From Excel to a real AML system: how we digitised suspicious transaction reporting for a financial-sector client

An anonymised case study: from fragile spreadsheets, manual checks and operational risk to an auditable, centralised AML workflow ready for reporting.

In many financial-sector companies, AML processes start simply: Excel, folders, emails between departments and a lot of manual work. At low volume it seems enough; as you grow it becomes fragile — more customers, more alerts, more file versions, more risk.

This case study covers digitising the identification, analysis and preparation of suspicious transaction reporting for a financial-sector client (anonymised). The goal was not just to “replace Excel”, but to build an auditable system: alerts, investigations, documents, decisions and history in one clear flow.

Initial context

The client had AML procedures, a compliance officer and a methodology — but the tooling was fragmented: Excel files for customers, transactions, alerts and cases; folders of documents; emails for approvals; manual reports. A single alert could pass through several places with no unified history.

The problem with Excel in AML

• no single source of truth — multiple versions of the same file;
• no traceability — who changed the status, when, and why;
• manual errors when copying data;
• no clear workflow: new → analysis → escalation → reporting;
• heavy reporting preparation — data gathered from disparate sources.

Project objectives

Centralise alerts, a controlled database, case workflow, full history, attached documents, standardised decisions, internal reports, role-based access, audit logs, compliance dashboard — while keeping human control: the system supports analysis; it does not alone decide suspicion.

The solution: internal AML platform

Modules: customers, transactions, alerts, AML cases, documents, workflow, risk scoring, audit logs, dashboard, exports, roles. Each case = one record: customer, transactions, alert, documents, notes, decisions, status, next steps.

Migration from Excel

First stage: structure analysis, cleanup, mapping — columns named differently, inconsistent statuses, duplicates, comments in cells. Validation rules before import. Without cleanup, you only get digitised chaos.

Alerts, case management and documents

Alerts: manual or explainable rules — thresholds, structuring, high-risk jurisdictions, profile vs. history, expired documents. Status, priority, reason, linked transactions.

Case management: alert → case with flow: new → analysis → documents requested → escalated → decision → closed / suspicious → ready for reporting → reported → archived. Every change saved.

Documents: attached to customer and case, labelled, role-based access — not lost in email.

Roles, audit logs and dashboard

Roles: analyst, compliance supervisor, admin, auditor, management (aggregated dashboard). Separation of access to sensitive data.

Audit logs: create/update alert, case, status, documents, notes, decisions, export, permissions, authentication — user, date, object.

Dashboard: new alerts, cases in analysis/escalated, average analysis time, high risk, expired documents, cases without action, reporting status.

Reporting, integration and security

For a suspicious case: customer data, transaction, reason, risk indicators, documents, analysis history, decision, people involved — faster reporting preparation, without searching through emails.

Phased integration: Excel → then financial core, CRM, KYC, screening. Security: auth, roles, encryption, backup, download journal, retention.

Testing and controlled launch

Real scenarios: alerts → cases, permissions, audit, export, unauthorised access. Launch in parallel with Excel on a limited set of cases → migrate active items → gradually stop using files → periodic reports in the system.

Results and lessons

Centralised system, clear status, reasoned decisions, traceability, real-time dashboard, reduced risk of lost information. Control — no longer dependent on memory and email.

• Excel is useful, but not as the main system for auditable processes;
• you digitise decisions and responsibilities, not just files;
• audit logs and roles from day one;
• legacy data migration taken seriously;
• phased launch — compliance and technology together.

Future extensions

Real-time monitoring, PEP/sanctions, dynamic scoring, ML alert prioritisation, KYC integration, multi-level approval workflow, API — a modular foundation, not just Excel replaced.

Conclusion

AML digitisation is not moving data out of Excel — it is a controlled, auditable system. For companies still managing alerts in spreadsheets, the question is how long they can continue without operational risk. A real AML system means control, confidence and growth without losing track of critical decisions.