AML expectations have shifted but many investigation processes haven’t.

Over the past few years, the expectations placed on AML programs have changed significantly. It’s no longer just about detecting suspicious activity. Increasingly, the focus is on:

• How investigations are carried out
• How decisions are made
• And whether those decisions can be clearly explained and justified

For many financial institutions, this shift is exposing gaps in how investigations actually work in practice.

What regulators are focusing on

In the US, regulators such as FinCEN, the OCC, and the Federal Reserve are placing more emphasis on:

• The quality of investigations
• The strength of supporting evidence
• The consistency of decision-making
• The clarity and completeness of SARs

In other words, it’s no longer enough to show that alerts are being generated, institutions need to demonstrate how risk is assessed and resolved.

What we’re seeing across AML teams

Despite this shift, many investigation processes still look the same. Across financial institutions, we continue to see:

• High volumes of alerts entering investigation queues
• Manual, fragmented workflows
• Data spread across multiple systems
• Case narratives built manually by analysts

This makes investigations:

• Time-consuming
• Inconsistent
• Difficult to scale

The gap between detection and investigation

At the core of this challenge is a simple issue. Most systems are designed to generate alerts, not to support investigations. This creates a disconnect between:

• What gets flagged
• And how cases are actually resolved

As a result, more alerts don’t necessarily lead to better outcomes.

Why this matters now

This gap is becoming more than just an operational problem, it’s increasingly a regulatory one. Inconsistent investigations or weak documentation can lead to:

• Poor-quality SARs
• Increased audit scrutiny
• Costly remediation efforts

In today’s environment, institutions need to show not just that risk is detected but that it is handled consistently and defensibly.

What’s starting to change

In response, many institutions are rethinking how investigations are carried out. We’re seeing a shift toward:

• More structured investigation workflows
• Better visibility across transaction activity
• Greater consistency in how cases are handled
• Clear, explainable outputs that support decisions

Rather than relying entirely on manual, analyst-led processes, investigations are becoming more structured and connected.

Where this is heading

Increasingly, this means moving toward approaches that can:

• Bring together relevant data automatically
• Analyse activity across accounts and transaction flows
• Structure how investigations are carried out
• Produce consistent, audit-ready outputs

The goal isn’t just to improve efficiency, it’s to improve the quality and consistency of outcomes.

Conclusion

The role of AML is evolving. It’s no longer defined by how many alerts are generated but by how effectively cases are investigated and resolved. Institutions that can deliver consistent, explainable, and efficient outcomes will be better positioned to meet the expectations of today’s regulatory environment.