI, autonomy and the philosophical implications of emerging technologies.

He sees machine learning, digital infrastructure and agentic AI not simply as product opportunities, but as structural shifts in how industries – and eventually societies – will function. And when it comes to making sure those technologies aren’t used against us, he says bluntly: “I have to think like the criminal. They have the same tools, same rules, different outcomes.”

Caught in the crosshairs

Financial institutions, regulators and technology providers are at a frontier where old weapons are starting to look inadequate. The volume of suspicious activity is exploding, geopolitical shocks can reshape risk overnight, and the time available to respond is collapsing.

That sense of Intensification is not simply vendor rhetoric. IBM’s most recent X-Force Threat Intelligence Index paints a strikingly similar picture of an adversarial environment becoming faster, stealthier and increasingly identity-driven. The report found that nearly one-in-three cyber incidents involved compromised credentials, while phishing campaigns, delivering malware to steal credentials, surged dramatically.

More importantly, IBM warned that AI adoption will inevitably create entirely new attack surfaces as bad actors deploy increasingly specialised automated toolkits. For financial institutions, the implications are profound. If cybercriminals are no longer ‘breaking in’ but simply logging on, and if AI lowers the technology barrier for attackers just as much as defenders, then the assumptions underpinning legacy fraud and AML infrastructure begin to look dangerously outdated.

As Levy puts it: “At this point, with the potential of new tech to aid and abet crime, and the overwhelming amount of investigations to be done, it’s a tipping point.”

That sentiment is powering ThetaRay’s latest strategy. At the heart of this evolution is RAY, a new agentic AI investigations platform. It sits above ThetaRay’s established detection and investigation software layers, acting as an AI-powered orchestration and investigation engine that can triage alerts, reprioritise cases in real time, gather supporting evidence, surface contextual intelligence, assist analysts through natural-language interaction, and automate parts of the investigation workflow, including audit documentation and suspicious activity reporting support.

In practical terms, ThetaRay is moving from being a detection vendor to building an AI compliance co-worker – one that works alongside human investigators rather than simply feeding them more alerts. ThetaRay no longer merely helps compliance teams detect risk. It empowers them to accelerate investigations and flash actionable intelligence to law enforcement at machine speed to disrupt financial crime networks.

Predict, explain… control

The anti-financial crime sector has been forced to focus, rightly, on explainability as the central question around AI adoption. Can firms demonstrate why an alert was raised? Can a suspicious activity decision be justified to a regulator? Can machine-generated conclusions be audited? And these remain critical concerns.

But ThetaRay’s thesis appears to be that explainability is now only the starting point. The bigger question is whether financial institutions are preparing for what comes next. Levy describes the progression in stages.

“Predictability first, then explainability. Now, controllability is becoming much more of a conversation because of the autonomous discussion around agents,” he says.

That’s a notable shift in thinking. The industry’s first AI debate was about whether machine learning models could produce better outcomes than static rules. The second was whether those outcomes could be sufficiently explained to regulators. Now, it’s whether financial institutions can build adaptive, secure, controllable AI systems that are capable not just of explaining today’s threats, but responding to tomorrow’s.

That is a much bigger challenge.

Financial institutions are spending vast sums in attempting to identify and investigate suspicious behaviour, yet the economics remain deeply inefficient. False positives swamp compliance teams. Analysts spend hours manually reviewing alerts that lead nowhere. Investigations that require urgency are often buried beneath operational backlog.

Levy’s summary is stark: “We spend $200billion as an industry on a two-to-six trillion dollar laundering problem, and there’s 98 per cent false positive rate.”

ThetaRay believes it can at least begin to help ‘clear the queue’. That doesn’t mean entire fraud monitoring departments are laid off. Regulated financial institutions are not, in any case, ready to hand full autonomy to AI systems to make risk decisions on their behalf, and nor should they. But it does mean jobs will evolve.

As Levy says: “If you’re taking a risk judgement, that is never, in my opinion, going to be deterministic, which is why humans always have a role.”

He draws a comparison with the courtroom, imagining a future in which low-complexity legal disputes – small claims cases, routine formula-driven judgements, even some divorce settlements – built around predictable outcomes could be substantially automated. But murder trials? Never.

While there are cases where speed, precedent and pattern recognition can accelerate outcomes, there are others where nuance, ethics, contextual judgement and human accountability remain fundamentally non-transferable. In the case of financial cyber crime, routine triage, evidence gathering, documentation, reprioritisation and repetitive investigative work are ripe for automation.

Final accountability and consequential judgement are not.

The autonomous systems that look set to play a more meaningful role in financial crime prevention, have their own vulnerabilities, of course. Bad actors will inevitably attempt to manipulate, probe or exploit AI-driven infrastructure, particularly as agent-to-agent ecosystems emerge, says Levy.

ThetaRay’s response to that is security by design. That means strict entitlements, tightly governed permissions, secure interoperability between systems, strong access controls and rigorous protection around both transaction data and behavioural metadata. Levy references emerging agent-to-agent architectures and model context protocols as examples of why the industry must embed security at the foundational layer rather than patch vulnerabilities later.

In his view, defending AI systems means adopting the same adversarial mindset as the attackers. The same agility and acceleration. That leads to a much broader reimagining of financial crime infrastructure to reduce systemic complexity that gets in the way of defence and detection. Synthetic fraud swarms. Cross-platform identity abuse. Agent-to-agent automation. Real-time geopolitical volatility. New forms of value transfer that blur the boundaries between regulated money movement and digital assets. What’s next?

“The thing I know with absolute certainty is that I don’t know what’s coming next,” says Levy. And that’s a key point, because, in his view, too many financial technology providers remain focussed on solving known problems today, whereas ThetaRay is positioning itself around preparedness for the unknown ones of tomorrow. That extends beyond product design into its world view around regulation; the imbalance between threat actors and public oversight.

“The regulators are definitely outmanned and outgunned,” says Levy.

He’s not anti-regulator. Far from it, but he sees financial crime networks increasingly exploit fragmentation between institutions, jurisdictions and legacy systems.

“The regulators have to be armed because they are the ones who could see the true unknown unknowns,” he explains.

ThetaRay is not simply selling software to banks. It’s advocating for a connected ecosystem between institutions, vendors and overseers that police the world’s systems.

“Collaboration and partnership are critical for all of us,” says Levy, “[because] you can’t buy – you can’t tech your way – through trust.”

There’s no time to debate whether agentic AI has a role in financial crime management, but rather how fast safe models can be adopted, says Levy. Standing still may be the riskiest move of all.

This article was published in The Fintech Magazine Issue #38, Page 54-55

The post EXCLUSIVE: “Fincrime: Giving It Our Best Shot” – Brad Levy, ThetaRay in ‘The Fintech Magazine’ appeared first on FF News | Fintech Finance.