The Problem
Your compliance team manually reviews new-customer onboarding files: PEP screening, sanctions checks, source-of-funds review, risk rating. Each file takes the better part of an hour, and a single missed match is a regulatory enforcement action. The work is slow, it does not scale with growth, and the decisions are hard to defend consistently when an examiner reviews them.
Why a Black-Box LLM Fails Here
Anti-money-laundering decisions are among the least appropriate for an opaque model. A regulator will ask exactly why a customer was rated high-risk and what due diligence followed. "The model flagged it" fails the examination. You need the risk rating tied to documented criteria, applied consistently, with a complete audit trail — precisely what a black-box LLM cannot provide.
The Governed Architecture
- The LLM reads. It extracts structured fields from the onboarding application — nationality, residency, business purpose, expected transaction volume, source of funds, and PEP/sanctions screening results. It never assigns the risk rating.
- A DMN policy table decides. Your AML risk policy as a deterministic table: PEP exposure, cross-border indicators, and volume thresholds map to a risk rating and a due-diligence level.
- BPMN routes. Standard cases proceed; elevated-risk cases are routed to a senior compliance officer with an enhanced-due-diligence checklist and a documentation request.
Try It Live
Go to archiet.com/agents and open the KYC / AML agent. Type:
New customer application: Alexander Petrov, DOB 1975-09-22, Russian
national, UK resident. Business purpose: import/export consulting. Expected
monthly transaction volume £85,000. Source of funds: consulting income and
sale of property in Cyprus. PEP screening: no direct match, one indirect
association with a politically exposed person.Click Run governed agent:
1. The LLM extracts (shown read-only):
{
"name": "Alexander Petrov",
"nationality": "Russian",
"residency": "UK",
"business_purpose": "import_export_consulting",
"expected_monthly_volume": 85000,
"cross_border_funds": true,
"pep_indirect_association": true
}2. The DMN policy table evaluates and fires: indirect PEP association AND cross-border source of funds AND high transaction volume → Enhanced Due Diligence required, senior compliance review, request source-of-funds documentation pack. Risk rating: HIGH. Rule KYC-EDD-003.
3. BPMN routes to the senior-compliance queue with the EDD checklist attached.
4. The audit trail records the firing rule, every condition met, the extracted fields, and the timestamp — the exact evidence an examiner asks for.
The Regulatory Angle: FCA SYSC 6.3, FinCEN, FATF
The FCA's SYSC 6.3 requires firms to maintain documented, risk-based policies and procedures for AML. FinCEN (US) and the FATF recommendations require risk-based customer due diligence with records that demonstrate the basis for each decision. A governed agent satisfies all three: the risk rating is produced by a documented DMN policy, applied consistently to every customer, with a logged trail showing which criteria drove the rating and what due diligence followed. When your regulator asks to see your AML decision-making, you hand them the policy table and the audit log.
Generate This for Your Own System
Describe an onboarding, KYC, or AML workflow in Archiet's Blueprint Wizard and the governed screening agent is generated with your risk criteria, volume thresholds, and due-diligence levels extracted from your PRD. Engine, policy model, endpoints, and UI come wired and auditable.
The same governed pattern powers invoice approval, loan adjudication, FNOL triage, prior authorisation, and refund/retention in the gallery.