Financial-crime AI, audit-ready by design.
AML transaction monitoring, sanctions screening, customer due diligence, and SAR drafting — each one a place AI earns its keep, and each one a place where the auditor and the regulator expect traceable, documented decisions. We build for both.
The regulator and the auditor want the same thing: a decision you can defend.
AML and KYC sit under a heavy framework: the Bank Secrecy Act and FinCEN guidance in the US, PCMLTFA in Canada, AMLD in the EU, the FATF Recommendations globally. The common thread across all of them: every decision a financial institution makes about suspicion, sanctions, or customer risk has to be defensible under examination.
AI helps enormously with volume — transaction monitoring false-positive rates, sanctions-match fuzzy logic, adverse-media aggregation. AI hurts when it makes decisions humans can't explain. We architect for the former and against the latter.
Six places where AI agents earn their compliance overhead.
Transaction monitoring
AI-driven alert prioritization, pattern recognition across typologies, false-positive reduction. Human analyst review preserved above risk thresholds; AI provides decision support, not autonomous decisions.
Sanctions screening
Fuzzy-match improvements, multilingual name matching, real-time screening at transaction time. Every match decision traceable; no auto-blocking that bypasses review.
Customer due diligence (CDD/EDD)
Adverse media aggregation, beneficial ownership tracing, source-of-wealth analysis. Output structured for analyst review; citation traceback on every claim.
PEP and adverse media screening
Continuous monitoring with name-disambiguation, language-aware matching, and source-credibility scoring. Reduces analyst burden without sacrificing coverage.
SAR narrative drafting
AI drafts the narrative section of suspicious activity reports based on case data; analyst reviews, edits, signs. Faster filing, consistent quality.
KYB / corporate verification
Corporate-registry aggregation across jurisdictions, ultimate-beneficial-owner identification, automated screening of corporate structures against sanctions and adverse-media lists.
SR 11-7 applies. We design to it as a default.
The Federal Reserve's SR 11-7 (and the OCC's parallel guidance) is the model risk management framework that explicitly applies to AML and other AI/ML models in regulated financial institutions. The default expectations:
- Independent validation before deployment
- Ongoing performance monitoring with documented thresholds
- Model inventory with explicit risk tiering
- Governance with appropriate segregation between development, validation, and use
- Documentation: model design, data, assumptions, limitations, validation results
- Periodic re-validation and re-tuning, with documented rationale for changes
For smaller institutions, the documentation burden is proportional but the architecture is the same. We don't build two systems; we build one well-documented system, and the documentation scales to the institution's size.
AI prioritizes. Humans decide. Both are traceable.
The architectural pattern we ship: AI generates ranked alerts, suggested explanations, and pre-drafted narratives. Human analysts review every alert above a defined risk threshold, accept or override the AI's prioritization, edit or replace the narrative, and sign the resulting filing or decision.
The audit trail records both layers: what the AI suggested, what the human did, the rationale for any override. The regulator sees the human accountability they expect. The institution gets the volume leverage AI provides.
Frequently asked questions
Can AI replace human analyst review in AML transaction monitoring?
Not entirely, and not without significant care. FinCEN and bank regulators expect human review of alerts above defined risk thresholds. AI is appropriate for: alert prioritization, false-positive reduction, narrative drafting for analysts, cross-typology pattern matching. AI is not appropriate as the sole decision-maker on suspicious activity reports. The architecture preserves the human accountability the regulators expect.
What does the OCC / Federal Reserve expect for model risk management?
SR 11-7 (and the OCC's equivalent guidance) establishes the model risk management framework that explicitly applies to AML and other AI/ML models in banking. Independent validation, ongoing monitoring, documentation standards, governance with appropriate segregation. We design AML AI systems to satisfy SR 11-7 as a default; smaller institutions get the same architecture at a lower documentation burden.
How does sanctions screening AI interact with OFAC requirements?
OFAC's expectations: comprehensive screening, traceable decision rationale, no auto-blocking that bypasses required review, audit trail sufficient for OFAC inquiry. AI improves screening efficiency (alert reduction, fuzzy-match improvements) but doesn't change the underlying obligations. We architect screening AI so that every screening decision has the documented rationale OFAC requires.
FATF guidance applies to non-US customers too?
Yes. The FATF Recommendations apply to most major jurisdictions; specific countries implement them through national law (BSA in US, PCMLTFA in Canada, AMLD in EU). For multi-jurisdiction financial-services customers, we map AI controls against the strictest applicable AML regime in the relevant operating footprint.