- Runs customer due diligence grounded to verified identity data, with restricted fields (SSN, DOB, tax ID) locked so they never enter a model prompt.
- Ontology permissions
Onboarding, screening, and case disposition — under strict allowlists.
KYC and AML agents run inside hard allowlists: only sanctioned models, only approved tools, only permitted actions. Every screening decision is explained, dual-controlled, and chained to its evidence — so a SAR or an examiner request is answered with a record, not a reconstruction.
Aligned with BSA/AML · OFAC · FinCEN · FFIEC · SOC 2
In AML, an unexplained decision is an unfiled obligation.
BSA/AML programs demand a documented, defensible basis for every onboarding, screening hit, and case disposition — and OFAC has no tolerance for a sanctioned counterparty slipping through. An agent that can't show why it cleared a name is a finding. Cortex confines the agent to an allowlist, requires dual control on dispositions, and chains every decision to the evidence behind it.
Every agent boxed in by an allowlist.
Each agent is an identity-bound actor with allowed models, tools, and actions; the MCP gateway denies anything off the list, and dual control gates the disposition.
- Screens against OFAC and PEP lists through approved tools only — the MCP gateway denies any off-allowlist data source with a 403.
- MCP Gateway
- Triages AML alerts, explains the typology behind each, and escalates rather than auto-clearing — cost-capped so an alert storm can't blow the budget.
- Cost governance
- Proposes a disposition; clearing or filing requires a second human approver, and break-glass overrides demand a mandatory audited reason.
- Oversight & break-glass
- Drafts SAR narratives grounded to the case evidence, with every assertion chained to its source so the filing's basis is provable.
- Trust Ledger
An agent that can only use approved models, tools, and actions — and can't dispose alone.
KYC/AML agents are the most tightly bounded in Cortex: identity binds them to an allowlist, the MCP gateway firewalls every tool call, and case disposition requires dual control. Off-allowlist anything fails closed with a 403, and the basis for every decision is chained to its evidence.
- Agents bound to allowed models, tools, and actions — off-list calls denied 403
- MCP gateway firewalls every tool request: allowlist, DLP, rate limit, risk score
- Case disposition requires dual control; break-glass demands an audited reason
- Every screening decision chained to its evidence for the SAR and the examiner
The verdicts an examiner will challenge — and lose.
These are the literal runtime responses. Off the allowlist, the agent fails closed, on the record.
- 01
Model the domain
Map the work to typed ontology objects — Customer, Case, Alert, Sanction, Disposition — with restricted fields like ssn / dob / tax_id locked at the property level.
- 02
Encode the rules
Translate the obligations above into Policy-as-Code and Action Fabric approvals — the gates fail closed, returning a precise code, not a guess.
- 03
Prove the outcome
Every run lands in a hash-chained Trust Ledger with signed receipts and 10-hop provenance — a record you can hand the regulator.
The controls behind banking & kyc/aml.
The same shared runtime powers every vertical — here are the capabilities and the Solution Pack this industry composes from.
MCP Gateway
Firewall every tool call: allowlist, DLP in/out, rate limit, risk score.
Agent IAM
Bind each agent to allowed models, tools, and actions — off-list is 403.
Oversight & break-glass
Dual control on disposition; break-glass needs an audited reason.
Trust Ledger
Chain every screening and SAR assertion to its source evidence.
KYC/AML Solution Pack
Deploy a signed KYC-AML pack — verify before you import, 409 on tamper.
Trust Center
Map allowlists and evidence chains to BSA/AML, OFAC, and FinCEN.
The tightest controls in the platform, mapped to your BSA program.
Allowlists, the MCP firewall, dual control, DLP, and detection & response are shared across onboarding, screening, and disposition — so you map once, to the obligations your BSA/AML program already documents. Aligned with, never claiming certification you don't hold.
AI agents for banking & kyc/aml — questions, answered.
How does Cortex stop a KYC agent from using an unapproved tool or model?
Each agent's identity binds it to an allowlist of permitted models, tools, and actions. The MCP gateway firewalls every tool request — allowlist, DLP, rate limit, risk score — and denies anything off-list with a 403, while an unregistered tool returns 404.
Does Cortex enforce dual control on AML case dispositions?
Yes. Disposition agents may only propose; clearing or filing a case requires a second human approver under oversight modes. Break-glass overrides are possible but demand a mandatory audited reason that is sealed into the ledger.
How is the basis for a screening decision documented?
Every screening decision is chained to its evidence in a 10-hop provenance graph and sealed into the tamper-evident Trust Ledger — so a SAR narrative or an examiner request is answered with a verifiable record.
How is customer PII protected during onboarding?
Restricted properties like SSN, date of birth, and tax ID are locked at the ontology property level (deny-by-default once governed) and redacted before any object reaches the model.
One governed runtime, every regulated vertical.
The controls are the same — the obligations they satisfy differ. Explore another vertical, or see the full set.
Answer the examiner with a record, not a reconstruction.
See the allowlist, the MCP firewall, and the dual-controlled disposition behind every KYC/AML decision.