A mid-tier bank running 5M daily transactions at a 1.5% false positive rate generates roughly 75,000 unnecessary alerts per day, and analysts can only review 30–50 per hour — the arithmetic of the queue is what drives the agentic case for pre-investigation. The right orchestration design for 500 alerts/day is almost nothing like the right design for 75,000/day, so sizing the queue honestly is the first decision, not a later optimization. Institutions that under-report alert volume typically do so because they have already silently closed large portions of the queue without investigation.

The SAR is not an optional artifact — it is the primary regulatory deliverable the agent must help produce, and the 30-day initial filing deadline (with 90-day continuing cycles) is non-negotiable under BSA 31 CFR 1020.320. Cyber-SARs specifically grew 30% year-over-year as AI-enabled attacks accelerated, and institutions that have grown volume without agent support typically slip on the 30-day clock first. Dimensioning the SAR workload up front is what lets you design an agent that meets the clock at your actual institutional scale.

The agent does not replace a tier — it changes the ratio between tiers, and the institution must decide which tier absorbs the capacity gain before the deployment goes live. McKinsey's 20+ agents per human supervision model implies near-complete elimination of L1 and redeployment of L2 against more complex cases, which is an organizational decision, not a technical one. An agent deployed without a target-state tier model tends to produce throughput that analysts immediately re-absorb into deeper per-case review rather than clearing the queue.

Running an internal SLA that equals the regulatory ceiling leaves no room for any operational disruption — a single analyst sick day or a system outage can put filings past 30 days, and FinCEN exam findings on late filings are both frequent and publicly visible. Institutions that hit the 30-day window reliably almost always run internal SLAs at 14–21 days to absorb real-world friction, and agentic case assembly is what makes that tighter SLA economically possible at the current staffing footprint.

Siloed fraud and AML systems create blind spots — a money mule network visible in AML transaction data is invisible to the fraud team's case file, and an agent that can only see one side reproduces that blind spot programmatically. Hawk AI's 2024 survey found 77% of FRAML respondents expect >$1M savings within 5 years and 50% of early adopters have already saved >$5M. The convergence decision shapes every downstream data source and graph traversal choice, so it has to be made before agent scope is finalized rather than after.

The observable difference between an agentic tool analysts adopt and one they abandon is whether output starts appearing on the screen inside the first half-second. A 15–25 second batch wait is perceptually indistinguishable from a frozen UI, and analysts who have to wait through it tend to alt-tab back to their existing 8–12 systems and never return. Token streaming is not a UX nicety; it is the reason the agent ever sees a second case from the same analyst.

McKinsey documents agentic productivity uplifts of 200–2,000% under supervision models where one human oversees 20+ AI agents on triage, evidence gathering, and narrative drafting — but those numbers assume the autonomy level matches the institution's regulatory risk appetite, not just the technical capability. Regulated workflows typically require deterministic graph-based orchestration (LangGraph) with explicit human-in-the-loop breakpoints at SAR filing decisions; purely conversational autonomy (AutoGen) is better suited to hypothesis generation upstream of the filing decision.