Loading…
Loading…
KYC/AML onboarding requires speed, accuracy, and complete auditability for FCA, FinCEN, and EU AMLD compliance. Archiet generates a governed KYC agent: risk scoring drives a transparent DMN routing table, every decision is logged for SAR and audit purposes, and the AI only extracts identity data — it never decides the risk classification.
KYC/AML onboarding has three properties that make it ideal for governed AI and incompatible with black-box models. First, regulatory explainability: the FCA's SYSC 6.3 rules require firms to document the risk assessment methodology applied to each customer. An opaque ML model cannot satisfy this requirement. A DMN policy table can — every decision cites the specific risk factor that triggered it. Second, hard-stop requirements: sanctions screening must be a hard block with immediate MLRO notification. A probabilistic model cannot reliably implement a hard stop. A rule engine can. Third, the risk criteria are explicit: FATF, FCA, and FinCEN guidance defines PEP status, high-risk jurisdiction lists, and beneficial ownership thresholds as explicit rules — not patterns learned from historical data.
The generated KYC/AML agent implements four risk layers. Sanctions screening: before any other processing, the DMN evaluates the sanctions_hit field. Any sanctions match triggers a hard block with immediate MLRO notification — no other rules are evaluated. PEP assessment: Politically Exposed Persons in high-risk jurisdictions trigger Enhanced Due Diligence. Risk score evaluation: composite risk scores combining source of funds, jurisdiction, transaction profile, and identity verification confidence drive the CDD/EDD routing decision. Auto-approval: low-risk applicants with verified source of funds in low-risk jurisdictions auto-approve into standard CDD. The AI extraction layer reads identity documents, extracts beneficial ownership data, and cross-references jurisdiction risk against the FATF list — all without making any risk classification decision.
When the DMN routes to Enhanced Due Diligence, the BPMN process manages a structured workflow: EDD questionnaire dispatch, source of funds documentation collection, senior compliance officer assignment, regulatory timeline compliance (EDD must complete within configurable SLA), and escalation to MLRO if documentation is not received in time. The entire EDD workflow is logged in the customer audit trail. For customers who pass EDD, the audit record shows the additional documents reviewed and the compliance officer who made the determination.
The agent's audit trail provides the foundation for Suspicious Activity Report (SAR) filings and regulatory reporting. When a customer's risk profile changes after onboarding (new adverse media, updated PEP status, changed jurisdiction risk), a re-screening event triggers a new DMN evaluation. If the re-screening result differs from the original onboarding decision, the audit trail captures both states — the original decision and the re-assessment — which is the information needed for a SAR or customer risk reclassification. The generated operator console includes a re-screening queue and SAR drafting workflow.
The agent generates integration stubs for Refinitiv World-Check, Dow Jones Risk & Compliance, Complyadvantage, and LexisNexis WorldCompliance. The sanctions_hit field is populated by the screening API before the DMN evaluation runs. If your firm uses a different screening provider, the integration layer uses a standard REST interface — replace the stub with your provider's API call.
PEP status is determined by the screening provider (above), not maintained manually. The pep_flag field is set by the screening result. Your compliance team configures the jurisdiction_risk field by referencing the current FATF grey list and blacklist, which the operator console can be configured to auto-update from FATF's published XML feed.
Yes. The DMN table supports an entity_type field (individual/corporate/trust). Corporate entities trigger beneficial ownership extraction — the AI layer reads corporate registration documents and identifies ultimate beneficial owners (UBOs) with >25% ownership. Each UBO is screened independently and their combined risk assessment drives the corporate entity's routing decision. The BPMN workflow manages multi-UBO collection and sequential screening.
The audit trail is stored as structured JSON with a standardized schema: customer_id, application_date, screening_provider, sanctions_result, risk_score, pep_flag, jurisdiction_risk, dmn_rule_matched, decision (cdd/edd/hard_block/approved), reviewer_id (if manual), timestamps. The operator console exports audit trails as CSV or JSON for regulatory submission. The format aligns with FCA's Section 166 skilled person review requirements and FinCEN's Customer Due Diligence rule recordkeeping requirements.
Most AI invoice automation is a black box — the model decides, you can't explain why. Archiet generates a governed invoice approval agent: the approval flow is BPMN (auditable), the decision logic is a DMN policy table your finance team can edit without code changes, and the AI only reads documents — it never decides the outcome.
Enterprise procurement teams need approval automation that can be explained to auditors, edited by business analysts, and trusted in regulated industries. Archiet generates a governed procurement agent: BPMN workflow, DMN policy table, bounded LLM for document reading, and a complete audit trail from day one.
Insurance claims triage requires speed, accuracy, and full auditability. Archiet generates a governed claims triage agent: FNOL intake, AI-powered data extraction from claim documents, deterministic DMN severity routing that actuaries control, and a complete audit trail for regulatory examination.
free plan. No credit card required. Generate your first compliant architecture blueprint in under 10 minutes.