The Green Sheet Online Edition
May 25, 2026 • 26:05:02
AI functions best with human assistance
Merchant monitoring and third-party oversight are becoming increasingly complex. Sophisticated fraudsters leverage advanced technologies while regulatory expectations expand and evolve, creating a challenging environment for risk managers.
To effectively address emerging threats and heightened compliance demands, risk teams must combine seasoned expertise with the power of AI-driven tools. This integrated approach is no longer optional; it's essential.
Regulators raising the bar
Regulatory scrutiny has intensified. In 2023, the FDIC, Federal Reserve and OCC issued joint final guidance on managing risks associated with third-party relationships. This guidance is uniform and comprehensive, emphasizing a risk-based approach across the lifecycle of third-party relationships, from onboarding and monitoring to termination.
Also, events have reinforced the need for stronger oversight. The Evolve Bank & Trust and Synapse situation shifted the conversation from traditional vendor risk to a more critical concern: depositor access risk. The implication: failures in third-party ecosystems can directly impact customers, not just operations.
Expanding network-level oversight
Card networks are evolving their frameworks. Visa's Integrity Risk Program (VIRP) was introduced to deter, detect and remediate illegal activity across the payments ecosystem.It defines three key risk taxonomies: business risk, operational risk and legal & regulatory risk.
Visa also introduced tiered merchant classifications (Tier 1, Tier 2, Tier 3), along with enhanced requirements such as acquirer registration and annual certification for higher-risk merchants. Additionally, Visa's Acquirer Monitoring Program (VAMP) takes a broader view, evaluating merchant risk holistically, not in isolation.
Together, regulatory guidance and network programs reflect that risk is no longer evaluated in silos. Instead, it is viewed as interconnected across systems, partners and customer outcomes. This is where AI becomes indispensable.
Where AI shines
The payments ecosystem generates massive, continuous data streams. AI can ingest, process and analyze millions of data points simultaneously, identifying trends and outliers far beyond human capacity. Risk doesn't happen in batch cycles anymore. AI enables always-on surveillance. It doesn't sleep or take vacations.
And, AI is better at pattern recognition across silos. AI can link signals across merchants, processors, banks and behaviors, uncovering risks that sit between organizational blind spots.
AI applies consistent rules and models across every transaction and merchant—without alert fatigue, bias and inconsistency.
Where AI falls short
As fraud patterns and regulations evolve, AI models can be continuously updated and retrained, allowing organizations to respond faster than traditional manual processes, but AI has limitations. AI:
- Lacks true context awareness: AI understands patterns but not intent.
- Struggles with nuance: Edge cases, exceptions and gray areas often require industry experience and situational judgment that AI doesn't inherently possess. If a regulatory environment is not clear, AI may not properly categorize the risk.
- Depends on historical data: AI learns from the past. When something new, novel or intentionally deceptive emerges, AI can misclassify or miss it entirely.
- Doesn't possess instinct or skepticism: AI doesn't have a "gut feeling." It won't naturally question a story that technically fits the data but feels off. Sometimes a file is too clean. AI will see a perfect account, but a human could detect an imperfect story.
AI can detect the signal, but only humans can challenge the story behind it. Risk programs don't succeed because of better tools alone; they succeed because of better systems working together. The human + AI model At scale, the optimal sustainable model is a human/technology partnership, where each side does what it does best. AI brings speed, scale and pattern detection. Humans bring context, judgment and accountability. The future of risk is about continuously improving how those two interact.
It's not enough to say, "This is risky." We need to know why— what signals or behavior and how confident is the model? This builds auditability and regulatory defensibility.
We need to know not just what went wrong but also what is about to go wrong. The goal isn't just better detection; it's continuous learning and adaptation.
Every alert, every decision, every outcome, makes the system smarter. The most effective risk programs don't just react to change; they learn from it, adapt to it and stay ahead of it.
AI doesn’t replace judgment; it elevates it. AI delivers scale, speed and signals; trained analysts provide the judgment, context and intuition needed to assess intent and plausibility. The best solutions combine both. 
As founder of Humboldt Merchant Services, co-founder of Eureka Payments, and a former executive for such payments innovators as WePay, a division of JPMorgan Chase, Ken Musante has experience in all aspects of successful ISO building. He currently provides consulting services and expert witness testimony as founder of Napa Payments and Consulting, www.napapaymentsandconsulting.com. Contact him at kenm@napapaymentsandconsulting.com, 707-601-7656 or www.linkedin.com/in/ken-musante-us.
Notice to readers: These are archived articles. Contact information, links and other details may be out of date. We regret any inconvenience.
