Most banks accept that 85-90% of transaction monitoring alerts are false positives. They've built staffing and processes around this assumption. An analyst can triage through alerts quickly because the vast majority are noise. The cost of reviewing 1,000 alerts to find 100-150 actual cases of concern is written into the budget as a cost of operation.

This framing overlooks the actual cost. The false positive tax isn't just the time wasted reviewing noise. It's the compound effect on analyst behavior, investigation quality, and your institution's risk posture.

Why Rule Tuning Doesn't Work

Banks spend significant effort tuning transaction monitoring rules. Tighten thresholds, reduce false positives. Loosen them, catch more potentially risky activity. This seems like a simple trade-off until you actually try it at scale.

Consider a rule that flags structuring—multiple deposits just below $10,000. Tighten it and you catch more structuring attempts. But you also increase false positives from legitimate patterns like paycheck deposits that customers split across accounts. Loosen it, and you stop flagging the patterns that actually matter but rarely appear in isolation.

The deeper problem: valuable activity often looks similar to suspicious activity to a rule-based system. A business that processes many small international transfers looks structuring-like. A retailer with high transaction velocity looks layering-like. A migrant worker sending money home looks like potential sanctions evasion. Rules can't distinguish between these scenarios and actual money laundering because the patterns are literally the same.

Tightening rules cannot eliminate this problem. You reduce false positives from one pattern but create them elsewhere. The whack-a-mole phenomenon is structural, not incidental. You're fighting the fact that rule-based systems can't model intent, and intent is what differentiates suspicious activity from normal transactions.

This is why institutions with sophisticated rule engines often have false positive rates similar to institutions with simpler ones. Both are hitting a ceiling around 85-90%. More sophisticated rules don't lower the floor—they just move the noise to different categories.

The Behavioral Cost of Alert Noise

High false positive rates shape how analysts work. When 9 out of 10 alerts are noise, the efficient strategy is to skim them quickly. Read the transaction details, glance at the customer profile, mark it as reviewed. Move to the next one. Analysts aren't being lazy—they're responding rationally to a workflow where signal is rare and time is limited.

The problem: when the one genuinely suspicious alert arrives in a stream of 100, the analyst's attention is already calibrated for noise. They process it at the same speed. They may miss nuances that would have been obvious if they'd slowed down. They may skip steps they'd take for a complex case because the majority of cases they process are simple denials.

This is documented in compliance literature and training repeatedly, but the solution offered is always individual responsibility: analysts should slow down, take each alert seriously, apply discipline. That won't work. You can't expect individuals to override workflow incentives through willpower alone. If 90% of alerts are false positives, speed becomes the rational strategy, and speed erodes investigation quality.

Institutions that recognize this have tried different approaches—random deep dives into closed alerts, quality sampling, internal audits of disposition decisions. These help, but they don't solve the underlying problem: analysts are operating in a high-noise environment, and high-noise environments degrade judgment regardless of intent.

SAR Quality Consequences

The false positive tax shows up in SAR narratives. When an analyst has processed 50 alerts this week and 45 were noise, the few that did escalate to SAR often get written quickly. The analyst is fatigued. They've already made the decision to file. Now they document it—quickly, with template language, at the minimum required specificity.

Examiners have noted this repeatedly. Institutions with high alert volumes relative to team size often have weaker SAR narratives. Not because the analysts are worse, but because the workflow doesn't leave time for thoughtful documentation. The narrative gets written because filing is required, not because it's an opportunity to create an investigation record that law enforcement could actually use.

This directly impacts examination outcomes. Examiners are specifically trained to assess whether SAR narratives demonstrate adequate investigation. Weak narratives—even for cases that should have been filed—become examination findings. The institution that filed 200 SARs with sparse documentation often receives more findings than the institution that filed 100 with detailed narratives.

The high false positive environment created the conditions for weak narrative documentation. The institution can't solve this by hiring better writers. They need to address the noise that's consuming analyst time.

How False Positives Shape Alert Fatigue

Alert fatigue is a recognized phenomenon in security operations, but compliance teams don't typically use the term. They should. The symptoms are identical: declining alert quality with stable or increasing volume, higher error rates as load increases, staff turnover concentrated among experienced analysts, and reduced detection of genuinely suspicious cases.

Alert fatigue doesn't occur because the work is hard. It occurs because repetitive triage through low-signal streams is mentally taxing. Your brain's threat detection system is built to identify patterns when signal is clear. When signal is rare, sustained attention to pattern detection becomes cognitively expensive. Analysts maintain focus for a few hours, then efficiency declines.

This affects turnover disproportionately among experienced analysts. The best analysts recognize fatigue early and either request reassignment or leave. Newer analysts are still building pattern recognition, so the cognitive load is higher for them, but they don't yet have the self-awareness to recognize burnout until it's advanced. You lose institutional knowledge while retaining people still learning the role.

The Examiner Perception Problem

Examiners know institutions struggle with false positives. They understand the constraint. But they evaluate your SAR filing practices based on the SARs that exist, not the SARs that should exist.

When an examiner samples historical alerts and finds cases that should have been filed but weren't, that's a finding. The institution responds: we receive 10,000 alerts per month, 9,000 are false positives, the analysts missed something. The examiner's reaction is not sympathetic. Their perspective is: if your alert system is that noisy, you should have a different alert system, better filtering, or different procedures to catch the cases you're missing.

The missed cases problem is often linked to the false positive problem. Analysts overwhelmed by noise miss subtle cases that should have escalated. The institutional response is typically to add rules or hire analysts. Neither addresses the root issue: the alert ratio is unsustainable.

Why the 85-90% Floor Persists

Banks have lived with 85-90% false positive rates for over a decade. At this point, it's built into how the industry operates. Software vendors design alert consumption tools around the assumption of high false positive rates. Policy templates assume alerts will be noisy. Training tells analysts to focus on speed, not depth.

The rate persists because transaction patterns that are suspicious often look like normal business. There's no way to eliminate this ambiguity through rule tuning. The institution could reduce false positives to 60% by tightening thresholds, but then they'd miss cases of actual concern. They could reduce to 95% or higher by loosening, but detection would crater.

So most institutions settle in around 85-90% as a compromise. It allows some detection of risk without requiring analysts to investigate every transaction. It's become normal. Vendors market around it. Compliance leaders budget for it.

What Would Actually Change the Ratio

Reducing false positive rates below 75-80% requires a different approach to investigation. Instead of rule-based alert generation followed by analyst review, you need investigation-first workflows: initial filtering with rules, rapid scoping of alert context, and decision-support that helps analysts distinguish suspicious from normal more accurately.

This requires understanding why an alert fired—not just that it fired. What patterns contributed to the decision? What context mitigates the concern? What external factors explain the transaction? When an analyst can answer these questions quickly, they make faster, more confident decisions. False positives resolve quicker. True positives get investigated deeper.

Some institutions are achieving 65-75% false positive rates through a combination of smarter alert tuning, better context delivery, and investigation frameworks that reduce the ambiguity analysts face. They're not using different rules than everyone else. They're using the same rules but pairing them with systems that help analysts interpret them accurately.

The constraint is that this requires investment in investigation infrastructure, not just rule management. Most compliance budgets go to alert generation (software and licensing) and analyst headcount. Reducing false positives requires shifting some of that investment to how alerts are investigated, which is harder to do while maintaining current team size.

The Institutional Choice

Banks have two paths forward. One is to accept the 85-90% false positive rate as permanent and optimize around it: hire for speed, focus on consistency over depth, build processes that assume noise. This is stable and requires no infrastructure change.

The other path involves viewing the false positive rate as a constraint worth changing. This requires investment in investigation efficiency, better alert context, and tools that help analysts move faster without sacrificing judgment. It's harder and more expensive upfront, but it improves detection quality, SAR narratives, and examination outcomes.

Most institutions are somewhere between these paths—they say they want lower false positive rates while continuing to operate around high-noise assumptions. This is the most expensive position. You're carrying high analyst headcount without the efficiency gains of either approach.

At some point, the false positive tax becomes visible enough to warrant change. When that happens, institutions need investigation architecture that addresses the ambiguity at the heart of transaction monitoring—more analysts or better rules alone won't solve it.