False Positive Rates in Transaction Monitoring: 2024 Statistics, Trends, and Analysis

Methodology

The 90–95% false positive benchmark originates from PwC analysis first cited in the compliance industry around 2017–2018 and has been consistently reproduced in subsequent industry surveys. It measures the share of transaction monitoring alerts that compliance analysts close as non-suspicious after manual review, with no Suspicious Activity Report filed and no escalation.

Supporting cost data comes from LexisNexis Risk Solutions' 2024 True Cost of Financial Crime Compliance series, which surveyed over 1,000 senior compliance decision-makers across the US, Canada, EMEA, and Asia-Pacific regions. The series disaggregates spending by region and institution type, making it the most comprehensive public dataset on compliance operating costs.

Per-alert investigation cost estimates ($25–$50 at mid-size institutions) draw on practitioner cost analyses published in 2024. Alert-to-SAR conversion data reflects FCA supervisory guidance and flagright.com's 2024 analysis of industry SAR filing patterns.

One caveat: "false positive rate" is not uniformly defined. Some studies count every machine-generated alert; others count only alerts that reach an analyst queue. The figures here use the analyst-dismissal definition: an alert cleared after human review with no regulatory action taken. This produces conservative estimates compared to pre-queue filter studies.

Full data table

Sources: PwC via Data Derivatives/Facctum; LexisNexis Risk Solutions True Cost of Financial Crime Compliance 2023–2024; flagright.com; Sanction Scanner; industry practitioner cost analysis.

Key findings

90–95% of alerts in traditional systems are false positives. PwC's benchmark, cited consistently across the industry since 2018, means a compliance analyst reviewing a queue of 50,000 alerts per year can expect to clear 45,000 to 47,500 of them without filing a SAR or taking any regulatory action. It's not inefficiency at the margins. It's the structural condition of rule-based monitoring.

Sanctions screening is worse. Industry analysis places false positive rates for sanctions models at up to 99.5%, per flagright.com's 2024 review. Name-matching against OFAC and HM Treasury consolidated lists produces enormous volumes of coincidental matches, particularly for common names across South Asia, the Middle East, and sub-Saharan Africa. Under a rules-only approach, the alert volume scales with the list size and the transaction volume, with no mechanism to improve signal quality.

Less than 5% of alerts become SARs. This matters because regulators treat the alert-to-SAR conversion rate as a proxy for program quality. The FCA's supervisory reviews specifically examine whether alert rules are calibrated to institutional risk profiles or simply set to broad thresholds to avoid gaps. A 2% conversion rate isn't conservative: it's evidence that the rules need tuning.

AI-assisted systems report 70–80% false positive reductions. These are vendor figures from Sanction Scanner's 2024 analysis and should be evaluated with that context. The HSBC case is the most publicly documented example at scale: the bank adopted AI-assisted alert triage and received Celent's Model Risk Manager of the Year award in 2023, the closest thing to an independent validation available in the public domain.

Year-over-year trends

The false positive rate itself has not moved. PwC's 90–95% benchmark dates to at least 2018, and every major industry review since has returned figures in the same range. Static rule-based systems don't self-correct: if typology mixes shift or customer behavior patterns change, the rules keep firing at the same thresholds, generating the same noise.

What has changed dramatically is cost. LexisNexis Risk Solutions' 2023 global study put total compliance spending across surveyed institutions at over $206 billion. The 2024 regional studies found US and Canadian institutions at $61 billion, EMEA at $85 billion, and Asia-Pacific at $45 billion. Facctum's 2026 industry analysis cites a 33% jump in UK compliance spending since 2021, tracking against a steady rise in alert volumes as transaction throughput grows.

Headcount is the primary cost driver. As alert queues grow with transaction volumes, and as supervisory expectations around SAR quality rise at both FinCEN (which launched a formal cost survey in September 2025) and the FCA, analyst requirements have increased. At $25–$50 per alert, growing alert volumes compound directly into compliance budgets.

AI adoption is the trend most likely to shift the false positive rate over the next three to five years. EY's 2024 Nordic Banking Fraud Survey found 43% of bank respondents expect AI to significantly improve fraud and AML detection. EY's 2025 follow-up found 30% of Nordic banks had already deployed AI in transaction monitoring workflows to some degree. The technology is moving from pilot to production. Whether it produces the 70–80% FP reductions that vendors report in controlled environments depends heavily on training data quality and institution-specific calibration.

What this means for compliance teams

A 90–95% false positive rate is a resourcing problem with a hard floor. Adding analysts helps up to a point, but at $25–$50 per alert, growing alert volumes will always outrun headcount budgets. The practical priority is calibration before capacity.

The right starting point is a 90-day retrospective on alert dispositions. Calculate your actual alert-to-SAR conversion rate and compare it against the 5–15% target. If you're below 3%, the Transaction Monitoring rules need tuning before any other investment. No AI layer, no additional headcount, will fix a rule set that's generating 98% noise.

Regulators are watching this ratio. FATF Recommendation 20 requires that genuine suspicion be reported promptly. A system generating 97% false positives may satisfy a checkbox audit while systematically burying real alerts in noise. The Danske Bank enforcement action showed exactly that pattern: alerts were being generated at scale but not meaningfully reviewed, because analyst capacity was overwhelmed by volume. Volume alone is not a defense.

Customer Due Diligence data quality is the most overlooked driver of false positives. Stale occupation data, missing beneficial ownership fields, and absent transaction purpose codes all force monitoring rules to fire on incomplete context. Teams that remediate CDD data before deploying new models consistently report better precision on first deployment than those who go straight to tuning.

On AI: the case for Regulatory Compliance Automation is real, but regulators want explainability, not just reduction. A black-box model that cuts alert volumes by 75% will face a difficult examination if the firm can't show an FCA or FinCEN reviewer how each decision was reached. Explainable AI with institution-specific training data is the configuration that holds up under scrutiny.

Sources

• LexisNexis Risk Solutions, "Study Reveals Annual Cost of Financial Crime Compliance Totals $61 Billion in the United States and Canada," 2024
• LexisNexis Risk Solutions, "Study Reveals Annual Cost of Financial Crime Compliance Totals $85 Billion in EMEA," 2024
• LexisNexis Risk Solutions, "Global Financial Crime Compliance Costs for Financial Institutions Totals More Than U.S. $206 Billion," 2023
• FinCEN, "Survey of the Costs of AML/CFT Compliance," 2025
• Facctum, "AML False Positive Rates 2026 Report: Statistics, Costs and Industry Insights," 2026
• Data Derivatives (Keith Furst), "End the False Positive Alerts Plague in Anti-Money Laundering Systems," citing PwC analysis, 2017
• flagright.com, "Understanding False Positives in Transaction Monitoring," 2024
• Sanction Scanner, "AI-Powered Transaction Monitoring: How to Reduce False Positives by 70–80%," 2024