Expanded capability
Transaction Monitoring & Model Optimisation
Tuning and optimisation of transaction-monitoring rules, thresholds and models — cutting false positives while closing genuine detection gaps, with documented rationale.
The problem
Transaction-monitoring systems are typically configured once, on vendor defaults, and rarely tuned. The result is the worst of both worlds: tens of thousands of false-positive alerts burying the analysts, and genuine typologies the rules were never set to detect. The institution is simultaneously over-alerted and under-protected.
Transaction monitoring is where AML frameworks most visibly succeed or fail, and where the most effort is wasted. A poorly tuned system generates noise on an industrial scale — analysts working through tens of thousands of alerts that lead nowhere — while the typologies that actually matter slip through rules that were never configured to catch them. The institution is paying for over-alerting and under-detection at the same time.
Optimisation fixes both, but only if it is done with evidence rather than instinct.
Tuned to noise, not to risk
The goal of optimisation is not simply fewer alerts. It is fewer false alerts and better coverage of genuine risk. Those are different objectives, and conflating them is how institutions cut alert volumes by raising thresholds and quietly discard real activity in the process. CCL separates the two: we cut the noise and close the gaps, and we evidence each.
Above and below the line
The discipline that makes tuning defensible is below-the-line testing. When a threshold is raised, the supervisory question is what now sits just beneath it — and whether genuine risk has been excluded. We test above and below the line, sampling the activity that the new configuration would no longer alert on, to confirm thresholds are tuned to noise rather than to real transactions. The before-and-after baseline and the testing evidence are what turn an efficiency exercise into a regulator-ready position. The reasoning is set out in transaction monitoring rule and model recalibration.
Inside a governance framework
An optimised configuration is only as durable as the governance around it. Every tuning decision is documented with its rationale and evidence, the typology coverage is mapped, and the institution is left with an ongoing tuning and model-monitoring framework — so the system is maintained on a cycle rather than left to degrade until the next review. Where the monitoring uses AI or statistical models, this connects directly to AI-enabled compliance and model-risk governance.
The CCL approach
- 01
Measure before you tune
We baseline alert volumes, false-positive rates, productivity and detection coverage so optimisation is evidence-led, with a defensible before-and-after position.
- 02
Above- and below-the-line testing
Threshold tuning validated with above-the-line and below-the-line testing — confirming that raising a threshold cuts noise without discarding genuine risk just below the cut.
- 03
Refresh scenarios against typologies
Rules and scenarios are mapped to current typologies and the institution's actual risk profile, closing coverage gaps and retiring rules that no longer earn their place.
- 04
Document for model governance
Every tuning decision is documented with its rationale and testing evidence, so the optimised configuration sits inside a defensible model-governance framework.
Frequently asked questions
How do you reduce false positives without missing real risk?
With below-the-line testing. When a threshold is raised to cut alert volume, the genuine question is what sits just below the new line — would real risk be discarded? We sample below-the-line to confirm thresholds are tuned to noise, not to genuine activity, and document the evidence. Cutting false positives is easy; cutting them defensibly is the skill.
Is this model validation?
It includes the validation a tuning exercise requires — testing that the configuration performs as intended — and produces the documentation model governance expects. For institutions deploying AI or statistical monitoring models, this connects to our AI-enabled compliance work on model-risk governance and explainability.
Our vendor tuned the system at install. Why revisit it?
Install-time tuning reflects a customer base, product set and typology landscape that have since changed. Monitoring degrades quietly: alert volumes creep up, analysts develop workarounds, and coverage gaps open as new typologies emerge. Periodic, evidenced optimisation is a regulatory expectation, not an optional efficiency exercise.
Related case studies
See it in practice
FCA Thematic Review — Audit Defence & Control Narrative
FCA-Regulated Payments Institution
Notice of an FCA thematic review on transaction monitoring and SAR quality, with no defensible documented framework. A 12-week readiness sprint closed the review with zero adverse findings.
Read the caseLarge-Scale KYC Remediation — A Major Post-Merger Backlog
Tier 1 Retail Bank
A large post-merger backlog of unresolved records, no internal capacity. Programme design in 30 days, risk-tiered delivery, weekly MI — 94% completion in 8 months, 0 enforcement actions.
Read the caseRelated insights
Read the thinking
Transaction Monitoring Rule and Model Recalibration: Tuning to Risk, Not to Noise
Most transaction-monitoring systems run on install-time vendor defaults — over-alerting and under-detecting at once. The discipline that makes tuning defensible is below-the-line testing.
AI-Literate, Not AI-Hyped: Model Governance for AI in Financial Crime
The gap in AI-enabled compliance is not the technology — it is governance. An automated control that cannot be explained, validated or overseen is not an asset. It is an unexamined liability that happens to be fast.
Speak to the practice
Before it becomes a regulatory finding, make it a closed action.
A short, confidential advisory call to pressure-test where your KYC, AML, sanctions or risk-classification framework is exposed — and what a defensible fix looks like.