Autonomous KYC/AML Compliance Verification Agent

Problem Statement

Fintech startups and digital asset platforms face a massive scaling bottleneck: the manual review of Know Your Customer (KYC) and Anti-Money Laundering (AML) documentation. As user acquisition scales, the compliance team becomes a graveyard of PDFs, blurry passport photos, and fragmented database hits. The specific challenge lies in "Level 2" verification—where automated identity providers (like Onfido or Persona) flag a profile for manual review due to data mismatches, high-risk jurisdictions, or PEP (Politically Exposed Person) hits.

Currently, human analysts spend 15–30 minutes per flagged case manually cross-referencing Sanctions Lists (OFAC, UN, EU), verifying "Proof of Address" documents against government databases, and searching for Adverse Media. This delay causes a 20-30% drop-off in user onboarding conversion. Furthermore, manual reviews are prone to "compliance fatigue," leading to inconsistent risk scoring and potential regulatory fines. Similar to how an Autonomous Vendor Risk Assessment Agent streamlines security audits, startups need an AI agent that can autonomously perform the investigative heavy lifting—synthesizing data from disparate sources, verifying document authenticity through metadata analysis, and providing a structured "Decision Recommendation" for a human officer to approve in seconds rather than minutes.

What the Agent Does/Doesn't Do

• DOES: Extracts text and entities from IDs and utility bills; cross-references names against global sanctions lists; performs automated Google/Bing searches for adverse media; calculates a risk score based on pre-defined logic; generates a summary report for human sign-off.
• DOES NOT: Make the final legal "Approve/Reject" decision (due to regulatory requirements); contact the customer directly for missing info; handle physical biometric liveness checks (handled by upstream SDKs).

Workflow

1. Trigger: A webhook from the primary IDV (Identity Verification) provider flags a user for "Manual Review."
2. Document Extraction: Agent uses OCR to extract Name, DOB, Address, and Document Expiry, comparing them against the user-provided signup data. This mirrors the precision found in a Document Q&A Agent.
3. Sanctions & PEP Screening: Agent queries AML databases for matches on the extracted name and nationality.
4. Adverse Media Research: Agent performs targeted web searches for the user's name + "fraud," "money laundering," or "arrest," summarizing any relevant news articles.
5. Discrepancy Analysis: Agent identifies mismatches (e.g., "Address on utility bill is 100 miles from signup address" or "Name is a 90% fuzzy match to a sanctioned entity").
6. Recommendation Generation: Agent outputs a structured JSON report and a natural language summary to the Compliance Slack channel or Dashboard.

Tool Stack

• Make.com - Workflow orchestration and webhook handling.
  • Pricing: Free tier (1k credits); Core starts at $9/mo (Pricing) ✓ Verified 2026-01-11
  • Documentation | Quickstart
• LangChain / LangSmith - LLM framework and observability.
  • Pricing: Free Developer tier; Plus plan $39/seat (Pricing) ✓ Verified 2026-01-11
  • Documentation
• Claude 3.5 Sonnet (Anthropic) - High-reasoning LLM for document analysis.
  • Pricing: $3/Mtok input, $15/Mtok output (Pricing) ✓ Verified 2026-01-11
  • Documentation | Quickstart
• Amazon Textract - Managed OCR for identity documents. [Unverified]
• Google Document AI - Specialized models for ID and utility bill extraction. [Unverified]
• ComplyAdvantage - Real-time AML/Sanctions database. [Unverified]
• Sanctions.io - Sanctions and PEP screening API. [Unverified]
• Tavily - Search engine optimized for AI agents and research. [Unverified]
• Slack - Notification and human-in-the-loop interface.
  • Pricing: Free tier; Pro starts at $7.25/user/mo (Pricing) ✓ Verified 2026-01-11
  • Documentation | API Reference

Quick Integration

Claude 3.5 Sonnet Analysis (Python)

import anthropic

client = anthropic.Anthropic(api_key="your_api_key_here")

message = client.messages.create(
    model="claude-3-5-sonnet-20240620",
    max_tokens=1024,
    system="You are a Compliance Officer. Analyze the extracted KYC data against sanctions hits and provide a risk summary.",
    messages=[
        {
            "role": "user",
            "content": "User: John Doe. Document: Passport. Sanctions Hit: 'Johnathan Doe' (OFAC List). Match Confidence: 85%. Analyze discrepancy."
        }
    ]
)
print(message.content[0].text)

Source: Anthropic Docs

Slack Alert for Manual Review (Python)

from slack_sdk import WebClient
from slack_sdk.errors import SlackApiError

client = WebClient(token="xoxb-your-bot-token-here")

try:
    response = client.chat_postMessage(
        channel="#compliance-reviews",
        text="🚨 New KYC Review Required",
        blocks=[
            {
                "type": "section",
                "text": {
                    "type": "mrkdwn",
                    "text": "*High Risk Flag Detected*\n\n*User:* Jane Smith\n*Flag:* Adverse Media (Fraud Mention)\n*Score:* 88/100"
                }
            }
        ]
    )
except SlackApiError as e:
    print(f"Error: {e.response['error']}")

Source: Slack API

Prompt Skeletons

(Existing prompt skeletons would be placed here)