An alert fires at 9:14 a.m. By 9:50, an analyst has logged into the core, pulled the member's transaction history, checked device and IP records, chased down a prior dispute, and started writing up what they found. One alert, thirty-six minutes. Most days bring dozens. Some bring hundreds. Monday brings the whole weekend at once: two days of alerts that stacked up while no one was working them, so the week opens already behind, chasing money that has already moved. Staff the weekend to avoid that and you are paying for Saturday and Sunday shifts just to keep the queue from growing.
That morning is where credit unions lose ground on fraud and AML. The alert fired fine. The hard part was everything that came after.
For a decade, the money and the attention in financial crime went to detection. Scoring models, behavioral signals, real-time decisioning, device intelligence. Vendors got good at it. Most credit unions now run a transaction monitoring system or a fraud engine that flags far more activity than the team can work through.
That’s the quiet problem. Detection produces volume. By most industry estimates, more than 90% of AML alerts are false positives. So a small BSA team spends its day digging through flags by hand. They find the handful that matter. Then they write each one up well enough to defend.
The detection arms race gave credit unions more alerts. It did not give them more investigators.
Credit unions run lean on purpose. Member-owned, cost-conscious, often a BSA function of one or two people. That model works until the alert queue outgrows the people working it.
Three pressures are pushing it there at once. Instant payments through FedNow and RTP move money in seconds. The window to investigate closes with it. Fraud losses keep climbing: the FTC reported more than $12.5 billion in consumer fraud losses in 2024, up 25% from the year before. And experienced investigators are hard to hire and harder to keep, especially the ones who can untangle structuring across a dozen accounts or close out an instant-payment alert before settlement.
The result is a widening gap between alerts generated and alerts investigated. When that investigation is slow, a member is the one who waits: locked out of an account that was fine, or left exposed to a scam that was real. That gap is also where examiners find problems.
A detection score says this looks unusual. An investigation answers a harder question: what happened, is it suspicious, and what evidence supports that conclusion. The first is a signal. The second is the work.
Today that work is manual. An analyst pulls context from eight or ten systems, reasons through it, and writes a narrative. A single suspicious activity report can take days to assemble. And the output examiners care about is the narrative, not the flag. NCUA's 2026 supervisory priorities put direct weight on the rigor of fraud risk assessments, detection, escalation, and documentation. A score sitting in a queue answers none of that. A written, evidence-backed investigation does.
Stacking one more detection signal onto the dozens a team already cannot get to changes nothing. The work that matters now is everything between the alert and the disposition, and most of it is still done by hand.
That legwork is what an AI agent can take on now. It pulls data across systems, follows the credit union's own procedures, builds a narrative with every finding cited to its source, and hands the analyst a finished case to review. The analyst still makes the call. That matters for examiners, who want a human accountable for the decision. It fits how credit unions already think about protecting members.
Larger banks are piloting this approach for financial crime right now. Credit unions do not need to move first. They do need to stop treating the investigation bottleneck as permanent, because it no longer is.
Start with a few practical moves—none of which require a budget cycle to start.
Measure the real bottleneck. Track the time from when an alert fires to when it is dispositioned. If alerts pile up faster than they close, the constraint is investigation, and another detection tool will not fix it.
When you evaluate AI, ask one question: does it score, or does it investigate? A higher-confidence flag still lands on a person. A completed, cited investigation does not.
Insist on auditability. Every finding should trace to its source. If you cannot show an examiner how a disposition was reached, it will not hold up, no matter how the conclusion was produced.
Keep the human on the decision. The goal isn’t to remove judgment from compliance. It is to stop spending that judgment on data-gathering.
Credit unions run lean. They always have. The teams that win the next few years will not be the ones with the most analysts. They will be the ones whose analysts stop doing by hand what no longer needs a human hand.
The alert was never the hard part. What you do with it is. At Roe, where I work on investigation agents for fraud and AML teams, that’s the shift I watch most closely.
