An AML alerting system that only knows how to add rules will always lose ground. Every month brings a transaction pattern the rule set was never tuned for — a new laundering typology, an unfamiliar payment rail, a counterparty structure nobody modelled. The instinctive fix is to write another rule. Do that enough times and the false-positive queue swells until analysts triage on gut feel, and the system that was meant to eliminate noise becomes its largest source. The interesting part is that this is the same failure we see in production computer-vision pipelines when they meet objects the model has never been trained on. The question that decides whether an anti-money-laundering (AML) system improves or degrades is not “how many rules do we have.” It is: what happens to the alert you cannot cleanly classify? What does an anti-money-laundering alert actually do? An AML alert is a flag raised when a transaction, account, or entity trips a detection threshold — a structuring pattern, a sanctioned-jurisdiction hop, a velocity spike, a counterparty on a watchlist. In practice the alert is not a verdict. It is a request for human judgment. An analyst opens the case, gathers context, and dispositions it: escalate to a Suspicious Activity Report, close as a false positive, or park it pending more information. That disposition is the most valuable signal the whole system produces, and in rule-heavy pipelines it is almost always thrown away. The rule that fired does not learn from being wrong. It fires again next week on the same benign pattern, and the analyst pays the review cost again. This is the mechanism behind alert drift: a detection layer that generates work without ever getting better at the work it generates. Why static rule sets accumulate false positives over time A static rule encodes a hypothesis about what laundering looks like. It is correct on the day it ships and slowly less correct after that, because the world the rule describes keeps moving while the rule stands still. New payment rails appear. Legitimate customer behaviour shifts. Launderers adapt specifically to evade known rules, which means the patterns worth catching are, by definition, the ones your current rules were not written for. The natural response — write more rules — makes the precision problem worse, not better. Each new rule adds recall against one narrow typology and adds false positives across everything else it incidentally catches. In rule-heavy systems, false positives commonly account for 40–60% of total alert volume (observed pattern across compliance-tooling engagements; not a benchmarked figure). That is not a tuning defect. It is the structural cost of a detection layer that cannot distinguish “genuinely suspicious” from “unfamiliar but benign.” This is exactly the drift we describe in retail computer vision when a detector meets an object class outside its training distribution. The model does not know it is wrong — it just returns a confident-looking score for something it has never seen. If you have worked through why a confidence score in computer vision can be high and meaningless at the same time, the AML parallel is immediate: a rule firing with certainty on a pattern outside its design envelope is producing noise dressed as signal. How an unknown-pattern surfacing loop works The expert response is not more rules. It is a designed loop that treats “I cannot classify this cleanly” as a first-class output rather than an embarrassment to suppress. The retail unknown-object loop does three things, and an AML pipeline should do the same three: Surface the unfamiliar explicitly. When a transaction pattern sits far from anything the model has seen — or when the model’s own uncertainty is high — flag it as an unknown, not as a definitive alert. This is the difference between “this is suspicious” and “this is unlike what I’ve been trained on.” Route it to analyst review. An unknown-pattern alert goes to a human whose job is not just to disposition the case but to characterise the pattern. Is this a new typology? A benign new customer behaviour? A gap in the rule set? Feed the confirmed disposition back into the model. The analyst’s characterisation becomes a labelled training signal. Confirmed laundering typologies expand what the model catches; confirmed false positives teach it what to stop flagging. The distinction that matters here is between aleatoric uncertainty — irreducible noise in the data — and epistemic uncertainty, which reflects the model not having seen enough of a pattern to judge it. A surfacing loop is specifically a mechanism for converting epistemic uncertainty into training data. We go into that distinction in aleatoric vs epistemic uncertainty for production ML, and the practical point is the same in both domains: you route the epistemically-uncertain cases to humans and use their answers to shrink the region the model is uncertain about. Quick answer: rule-stacking vs surfacing loop Dimension Static rule-stacking Unknown-pattern surfacing loop Response to a novel pattern Add another rule Surface as “unknown,” route to analyst What happens to analyst disposition Discarded after case closes Captured as a labelled training signal Precision over time Degrades as rules accumulate Improves as feedback compounds Cost trajectory Rising analyst headcount, growing backlog Falling false-positive rate, shorter time-to-disposition Failure signature Silent drift; noise looks like coverage Uncertainty is visible and actioned The right-hand column is not a product. It is a discipline about what you do with the alert you cannot explain. Which analyst dispositions should the system capture? Not every click an analyst makes is a useful signal, and capturing the wrong ones just adds noise to the feedback path. The dispositions worth structuring are the ones that resolve an ambiguity the model could not: Confirmed false positives with a reason code — not just “closed” but why it was benign (known customer behaviour, legitimate business rationale, data error). A bare close teaches the model nothing. Escalations to SAR with the typology characterised — which laundering pattern this represents, so the model learns the positive class more sharply. “Unknown, needs monitoring” outcomes — cases the analyst could not resolve, which are the highest-value candidates for pattern review and rule design. Overturned dispositions — when a later review reverses an earlier call, that correction is a strong signal that the original feature set was misleading. Capturing these cleanly requires the same instrumentation discipline that mature ML teams already apply to their training pipelines. If you treat analyst dispositions as experiment outputs — versioned, attributed, queryable — you can actually trace which model changes improved precision and which regressed it. That is the argument we make for ML experiment tracking, and it transfers directly: a feedback loop you cannot audit is a feedback loop you cannot trust to retrain against. What retraining cadence keeps the model from drifting? There is no universal number, and anyone who quotes one is selling something. The cadence that works is the one tied to the rate at which new typologies appear in your transaction mix, not a fixed calendar. A few conditions to reason from: Novel-pattern arrival rate — a retail-adjacent payments book that onboards new rails frequently drifts faster than a stable corporate-banking book. The loop should retrain when the volume of unknown-pattern dispositions crosses a threshold, not on the first of the month. Disposition backlog age — if confirmed dispositions are sitting unincorporated for months, the model is training on a stale picture of what analysts already know. Precision trend, not precision snapshot — watch whether false-positive rate is falling, flat, or rising across releases. A rising trend is the early warning that the loop has stalled or that a new typology is outrunning it. The honest uncertainty here is that a feedback loop can also learn the wrong thing. If analysts are triaging on gut feel because the queue is overwhelming, their dispositions are noisy, and feeding noise back into the model accelerates drift rather than arresting it. The loop only works when the human end of it has enough breathing room to characterise patterns rather than just clear them. Explainability matters for the same reason: an analyst who cannot see why a case was flagged cannot reliably characterise it, which is part of why we treat ML model explainability as a precondition for trustworthy feedback, not a nice-to-have. How do you judge whether a pipeline is improving or degrading? Run the pipeline through a simple diagnostic. The direction of these answers tells you whether you have a loop or a treadmill. When a genuinely novel pattern arrives, does the system flag it as unknown, or does it silently misclassify it? Silent misclassification is drift accumulating out of sight. Are analyst dispositions captured in a structured, reason-coded form, or lost when the case closes? Lost dispositions mean the review cost is sunk with no return. Does confirmed feedback actually reach a retraining or tuning step, or does it sit in a case-management system nobody mines? A captured-but-unused disposition is no better than a discarded one. Is the false-positive rate trending down across releases, or is analyst headcount the only lever that scales? Rising headcount as the sole response is the signature of a system that cannot learn. Can you trace a precision change back to a specific model or rule update? If not, you are tuning blind. Three or more answers pointing the wrong way means the pipeline is drifting toward manual triage regardless of how sophisticated the individual rules look. This assessment logic is the same one we apply when reviewing whether a retail computer-vision vendor’s pipeline surfaces unknowns and routes them back into training, or accumulates drift silently — the domain changes, the diagnostic does not. It sits alongside the broader retail-AI work we scope on our retail solutions page. FAQ How does anti money laundering alerts actually work? An AML alert is a flag raised when a transaction or entity trips a detection threshold — structuring, velocity spikes, sanctioned-jurisdiction hops, watchlist counterparties. In practice the alert is a request for analyst judgment, not a verdict: a human opens the case and dispositions it as an escalation, a false positive, or pending review. That disposition is the system’s most valuable signal, and rule-heavy pipelines usually discard it. Why do static AML rule sets accumulate false positives over time, and how does that mirror unknown-object drift? A static rule encodes a fixed hypothesis about laundering that grows less accurate as payment rails, customer behaviour, and evasion tactics move. Adding rules increases recall on narrow typologies while adding false positives everywhere they incidentally fire — commonly 40–60% of alert volume in rule-heavy systems (observed pattern, not a benchmark). This mirrors a computer-vision detector meeting an out-of-distribution object: it returns a confident-looking score for something it was never trained on. How does an unknown-pattern surfacing loop route uncertain alerts to analyst review and back into the model? The loop does three things: it flags patterns far from the training distribution as unknown rather than as definitive alerts, routes them to an analyst who characterises the pattern rather than just clearing it, and feeds the confirmed characterisation back as labelled training data. Confirmed typologies sharpen what the model catches; confirmed false positives teach it what to stop flagging. It is a mechanism for converting epistemic uncertainty into training signal. Which analyst dispositions and case outcomes should an AML system capture as feedback signals? Capture reason-coded false positives (why the case was benign), SAR escalations with the typology characterised, “unknown, needs monitoring” outcomes, and overturned dispositions where a later review reverses an earlier call. A bare “closed” teaches nothing; the reason code is the training signal. Treating dispositions as versioned, attributable experiment outputs lets you trace which model changes improved precision. What retraining and tuning cadence keeps an AML alerting model from drifting as new typologies emerge? Tie cadence to your novel-pattern arrival rate rather than a fixed calendar — retrain when the volume of unknown-pattern dispositions crosses a threshold. Watch disposition backlog age and the precision trend across releases, not a single snapshot. Note that a loop can learn the wrong thing: if analysts triage on gut feel because the queue is overwhelmed, their noisy dispositions accelerate drift instead of arresting it. How do I judge whether an existing AML pipeline improves operationally or degrades toward manual triage? Ask whether novel patterns are flagged as unknown or silently misclassified, whether dispositions are captured in structured reason-coded form, whether that feedback actually reaches a retraining step, whether false-positive rate trends down across releases, and whether you can trace a precision change to a specific update. Three or more answers pointing the wrong way means the pipeline is drifting toward manual triage regardless of how sophisticated its individual rules look. The question that decides the outcome Every AML system will meet patterns it was never tuned for — that is not a defect you can engineer away. What you can decide is whether the unfamiliar alert becomes a labelled lesson or another entry in a queue nobody can keep up with. Systems with a surfacing-and-feedback loop convert analyst dispositions from a sunk review cost into a compounding model-improvement asset; systems without one drift toward escalating headcount and rising backlog per open case. The failure class here is silent unknown-pattern accumulation, and the question worth asking of any pipeline you own is simply whether it can see its own uncertainty — because a detection layer that cannot tell you what it does not know will always, eventually, tell you noise.