Oonagh goes on to say: “Artificial Intelligence is evolving faster than regulators can keep up. Around the world, governments are racing to design frameworks to govern AI use, but the struggle is evident: how do you regulate something so pervasive, adaptive, and borderless without stifling innovation or missing critical risks?” She assesses Hong Kong’s present dilemma – highlighted in a recent South China Morning Post article – illustrates such challenges. The city faces obstacles enforcing rules that would necessitate AI-created content be labelled. Experts, she says, warn that the city’s market is “too small” for supporting “bespoke legislation, and without robust enforcement mechanisms, rules around watermarking and labelling may simply be ignored.” “This isn’t just a Hong Kong problem. It’s a global one. And it’s a sign that we need to rethink how AI regulation is designed and enforced,” she writes. As the former British colony crafts its own AI rules regime, she highlights the challenges the city faces: 1) Fragmented and reactive regulation: Hong Kong currently relies on piecemeal laws—privacy, IP, finance—to govern AI. The lack of a unified statute leaves gaps and inconsistencies. This mirrors the situation in many jurisdictions where regulators patch AI onto existing frameworks rather than building something purpose-built. 2. Enforcement complexity Even when rules exist, implementation is shaky. For example, China mandates labelling and watermarking of AI content. But technical evasion is easy, watermarking can be stripped, and compliance varies across platforms. Enforcement lags behind innovation. 3. Scale and coordination problems Small markets like Hong Kong can’t realistically create standalone AI regimes that diverge too far from global standards. With multiple regulators (PCPD, HKMA, SFC) touching AI issues, coordination becomes another hurdle. 4. Ethical and societal risks remain unaddressed Labelling helps transparency, but it doesn’t solve deeper concerns: misinformation, deepfakes, privacy breaches, biased algorithms, or liability for harm. Ultimately, Oonagh notes the Special Administrative Region (SAR) needs to learn from other models. For example, the EU AI Act is a superb piece of legislation. “The European Union has introduced the world’s most ambitious attempt at AI regulation,” she says. “Its risk-based approach divides AI systems into categories: • Unacceptable risk (e.g., social scoring) – outright bans. • High risk (e.g., biometrics, healthcare AI, financial services AI) – strict compliance, human oversight, mandatory audits. • Low/minimal risk – lighter obligations. “This is a principle-driven and comprehensive framework, but critics warn that its heavy compliance burden may stifle innovation in smaller companies. Enforcement capacity will also be tested—many national regulators are underfunded compared to the scope of responsibility,” she wrote. Then there is the Singaporean model which she acknowledges is “more agile, industry-friendly approach with its Model AI Governance Framework.” Instead of rigid laws, it provides: • Voluntary best practices (transparency, explainability, fairness). • Industry sandboxes to experiment safely. • A strong focus on multi-stakeholder collaboration between regulators, academia, and industry. “This approach supports innovation while nudging companies toward responsible AI. But without legal force, it risks leaving gaps where bad actors can exploit weaknesses,” she says. For Hong Kong to have a more workable approach, therefore, she recommends borrowing what works and is relevant to the local context. Namely: Unified AI Regulation: Move beyond fragmented laws and adopt a dedicated AI framework, grounded in core principles: accountability, transparency, fairness, privacy, and safety. Risk-Based Oversight: Like the EU Act, differentiate between high-risk and low-risk AI use, applying strict oversight only where harms could be severe. Practical Enforcement Tools: Invest in watermarking and labelling standards that are technically robust, enforceable, and difficult to evade—while recognizing that labelling alone isn’t a silver bullet. Dedicated Oversight Body: Create a central AI regulator to coordinate across sectors, avoid duplication, and respond quickly to emerging risks. Public Engagement & Education: Build societal trust by educating citizens on AI risks, rights, and safeguards, ensuring transparency around how AI decisions are made. Global Alignment: For small markets like Hong Kong, aligning with global regimes—whether the EU Act’s structure or Singapore’s collaborative model—is key to avoiding regulatory isolation and easing compliance for international companies. As Oonagh concludes, AI regulation cannot be built on ad hoc legal fixes or unenforceable guidelines. “Hong Kong’s struggles highlight the real-world limitations of trying to bolt rules onto outdated systems. The EU shows the power of principle-based, risk-tiered regulation, while Singapore demonstrates the agility of a collaborative, innovation-friendly approach,” she writes. “The answer lies in combining these lessons: a unified, principle-driven law; proportionate, risk-based oversight; enforceable standards; and international harmonisation. Regulation must evolve as quickly as AI itself—not to slow it down, but to ensure that innovation happens safely, transparently, and for the benefit of society,” she says. Moving into the lengthier discussion portion of the episode, Mirko and Peter discuss their article, published earlier this summer, entitled “How Well Does the Money Laundering Control System Work?” The article takes a critical look at the global AML system and ask a simple but fundamental question: Has it actually made money laundering tougher or riskier for criminals? The answer is more complicated -and less encouraging - than many might hope. And it’s a question, for which there may be different answers at local, national, transnational and global levels. Mirko & Peter’s essay offers a critical and data-driven analysis of the global AML regime, highlighting: ▪️ the lack of empirical evidence that ML has become more difficult or less prevalent ▪️ the often symbolic nature of international evaluations such as Financial Action Task Force Mutual Evolutions ▪️ the high costs and unintended consequences of AML measures including derisking; and ▪️ the central role of private entities in detecting suspicious activity, with significant operational implications Though lengthy, it’s a highly recommended read for anyone working in or interested in AML, financial crime and public policy evaluation. Simply put: Money laundering remains a significant concern worldwide, with substantial resources dedicated to preventing illicit funds from entering the financial system. Yet, after decades of legislative and regulatory development, the effectiveness of AML frameworks is still dubious. Again, the article is a sharp, data-informed critique of the current state of the international AML apparatus. The authors highlight seven key findings that challenge conventional wisdom: · Major banks regularly face large fines, but executives very rarely face criminal convictions · Money laundering is often no more complex or expensive today than it was in the late 1980s · Most laundering methods remain surprisingly basic · The system disproportionately benefits wealthy jurisdictions · AML measures yield valuable intelligence for law enforcement · But they also carry risks, including de-risking and data misuse · The real costs of AML compliance are never part of public debate. Only occasionally is there mention of the costs borne by banks. The abstract to their piece states: “The continued globalization of finances has generated an ever-larger array of methods for making criminal earnings appear legitimate. The global regime to control money laundering has become more sophisticated and comprehensive, (i.e., expensive and intrusive). There is no evidence that money laundering is declining or becoming more difficult or expensive. The system’s failure has many sources. Nations which pushed for its creation and development have been unwilling to implement critical elements. Major banks have repeatedly failed to meet their obligations, suggesting either insufficient commitment or a lack of the necessary skills and systems to comply. Regulatory oversight has been inadequate. There is, however, evidence that the system aids enforcement of laws against criminal enterprises. Despite the consensus that the system works poorly, there is almost no discussion of substantial reforms.” Their key observations or conclusions are that simple laundering strategies remain pervasive, there has been, relatively speaking, limited adoption of sophisticated methods like crypto, and most launderers tend to launder their own funds rather than avail themselves of the “professional services” of more experienced financial criminals. The challenges they cite are the limited policy debate over AML and financial crime compliance writ large; a tendency for policymakers and regulators to focus on incremental improvements rather than widescale reforms; and whether the current system of every growing suspicious activity report (SAR) filings is sustainable in long-run. As Mirko says: “SARs are contributing to investigations,” but it is unclear whether such a system is sustainable over time. He highlights a common practice among money laundering reporting officers (MLROs) of reporting everything to avoid fines, sanctions, or personal reprimands—a phenomenon known as “defensive filing.” However, the example of the U.S. Treasury Department’s FinCEN shows that four million SARs filed annually cannot be effectively managed. This places a significant strain on Financial Intelligence Units and law enforcement agencies, whose limited resources make it difficult to keep pace with the volume of reports. Mirko added that not all money launderers are the same: the typologies of how a drug dealer, kleptocrat and cryptocriminals launder funds may be very different. When asked what policy choices they would advocate for regulators and law enforcement to adopt, both Mirko and Peter stressed the need to set realistic goals, develop alternative effectiveness metrics, and balance between the competing but compelling goals AML controls and financial inclusion. As the conversation concluded Peter acknowledges that the White House’s statement earlier this year that it would scale back AML enforcement could lead to selective enforcement of such rules under the current Trump administration.