By Brad Levy, CEO of ThetaRay
For years, the AML industry has measured progress by the quality and quantity of alerts it generates. When institutions are producing hundreds of thousands of alerts a month, 90% of which ultimately prove to be false positives, it’s no wonder analysts are overwhelmed by the workload before they’ve filed a single Suspicious Activity Report (SAR). However, as global regulators raise expectations around investigative rigor, narrative coherence, and defensible decision-making, alert volume is no longer the right measure of effectiveness. The real test now lies in what happens after an alert is triggered.
Investigations remain largely manual, fragmented across systems, and heavily dependent on individual judgment under constant time pressure. Alerts may be generated at scale, but risks are not always assessed, documented, or escalated with the consistency regulators increasingly expect. Many institutions can point to sophisticated detection engines and incremental improvements in false-positive rates, while investigative backlogs quietly grow and case quality erodes.
This is where the industry must now focus its attention, on ensuring that analysts are supported with not only detecting potential risk, but in investigating, explaining and resolving it, with the right tools.
The AML industry has spent years investing heavily in innovations for the detection side of compliance. While AI tools have helped support overstretched false-positive rates, in many institutions they remain high despite years of model tuning. More importantly high alert volumes tend to obscure a more critical question: what actually happens after an alert has been flagged as suspicious?
Regulators No Longer Accept ‘We Flagged It” as an Answer
Expectations on investigative quality and documentation are increasing. In a recent PwC survey, 38% of financial institutions cited regulatory change as one of their most significant operational challenges.
In the EU, the new AML Regulation and the establishment of a centralized AML Authority signal a push toward a new unified rulebook demanding more effective monitoring, transparent record-keeping, and consistency across jurisdictions. In the US, FinCEN has required modernized, evidence-based, well-documented AML/CFT investigations.
Against the backdrop of record enforcement actions, financial institutions face more pressure to demonstrate decision quality and consistency across compliance operations. However, many AML analysts are preoccupied with manually gathering data, reconciling fragmented systems, and constructing case narratives under significant time constraints.
The Investigation Gap No One Wants to Own
The investigative bottleneck shifts AML failures from missing signals to failing to explain them. A recent report indicates that 75% of financial institutions rely heavily on manual business risk assessment processes, significantly slowing investigations and introducing inconsistency.
Case handling is still fragmented, and highly analyst-dependent as investigators juggle multiple systems, data sources, and documentation standards. The result is inconsistent reporting, and in some cases, unintended biases and uneven regional risk treatment; issues that carry both regulatory and reputational consequences.
Incomplete or inconsistent investigations weaken SAR quality and make it harder for institutions to demonstrate control effectiveness, increasing regulatory exposure and ultimately, systemic financial risk.
What Changes When Investigation is Treated as a Core Capability
As regulators place greater emphasis on explainability and defensible decision-making, investigation has become a business concern, not just a compliance obligation. High quality, consistent investigative narratives improve auditability, strengthen regulator confidence, and materially raise the standard of SAR quality, while decreasing the risk of missed or poorly supported compliance decisions.
When investigation is treated as a first-class capability, institutions begin to rethink how analysts work. Modern analytical tools can support investigators by synthesizing data, contextualizing alerts, and surfacing relevant risk patterns more efficiently. Used responsibly, AI automation, for example, has the potential to reduce manual effort and increase productivity by 20x while preserving human judgment where it matters the most. The future of AML effectiveness depends on aligning detection and investigation as a single, intelligent workflow, rather than prioritizing one over the other.
Fixing AML Starts After the Alert
The effectiveness of AML programs should be judged not by how many alerts they generate, but by how well risks are investigated, explained, and resolved. As regulators continue to raise the bar, investigative quality is becoming the defining measure of compliance maturity.
Closing the investigation gap requires a fundamental shift in mindset — from managing alerts to understanding risk. Until investigation is treated as a first-class pillar of AML, alongside detection, institutions will continue to confuse activity with effectiveness, exposing themselves to unnecessary regulatory and operational risk. Over time, these weaknesses can extend beyond individual firms, creating vulnerabilities in the financial system itself and amplifying risk across interconnected markets.
