⏱️ Estimated reading time: 5 minutes

You’re caught in a no-win scenario.

Calibrate too tightly, and you miss a critical alert, regulators ask why.

Calibrate too loosely, and you drown in false positives, your team’s buried, morale drops, and the real risk gets missed anyway.

Somewhere in between is a setting that might work, but the system won’t tell you what that is. And neither will the vendor.

Welcome to the grey zone of customer screening, a space shaped by uncertainty, competing pressures, and no easy answers. Every financial crime team operates here at some point, whether they realise it or not. And it’s often where your AML/CTF program either holds its ground, or begins to quietly unravel.

The Trade-Off No One Likes to Admit

Let’s say it out loud: there is no perfect screening threshold

Every calibration decision is a trade-off. You want precision, but the reality is, tuning screening systems is less like adjusting a microscope and more like playing Jenga with your risk exposure.

• Widen the net: more alerts, more coverage, more noise. Your alert volume looks great on paper, but your analysts burn out, and quality slips.
• Narrow the net: fewer alerts, cleaner workflows, until something critical gets missed, and you’re left explaining it to audit or a regulator.

Making trade-offs isn’t negligence or failure, it’s how risk-based compliance actually works.  It’s not about perfection. It’s about informed decisions: made with the information available, and grounded in your ML/TF risks, your risk appetite, your controls, and your capacity.

There’s no magic threshold, just trade-offs you have to own.

When Your Tool Becomes the Problem

Add to that the software challenge, because many AML/CTF teams are using tools they can’t fully explain, let alone control.

They’re proprietary, complex, and often opaque by design, sold on buzzwords like “fuzzy logic,” “weighted matching,” or “adaptive AI.”

But when something flags (or doesn’t), and you ask why, the answer is often vague. Sometimes, even the vendor doesn’t know.

You’re left in the worst position possible:

Maximum accountability. Minimal visibility. Zero real control.

It’s a black box, and you’re expected to defend it to regulators, auditors, and internal stakeholders alike.

But the impact doesn’t end with audit risk, it erodes your culture, one alert at a time.

Alert Fatigue Isn’t Just Operational, It’s Cultural

There’s a quiet cultural cost to alert overload that doesn’t get talked about enough.

Because when your screening platform treats everything like a potential match:

• Good analysts leave — they want to be challenged, to make a difference, not spend their days closing false positives
• Stretch your resources too thin — and analysts spend more time closing alerts than evaluating them, increasing the chance real risk gets overlooked
• Escalations become checkbox exercises — urgency is lost, and analysts feel devalued
• Risk gets diluted — not flagged — and before you know it, you have cultural problems that aren’t easy to solve

You don’t build a culture of compliance by overwhelming people with noise.

You build it by giving them systems they trust, signals they can act on, and the space to use real judgement.

The good news? You’re not stuck in firefighting mode forever. With the right steps, you can build something sharper, stronger, and sustainable.

So What Do You Actually Do About It?

There’s no one-size-fits-all answer.

But here’s what we’ve seen work, in real environments, with real constraints:

1. Own Your Calibration Decisions

Don’t just document what your settings are, document why they’re set that way.

Link each decision to your risk assessment, and to the control environment that supports it.

Show your logic, even if it’s not perfect

Because when something goes wrong, a flawed but documented rationale shows you thought about the risk, tried to manage it, and made a judgement call.

That’s very different from not thinking about it at all.

It also gives assurance teams something solid to work with, so they can figure out what actually went awry, instead of guessing what you were trying to do.

2. Push Vendors for Transparency

• If your system can’t explain why it matched someone, or how thresholds interact, that’s a problem.
• If the vendor can’t explain why it didn’t match someone, that’s a bigger problem.

Ask the hard questions. Don’t just accept the default configuration.

Ask for clarity, or at the very least, an explanation you can stand behind during an audit.

✅ Check and Challenge: Ask your vendor what customisations were applied when the system was implemented, and what features are available but not currently used. You might be surprised at what’s buried under the hood.

🔁 Revisit prior upgrade decisions. Vendors release updates. What wasn’t prioritised, or couldn’t be justified, a year ago might now be a smart investment.  Sometimes it’s not about what your system can’t do, it’s about what you haven’t turned on yet.

3. Create Internal Feedback Loops

If you’re closing 80% of alerts as false positives, ask yourself:

Is that data going anywhere — or are you just learning to live with it?

Every false positive is a calibration signal. If no one’s tracking those patterns or escalating them into tuning discussions, you’re not improving, you’re just enduring.

Close the loop. Feed insight from analysts back into your calibration process. Make the system smarter over time, not just busier.

4. Give Analysts a Voice

The people working the alerts know what’s broken.

They see the patterns, the noise, the workarounds, long before leadership does.

Involve them in calibration discussions

Not just as data points, but as decision-makers.

Let them challenge the status quo. Let them shape the system they’re expected to trust.

Because if your analysts don’t believe in the process, they’ll stop believing in the purpose.

The Platinum AML Perspective

At Platinum AML, we don’t believe in one-size-fits-all compliance.

We live in the grey zone too, helping teams deal with overloaded alert queues, misaligned calibration decisions, or vendor systems they can’t fully control.

Sometimes that means helping you defend the decisions you’ve made. Other times, it means helping you revisit them.

But always, it’s about building systems that help your people identify risk, not systems your people have to work around.

Because screening tools don’t catch risk. People do. The system just needs to do its job, and get out of their way.

Final Thought: You Can Operate in the Grey — Just Don’t Sleepwalk Through It

Risk-based compliance isn’t about perfection, it’s about decisions.

Sometimes tough ones. Sometimes wrong ones.

But what matters most is knowing why the call was made.

That’s what allows you, or your assurance team, to reflect, to explain it, and to navigate a way forward.

If your system isn’t helping you do that, if you’re stuck in the black box, you’re not alone.

But you don’t have to stay there.

Need help unpacking the trade-offs in your screening setup?
Let’s talk: platinumaml.com/contact-us/