In a conversation with Brad Levy, chief executive of ThetaRay, a company focused on the “wiring” of trust through AI-powered monitoring that helps banks and fintechs scale safely while detecting and reporting financial crime, we examined what this speed means for risk, regulation, and trust in the financial system. 

Levy argues that old ways of tracking money flows no longer hold up.

Nigeria’s banking and fintech sector has expanded, almost faster than the systems built to regulate it. Payments now move in seconds, and fraud patterns move just as quickly. 

Regulators are responding with stronger policies and expectations.

For Levy, the transition is apparent. Systems built for manual checks cannot keep pace with today’s transaction volumes or the complexity of digital crime networks. He describes a system under stress, where scale has exposed the limits of human-led monitoring.

Across banks and fintechs, the gap in readiness varies. Some institutions are already adopting artificial intelligence and real-time oversight. Others still rely on older compliance models that struggle to connect customer data with live transaction behaviour.

The Central Bank of Nigeria’s recent direction on automated anti-money laundering (AML) systems sets a firm line, forcing the industry to move from gradual improvement to immediate action. Institutions now have to rethink how they see compliance, not as a back-office task, but as core infrastructure.

In this interview, Levy, who has spent his career building the plumbing of the global financial markets, first with nearly two decades at Goldman Sachs, then leading Symphony and MarkitSERV, explains what has changed, what still slips through the cracks, and why Nigeria’s approach may affect how digital finance is policed far beyond its borders.

TE: The Central Bank’s move makes automated AML systems effectively non-negotiable. From your vantage point, what changed in the risk sector to push regulators from guidance to outright mandates? 

Brad Levy (BL): The math simply stopped working for manual oversight. Nigeria has one of the most vibrant digital payment ecosystems in the world. You can’t monitor millions of instant transactions using spreadsheets and human eyes. 

The CBN’s March 2026 mandate recognises that guidance doesn’t stop automated, bot-driven crime. By mandating these systems, Nigeria is making a strategic move to protect the integrity of the Naira and ensure the country stays effectively connected to the global financial map.

TE: You’ve worked closely with financial institutions in Nigeria, where do most banks and fintechs actually stand today in terms of AML capability, and how wide is the gap? 

BL: The divide is significant, though it’s closing fast. We see forward-leaning institutions like Sterling Bank already moving toward a future-proof posture by putting AI at the centre of their monitoring. On the other hand, plenty of firms are still stuck in a “box-ticking” mindset.

The gap is most obvious when you look at the CBN’s anti-money laundering automation mandate. Most legacy systems can’t provide a unified view of the customer or link KYC/KYB data to transaction behaviour. 

The 18-month window for banks is tight, but the real pressure is the three-month requirement to submit a roadmap. If financial institutions haven’t started their gap analysis yet, they’re already behind.

TE: There’s a lot of talk about AI in compliance, but in practical terms, what kinds of financial crime patterns are still slipping through traditional monitoring systems that AI is better at catching? 

BL: Traditional systems are built on rules. They look for what we already know, like whether a transfer is over a certain dollar amount. Modern criminals have moved past that. They use smurfing or complex networks of mules to make illicit flows look like normal, low-value activity. AI catches the anomalies. 

It identifies patterns that look wrong even if we haven’t seen that specific tactic before. For a bank, it’s the difference between chasing 5,000 false alarms and actually finding the criminal network hidden in the noise.

TE: For Nigerian institutions, this goes beyond a tech upgrade to an operational shift. What are the biggest implementation challenges you’re seeing on the ground, especially around data quality, cost, and internal expertise? 

BL: The biggest hurdle is fragmented data. AI is only as good as what you feed it, and many institutions have their KYC data sitting in a different silo than their transaction logs. There is also a lingering perception that compliance is just a “tax” on doing business. 

I argue it’s a strategic asset. When you use AI to reduce false positives by 90%, you aren’t just satisfying the CBN; you’re making the entire bank more efficient. Your investigators can finally focus on real risks instead of low-value busywork.

TE: Do you see this directive as a Nigeria-specific response or part of a regulatory change across Africa? And how might it reshape expectations for cross-border transactions over the next few years? 

BL: Nigeria is the blueprint for the continent. We’re seeing similar shifts everywhere, from the EU’s new AML Authority to tightening rules in the US. This is Nigeria’s “mobile phone” moment. Just as the continent skipped landlines to go straight to mobile, Nigeria is leapfrogging the failing, manual era of compliance. 

By hard-coding AI and transparency into the banking system, Nigeria is making itself a much safer destination for global capital. This mandate turns compliance into a bridge for international trade rather than a barrier.

IT departments, in particular, find themselves at the intersection of AI’s development and the growing demands of compliance, reshaping how business leaders manage data, tools, and security.

As 2025 approaches, artificial intelligence (AI) will continue to advance, paving the way for both significant opportunities and complex challenges.

Early promise, slow maturity

AI initially dazzled with its potential to revolutionise industries, from customer service to data analysis. However, the reality has been more measured.

Many organisations that embraced AI early have either scaled back their investments or reallocated resources after finding that AI’s benefits are often limited to specific use cases.

This measured adoption reflects a broader truth: AI is still a work in progress. Vendors are actively refining their offerings based on feedback from early adopters, leading to steady, albeit incremental, improvements. For now, AI has shown value in well-defined applications but remains less impactful as a general-purpose tool for most information workers.

Despite these limitations, the relentless focus on AI in vendor showcases and product announcements signals that its time is coming. As AI matures, so too will its integration into the enterprise landscape, particularly in areas where its utility is undeniable – like compliance.

Key trends shaping AI and compliance in 2025

1. AI maturity and targeted use cases

             By 2025, the use cases for AI will expand as vendors refine their offerings and businesses identify clearer applications. Organisations will increasingly implement AI in areas like fraud detection, contract review, and process automation, where its impact can be measured and optimised.

2. AI-infused vendor solutions

             Feedback loops from early adopters have empowered vendors to integrate AI deeper into their products.

Whether through predictive analytics or advanced workflow tools, AI will become less of a standalone novelty and more of a foundational feature.

3. Compliance as a priority, not an option

             The intersection of AI and compliance has emerged as a critical focus area. Organisations are realising that effective AI implementation requires robust data governance, classification, and protection measures.

Compliance, once viewed as a checkbox exercise, is now recognised as essential for AI readiness.

The role of compliance

AI’s reliance on data has forced organisations to reevaluate their approach to compliance. The traditional “security through obscurity” model—where sensitive data remains safe because users simply lack access or awareness—breaks down when AI tools enter the picture.

AI has the capability to uncover and analyse vast amounts of data, making inadvertent overshare a significant risk.

Data overshare risks

Incidents like Samsung workers inadvertently leaking company secrets via AI tools like ChatGPT illustrate the dangers of poorly managed data access.

Shadow IT further exacerbates the issue, as employees adopt unsanctioned tools that bypass organisational controls, potentially exposing sensitive information.

Driving data governance forward

To address these challenges, IT departments are turning to tools like Microsoft Purview for data classification and protection, Microsoft Intune for device management, and SharePoint for enterprise content management. These tools help enforce policies that ensure users access only what they need while safeguarding confidential information.

Looking ahead to 2025: Preparing IT for the future

By 2025, AI and compliance will be inextricably linked. Organisations will need to develop clearer frameworks for managing AI tools and compliance processes. Key priorities for IT departments will include:

• Strengthening data governance: Implementing stringent data classification policies to protect sensitive information.
• Enhancing device control: Using tools like Microsoft Intune to secure and manage user devices.
• Streamlining content management: Migrating from legacy file servers to centralised platforms like SharePoint to ensure data is organised and policy-compliant.

While AI’s full potential remains a work in progress, its growing impact is undeniable. The period of uncertainty we’re in now offers IT departments a chance to prepare, innovate, and align their strategies with the dual imperatives of AI readiness and compliance.

By embracing these challenges, businesses can unlock new opportunities and ensure they are well-positioned for the digital workplace of the future.

AI is no longer just a visionary technology; it’s becoming a practical reality with profound implications for compliance and IT strategy. As organisations navigate this transition, the emphasis on strong data governance and proactive compliance measures will only grow.