Dickon Johnstone (Themis) on the Middle East’s evolving financial crime landscape

Dickon Johnstone, a former bank CEO and Accenture consultant, founded Themis with the ambition to fight financial crime with AI and accessible due diligence. Seven years into this ambition, we spoke with Dickon on the firm’s growth in the Middle East, the evolution of financial crime and RegTech solutions, and what’s next for the landscape.

What is the vision behind Themis, and why has the Middle East become a key strategic focus for the firm at this stage of its growth?

Themis was established to close a gap in how organisations understand and manage financial crime risk. Criminal networks operate across borders, sectors and digital platforms, yet many organisations still rely on slow, fragmented processes to assess risk. Our vision is to combine advanced AI with real investigative expertise to produce fast, clear insight so organisations can identify hidden risks early and act with confidence.

Digital activity is expanding rapidly across fintech, e-commerce and virtual assets in the Middle East, creating opportunity alongside new forms of exposure to cyber-enabled crime. The UAE has also taken a proactive approach in strengthening frameworks, driven by its strong regulatory framework.

Our base in Abu Dhabi allows us to work closely with regulators and apply AI-driven risk tools in real-world conditions, meeting high standards of governance while building solutions that scale globally.

Why has financial crime become a leadership issue rather than just a compliance concern?

In the MENA region, financial crime has shifted from a back-office compliance obligation to a strategic leadership risk because it now directly impacts national reputation, economic diversification, and access to global capital.

Governments across the Gulf are positioning themselves as trusted international financial hubs, aligned with Financial Action Task Force standards and global regulatory expectations. Under programmes such as Saudi Vision 2030, financial crime controls are no longer about avoiding fines – they are about protecting sovereign credibility, attracting foreign investment, and maintaining correspondent banking relationships.

Failures in AML, sanctions, fraud, or third-party risk now escalate quickly to boards and executives because the consequences include:

• Licence restrictions or withdrawal
• Public enforcement actions
• International de-risking by global banks
• Reputational damage that undermines national growth agendas

As a result, leadership teams are being held accountable not just for compliance, but for how confidently and quickly they can make risk-based decisions – on clients, partners, investments, and suppliers – in real time.

In MENA today, financial crime capability is a strategic enabler: it determines whether organisations can grow, transact globally, and operate with confidence in markets under intense international scrutiny.

Why is collaboration between governments, regulators and the private sector now essential to tackling increasingly sophisticated financial crime threats? 

Financial crime is now too fast-moving and interconnected for any single organisation to tackle alone. Criminal networks operate across borders and digital systems, taking advantage of gaps between jurisdictions and sectors. Collaboration helps build a shared picture of emerging threats and enables quicker, more effective responses.

Governments and regulators set the rules and priorities, while businesses are often the first to see suspicious activity through their customers, transactions and partners. Global bodies such as the Financial Action Task Force (FATF) recognise the value of public–private collaboration in tackling money laundering and terrorist financing, and encourage joint work to improve standards and best practices.

In the UAE, our joint research with the UAE’s General Secretariat on cyber-enabled financial crime demonstrates how shared insight strengthens national risk awareness and helps move from reacting to preventing.

How are rapid developments in technology exposing the limits of traditional financial crime controls?

Rapid growth in fintech, digital platforms and virtual assets is exposing the limits of many existing financial crime controls, particularly when it comes to activities spread across multiple platforms. Criminal networks are increasingly able to move funds quickly and exploit channels that sit outside traditional monitoring approaches.

Our joint report with the UAE’s General Secretariat highlights that this expansion increases exposure to cyber-enabled money laundering and other illicit finance risks. This concern is shared globally: the FATF has warned that gaps in how countries apply virtual-asset standards create vulnerabilities that criminals can exploit, highlighting the need for faster, more connected approaches to managing financial crime risk.

How is AI reshaping the way executives and boards assess risk across complex, fast-moving business ecosystems?

AI is reshaping risk assessment by helping leaders understand how people, companies and transactions are connected across complex business environments. Traditional systems often flag individual warning signs in isolation, making it difficult to detect layered systems or networks operating across multiple jurisdictions – features that are common in cyber-enabled financial crime.

AI can analyse large volumes of data at once, including company records, media coverage, and transaction activity, to surface patterns that indicate hidden risk. This gives executives a clearer, more complete view of who they are doing business with

The AI Investigator tool from Themis applies this capability directly to enhanced due diligence. It automates investigative steps, uncovers hidden ownership links and risk indicators, and produces clear reports in minutes. For boards, this means faster decisions with clear explanations for why a person or company is assessed as high or low risk.

What do non-financial sectors most commonly underestimate about their exposure to financial crime risk?

Players in sectors non-financial sectors often underestimate how directly they can be targeted. Financial crime is no longer confined to banks; it has become highly organised and increasingly embedded across digital and commercial ecosystems.

Sectors such as real estate, marketplaces and professional services often sit at key points in the economy, where criminals want to illicit money. Yet these sectors have not always had the same tools, training or visibility as large financial institutions, which creates blind spots.

As a result, businesses can be exposed without realising it. Stronger due diligence and ongoing monitoring help identify risks early, before reputational or operational damage occurs.

Why is the Middle East – and the UAE in particular – emerging as a global testbed for AI-led risk management and regulatory innovation?

The region is moving quickly on digital transformation, and the UAE has matched that pace with proactive regulation and governance. Fintech, digital payments, virtual assets and AI adoption are expanding rapidly, creating opportunities that inevitably create new financial and cyber risks. Regulators have encouraged innovation while strengthening oversight, supporting responsible use of technology.

AI is already being applied across compliance and monitoring to improve decision speed and consistency, particularly in anti-money laundering and risk assessment. For firms like Themis, this creates a real-world environment where AI-driven risk tools can be developed under high regulatory expectations. This helps make the UAE a useful benchmark for approaches that can scale globally.

What does the UAE’s MENAFATF presidency signal for how organisations across the region should rethink financial crime governance and accountability?

The UAE’s MENAFATF presidency comes at a pivotal moment for the region and signals a decisive shift toward more rigorous, outcomes-focused financial crime governance. The UAE has been clear that a core priority of its presidency is translating international standards into effective, on-the-ground implementation – placing greater emphasis on whether policies and controls operate as intended in practice.

A parallel focus on joint action and preparedness underscores a more partnership-driven model, centred on the exchange of expertise and the delivery of sustainable impact at both regional and global levels.

This agenda is further underscored by an intensive cycle of MENAFATF mutual evaluations across the region in 2026, with the UAE, Saudi Arabia, and Bahrain all scheduled for assessment. This places heightened pressure on these countries to demonstrate tangible progress, including the private sector’s understanding of and compliance with financial crime risks.

For regulated organisations operating across the region, this shift translates into heightened expectations around accountability, operational effectiveness, and regulatory engagement. Firms will be expected not only to evidence alignment with national and regional risk priorities, but to demonstrate that financial crime frameworks deliver measurable outcomes. Areas likely to face increased scrutiny include beneficial ownership transparency, cross-border risk management, and cyber-enabled financial crime.

In practical terms, organisations that invest early in risk-led governance, fit-for-purpose technology, and constructive public-private collaboration will be better positioned to meet more demanding, effectiveness-driven supervisory oversight.

Non-regulated organisations should also pause to understand how this evolving regulatory environment may affect them indirectly – through counterparty due diligence expectations, access to financial services, supply chain requirements, or heightened scrutiny from regulators, partners, or international stakeholders.