Best practices for tuning transaction monitoring thresholds

by :name Thomas Keller · Anti-Money Laundering (AML) · Mar 9, 2026 · 4 replies Pinned Answered

No Reliance on Forum Content. The information, opinions, and discussions shared on this forum are contributed by community members and LexFlag Team and do not constitute professional advice. LexFlag does not endorse, verify, or guarantee the accuracy, completeness, or reliability of any content posted.

User Identity & AI-Generated Content. There is no guarantee that users are using their real names, represent any organization, or express their own personal views. Replies and contributions may be partially or fully generated by artificial intelligence.

Independent Verification Required. You must independently verify any information obtained from this forum before making any decisions. LexFlag, its affiliates, and contributors accept no liability for any loss or damage arising from reliance on forum content.

We recently migrated to a new TMS and are in the process of setting our alert thresholds. The vendor defaults generate a massive number of false positives (~95%), which is drowning our investigations team.

What approaches have you used to tune thresholds effectively? We're considering:

Back-testing against 12 months of historical SARs
Peer-group segmentation (retail vs. commercial vs. correspondent)
Statistical models to set dynamic thresholds per customer risk tier

Any experience with above-the-line / below-the-line testing methodologies? How long did your tuning project take, and did your regulator have any concerns with the approach?

Thomas Keller

Fraud Investigator · InsureFirst AG

Member since Apr 2026

Accepted Answer

We went through this exact exercise last year. A few lessons learned:

Start with your SAR population — map every SAR filed in the last 2 years back to the alert that generated it. Scenarios that never produce SARs are candidates for threshold relaxation.
Don't touch everything at once. We prioritized the top 5 scenarios by alert volume first, which covered ~70% of total alerts.
Document everything. Our examiners specifically asked for our tuning methodology during our last exam. Having a written framework with statistical backing was key.

Our false positive rate dropped from 93% to ~78% after the first round — still high, but the volume reduction was significant. We're doing a second round now with more granular customer segmentation.

Priya Sharma

Compliance Consultant · RiskAdvisory Group

Member since Apr 2026

4 replies

One thing I'd add: make sure you involve your BSA/AML officer in the sign-off process. We made the mistake of treating threshold tuning as a purely technical exercise, and our auditor flagged the lack of senior management approval.

Also, consider maintaining a tuning log that records every change with before/after impact metrics. It makes exam preparation much easier.

Marcus Williams

Mar 11, 2026 at 10:33 PM

Has anyone used machine learning to supplement rule-based thresholds? We're exploring an ML overlay that scores alerts based on historical disposition data. The idea is to prioritize the investigation queue rather than eliminate alerts entirely. Curious if regulators are comfortable with this approach.

Elena Petrova

Mar 12, 2026 at 3:33 PM

We actually implemented an ML-based prioritization model about 8 months ago. FinCEN and our state regulator were both fine with it as long as we didn't use it to suppress alerts entirely. The key was framing it as a triage tool, not a filtering tool. We still review all alerts — ML just determines the order.

Our SARs-to-alerts conversion rate actually improved by 15% because analysts were looking at higher-risk alerts first.

John Doe

Mar 12, 2026 at 5:33 PM