The $40 Alert

Industry April 7, 2026 Vormur Team

Why manual SAR investigation is bleeding banks dry, and what needs to change.

Forty dollars per alert, sixty minutes per investigation, and ninety percent of it wasted on false positives.

Ask any Chief Compliance Officer at a mid-size bank how much a single BSA/AML alert costs to investigate. Most will tell you somewhere between $30 and $50 per alert when you account for fully-loaded labor costs. Some will go higher. Few, if any, will say it costs less.

That number should be shocking. After decades of compliance operations running on manual process and spreadsheets, it's become normalized. Most banks stopped asking whether this cost should exist at all.

The Direct Cost Breakdown

A mid-size bank analyst investigating an alert doesn't cost you $25 per hour. That $40 per alert figure breaks down like this:

  • Fully-loaded analyst salary: A BSA/AML analyst making $55,000 annually costs approximately $75,000 when you factor in benefits, payroll taxes, and employer contributions. That's roughly $36 per hour.
  • Overhead allocation: Tools (case management systems, transaction monitoring platforms, sanctions screening, networking), office space, training, compliance infrastructure. Most banks allocate 15-25% overhead on top of salary. Add $5-9 per hour of analyst time.
  • Training and certification: AML compliance certifications, annual refresher training, specialized investigative training. This compounds over time and adds meaningful cost per FTE.
  • Infrastructure and licensing: Your case management system isn't cheap. Sanctions screening databases, transaction monitoring platform subscriptions, audit logging infrastructure. This gets allocated across every alert touched.
  • Management and QA overhead: Supervisors reviewing investigations, QA staff checking narratives and documentation, management overhead for teams doing repetitive triage.

An investigation taking 45-60 minutes of analyst time at a fully-loaded cost of $50-55/hour puts you right at that $40-45 per alert number. For larger banks with higher compliance costs, you're pushing $60-100 per alert.

The Hidden Costs: False Positive Fatigue

That $40 figure doesn't capture the real damage.

90% or more of BSA/AML alerts are false positives. Your analysts are investigating 90+ alerts of noise for every signal. They lose productivity. They lose engagement. They lose accuracy. And their judgment degrades.

Analyst fatigue is a compliance risk. By the 100th false positive in a week, analysts aren't carefully constructing narratives. They're copy-pasting boilerplate, ticking boxes, and grinding through the queue. The investigation that should catch a money launderer gets the same treatment as a customer who bought something on their birthday.

This degradation in quality creates its own costs:

  • Examiner findings: Regulators have sharp eyes for boilerplate narratives and thin documentation. A cycle of poor investigations produces examination findings, remediation requirements, and increased regulatory oversight.
  • Staff turnover: You're hiring skilled compliance professionals to do repetitive triage work. Burnout is immediate. Turnover in compliance functions averages 20-30% annually at many institutions. Retraining a new analyst costs $5-15K.
  • Senior analyst misallocation: Your best investigators are the ones with pattern recognition skills, judgment, and experience. Instead of deploying them on complex cases, they're doing triage. That opportunity cost is substantial.
  • False negatives: The other side of fatigue is that meaningful alerts sometimes slip through or get inadequate investigation because the analyst was mentally checking out on low-priority noise.

The Scale Problem: How $40 Becomes Millions

A mid-size bank might receive 50,000 to 100,000 alerts per year. Many receive more. At $40 per alert, that compounds into millions annually spent on investigation labor alone.

This is not a special case. This is routine.

Tens of thousands of alerts a year × ~$40 each = millions in annual direct cost. Before examining that finding, before remediation, before the lost productivity of rebuilding your investigation framework.

For a $10 billion institution, that might represent 0.02% of assets but 5-10% of the compliance budget. For smaller banks, it can exceed all other compliance costs combined. And there's no real debate about whether this money is buying you safety — it's largely buying you process.

Quality Degradation Under Scale

The volume problem directly causes quality problems.

When you're processing hundreds of alerts per analyst per month, you can't afford to investigate each one meaningfully. You develop heuristics. You rely on automation that filters for obvious false positives. You create triage processes that attempt to rank by risk. And all of this adds friction, delays, and opportunities for error.

Meanwhile, the alert that actually matters — the one with subtle behavioral signals pointing to real risk — gets the same 45 minutes of attention as the alert triggered because someone paid for an airline ticket with their wife's credit card.

The architecture is broken. More headcount won't fix a scale problem — only structural change will.

Regulatory Pressure Is Increasing, Not Decreasing

The compliance environment is tightening. FinCEN expectations around AML investigation quality and documentation rigor increase with each exam cycle. Banks are being cited for inadequate SARs, thin investigation narratives, and insufficient documentation of risk assessment.

This means you can't even achieve your $40/alert baseline while maintaining regulatory comfort. In practice, banks dealing with exam findings often double-staff their investigation teams, implement additional QA layers, or hire external consultants. This puts real investigation costs closer to $80-150 per alert for banks trying to maintain regulatory standing.

And the alerts themselves are increasing. Transaction monitoring tuning has improved over the years, but detection rules continue to proliferate. More rules, more sensitivity, more volume. Some banks report 20-30% year-over-year increases in alert volume even as transaction counts remain flat.

Why This Model is Broken

The current approach assumes data access and computing power are the scarce resources. Analysts look at alerts and decide which matter. That made sense thirty years ago. In 2026, the constraint is analyst attention, not data.

You have processing power to investigate 90% fewer alerts while catching more real risk. You have automation to identify false positive patterns your investigators will never see. You can apply multi-agent reasoning to cases that require judgment—assessing intent, cross-entity patterns, temporal relationships.

The architecture of compliance operations doesn't reflect this. Banks still pay humans for triage work. They still allocate their best analysts to repetitive tasks. They still build quality around a manual baseline.

The cost per alert is a symptom. The actual problem is that the model is inverted. Filtering should happen aggressively before an analyst touches a case. Analyst judgment should be augmented on complex cases, not replaced by process requirements.

What Needs to Change

Hiring more analysts won't fix this. Better case management software won't either. A new alert filtering rule is margin optimization on a broken model.

What works is architectural change:

  • Pre-investigation filtering: Before a case reaches an analyst, apply multi-agent reasoning to identify obvious false positives, low-risk patterns, and straightforward dispositions. This can reduce investigation volume by 80% without loss of signal.
  • Augmented investigation: For cases that do require human judgment, deploy AI assistance that performs cross-entity analysis, timeline reconstruction, pattern matching, and documentation. The analyst focuses on judgment and risk assessment, not data assembly.
  • Narrative automation: Investigation narratives should be reconstructed from data and facts, not typed by humans. This standardizes documentation quality, eliminates copy-paste, and ensures every narrative is grounded in evidence.
  • Real-time SAR readiness: When a case requires filing, it should be substantially ready for submission. No final narrative writing, no documentation assembly. Analysts review and approve, not create.

These changes meaningfully reshape the cost structure, move investigation times from 30-90 minutes to under 3 minutes, and shift quality from fatigue-driven to evidence-driven.

But more importantly, they reorient the compliance function from process automation to risk intelligence. That's the real value.

The Math That Matters

For a mid-size bank processing 75,000 alerts per year:

  • Current state: Tens of thousands of alerts a year × ~$40 each = millions in direct investigation labor. Plus examining findings. Plus remediation costs. Plus turnover costs. Plus opportunity cost of senior staff on triage.
  • Alternative architecture: Intelligent pre-filtering reduces investigation volume to roughly 15,000 cases. Augmented investigation handles those at a fraction of the per-case cost. Senior analyst time redirects to complex case assessment and SAR quality review rather than triage. The result is a meaningfully smaller direct cost — with better outcomes.

A material cost reduction with better quality outcomes. Achievable now, because data access and processing power stopped being constraints years ago.

The Question for Your Institution

If you're spending millions annually on alert investigation and getting fatigue-driven quality and increasing examination findings in return, something is broken. The staffing isn't the problem. The architecture is.

Your investigation team can't fix this. Neither can better tools. The only path forward is architectural change — moving from manual-first to intelligent-first, from headcount-dependent to leverage-dependent.

At some point the cost of staying manual exceeds the cost of rebuilding. Most mid-size banks passed that point a while ago.

← All Posts