Financial services
Agents triage AML alerts and reconcile the books at machine speed. The SAR and disposition decision stays a named officer’s — with NYDFS Part 504-ready signed evidence an examiner verifies offline. Your agents move fast on the safe work; they hit a wall at the one-way doors.
The pain
Speed in financial-crime ops is not the problem you’re paid to solve. Accountability for what the machine decided is.
Alert backlogs
Transaction-monitoring systems fire more alerts than any team can clear, so banks are bolting AI onto the queue. The moment an agent triages an alert, the question becomes who is accountable for what it decided.
OFAC strict liability
Sanctions violations are strict liability — intent is irrelevant, and one missed near-match is a finding. An agent that screens names can move fast, but it cannot be the one that clears a hit.
Personally-fined officers
FinCEN has fined a bank’s former risk chief $450,000 personally. The officer who signs the program carries the exposure, not the model that triaged the alert underneath them.
The examiner gap
When an examiner or a deposition asks “who — or what — authorized this disposition, and prove the record wasn’t altered,” a dashboard of agent activity is not an answer. There is no signed artifact, anywhere.
How it works
The exact shape of the AML alert triage flow: fast on triage, locked at the SAR decision, signed for the examiner.
An L1 analyst agent ingests the day’s money-laundering alerts at a scale no team can staff, scores each one, and assembles the case file — and it can only touch the tools and data you explicitly allowed its role, nothing else.
The run parks at the suspicious-activity gate. The Wolfsberg four-eye control fires: the analyst that raised the alert is structurally barred from deciding it — refused outright, not merely flagged. A named BSA officer signs, reason recorded verbatim.
Every action, model call, and approval lands in a sealed, append-only record — change one entry and the whole chain visibly breaks. Export a bundle an examiner verifies with zero access to your systems — the Part 504 certification file, against a published open spec.
Run
recon-2026-06-13 · daily cash reconciliation
Reconciled ledger — 2 breaks found
09:14:02
role: reconciliation clerk · grant v3
Attempted to approve own resolution
09:14:03
role: reconciliation clerk · grant v3
Blocked — maker cannot be checker
Segregation of duties enforced structurally. Not flagged — refused.
Approved at gate — break above threshold
09:21:47
approver: J. Okafor · controller (human)
“Variance traced to an FX timing entry. Approving the proposed resolution.”
See it work
Not a deck. Working scenarios from the open repo — the demo your team can run today, before the examiner runs theirs.
Demo · AML alert triage
An L1 analyst agent triages ten money-laundering alerts and flags exactly two: a just-under-threshold structuring pattern (Northgate Vending, risk 86) and a sanctions near-match (Sable Trading FZE). The run parks at the SAR gate; the BSA officer signs; only then are the SAR narratives drafted.
Demo · the self-approval block
The gate runs in identity mode: the user that triggered the run is refused (an HTTP 403) when they try to decide it — that refusal is the four-eye control firing. Unauthenticated decisions are refused outright. The same identity provably cannot be both maker and checker in one run. Then tamper with one ledger row, and verification screams.
Evidence for
We never say “compliant.” We say this: MakerChecker is designed against the requirements of the rules your examiners already enforce, and it produces the signed artifact each one asks for.
The predicate rules underneath agentic AI never moved. They’re date-proof, and the discovery process won’t wait for new ones.
Keep reading
See it for yourself
One command starts the demo: an agent stopped from signing off its own work, and the signed evidence file an inspector can check for themselves.
Designed against the rules your auditors already enforce.