mech.app
AI Agents

AML Alert Triage: How Amazon Quick and Snowflake Cortex Turn 90-Minute Investigations into 5-Minute Agent Workflows

How MCP integration bridges AWS Quick Flows and Snowflake Cortex to automate compliance workflows that traditionally require human analysts.

Source: aws.amazon.com
AML Alert Triage: How Amazon Quick and Snowflake Cortex Turn 90-Minute Investigations into 5-Minute Agent Workflows

Anti-money laundering alert triage is a compliance bottleneck. A single alert can take 30 to 90 minutes of analyst time: pulling transaction histories, checking customer profiles, cross-referencing watchlists, and documenting every step for regulators. AWS and Snowflake just published a joint implementation that cuts that to under 5 minutes using agent orchestration.

The architecture is interesting because it solves a real multi-system coordination problem. Amazon Quick Flows handles workflow orchestration. Snowflake Cortex AI runs the decision logic. The Model Context Protocol (MCP) acts as the state bridge. The result is a production-grade compliance workflow that maintains audit trails while automating repetitive investigative steps.

Why AML Triage Is a Good Agent Use Case

AML alert triage follows a fixed procedure:

  • Retrieve the flagged transaction and related activity
  • Pull customer profile and risk rating
  • Check sanctions lists and adverse media
  • Score the alert based on regulatory rules
  • Document findings and route for human review or closure

Every alert follows the same steps. The data lives in different systems. The decision logic is rule-based with some judgment calls. This is exactly where agent orchestration adds value: you get repeatability, speed, and a full audit log.

Architecture: Quick Flows + Snowflake Cortex + MCP

The implementation uses three layers:

Orchestration layer: Amazon Quick Flows receives the alert trigger and manages the workflow state. It translates user intent (or scheduled jobs) into MCP protocol calls.

Data and decision layer: Snowflake stores transaction data, customer profiles, and watchlist tables. Snowflake Cortex AI runs the scoring model and generates risk assessments.

Integration layer: MCP handles authentication, query execution, and result passing between Quick Flows and Snowflake. OAuth tokens are managed at the MCP server level, so the workflow engine never sees raw credentials.

The flow looks like this:

  1. Alert arrives (via API, scheduled scan, or manual trigger)
  2. Quick Flows initiates an investigation workflow
  3. MCP server authenticates to Snowflake using OAuth
  4. Quick Flows sends a series of MCP tool calls to retrieve transaction data, customer history, and watchlist matches
  5. Snowflake Cortex AI scores the alert based on transaction patterns and risk factors
  6. Quick Flows aggregates results and generates a triage decision
  7. The decision and full investigation log are written back to Snowflake for compliance review

MCP as the State Bridge

The Model Context Protocol is doing the heavy lifting here. It provides a standardized interface for tool calls, so Quick Flows does not need custom connectors for every data source.

Each MCP tool call is stateless. The workflow engine maintains conversation context and decision state. Snowflake maintains data state. MCP just ferries requests and responses.

This separation matters for retry logic. If a Snowflake query times out, Quick Flows can retry the MCP call without losing workflow state. If Cortex AI inference fails, the workflow can fall back to rule-based scoring or escalate to a human analyst.

The MCP server also handles credential rotation. OAuth tokens expire. The MCP server refreshes them transparently, so the workflow does not break mid-investigation.

Audit Trail and Explainability

Regulators will scrutinize automated triage decisions. The system needs to log every data retrieval, every scoring input, and every decision point.

Quick Flows maintains a workflow execution log. Every MCP call is recorded with timestamps, input parameters, and results. Snowflake logs every query execution. Cortex AI returns not just a risk score but also the features that contributed to it.

When an auditor asks why an alert was closed, you can reconstruct the entire investigation: which transactions were reviewed, which watchlists were checked, which risk factors triggered the score, and which human analyst (if any) reviewed the final decision.

This is not optional. Financial institutions face penalties for unexplainable compliance decisions. The architecture treats audit logging as a first-class requirement, not an afterthought.

Tool Boundaries and Error Handling

The system defines clear tool boundaries:

ComponentResponsibilityFailure Mode
Quick FlowsWorkflow orchestration, state management, retry logicWorkflow timeout, invalid state transition
MCP ServerAuthentication, query translation, result serializationOAuth failure, network timeout, malformed query
SnowflakeData storage, query execution, transaction historyQuery timeout, data unavailability, schema mismatch
Cortex AIRisk scoring, pattern detection, decision recommendationInference timeout, model drift, low-confidence score

Each component can fail independently. The workflow needs to handle partial failures gracefully.

If a Snowflake query times out, Quick Flows retries with exponential backoff. If Cortex AI returns a low-confidence score, the workflow escalates to a human analyst. If MCP authentication fails, the workflow pauses and alerts the operations team.

The key insight is that automated triage does not mean zero human involvement. It means humans only see the cases that need judgment calls.

Code Snippet: MCP Tool Call for Transaction Retrieval

Here is what an MCP tool call looks like in the Quick Flows workflow:

{
  "tool": "snowflake_query",
  "parameters": {
    "query": "SELECT transaction_id, amount, currency, sender_account, receiver_account, timestamp FROM transactions WHERE alert_id = ? ORDER BY timestamp DESC LIMIT 100",
    "bindings": ["${alert_id}"],
    "timeout_seconds": 30
  },
  "retry_policy": {
    "max_attempts": 3,
    "backoff_multiplier": 2
  }
}

The MCP server receives this, authenticates to Snowflake, executes the query, and returns the result set. Quick Flows does not need to know Snowflake’s query syntax or authentication mechanism. It just calls a tool and gets structured data back.

Human Override and False Positives

Automated triage will produce false positives. A legitimate large transaction might trigger an alert. A customer with an unusual profile might score high on risk factors.

The workflow includes a human review step for any alert that meets these criteria:

  • Cortex AI confidence score below 0.7
  • Transaction amount above a regulatory threshold
  • Customer flagged in adverse media within the last 30 days
  • First-time transaction with a high-risk jurisdiction

When an alert is escalated, the human analyst sees the full investigation log: every data point retrieved, every risk factor considered, and the preliminary score. The analyst can approve the closure, override the decision, or request additional investigation.

The override is logged back to Snowflake. If the analyst consistently overrides the model’s decisions, that signals model drift or a gap in the training data.

Deployment Shape

The implementation runs entirely in AWS and Snowflake. No data leaves the customer’s environment.

Quick Flows runs as a managed service in the customer’s AWS account. The MCP server runs as a Lambda function with VPC access to Snowflake. Snowflake Cortex AI runs in the customer’s Snowflake account.

Secrets (OAuth tokens, API keys) are stored in AWS Secrets Manager. The MCP server retrieves them at runtime. Tokens are rotated automatically.

The workflow can be triggered three ways:

  • Real-time: An alert arrives via API, and Quick Flows starts the investigation immediately
  • Batch: A scheduled job scans for new alerts every hour and processes them in bulk
  • Manual: A compliance officer triggers an investigation for a specific alert or customer

Performance and Cost

The AWS blog reports investigation time dropping from 30-90 minutes to under 5 minutes. That is an 18x speedup in the best case.

The cost breakdown:

  • Quick Flows charges per workflow execution
  • Snowflake charges per query and per Cortex AI inference
  • Lambda charges for MCP server invocations

For a financial institution processing 10,000 alerts per month, the cost is roughly $500-$1,000 per month in AWS and Snowflake fees. The labor savings (analyst time freed up) are much larger.

The real cost is upfront: building the workflow, integrating the systems, and training the Cortex AI model. AWS estimates 4-6 weeks for a production-ready implementation.

Technical Verdict

Use this pattern when:

  • You have a compliance workflow that follows the same steps every time
  • Your data lives in Snowflake and you need AI-powered decision logic
  • You need full audit trails for regulatory review
  • You want to reduce analyst workload without eliminating human oversight

Avoid this pattern when:

  • Your investigation steps vary significantly by alert type (the workflow becomes too complex)
  • Your data is not in Snowflake (the integration overhead is not worth it)
  • You need sub-second response times (the multi-hop architecture adds latency)
  • You cannot tolerate any false positives (automated triage always has error rates)

The architecture is production-ready for AML triage and similar compliance workflows. The MCP integration is the key: it turns a multi-system coordination problem into a series of standardized tool calls. The result is faster investigations, lower analyst workload, and full audit trails for regulators.