Erling Løken Andersen and François Savard on Building Kyros AML Suite

Anti-money laundering software has become one of the most important, and most misunderstood, categories in financial technology. For banks, payment companies, crypto businesses, iGaming operators, fintechs, trading platforms and other regulated businesses, AML is no longer a back-office formality. It is part of how a company earns trust, keeps access to banking partners, satisfies regulators, and protects itself from financial crime.

But building good AML software is not as simple as putting a clean dashboard on top of a few databases. The real challenge is deeper. It sits at the intersection of law, data quality, risk methodology, product logic, auditability, operational workflow and user experience.

In this fireside conversation, Erling Løken Andersen, lawyer, founder and regulatory operator, sits down with François Savard, lead designer of Kyros AML Suite, to discuss how Kyros was built, why AML software often becomes too complicated, and why the best compliance tools are not necessarily the ones with the most buttons, but the ones that make complex risk work understandable.

The Dashboard Is Only the Visible Layer

François Savard: Erling, when we first started talking about Kyros, I remember you saying something that stayed with me: “AML software is not a design problem first. It is a legal and data problem that eventually becomes a design problem.” What did you mean by that?

Erling Løken Andersen: I meant that a nice interface is not enough. In compliance software, the dashboard is the visible layer, but it is not the product by itself. The product is the quality of the data, the logic behind the risk scoring, the ability to explain why a person or company was flagged, the audit trail, the regulatory defensibility, and the way the system supports real compliance work.

You can build a beautiful dashboard that is useless if the underlying data is thin. You can also have strong data that nobody can use because the interface is too complicated. So the work is really about combining these things. Data quality, legal logic, workflow, and usability. That is where Kyros AML Suite sits.

François Savard: That is also what made the design work difficult. A lot of people think simplicity means removing things. But with Kyros, we could not just remove complexity. The complexity was real, because the product is complex by definition. Sanctions, PEPs, adverse media, country risk, customer risk, onboarding data, transaction alerts, risk scoring, audit logs. The question became: how do we make complexity manageable without pretending it does not exist?

Erling Løken Andersen: Exactly. Simplicity in this context is not minimalism for its own sake. It is operational clarity. A compliance officer needs to understand what happened, why it happened, what the system found, what risk level was assigned, what action should be taken, and what record will exist if a bank, regulator, auditor or partner asks about it later.

If the system hides too much, it becomes dangerous. If it shows everything at once, it becomes unusable. The balance is hard.

François Savard: From a design perspective, I had a strong opinion early on that Kyros should not feel like old enterprise software. A lot of compliance tools look like they were built around forms and databases rather than around decisions. You open them and immediately feel the weight of the bureaucracy.

Erling Løken Andersen: That is very true. Traditional compliance software often reflects the institution that bought it, not the person who has to use it.

With Kyros, we wanted to create something that a modern fintech, CASP, payment company, iGaming operator or regulated startup could use in practice. These companies do not have endless compliance departments. They need strong controls, but they also need speed. They need onboarding to work. They need monitoring to work. They need to be able to explain their decisions. And they need a system that does not require a six-month implementation cycle just to become useful.

How AML Has Changed

François Savard: Let us talk about the AML industry more broadly. From your point of view, how has anti-money laundering evolved over the last decade?

Erling Løken Andersen: AML has moved from being mostly procedural to becoming data-driven and risk-driven. Historically, compliance was often a checklist exercise. Did you collect ID? Did you screen the person? Did you keep records? Did you file reports if needed?

That still matters, of course. But modern AML is more dynamic. You need to understand customer behavior, transaction patterns, jurisdictional exposure, beneficial ownership, sanctions exposure, PEP status, adverse media, source of funds, and changes over time.

The market has also changed because financial services have become more fragmented. You now have payment companies, crypto platforms, embedded finance businesses, iGaming operators, brokers, PSPs, alternative payment methods, digital wallets and cross-border platforms… They all have different risk profiles.

So AML systems need to be more flexible. They cannot just be built around old banking assumptions.

François Savard: That flexibility was one of the most important design problems. If you design only for a bank, you get one type of product. If you design for crypto, payments, fintech and iGaming, you need something more modular.

Erling Løken Andersen: Yes. A crypto company may care deeply about wallet exposure, sanctions, source of funds, transaction chains and Travel Rule issues. A payments company may care more about merchant risk, transaction behavior, geography, fraud signals and banking partner expectations. An iGaming operator may need to understand player flows, payment methods, source of wealth concerns, responsible gaming overlaps and cross-border AML duties.

The regulatory principles are often similar: know your customer, understand risk, monitor activity, report suspicious behavior, keep records. But the operational reality differs by industry.

What Kyros AML Suite Is Really Meant to Do

François Savard: When we say “Kyros AML Suite,” what are we really talking about?

Erling Løken Andersen: We are talking about a platform that brings key AML and KYC operations into one environment. Customer onboarding, identity verification, screening, risk scoring, transaction monitoring, alerts, reporting, data enrichment, and ongoing case handling.

The point is to avoid fragmented compliance. A lot of companies have one provider for ID verification, another for sanctions screening, another spreadsheet for risk scoring, another system for transaction monitoring, and then some manual process for case management. That creates operational risk.

Kyros is meant to centralize the workflow – a single source of truth. A compliance team should be able to look at a customer or company and understand the full picture: who they are, how they were verified, what the screening results say, what the risk score is, what alerts exist, what decisions were made, and what documentation supports those decisions.

François Savard: From a UI point of view, that full-picture idea became central. I wanted the dashboard to feel like a cockpit, not a filing cabinet. The user should not be digging through ten separate places to understand one customer.

Erling Løken Andersen: That is a good way to put it. Compliance work is decision work. The system should help people make better decisions, faster, and with better documentation.

But we also had to be careful. AML is not an area where the software should create a false sense of certainty. A system can support decision-making, automate parts of the work, highlight risk, and standardize processes. But the regulated company still needs responsibility, governance and human review where appropriate.

François Savard: That was one of the reasons I pushed against over-automating the interface visually. I did not want Kyros to look like a black box where the system simply says “approved” or “rejected.” That might look clean, but it is not always the right design for compliance.

Erling Løken Andersen: I agree. Black-box compliance is dangerous. A regulator or banking partner will not be satisfied with “the system said yes.” They will ask why. What data was used? What rules applied? What risk indicators were present? Who reviewed the case? Was the customer rescreened? Was the decision consistent with the company’s policy? So you need transparency on all of those things.

Data Quality Is the Real Product

François Savard: That raises the data question. You have been very clear internally that Kyros is only as strong as the data it can access and interpret.

Erling Løken Andersen: Yes. Without data, an AML suite is just an empty shell. The user interface can be beautiful, but if the data coverage is weak, the product is weak.

Kyros processes more than 1 million external data pings on individuals per year. That matters because compliance quality depends on breadth and frequency. You need to check people and entities against relevant sources. You need to handle changes. You need to know if someone becomes a PEP, appears in adverse media, is linked to sanctions exposure, or creates a risk pattern that was not present at onboarding. Therefore, we need good quality data sources to back up everything we do.

At the same time, more data is not automatically better. Bad data creates noise. Too many false positives can overwhelm compliance teams. The challenge is to bring in broad data, but present it in a way that supports practical decision-making.

François Savard: False positives – like a wrong indication of PEP status – are a design problem too. Not because design solves the underlying matching logic, but because design determines how humans experience the result. If every screen is shouting at you, you stop listening.

Erling Løken Andersen: Exactly. Alert fatigue is real. In AML, bad prioritization can be almost as harmful as missing information. A team with 500 meaningless alerts may miss the five that matter. That is why risk-based design is important. The whole AML framework is built around a risk-based approach. Not all customers are the same. Not all countries are the same. Not all transactions are the same. Not all alerts deserve the same treatment. The system should help the team focus.

Startup Speed in a Regulated Environment

François Savard: In startup circles, people often talk about speed. Move fast, ship, iterate. But AML software lives in a more serious environment. How do you balance startup speed with regulatory seriousness?

Erling Løken Andersen: You have to understand which parts can move fast and which parts cannot be sloppy, right?

You can iterate on interface, onboarding flows, workflow layout, reporting formats and integrations. You can improve dashboards. You can refine the user experience. But you cannot be casual about regulatory logic, data integrity, recordkeeping, privacy, audit trails, or how the system classifies risk.

In regulated technology, the cost of being wrong is higher. A broken button is annoying. A broken AML control can create regulatory, banking, criminal, reputational and commercial risk. So the startup mindset has to be disciplined. Move fast, but not recklessly.

Francois Savard: That is where I think product design in regulated industries becomes interesting. It is not just “make it beautiful.” It is “make the right behavior easier.” Good design can support compliance culture.

Erling Løken Andersen: Absolutely. A good product nudges the organization toward better behavior. If escalation is easy, people escalate. If notes are structured properly, documentation improves. If the risk view is clear, decisions become more consistent. If audit history is automatic, the company is better prepared for regulator or partner reviews.

Compliance Standards and Simplicity

François Savard: We also talked a lot about Europe. Kyros has basic support for more than 200 countries, but we have always been strongest in Scandinavia and Northern Europe. How does that shape the product?

Erling Løken Andersen: It gives Kyros a particular identity. The Scandinavian and Northern European compliance environment is demanding. Expectations around identity, data quality, banking standards, user trust and regulatory discipline are high. If you build for that environment, you build with a certain seriousness.

We are lucky to have stuff like taxpayer identification, support for all of the Scandinavian eIDAS authentication systems like BankID and MobileID, Scandinavian credit checks, address verification and more. 

François Savard: From the user side, eIDAS-type identity flows are also interesting because they can feel simple to the end-user while being strong in the background. That is the kind of simplicity I like. Not fake simplicity, but infrastructure doing hard work invisibly.

Erling Løken Andersen: Yes, the best compliance experience for the end-user should feel smooth. But for the regulated company, it must still be strong, documented and auditable.

François Savard: I think that is one of the big lessons from building Kyros: Business people want onboarding speed. Compliance people want control. Legal people want defensibility. Designers – and users – want clarity… The product has to satisfy all of those at once.

Erling Løken Andersen: Yes, and that is why AML products are harder to build than many people assume. In a simple SaaS product, you may mainly optimize for user experience and feature adoption. In AML software, you also need to think about regulatory expectations, institutional trust, evidence, risk appetite, privacy, data retention, third-party sources, auditability, and explainability. You are designing for many audiences at the same time. 

François Savard: That creates pressure on the interface. The product has to be usable by a human on a Monday morning, but also credible when exported into a regulatory file six months later.

François Savard: Now let me challenge you a bit. Some founders may think: “We are still small. We do not need a full AML suite. We can manage with spreadsheets and manual checks.” What would you say to them?

Erling Løken Andersen: I understand the temptation. In the earliest stage, up to 100 users maybe, many companies start manually. But the problem is that regulated businesses often scale risk before they scale compliance operations. A spreadsheet can work for a few cases. But it becomes dangerous when volumes increase, when customer types become more diverse, when jurisdictions expand, when transaction monitoring becomes necessary, or when a bank asks for evidence of your controls.

Also, many companies underestimate banking partner expectations. Even if a regulator has not knocked on your door yet, your bank, acquirer, PSP, EMI partner or commercial counterpart may ask detailed questions. They will want to know how you screen customers, how you monitor transactions, how you handle sanctions, how you risk-rate customers, and how you document decisions. At that point, saying “we have a spreadsheet” is often not enough. And it might already be too late to go back to fix it. 

François Savard: That is a very startup-relevant point. Compliance maturity can become a sales enabler. It is not only a cost center.

Erling Løken Andersen: Correct. Strong compliance infrastructure can help a company win partnerships, maintain banking access, pass due diligence, reduce operational chaos, and move faster in regulated markets.

What the AML Industry Still Gets Wrong

François Savard: On another topic: What do you think the AML industry still gets wrong? Or could need to be challenged on? 

Erling Løken Andersen: I would say three things.

First, too much focus on checking boxes rather than understanding risk. AML is not just “screen this person.” It is: understand whether this customer, behavior, transaction or relationship creates a risk that must be controlled.

Second, too much fragmentation. Companies end up with multiple vendors, disconnected data and manual reconciliation. That creates blind spots. For Kyros, that’s a business opportunity, of course. 

Third, too little attention to usability. Compliance software often assumes users will tolerate bad design because they have no choice. That is no longer acceptable. Modern regulated companies expect better.

François Savard: I would add a fourth from the design side: many AML tools confuse density with seriousness. They think a screen with 200 fields looks professional. Often it just means the product has not made enough decisions.

One thing I enjoyed in the Kyros process was that we did not treat legal as something outside product. Your legal and regulatory thinking was part of the product discussions from the start.

Erling Løken Andersen: That is how it should be in regtech. Legal and compliance thinking should influence the architecture of the product. If the law requires customer due diligence, ongoing monitoring, recordkeeping and risk-based controls, the product should reflect that. If the company needs to explain decisions to banks or regulators, the product should make that possible. If privacy rules require careful data handling, that has to be designed in. In good regulated products, law becomes product logic.

François Savard: That is probably the founder angle too. Many founders see compliance as something that slows them down. But you seem to see it as something that can be productized.

Erling Løken Andersen: Yes, because regulation creates repeated problems. Repeated problems can become software.

Every regulated business has to answer similar questions: Who is this customer? Can we onboard them? Are they sanctioned? Are they a PEP? Is there adverse media? What country risk applies? What is their risk score? Are their transactions consistent with what we know? Has anything changed? Can we prove our process?

That repeated structure is exactly what software can organize.

François Savard: But at the same time, you have always said AML cannot be reduced to software alone.

Erling Løken Andersen: Correct. Software is a tool. It does not replace governance, policy, judgment, training, accountability or senior management responsibility.

A weak company cannot buy a tool and become compliant overnight. But a serious company can use a strong tool to become much more efficient, consistent and defensible.

Where AML Software Goes Next

François Savard: Where do you think AML software is going next?

Erling Løken Andersen: More automation, more AI-support, more data enrichment, better identity infrastructure, stronger transaction intelligence, more real-time monitoring, and more explainable risk scoring.

AI will clearly play a role, especially in adverse media analysis, pattern detection, anomaly detection, case summarization and prioritization. But in AML, AI has to be used carefully. You cannot simply outsource regulated judgment to a model without explainability and controls.

The future is not “AI replaces compliance.” The future is “AI helps compliance teams see more, prioritize better and document faster.”. And I think agentic AI will certainly replace a lot of AML compliance specialists, in the sense that they can help speed up information gathering, especially in the OSINT area. 

François Savard: That is also where design becomes important again. If AI produces more signals, the interface must help the user understand them. Otherwise, AI just creates more noise.

Erling Løken Andersen: Exactly. More intelligence only helps if it becomes usable intelligence.

François Savard: When you look at Kyros today, what are you most proud of?

Erling Løken Andersen: I am proud that we are building from the reality of regulated operators, not from theory… Kyros is not just an abstract compliance concept. It is shaped by the needs of fintechs, crypto companies, payment businesses, iGaming operators and other companies that have to satisfy customers, banks, partners and regulators at the same time.

I’m also proud that we managed to create an integrated, “complete” compliance system. Operators don’t have to have a multi-vendor strategy – if they sign up with Kyros AML Suite, they get everything in one place. And one single source of truth across all their users. 

François Savard: From my side, I think the best design choices are the ones users do not notice. If a compliance officer can open Kyros and immediately understand where to look, what matters, and what action to take, then the design is doing its job.

The Kyros Philosophy

François Savard: Last question. If you had to explain the Kyros philosophy in one paragraph to a founder in fintech or crypto, what would you say?

Erling Løken Andersen: I would say this: Kyros AML Suite is built for regulated companies that need AML to be operational, not decorative. It brings identity, screening, data enrichment, monitoring, risk scoring, alerts, reporting and case handling together into one system, with the goal of helping AML teams make faster, better and more defensible compliance decisions. The interface matters, but the real value is the combination of strong data, practical workflow, legal logic and audit-ready documentation.

François Savard: I think that captures it well. Good AML software should not only help a company pass a review – it should help the company understand its own risk.

Erling Løken Andersen: Exactly. And that is the real point. Compliance is not paperwork. It is knowledge. The better you understand your customers, transactions and risk exposure, the better business you can build.

François Savard: And hopefully, with fewer terrible dashboards.

Erling Løken Andersen: That too. The world has enough terrible dashboards.