ING Was Fined 775M for Understaffing Compliance. Now They're Cutting 1,250 Jobs.
By Alex Blumentals -- Twin Ladder
In September 2018, ING paid 775 million euros to Dutch prosecutors. The largest corporate settlement in Dutch legal history. The charge was straightforward: ING had not funded its anti-money-laundering programme properly, enabling clients to launder hundreds of millions through its accounts "virtually undisturbed." The bank's response was to triple its AML headcount to 6,000 people. In March 2026, ING announced it is cutting 1,250 of those jobs. The stated reason: artificial intelligence.
This is not an efficiency story. This is the competence paradox, playing out at industrial scale, inside one of Europe's largest banks, eight years after the fine that was supposed to fix the problem.
What happened in 2018
Let me be precise about this because precision matters when regulators are involved.
The Dutch Public Prosecution Service did not fine ING for a technicality. They did not fine ING for a paperwork failure. They fined ING 775 million euros -- 675 million in penalties plus 100 million in disgorgement of profits -- because the bank made a structural choice to deprioritise compliance. [cite:ing-fine-2018]
The prosecution's own language: "insufficient attention paid to compliance risk management (business over compliance)." [cite:go-aks-analysis]
The investigation covered 2010 to 2016. During that period, ING's compliance department was chronically understaffed. Alert backlogs grew. Transaction monitoring systems flagged suspicious activity that nobody reviewed. Clients moved hundreds of millions through ING accounts and the bank's internal systems -- such as they were -- did not catch it. Not because the systems failed. Because there were not enough people to act on what the systems found.
The remedy was obvious: hire more people. ING expanded its AML division from approximately 2,000 staff to 6,000. They tripled the headcount to meet the regulatory expectation that had been made painfully expensive.
Now, eight years later, ING is cutting 1,250 of those roles. [cite:ing-cuts-dutchnews] [cite:ing-cuts-amlnetwork]
The announcement frames this as a natural consequence of AI-driven automation. More efficient screening. Smarter alerting. Less manual review needed.
A regulator might ask a simpler question: how is this different from 2016?
The numbers across the sector
ING is not doing this alone.
ABN Amro, the Netherlands' third-largest bank, announced in late 2025 that it would cut 5,200 jobs by 2028 -- roughly 35% of its workforce -- with significant reductions in customer service, operations, and AML compliance. [cite:abn-amro-cuts]
Across all Dutch banks, the sector expects to eliminate approximately 2,600 AML-specific roles within two years. [cite:dutch-banks-2600] ASN Bank is cutting 900. Triodos is cutting 250. The scale is unprecedented.
The backdrop: Dutch banks collectively employ around 13,000 people in anti-money-laundering roles and spend approximately 1.4 billion euros per year on AML compliance. [cite:dutch-aml-costs] Despite this investment, the Dutch national audit office estimated in March 2026 that 15 to 20 billion euros are laundered through the Netherlands annually. The authorities seized 400 million euros in 2024. ABN Amro's own executive, Jaap van der Molen, publicly called AML "a negative business case" -- spend 1.4 billion, recover 400 million.
He is right about the maths. But when a bank executive calls regulatory compliance a "negative business case," the regulators tend to listen with a certain attentiveness.
What ABN Amro is actually deploying
ABN Amro has not simply bought faster screening software. They have deployed what they call "governance AI agents" -- systems that monitor transactions, communications, and decisions for AML and KYC compliance, identify potential compliance issues before escalation, and automatically generate audit trails and regulatory reports. [cite:abn-amro-ai-agents]
Read that last part again. The AI generates the audit trail. The compliance documentation itself -- the artefact a regulator would review during an examination -- is being produced by the system being governed.
This is not a tool assisting a human. This is a system generating the evidence of its own oversight. The question writes itself: who audits the auditor?
The competence paradox
Here is what I keep seeing across industries, and what makes the Dutch banking story a textbook case.
The junior analysts being cut first are the ones who do manual alert review. They sit at screens, look at flagged transactions, and decide whether something is genuinely suspicious or a false positive. It is tedious, repetitive, and -- this is the part nobody wants to say out loud -- it is how you learn what money laundering actually looks like.
The pattern recognition that makes a senior AML investigator effective did not come from a training course. It came from reviewing thousands of alerts, most of them false positives, until the real ones started to feel different. This is tacit knowledge. It develops through exposure. It cannot be automated away without consequences, because you are not just automating the task -- you are eliminating the pipeline that produces the people who understand the domain.
This is the same dynamic we documented in the Klarna case study. Klarna cut customer service headcount aggressively, automated with AI, declared victory -- and then discovered that the humans they had removed were not just processing tickets. They were generating the institutional knowledge that the AI needed to function correctly. When the AI got it wrong, there was nobody left who understood why. Klarna reversed course and started rehiring.
ING has not hit that reversal point yet. It will be instructive to see whether they do.
The SAR liability question
There is a very specific compliance problem that nobody in these announcements is addressing.
Someone has to sign a Suspicious Activity Report. A SAR is a legal filing. It carries personal liability. When a bank files a SAR with the Financial Intelligence Unit, a named compliance officer is attesting that the activity described in the report meets the threshold for reasonable suspicion.
Now consider the new workflow. An AI model triages incoming alerts. It classifies transactions as low, medium, or high risk. It routes the high-risk ones to a human reviewer. The medium-risk ones -- the grey zone, which is where most real laundering hides -- may be resolved automatically or with minimal human review.
The SAR still needs a signature. A human still puts their name on it. But if the model made the initial triage decision and a human never independently validated that step, what exactly is the signatory attesting to? That they trust the model? That they reviewed the model's output? That they understood why the model classified a particular transaction the way it did?
In an enforcement action, these distinctions are not academic. ING's 2018 settlement was specifically about humans not doing adequate review. Replacing those humans with a model and having a smaller team rubber-stamp the model's output is not obviously different from what the prosecution described as "business over compliance."
Article 4 enters the conversation
This is where the EU AI Act becomes directly relevant. [cite:eu-ai-act-article4]
AML screening is AI-assisted decision-making about natural persons in a regulated context. When a bank's AI system flags a customer's transaction as suspicious -- or, critically, when it fails to flag it -- that is a decision with material consequences for a real person. Accounts get frozen. Services get denied. People get reported to financial intelligence units.
Article 4 of the EU AI Act requires deployers to ensure "a sufficient level of AI literacy" among the people operating AI systems. This is not a suggestion. It is a binding legal obligation that has been in force since February 2025.
The compliance question is direct: if you cut 35% of your AML division while deploying AI systems that make or support decisions about your customers' accounts, have you ensured that the remaining staff have sufficient AI literacy to operate those systems competently? Have they been trained not just to use the tool but to understand its limitations, its failure modes, its tendency to produce false negatives in transaction patterns it has not been trained on?
Cutting 1,250 people from a 6,000-person AML division is a 20% reduction. Cutting 35% of a compliance workforce, as ABN Amro is doing, is even more aggressive. These are testable compliance positions. A regulator does not have to accept the bank's assertion that AI makes the remaining team more efficient. They can test it. They can ask to see the training records. They can examine how many alerts the remaining team actually reviews, how long they spend on each one, and whether the SAR signing process involves genuine human judgment or whether it has become a formality.
The pendulum
ING's story is a pendulum.
2010-2016: compliance was underfunded. Business priorities dominated. Clients laundered money through the bank's accounts because there were not enough people watching. The prosecution called it "business over compliance."
2018: the fine hit. 775 million euros. ING tripled their AML headcount to 6,000.
2020-2024: the expanded team operated. Alert volumes were managed. The regulatory pressure eased.
2026: ING announces 1,250 cuts. AI handles it now.
The pendulum has swung back. The justification has changed -- it used to be "we do not need that many people," now it is "the AI means we do not need that many people" -- but the structural outcome is the same. Fewer humans in the compliance chain. More decisions being made, or shaped, by systems that nobody in the enforcement apparatus has audited against the standard that got ING fined in the first place.
ABN Amro's executive defending the cuts against union concerns said something revealing: "We cannot afford not to do this." [cite:abn-amro-unions] He was talking about competitive pressure. About margins. About the 1.4-billion-euro annual cost of AML compliance being unsustainable.
He might be right. But "we cannot afford to fund compliance properly" is exactly what ING's management believed between 2010 and 2016. That belief cost them 775 million euros.
What this means for your organisation
If you work in financial services, this is not distant news. This is your sector in two years.
If you work in any regulated industry deploying AI to replace human judgment in compliance functions, the Dutch banking story is your preview. The pattern is consistent: automate the review, cut the headcount, declare the AI handles it, and hope that regulators accept the assertion at face value.
Some will. For a while.
But the EU AI Act now gives regulators a new tool. They do not have to prove the AI made a bad decision. They can ask whether the people operating the AI were competent to operate it. Article 4 makes that a compliance question with a concrete answer. Either you trained your staff or you did not. Either you have evidence of sufficient AI literacy or you do not.
ING was fined for not staffing compliance. They are now cutting compliance staff. The justification has an AI label on it this time.
A label is not a defence.
Sources
-
Dutch Public Prosecution Service — ING pays 775 million due to serious shortcomings in money laundering prevention. 2018. Link
-
DutchNews — ING to cut 1,250 jobs worldwide, many in anti-money laundering. 2026. Link
-
AML Network — ING announces 1,250 global job cuts targeting anti-money laundering amid AI push. 2026. Link
-
Brussels Signal — Dutch bank ABN Amro to cut 5,200 jobs by 2028 in AI-driven overhaul. 2025. Link
-
NL Times — ABN Amro executive defends AI plans amid union concerns about job cuts. 2025. Link
-
DutchNews — Banks expect to cut 2,600 money laundering check jobs. 2025. Link
-
AML Network — Dutch banks ABN Amro, ING, Rabobank, ASN Bank to cut 2,600 AML jobs. 2025. Link
-
GO-AKS — ING Netherlands 775 million AML settlement analysis. 2018. Link
-
Windows News — Agentic AI revolutionizes banking: ABN Amro's production cloud shift. 2026. Link
-
EU AI Act — Regulation (EU) 2024/1689, Article 4: AI Literacy. 2024. Link