Most AML alerts are false. Analysts had to prove it, one at a time. Transaction-monitoring systems are tuned to miss nothing, which means the vast majority of what they flag is noise. At this institution, analysts spent their days pulling records, chasing relationships across accounts, and writing up cases by hand, most of which ended in 'no further action.' The genuinely suspicious activity was in there somewhere, buried under the false alarms.

The backlog grew, investigations took longer, and the cost of compliance climbed, all while the real risk, the cases that should become a regulatory filing, waited in the same queue as everything else.

The challenge

Could the institution clear the false-positive flood automatically, and give analysts a head start on the cases that matter, without ever taking the human out of a decision that carries regulatory weight? Every conclusion had to be traceable to its evidence, and a person had to own the final call.

The approach

We built an agentic investigation platform. For each alert, coordinated agents pull the relevant data, resolve entities, and build the network of accounts and counterparties around it, the work an analyst would do by hand. The system triages confidently benign alerts for auto-clearing, and for the rest it assembles the evidence and drafts a suspicious-activity narrative, every claim linked to its source. An analyst reviews, edits, and decides.

01
Automatic triage
Each alert is scored and ranked, so confidently benign ones are auto-cleared with a logged rationale and analysts start the day on the alerts that actually carry risk.
02
Agents that investigate the network
For flagged alerts, agents resolve entities and assemble the surrounding network of accounts, counterparties, and jurisdictions, the legwork that used to eat an analyst's afternoon.
03
Grounded narrative drafting
The platform drafts the suspicious-activity narrative with every statement linked to the underlying transactions and records, so nothing is asserted without evidence.
04
Human sign-off, always
Analysts review, correct, and file. The agents do the assembly; the regulatory decision stays with a person, and every step is auditable.

We didn't replace the investigator. We gave them the case already assembled, and the time to judge it.

Investigation loop: alert intake, automatic enrichment, an investigative agent that builds the entity network, a drafted narrative, and analyst review and filing
FIG.02Alerts are enriched, investigated by an agent, and turned into a drafted, evidence-linked narrative, then reviewed and filed by an analyst. Every dispositioned case sharpens the next.

The outcome

The platform now auto-clears the overwhelming majority of false positives and hands analysts assembled, evidence-linked cases instead of blank pages. Throughput multiplied, case handling got dramatically faster, and the team's attention shifted from clearing noise to investigating genuine financial crime, with a human reviewing every filing.

The backlog wasn't a staffing problem. It was a problem of where human attention was spent.

Because every analyst decision feeds back into the system, triage keeps getting sharper, and the institution's investigators spend more of their time where only a human can add value: judgment.