Something quietly broken sits at the heart of financial crime compliance at most major banks: the screening systems are working perfectly, and that is precisely the issue.
According to Workfusion, every day, automated tools flag thousands of customers, payments, and counterparties as potential sanctions risks.
Workfusion recently discussed what top banks have learned after decades of fighting false positives.
The calibration is intentional, regulators demand a wide net, and no institution can afford to miss a genuine match. But the consequence of that design is a compliance function that has become, in many ways, a machine for disproving its own alerts.
One compliance executive put it plainly: “We’ve become incredibly efficient at finding things that turn out not to matter.”
The same structural tension runs through adverse media screening, customer due diligence, transaction monitoring, and politically exposed person (PEP) checks. Detection capabilities have grown sharper, data volumes have ballooned, and regulatory expectations have intensified, yet the operating model underpinning alert review has barely evolved in decades. An alert is generated. An analyst pulls together records from multiple systems, searches external sources, documents the findings, and closes the case. Then does it again, hundreds of times over.
The economics of alert review are breaking down
For years, banks responded to rising alert volumes by expanding their analyst headcount. That approach held when volume growth was incremental. Today, it no longer does. Alert numbers are outpacing hiring capacity, experienced compliance professionals are difficult to find and even harder to retain, and budgets remain stubbornly constrained, all while regulators demand more thorough documentation, greater consistency, and faster turnaround.
The uncomfortable reality is that the overwhelming majority of those alerts are ultimately cleared as false positives. Highly trained analysts are spending most of their working day gathering information, reconciling records, and writing up explanations for why a flagged name is not, in fact, a match. The work is not optional, regulators expect institutions to demonstrate that every alert was properly reviewed and that decisions were evidence-backed. But it is intensely repetitive, and as volumes climb, organisations find themselves hiring simply to tread water.
At some point, the economics collapse. The question shifts from “how accurate is our detection?” to “how do we scale review without scaling headcount indefinitely?” Leading institutions have begun asking a more fundamental question: how much of the alert review process genuinely requires a human being?
Analysts have become the bottleneck, not the safeguard
In most compliance functions, analysts sit between automated detection and a final decision. Every alert, regardless of its risk profile, triggers the same sequence: gather information, conduct research, document findings, close case. The challenge is not that the work is particularly complex. It is that the volume is enormous.
A sanctions analyst might process hundreds of alerts in a single week. An adverse media reviewer might spend hours assembling information from multiple sources only to conclude that the alert carries no meaningful risk. Multiply that effort across millions of alerts annually and the operational burden becomes staggering.
This is where the most forward-thinking financial institutions have directed their transformation efforts, not at the detection layer, but at the review layer. Firms including Raymond James identified that experienced compliance professionals were consuming too much time on repetitive review tasks, leaving too little bandwidth for the genuinely difficult cases that require seasoned judgement. The insight was not that compliance expertise had become less important. Quite the opposite: by automating the routine, institutions could redeploy expert attention to exceptions, edge cases, and higher-risk scenarios where human judgement actually moves the needle.
Leading banks are redesigning the alert disposition process
The institutions achieving the strongest results are not starting with the most complex investigations. They are starting with the most predictable ones. Sanctions screening is a natural first candidate: the workflow is highly structured, analysts follow defined policies, and decisions are documented through repeatable methodologies. The same logic applies to adverse media reviews, customer screening, and much of the KYC process.
These workflows generate significant operational drag but follow consistent patterns, which makes them well-suited to automation. The objective is not to remove human oversight. It is to reduce the manual effort required to establish that an alert presents no risk, so that the human oversight that remains is concentrated on decisions that warrant it.
Across institutions that have pursued this approach, a consistent theme has emerged: compliance professionals generate the most value when they are assessing risk, not retrieving information. Redesigning workflows around that principle delivers tangible results. Backlogs shrink, analyst capacity increases, service levels improve, and teams gain the flexibility to direct resources where they are most needed.
False positives aren’t the problem. The cost of reviewing them is.
For decades, false positives have been treated as an unavoidable tax on effective compliance. And in one sense, they are. Any screening system calibrated to catch genuine risk will inevitably flag false ones too. Regulators have no intention of changing that expectation.
But the industry has made a conceptual error in assuming that because false positives are unavoidable, the operational burden of reviewing them must be as well. The leading institutions are proving that assumption wrong. The future of financial crime compliance does not lie in eliminating false positives. It lies in stripping out the unnecessary effort those positives currently generate.
That distinction matters enormously. Once alert reviews can be completed faster, more consistently, and with less manual intervention, false positives stop being an operational crisis. They become what they should always have been: a manageable by-product of robust risk detection. After decades of treating them as the enemy, the most successful banks have come to understand that the real opportunity is not finding more needles in the haystack. It is spending far less time proving the hay is not a needle.
Read the full Workfusion post here.
Copyright © 2026 RegTech Analyst
Copyright © 2018 RegTech Analyst
