From “set it and forget it” to living systems: Gusto’s John Weithorn shares his AI playbook for AML

John Wiethorn is a standout voice in financial crime compliance, known for building AI-driven fraud and AML programs that stay rigorous at scale. At Gusto, John leads the fight against financial crime with a clear philosophy: give investigators tools that surface the right context at the right time, eliminate operational overload, and keep defenses improving as a living system.

In a conversation with Maximilian Eber, Taktile Co-Founder and CPTO, John shares what it looks like to run an AI-enabled financial crime function in practice. He explains how AI can remove investigative friction, complement rules-based controls by catching “unknowns,” and help teams adapt to evolving fraud tactics.

“If you can allow investigators to shift from data gathering to analyzing,” John says, “you are basically giving them superpowers.”

That idea shapes how John’s team approaches AI at Gusto.

He explains, “The biggest thing we can do is reduce administrative drudgery, so we deploy AI to handle manual tasks like data aggregation and file retrieval.”

For high-volume teams facing thousands of alerts, this is the difference between spending hours assembling context, and spending minutes making the final judgment call on what is fraudulent or not.

With the manual work stripped away, John argues, investigators can go deeper. “AI gives our subject matter experts all of the information they need. That enables our investigations to be faster, more thorough, and deeper than a manual capacity would allow.”

“My core philosophy is that the best investigators deserve the best tools,” John emphasizes. “We view AI not as a replacement for human judgment, but as a mechanism to eliminate friction.”

For John, AI’s value is not only in reducing manual work It can also help teamssurface dynamic financial crime patterns that static controls are not designed to catch.

“AI can catch the unknowns,” John says, when asked how AI and rules-based systems work together to strengthen AML coverage. “[It can spot] the anomalies in the static rules, or where static rules are missing things.”

Even so, AI’s pattern recognition does not make traditional controls obsolete, John explains.“Because [financial] crime is always changing, an AI model is never really finished. If you get rid of static rules in your controls, you're potentially going to miss really low-hanging fruit that you should have caught.”

Rules still earn their keep, especially for known typologies that shouldn’t slip through due to shifting thresholds or “model drift,” which is the gradual decline in an AI model’s performance as real-world patterns shift away from its training data. John notes, “Sometimes you're going to have static rules that say ‘if x, then y’ and they will continue to be really effective at catching known typologies.”

The takeaway is layered defense: keep rules to track the patterns you already know, and use AI to surface those that are still emerging.

John also points to a broader mindset shift around AI in AML: teams should treat fraud controls as a system that must be continuously maintained.

“I think the most common misunderstanding is the “set it and forget it” fallacy. [...] With an AML system, shipping a new rule is just the beginning.”

As John explains, that is because criminals can learn the edges of your system. Often, they test what gets caught and what gets through, then recalibrate. In response, John frames successful automation as continuous tuning rather than a one-time deployment.

At Gusto, the work looks like ongoing experimentation and validation, not a quarterly checklist. “We’re constantly testing and tuning rules: above the line testing, below the line testing, model validation testing.”

And in John’s view, none of that is possible without the right people owning the system end to end.

“It's people over platforms,” he says, “I think success ultimately comes down to talent. You can buy the best software, but without the right people, the program is going to bust every time.”

Looking ahead, John expects AI to become the operational backbone of AML programs. Financial institutions can use AI to not only improve detection but transform how teams investigate, document, and oversee decision quality day to day.

He also believes AI adoption will not stay optional for long, especially as it becomes embedded across the broader economy.

“I think regulators are going to move more from an observation standpoint to more specific guidance on AI usage. We're starting to see that.”

This direction is already visible in how model risk expectations are being extended into compliance functions. For example, SR 11-7 frameworks are increasingly applied to AML systems, pushing teams toward stronger governance and validation for AI-driven controls.

Furthermore, in a world where attackers have AI tools, teams without tools become the path of least resistance. John puts it simply:

“I think that companies not leveraging these tools are going to fall behind [...] You're a very attractive target for criminals because you don't have those defenses.”

John’s message is straightforward: the future of financial crime compliance is not fully automated, nor fully manual. It is expert-led, AI-augmented, and built to evolve.

Leaders like John are defining what modern financial crime programs look like as AI rapidly evolves. We’re excited to follow how John and other compliance officers continue translating AI progress into stronger controls and faster investigations.