TL;DR: 95% of AML alerts are noise. We spent years assuming better detection models would fix that. They didn't. The real problem was that our systems couldn't talk to each other. Context, not cleverness, is what separates signal from noise.
I'm going to tell you about a mistake we made early on at Zenoo, because I think most teams building compliance infrastructure are making the same one right now.
We had a client, a mid-size UK payments company, whose compliance team investigated roughly 10,000 AML alerts every month. Statistically, 9,500 were complete rubbish. The other 500 contained maybe three genuine risks worth escalating. Their analysts were spending 80% of their time chasing ghosts, whilst real money laundering slipped through cracks in outdated detection systems.
They asked us to help. We said yes. And then we got it wrong for a while.
The obvious fix that wasn't
Our first instinct was the same as everyone else's: tune the detection rules. Tighten the thresholds. Reduce the volume.
It sort of worked. We cut alert volume by maybe 15%. But the false positive rate barely moved. The 95% noise figure just applied to a slightly smaller pile. Analysts were still drowning, just in a marginally shallower pool.
The reason, which took us longer to see than I'd like to admit, is that AML screening in isolation is fundamentally context-blind. A transaction monitoring system flags a payment because it matches a pattern. But it doesn't know that the KYC check completed two days ago already verified the sender's source of funds. It doesn't know that the sanctions screening system cleared the counterparty six hours earlier. Each system is doing its job perfectly. Together, they're generating chaos.
This is the bit that frustrated me most. We had good technology. Our clients had good technology. And yet the output was still 95% noise.
Alert fatigue is an engineering failure, not a people problem
Here's what happens when you throw 9,500 false positives at a compliance team every month. They stop looking carefully. Of course they do. They're human. You would too.
I spoke to a Head of Compliance at a UK challenger bank about this last year. She described her team's daily workflow as "professional whack-a-mole." Alerts come in, analysts triage them as fast as possible, the queue never gets shorter, and the genuinely suspicious activity hides in the mass of noise like a needle in a haystack made of other needles.
The industry calls this alert fatigue. I'd call it an engineering failure. If your system generates 95% false positives, you haven't built a detection system. You've built a distraction engine.
And the volume is getting worse. Over the past 2 years, the number of AML alerts hitting compliance teams has climbed significantly. Regulatory scope is expanding (hello, AMLA). Transaction volumes are up. New payment rails mean new patterns to screen. The pile grows faster than teams can hire.
What actually fixed it
The breakthrough, and I use that word carefully because it took us months of iteration, was connecting the systems rather than improving them individually.
When your AML screening can see the results of the KYC check that already ran on the same entity, the alert changes. When your sanctions screening result is available in the same context as the transaction monitoring flag, the analyst doesn't need to open four tabs and cross-reference manually. The orchestration layer does that before the alert ever reaches a human.
This isn't AI magic. It's plumbing. It's making sure that when System A flags something, it can see what Systems B, C, and D already know about that entity. Most of the 95% noise disappears not because you've built a smarter model, but because you've given your existing models the context they were missing.
We rebuilt our orchestration layer around this principle. Instead of each compliance check running in its own silo, every check has access to the full context of everything else we know about that entity. The alert that comes out the other end isn't just "this transaction looks suspicious." It's "this transaction looks suspicious AND here's everything else we know, which is: nothing else is wrong."
That second alert gets closed in seconds. The first one used to take an analyst 20 minutes.
The honest trade-offs
I should be straight about what this doesn't solve.
Orchestration adds complexity. You're now dependent on the availability of multiple systems, and if one is slow or down, your alert context is incomplete. We've had incidents where a provider API timeout meant alerts shipped without sanctions context, and our client's team had to triage them manually anyway. We've got better at handling this (graceful degradation, cached results, priority queues), but it's not a solved problem.
Documentation is another area where the industry, us included, could do better. When you're connecting five or six providers through an orchestration layer, the integration documentation needs to be exceptional. Ours scores 3.5 out of 5 based on the feedback we track. That's not good enough and we know it.
And pricing models for orchestrated compliance are genuinely hard to get right. You're asking clients to forecast volumes across multiple check types, and that's difficult when they're scaling. We hear this from clients regularly.
What I'd tell you if you're building this yourself
If you're an engineer at a fintech stitching together AML, KYC, and sanctions providers right now, here's what I wish someone had told me three years ago.
Stop trying to reduce false positives by tuning individual systems. It's a local optimum that doesn't move the needle on the real problem. The 95% false positive rate isn't because your AML tool is bad. It's because your AML tool is blind to everything your other tools already know.
Invest the time in building (or buying) an orchestration layer that shares context across checks. The complexity is real, but the payoff is dramatic. Your analysts go from spending 80% of their time on noise to spending their time on the alerts that actually matter.
And if you're evaluating vendors for this, ask them one question: when an alert fires, what context from other compliance checks is available at the point of triage? If the answer is "none, that's a different system," you're going to end up where we started. Drowning in 9,500 alerts that mean nothing.
We built Zenoo to solve this exact problem. If you're connecting compliance providers and watching your team drown in false positives, it might save you the same pain we went through.
Stuart Watkins is CEO of Zenoo. He's spent 6 years building compliance infrastructure and still spends too many Saturday nights debugging orchestration edge cases.
Top comments (0)