Core advisory
AML Control Framework Transformation
End-to-end review and rebuild: transaction-monitoring calibration, typology refresh, SAR quality, MLRO pathways and three-lines-of-defence redesign.
The problem
AML frameworks are usually built in layers over years — a rule added here, a policy patched there — until no one can say whether the whole actually works. Transaction monitoring fires on outdated typologies, SAR quality is inconsistent, and the three lines of defence blur into one. The parts may each function; the system does not.
An AML control framework is a system, and systems fail differently from components. An institution can have a competent monitoring team, a diligent MLRO and a well-meaning first line and still have a framework that does not work — because the parts were never designed to operate together. Transformation is the discipline of fixing the system, not polishing the parts.
The layered-framework trap
Most frameworks are archaeological. A rule was added after one incident, a policy patched after a review, a control bolted on to satisfy an auditor — each sensible in isolation, none designed as part of a whole. Over time the typologies the monitoring tests for fall out of date, SAR quality varies by analyst, and the three lines of defence blur until challenge is theatre rather than control. The framework passes a casual look and fails under pressure.
Detection that matches the actual risk
Transaction monitoring is where the layered-framework trap shows first. Rules fire on outdated typologies and generic thresholds, generating noise that buries genuine risk. We recalibrate to the institution’s real risk profile and current typologies — reducing false positives while closing the gaps that matter. Where the monitoring engine itself needs deeper model work, this pairs directly with transaction monitoring and model optimisation.
SAR quality and the MLRO pathway
A framework is judged in the end by the quality and timeliness of its disclosures. We assess SAR quality against regulatory expectation and rebuild the standard from triage to narrative, and we make sure the MLRO escalation pathway functions when it is tested — not just when it is documented.
A framework you can govern
The output is a coherent, documented, end-to-end AML framework with clear ownership across three genuinely distinct lines of defence — aligned to JMLSG and FATF guidance, and built to be governed at Board level rather than rediscovered in the next review.
The CCL approach
- 01
Assess the framework as a system
We review the AML control framework end to end — monitoring, typologies, SAR process, MLRO pathways, governance — to find where the system, not just a component, is failing.
- 02
Recalibrate detection
Transaction-monitoring rules and thresholds are tuned against current typologies and the institution's actual risk profile, reducing noise while closing genuine detection gaps.
- 03
Lift SAR quality
We assess SAR quality against regulatory expectation and rebuild the standard — from alert triage to narrative — so disclosures are timely, complete and defensible.
- 04
Redesign the three lines
Clear ownership and challenge across first line, second-line compliance and internal audit, with MLRO escalation pathways that function under pressure.
Quantified outcomes
Frequently asked questions
Is this different from transaction monitoring optimisation?
Yes, though they overlap. Transaction-monitoring optimisation focuses specifically on the monitoring engine — rules, thresholds, tuning and model performance. AML framework transformation is the whole system: monitoring sits inside it alongside typologies, SAR quality, MLRO pathways and the three-lines model. If only the monitoring needs work, see transaction monitoring and model optimisation; if the framework as a whole is the issue, this is the engagement.
How do you reduce alert volume without missing real risk?
By tuning to the institution's actual risk profile and current typologies rather than to generic vendor defaults. Most over-alerting comes from rules that no longer match the customer base; most missed risk comes from typologies that were never refreshed. We address both, with the rationale documented for the regulator.
What does 'three lines of defence redesign' actually involve?
Clarifying who owns risk (first line), who challenges and sets standards (second-line compliance, including the MLRO), and who provides independent assurance (internal audit) — and making the escalation pathways between them work in practice, not just on an org chart.
Related case studies
See it in practice
FCA Thematic Review — Audit Defence & Control Narrative
FCA-Regulated Payments Institution
Notice of an FCA thematic review on transaction monitoring and SAR quality, with no defensible documented framework. A 12-week readiness sprint closed the review with zero adverse findings.
Read the caseLarge-Scale KYC Remediation — A Major Post-Merger Backlog
Tier 1 Retail Bank
A large post-merger backlog of unresolved records, no internal capacity. Programme design in 30 days, risk-tiered delivery, weekly MI — 94% completion in 8 months, 0 enforcement actions.
Read the caseRelated insights
Read the thinking
Transaction Monitoring Rule and Model Recalibration: Tuning to Risk, Not to Noise
Most transaction-monitoring systems run on install-time vendor defaults — over-alerting and under-detecting at once. The discipline that makes tuning defensible is below-the-line testing.
Why KYC Is Broken in Most Banks (And Everyone Pretends Otherwise)
KYC failure is rarely a people problem. It is a design problem — flat effort, drifting standards, and MI that cannot answer the regulator's question. Here is what actually breaks, and how it gets fixed.
Speak to the practice
Before it becomes a regulatory finding, make it a closed action.
A short, confidential advisory call to pressure-test where your KYC, AML, sanctions or risk-classification framework is exposed — and what a defensible fix looks like.