An exclusive article by Fred Kahn

Executives often tolerate ballooning alert queues because adding more analysts feels safe. It looks decisive, it seems measurable, and it promises immediate relief. Yet the quiet truth is that headcount-first spending quietly locks an institution into compounding costs while doing little to shrink inherent risk. The result is a fragile compliance posture that burns budget, misses learning opportunities, and delays investments that would permanently eliminate waste.

Stop Hiring for Backlogs, Eliminate the Work

The point is not to cut people, the point is to cut pointless work. Alert volumes rise and fall with product launches, risk appetite, and market volatility. Trying to match that volatility with permanent staffing is like trying to hold back the tide with more buckets. A resilient program builds capacity through design, automation, and data quality so that humans are reserved for decisions, not drudgery.

Backlogs are often explained away as a fact of life. Payments surged, a new product launched, a seasonal spike hit, a remediation raised sensitivity, an acquisition brought in noisy data. The reflex response is an emergency hiring plan. It feels rational because alerts look like a queue that only people can burn down. Yet program leaders who plot the full cost curve discover that the cheapest alert is the one that never exists, and the cheapest investigation is the one that begins with complete context.

The headcount impulse also distorts strategy. When funding goes to more analysts rather than to the causes of rework, every improvement becomes harder to justify. The program starts to optimize for throughput rather than for learning. Teams get better at moving tickets and worse at preventing tickets. That is how cost and risk rise at the same time, a paradox that only resolves when investment shifts from labor to design and selective technology.

AML automation is the only scalable path

The organizations that outperform peers share a common pattern. They treat people as the most precious resource and design processes so that every analyst hour is spent on judgment that machines cannot replicate. They pursue three principles. First, instrument the end to end lifecycle from KYC to case closure so waste is observable. Second, shrink repetitive steps with targeted tools. Third, change policies and thresholds where they distort workloads without improving risk control.

Automation is not a silver bullet, it is a scalpel. The winning deployments are small, specific, and measurable. Queue triage that suppresses obvious duplicates. Data validation that blocks empty or malformed fields at the source. Screening optimizers that retire redundant name permutations. Case assembly that auto stitches customer, account, and payment context. When applied to the right failure modes, these moves turn spirals of manual rework into straight lines.

This is what AML automation should mean in practice. Use detection models that adapt based on feedback. Use decisioning that explains why an event is low risk so it can be closed quickly. Use continuous data quality checks so investigations do not begin with a scavenger hunt. Most teams do not lack effort, they lack leverage. Automation supplies that leverage by converting repeatable judgment into repeatable outcomes, and by giving analysts clean context at the moment of decision.

A reliable starting point is a failure taxonomy. Catalog why an alert becomes hard work. Missing identifiers. Ambiguous counterparties. Unclear ownership. Conflicting dates. Duplicated transactions. Scenario overlap. Outdated lists. Non material thresholds. Weak narratives. Each category points to a control that prevents the failure upstream. Without this map, teams add reviewers and hope the noise subsides. With it, they install the equivalent of circuit breakers that trip before the fire spreads.

Alert triage is fertile ground. Many queues are polluted by mechanically similar items produced by overlapping scenarios or by batch effects. Lightweight statistical clustering and rule de duplication can merge related items into a single work object with shared context. That alone can lift analyst capacity by double digits. Downstream, templated reasoning that records why a pattern is expected for certain customers builds an evidence base for future automated closures.

Screening is another source of waste. Imperfect transliterations, over broad tokenization, and inconsistent matching windows expand the candidate list. Precision improves when teams adopt language appropriate processing, normalize source identifiers, and score matches with transparent features that investigators can accept or reject with confidence. The aim is not aggressive suppression, it is disciplined discrimination that reduces the noise floor while preserving coverage.

The math that exposes the headcount trap

Consider a program that generates 120,000 alerts per year across transaction monitoring and screening. Suppose each alert consumes 18 minutes on average and 30 percent escalate to cases that take an additional 45 minutes. That workload equals roughly 57,600 analyst hours annually. At a fully loaded cost of 75 per hour, the direct spend reaches 4.32 million before quality assurance and management overhead. More people hides the inefficiency, it does not cure it.

Now apply targeted fixes. De duplication reduces alert volume by 12 percent. Data validation at onboarding and payment initiation removes 8 percent of avoidable alerts caused by bad inputs. Scenario recalibration trims another 10 percent while preserving risk coverage. The combined effect lowers total alerts by roughly 27 percent. Even if average handling time only falls from 18 to 16 minutes, and case time drops modestly from 45 to 40 minutes, the program saves about 12,500 hours, or roughly 940,000 in direct cost, before considering lower rework and fewer second level escalations.

Queue dynamics amplify the difference. When arrival rates approach team capacity, backlogs explode. Adding ten analysts increases capacity by a fixed amount, but preventing 27 percent of arrivals reduces queue pressure at every minute of the day. Cycle time becomes more predictable, aging drops, and supervisors can allocate work by risk rather than by triage panic. Customer friction falls because holds and information requests are targeted, not sprayed across every high velocity account.

False escalation also falls. When context is assembled automatically, analysts see counterparties, historical patterns, risk ratings, and ownership without hunting. That reduces defensive referrals to level two, because the first reviewer has everything needed to make a documented decision. Each averted handoff saves pure overhead time, but more importantly it compresses the distance between signal and action, which is what oversight teams ultimately care about.

The capital profile changes as well. A leaner process requires fewer middle managers dedicated to scheduling and throughput reporting. Work from anywhere becomes easier because task definitions are crisp and toolchains are simplified. Onboarding a new analyst takes weeks rather than months because repetitive tasks are scripted and measured. These changes lower the cost of variability, so the program can absorb seasonal peaks without annual hiring sprees.

The headcount approach scales linearly, the redesigned approach scales sublinearly. Each incremental analyst adds fixed cost regardless of whether alert quality improves. In contrast, automation that prevents a bad alert eliminates all downstream touches, reviews, emails, and meetings. Prevention beats triage. When leaders measure cost per quality decision, not cost per head, the math stops favoring more chairs and starts favoring better systems.

There is also capital risk. Hiring surges during a remediation can force commitments that outlast the problem. Depreciation on rushed technology choices, consulting fees for manual workarounds, and multi year leases for swing space inflate fixed cost for years. A program that invests in small, surgical automations and policy cleanups can meet the same statutory expectations with materially lower sustained spend and better control repeatability.

Operating model redesign that beats linear costs

Winning programs start by mapping the customer and alert journeys as they actually unfold. List every handoff, every screen opened, every data source consulted, and every reason a task boomerangs to a previous step. That visibility reveals where change yields leverage. Four redesign moves consistently pay off.

First, standardize high friction inputs. Require structured identifiers and codified reasons for risk decisions at onboarding, and block requests that do not meet the bar. Second, collapse tool sprawl. Fewer systems with richer context beat many systems connected by swivel chairs. Third, adopt a tiered decision framework. Low risk, well explained events auto close with logging, medium risk events move to expedited human review with templated narratives, and only ambiguous or material items escalate to a full investigation with second level checks.

Governance is not a paperwork exercise, it is a design discipline. Define service level objectives that measure outcomes that matter, such as time to first decision, rework rate per case, and the fraction of alerts closed with complete context on first touch. Tie incentives to those objectives. When teams are rewarded for fewer manual touches and fewer avoidable escalations, they will hunt and remove the root causes that generate unnecessary work.

This redesign also strengthens defensibility. Clear criteria for automated closure, auditable decision trails, and well maintained detection documentation satisfy legal obligations across multiple jurisdictions without turning the program into a paper factory. Investment choices that lower variance and eliminate noise reduce the chance of missing material risk while proving that controls are effective and proportionate to the risks managed.

Fourth, modernize data plumbing. Build curated views that join customer, account, channel, geography, and historical activity into one consistent layer. Analysts should not reconcile five versions of the truth. When the system presents a single, trusted story for each entity and event, decision quality rises and unnecessary escalations fade.

A practical roadmap starts with a diagnostic sprint. Two to four weeks of time and motion studies, data lineage tracing, and alert sampling will reveal the top three causes of waste. Then sequence three releases that each eliminate one root cause. Release one might introduce de duplication and auto context for the top two scenarios. Release two might harden onboarding data validation and introduce explainable risk scoring for low risk closures. Release three might rationalize screening configurations and retire overlapping scenario families while maintaining effective coverage.

Risk management strengthens through feedback. Analysts label why alerts are closed and why cases are escalated. Those labels drive continuous model tuning and policy refinement. The team becomes a learning system where every decision either teaches the machine to do more next time or teaches the policy to stop generating the work entirely. Over quarters, the composition of work tilts toward genuinely complex investigations that require human judgment, which is where people create real value.

---

Related Links

• EUR Lex portal on anti money laundering and countering terrorism
• United States Code Title 31 Subchapter II Records and reports on monetary instruments transactions
• United Kingdom Money Laundering Regulations 2017 consolidated text
• Monetary Authority of Singapore AML CFT notices overview
• AUSTRAC resources for anti money laundering and counter terrorism financing

Other FinCrime Central Articles About AML Process Inefficiencies

• The Hidden Operational Cost of PEP List Failures
• Cracking the AML Target Operating Model Challenge
• 7 Reasons Why a Feature-Based Approach to AML System Selection Works

Some of FinCrime Central’s articles may have been enriched or edited with the help of AI tools. It may contain unintentional errors.

Want to promote your brand, or need some help selecting the right solution or the right advisory firm? Email us at info@fincrimecentral.com; we probably have the right contact for you.