Notifications
Clear all
Topic starter
10/06/2026 10:35 pm
TL;DR: Reported productivity gains of up to three times and support for more than one regulatory pressure point highlight how AI tools can turn platform case data into explainable, audit-ready insights across compliance and fraud workflows, according to SumSub. The control question is not whether AI can assist, but whether human control, traceability, and decision accountability remain intact.
NHIMG editorial — what this means for AI and NHI governance
By the numbers:
- Sumsub says multi-step, resource-intensive fraud schemes powered by AI increased 180% year-on-year globally in 2025.
Questions worth separating out
Q: How should compliance teams govern AI copilots in fraud workflows?
A: Treat the copilot as decision support, not decision authority.
Q: When does a compliance AI copilot create governance risk?
A: Risk rises when the copilot's output is treated as final judgement, when its rationale cannot be traced to source data, or when teams cannot show who approved the outcome.
Q: What do security and IAM teams get wrong about AI assistants in compliance?
A: They often focus on accuracy and ignore authority.
Practitioner guidance
- Define the human approval boundary Map exactly which compliance and fraud decisions Summy may support, which outputs remain advisory, and which actions require explicit human sign-off before closure or escalation.
- Require evidence-linked outputs Ensure every summary, chart, or recommendation can be traced back to the underlying platform data used to generate it, so reviewers can inspect the basis of the AI output.
- Separate assistance from authority Write policy that treats AI-generated guidance as decision support, not decision ownership, and align case handling procedures with that distinction.
What's in the full announcement
Sumsub's full article covers the operational detail this post intentionally leaves for the source:
- How Summy is embedded across the Sumsub platform and the specific workflow touchpoints it supports
- The product-level breakdown of case summaries, visual analytics, product knowledge, and compliance advice
- The reported workflow benefits and how the vendor positions human control, thresholds, and accountability
- The source wording around regulatory context and the AI Assistant to AI Copilot evolution
👉 Read Sumsub's announcement on the Summy AI Copilot for compliance workflows →
Compliance AI copilots in fraud teams: what changes for IAM?
Explore further
11/06/2026 2:41 am
Compliance copilots are not identity neutral. Once AI is embedded inside case management, the governance issue shifts from interface convenience to decision provenance. The same workflow that improves investigator throughput can also obscure who relied on which signal, when, and with what accountability. Practitioners should treat AI-assisted compliance as part of the identity control plane, not as a detached productivity layer.
A few things that frame the scale:
- The average estimated time to remediate a leaked secret is 27 days, despite 75% of organisations expressing strong confidence in their secrets management capabilities, according to The State of Secrets in AppSec.
- Only 44% of developers are reported to follow security best practices for secrets management, exposing a significant developer behaviour gap.
A question worth separating out:
Q: How can organisations tell whether an AI copilot is still under human control?
A: Look for mandatory approval steps, reviewable outputs, recorded rationale, and the ability for a human to override or reject the AI recommendation. If the system can act only within those controls, it remains assistive. If it can change outcomes on its own, the control model has shifted.
👉 Read our full editorial: Sumsub's compliance AI copilot shifts casework, not autonomy
