Financial crime fighters are dealing with more complex fraud and smarter criminals than ever. Community financial institutions feel significant pressure to operate like national banks with significantly smaller staffing, technology, and budgets.

As a team of former bankers, BSA officers, and bank examiners that partners with banks and credit unions every day, these are the five issues we see most often, along with practical steps any institution can take to stay ahead.

1. Rising Fraud Losses Across Major Channels

Fraud across check, ACH, and wire transactions continues to increase, and criminals are becoming more adept at exploiting weaknesses.

FinCEN reported more than $688 million in mail-theft-related check fraud between February and August 2023.

The FBI’s Internet Crime Complaint Center reported more than $10 billion in cyber-enabled losses last year, including more than $3 billion in elder fraud.

Additionally, AI-generated documents, spoofed communications, and deepfake techniques are making it harder for outdated verification processes to keep up. These upticks in losses, paired with the rapidly evolving technology used by bad actors, make it even more difficult for community institutions to keep their customers and members safe. 

What Financial Institutions Can Do

• Review whether current fraud controls match today’s tactics. 

  • Were there channels where you experienced fraud but didn’t have protections in place? 

  • Are there new fraud tactics that require new tools or procedures to protect your customers and members?

• Compare expected and actual fraud trends over the past year. 

  • Did you lose more than expected? 

  • How confident are you that your team caught all the fraud that occurred?

• Evaluate your policies and tools for identifying AI-generated materials KYC/KYB. 

  • What should an employee do if they suspect documentation has been generated by AI? 

  • Do you have trusted tools to check the authenticity of those documents?

• Benchmark losses against similar institutions in your region. 

  • Was the amount of fraud you experienced in line with similar institutions in your area? 

  • Did your peers find fraud tactics that your team may have missed?

• Update detection rules more frequently to reflect changing patterns. 

  • If you adjusted your alert thresholds, would you have caught fraud that you otherwise missed? 

  • If you had too many false positives, can you raise the threshold without missing fraud?

2. Rising Cost of BSA Compliance

BSA compliance spending keeps climbing while budgets stay stagnant. According to LexisNexis, across the U.S. and Canada, banks and credit unions collectively spent more than $61 billion on financial crime compliance in 2023.

Civil money penalties continue to grow each year, according to FinCEN enforcement actions. Contrary to popular belief, these money penalties don’t only impact big banks. In 2024, an institution with just $25M in assets was penalized for a lack of compliance.

Many vendors have significantly increased renewal pricing, which strains budgets that are already tight.

When most of the budget goes to software, there is very little left for staffing, training, or strategic improvements. This, combined with growing financial crime, can lead to missed suspicious activity, underprepared staff and programs, and poor exam results. 

What Financial Institutions Can Do

• Review your full vendor stack to see where tools overlap. 

  • Can you reduce the number of tools you use by finding vendors that provide multiple functionalities within one system?

• Evaluate the total cost of your tools, including data fees, renewals, and integrations. 

  • Are there cheaper solutions on the market? 

  • Are you fully utilizing everything you’re paying for?

• Identify siloed systems that require double work or manual handoffs. 

  • Are there tools that can be used by multiple teams or departments?

  •  Is there an automated workflow that could be added to reduce manual work?

• Assess how well your tools support exams and audits.

  • Are reports, alerts, and documentation easy to pull when examiners ask for them?

  • Can your team explain decisions clearly without stitching together data from multiple systems?

  • Do your tools help you prepare proactively, or do they add stress during exams?

3. False Positives Overload

Many BSA teams spend too much time clearing false alerts. Industry research shows that transaction monitoring systems generate false positive rates of 90-95%, meaning the vast majority of alerts require investigation but turn out to be legitimate activity. Many legacy systems rely on inflexible preset rules, which compound the problem. As false positives pile up, teams spend more time clearing noise than identifying real risk.

What Financial Institutions Can Do

• Use safe testing environments to adjust thresholds before applying them.

  • Do you have a sandbox environment where you can test new rules/thresholds and see alert volume before implementing the change?

• Ensure risk scoring includes behavioral data, not just static profile attributes. 

  • Are you only determining risk from static information (i.e., HITDA/HIFCA, PEP, etc.), or are you including behavior as well (i.e., SARs filed in the past year, ongoing investigations)?

• Group related alerts from the same transaction so analysts review them once instead of multiple times. 

  • If you get a structuring alert on a business account with three owners, do you have to review three separate alerts?

• Confirm vendors can explain how their models work and how decisions are made, especially when AI/ML is involved.

  •  If your regulators asked you why an alert did or didn’t trigger, are you confident you could explain the reason?

• Tune alert settings regularly to reduce unnecessary noise. 

  • Do your policies outline how frequently your team should assess alert thresholds?

• Document your tuning process and rationale for examiner review. 

  • Are all alert tuning activities automatically documented by your system? 

4. Manual Processes and Legacy Systems

Plenty of small institutions continue to rely on spreadsheets, shared inboxes, and manual processes to complete investigations. Workflows like these slow down investigations, create more opportunities for costly errors, and can lead to increased losses.

When systems are not connected, investigators are forced to spend time hunting for information rather than assessing risk. According to the FinTech Times, 53 per cent of banks using legacy systems are encountering difficulties in scaling due to data silos and production bottlenecks. As a result, teams lose valuable time on manual work instead of focusing on meaningful risk.

What Financial Institutions Can Do

• Map your primary workflows and identify where manual steps still dominate. 

  • Are you still reliant on phone calls and emails for gathering KYB/KYC information? 

  • Do you have to hunt down transaction information during investigations? 

  • Does your system require you to conduct manual profile updates for customers and members?

• Review how long customer or member outreach takes during investigations, onboarding, and KYB/KYC. 

  • Are you having to wait for responses? 

  • Are customer/member communications built into your solution to track & report for auditors?

• Evaluate how long it takes to produce examiner- and board-ready documentation. 

  • Can you easily export things like no SAR decisions and supporting case documentation? 

  • Is it easy to report on key statistics in your board meetings?

5. Limited Resources

Small teams carry a heavy burden, and fighting financial crime is no small feat. Meanwhile, budgets are remaining stagnant, while training and hiring are needed more than ever due to savvy criminals. Regulators like the OCC have highlighted the growing difficulty banks face in finding and keeping experienced compliance staff. Burnout is common and affects accuracy, speed, and morale.

Even as fraud tactics and regulatory expectations have changed significantly, many teams are still relying on the same technology stack they adopted five or more years ago. Overwhelmed and overworked teams find there's little time for evaluating better, more efficient tools. Over time, this can mean limited budgets, staff capacity, and attention are spent maintaining outdated systems instead of exploring whether their old technology is helping or harming their financial institution.

What Financial Institutions Can Do

• Strengthen continuing education to keep staff up to date on emerging trends. 

  • Are there associations or vendors you trust that put out helpful resources you can leverage?

• Ask your vendors to provide hands-on support where they can. 

  • Can their teams help you better optimize your existing solutions? 

  • Does their team have expertise they can share to ease your burdens?

• Identify process bottlenecks that routinely slow down case resolution. 

  • Are there siloed processes that would benefit from transparency? 

  • Is there new technology that can automate repeatable and predictable tasks?

• Connect with peers to understand how others are juggling similar challenges. 

  • Are there local industry chapters nearby you could join? 

  • Can you attend an industry conference to hear from experts?

Conclusion

These five common challenges shape the daily experience of BSA and fraud professionals in community financial institutions. The pressure is real, but fortunately, you do not have to navigate it alone.

RiskScout was built by former examiners and BSA professionals who have done the job and intimately understand the challenges financial crime fighters face every day. We help financial institutions strengthen oversight, streamline investigations, and stay ahead of financial crime without draining time or resources. Our goal is to make BSA compliance easier and more effective, not more complicated.

Whether you’re struggling with fraud losses, rising costs, false positives, manual processes, limited resources, or something else entirely, we’re here to help. If you want to speak with experts who are passionate about making your life easier, get in touch with us at riskscout.com.

RiskScout is a team of former bank examiners, BSA professionals, and fintech developers helping financial institutions grow and be more efficient and profitable. Through a full BSA/AML and Fraud suite, RiskScout's solutions increase revenue and decrease compliance costs and losses by unlocking new deposit streams, automating compliance workflows, and catching fraudsters. If you are interested in learning more, get in touch: riskscout.com/contact-us