For most large banks, sanctions screening works exactly as designed.
That’s the problem.
Every day, screening systems generate alerts on customers, counterparties, payments, and transactions that might represent sanctions risk. The systems are intentionally calibrated to cast a wide net. Missing a true match is unacceptable.
The result is predictable: analysts spend the vast majority of their time proving that alerts are not risk.
One compliance executive described the situation bluntly:
“We’ve become incredibly efficient at finding things that turn out not to matter.”
It’s not just a sanctions problem. The same dynamic exists across adverse media, customer due diligence, transaction monitoring, and politically exposed person (PEP) screening. Detection systems continue to improve. Data volumes continue to grow. Regulatory expectations continue to rise.
Yet the fundamental operating model hasn’t changed much in decades.
- An alert is generated.
- An analyst gathers information from multiple systems.
- The analyst searches external sources.
- The analyst documents findings.
- The analyst closes the alert.
- Then repeats the process hundreds of times.
For years, banks responded to growing alert volumes the only way they could: hire more analysts.
That approach worked when alert growth was manageable.
Today, many compliance organizations find themselves in a different reality. Alert volumes are increasing faster than headcount. Experienced compliance professionals are difficult to recruit and retain. Budgets remain under pressure. Meanwhile, regulators expect more thorough documentation, more consistent investigations, and faster response times.
This is why some of the world’s largest financial institutions have started to rethink a basic assumption.
What if false positives aren’t the problem? What if the real problem is the effort required to review them?
Those questions are driving a fundamental shift in how leading institutions think about financial crime compliance.
The Economics of Alert Review Are Broken
For years, compliance leaders focused on improving detection.
New screening platforms. Better monitoring systems. More data sources. More sophisticated models.
Those investments delivered results. Institutions can identify more potential risk than ever before.
But every improvement in detection creates more work downstream.
More alerts. More reviews. More documentation. More pressure on compliance teams.
The challenge is that the vast majority of those alerts are ultimately cleared as false positives.
That means highly trained analysts spend much of their day collecting information, comparing records, reviewing supporting evidence, and documenting why an alert is not a match.
The work is necessary. Regulators expect institutions to demonstrate that alerts were reviewed appropriately and decisions were supported by evidence.
But it is also highly repetitive.
As alert volumes grow, many organizations find themselves adding analysts simply to keep pace with work that rarely uncovers actual risk.
At some point, the economics stop working.
The question becomes less about detection accuracy and more about operational scalability. How do you review more alerts without continuously expanding headcount?
Leading institutions have started asking a different question: how much of the alert review process actually requires human effort?
One large North American bank confronted this challenge head-on. The issue wasn’t detection capability. The bank’s screening systems were doing exactly what they were designed to do. The problem was the growing amount of analyst time required to review and clear alerts that ultimately presented no risk.
That realization is becoming increasingly common across the industry.
Analysts Have Become the Human Layer Between Detection and Decision
Most compliance leaders don’t have a detection problem. They have a workflow problem.
In many organizations, analysts function as the bridge between automated detection systems and human decision-making.
Every alert requires information gathering. Every alert requires research. Every alert requires documentation. And every alert follows roughly the same sequence of steps.
The challenge is not complexity. The challenge is volume.
A sanctions analyst may review hundreds of alerts each week. An adverse media analyst may spend hours gathering information from multiple sources only to conclude that an alert presents no meaningful risk.
Multiply that effort across thousands or millions of alerts each year and the scale of the problem becomes clear.
This is where leading financial institutions have focused their transformation efforts. Not by changing how they detect risk. By changing how they review alerts.
Organizations like Raymond James recognized that experienced compliance professionals were spending too much time performing repetitive review activities and not enough time applying expertise where it mattered most.
The lesson wasn’t that compliance expertise became less important. It was the opposite.
The more efficiently routine alerts can be reviewed, the more time analysts have to focus on exceptions, edge cases, and higher-risk scenarios that require judgment.
The Most Successful Banks Are Reengineering Alert Disposition
One of the biggest lessons from leading institutions is that successful transformation doesn’t start with the most complex investigations. It starts with the most repetitive work.
Sanctions screening is often one of the first targets because the workflow is highly structured. Analysts follow consistent processes, apply defined policies, and document decisions using repeatable methodologies.
The same is true for adverse media reviews, customer screening, and many KYC-related processes.
These activities generate significant operational burden but often follow predictable patterns. That makes them ideal candidates for automation.
The goal isn’t to eliminate human oversight. The goal is to reduce the amount of manual effort required to determine that an alert is not risk.
Across leading financial institutions, a common theme has emerged: compliance professionals create the most value when they are evaluating risk, not gathering information.
The organizations seeing the strongest results are redesigning workflows so analysts spend less time collecting data and more time making decisions.
When organizations succeed, the impact extends far beyond productivity metrics.
Alert backlogs shrink. Analyst capacity increases. Service levels improve. And compliance teams gain flexibility to focus resources where they are most needed.
False Positives Are Not the Problem
For decades, financial institutions have treated false positives as an unavoidable cost of compliance. And in many respects, they are.
Effective screening systems will always generate alerts that require review. Regulators expect institutions to cast a wide net. That isn’t changing.
The industry’s mistake has been assuming that because false positives are unavoidable, the effort required to review them must be unavoidable as well.
Leading institutions are proving otherwise.
The future of financial crime compliance isn’t about eliminating false positives. It’s about eliminating the operational burden they create. That distinction matters. Because once alert reviews can be completed faster, more consistently, and with less manual effort, false positives stop being an operational crisis. They become what they should have been all along: a manageable byproduct of effective risk detection.
After decades of fighting false positives, the most successful banks have learned that the biggest opportunity in financial crime compliance isn’t finding more needles in the haystack.
It’s spending less time proving that the hay isn’t a needle.
To learn more about the evolving financial crime compliance operating model, watch our webinar, “The End of the False Positive Problem” or to demo our screening agents, please request a demo here.