KYC / AML Solution Pack

Screen under allowlist. Dispose under dual control.

A signed, versioned Solution Pack for KYC onboarding and AML review: screening and case-disposition agents under strict model and tool allowlists, with every decision explained, dual-controlled, and chained to evidence. Import it into your tenant with its hash and signature checked at the door.

off-allowlist model → 403 · dual-control disposition · verifyPack(hashOk + signatureOk)

kyc-aml-review · v1.2
KYC / AML Reviewkyc-aml-reviewCertified
ontologyTypes2
policies7
actions3
agents3
HMAC-SHA256 · 0x9f3a…c1signatureOk:true
packs ▸ canonicalize → sha256 contentHash → HMAC signature
What this pack governs

One signed artifact — the whole governed solution.

The KYC/AML pack governs customer onboarding and the disposition of AML alerts. It bundles the screening ontology (customer, alert), the policies that enforce allowlists, sanctions-hit holds, and dual-control on adverse decisions, the Action Fabric actions that escalate or close a case, and three curated agents — so a high-scrutiny review workflow ships as one provable artifact that an examiner can take apart.

Representative targets

The targets the pack is tuned to.

Illustrative targets for this use-case, configurable per deployment — the gates that enforce them ship in the pack.

100%
Allowlist enforcement
Off-allowlist model or tool → 403, fail-closed.
100%
Decision explanation
Every disposition carries a cited rationale.
Dual
Adverse-decision control
Representative target — case closure requires two approvers.
What's inside

Four governed sections, one signed bundle.

A pack is a contents bundle plus its integrity envelope. The bundle carries the definitions; the envelope — canonicalize → sha256 contentHash → HMAC signature — is what makes it portable and provable.

ontologyTypes×2
  • Customer — name, dob, nationalId (PII, restricted), riskRating
  • Alert — alertType, matchScore, sanctionsHit, status
policies×7
  • Off-allowlist model or tool → 403 (fail-closed)
  • Sanctions hit → hold, escalate to human reviewer
  • Adverse disposition → dual-control (two approvers)
  • nationalId is restricted — read denied outside screening
actions×3
  • escalateCase — riskTier: medium, opens human review
  • closeCase — riskTier: high, dual-control approval
  • requestEDD — riskTier: low, enhanced due diligence
agents×3
  • KYC Screener — onboarding checks under strict allowlist
  • AML Triage — scores alerts, cites the matched signals
  • Case Disposer — proposes disposition, never closes alone
What it does

Governed agents, mapped to real Cortex controls.

Every capability in this pack is enforced by a runtime control you can audit — identity, policy, action approvals, and a sealed Trust Ledger. The pack configures them; the platform enforces them.

Strict allowlists, fail-closed
  • Agents may use only allowlisted models and tools. An off-allowlist call returns 403 — there is no quiet fallback to an unapproved model on a sanctions decision.
Dual control on closure
  • closeCase is a high-risk action requiring two approvers. No single agent — and no single human — can quietly clear an AML alert; the second pair of eyes is policy, not procedure.
Every match is explained
  • The AML Triage agent cites the signals behind each match score and sanctions hit. Dispositions carry a rationale a regulator can read — no opaque scoring.
Sanctions hits stop the line
  • A sanctions match forces a hold and a human escalation by policy. The agent cannot self-clear a hit; it routes the case to a reviewer with the evidence attached.
Identity data stays restricted
  • nationalId and dob are restricted properties — read-denied outside the screening agents that need them, keeping sensitive identity data out of unrelated prompts.
Chained to evidence
  • Each escalation and closure is sealed in the hash-chained Trust Ledger with a signed receipt and 10-hop lineage — so a disputed disposition has a tamper-evident record behind it.
403Returned for any off-allowlist model call
100%Dispositions with a cited rationale
2Approvers required to close a case
10-hopProvenance on every disposition
Install & verify

See what changes, verify the signature, then apply — to your tenant only.

Importing a pack is a verify-first, two-step flow. importPreview gives you a per-section diff against your live definitions; importApply re-checks the hash and signature, then idempotently upserts. Tamper with the contents and verifyPack returns hashOk:false — and any apply returns a 409 with no partial write.

  • canonicalize → sha256 contentHash → HMAC signature — deterministic bytes, re-checkable offline
  • verifyPack checks hashOk and signatureOk before a single row is written
  • importPreview diff: added / changed / unchanged per section
  • Tampered contents → hashOk:false importApply 409, always your own tenant
packs · verify + import
Intact pack{ hashOk:true, signatureOk:true }valid:true
On-allowlist callmodel in allowlist → screening runs200 OK
Off-allowlist modelunapproved model on a disposition403 denied
Tampered contentshashOk:false → importApply409 blocked
importApply verifies first ▸ 409 if invalid · upserts into your tenant only
From registry to running

How this pack gets into your tenant.

Cross-tenant distribution works because the HMAC signature is over the content hash with the deployment's signing secret — a pack published by one tenant verifies and installs cleanly for another, and install always targets the caller's own tenant.

  1. 01

    Browse & preview

    Find the signed pack in the registry on a stable or beta channel. importPreview shows verifyPack plus a per-section diff against your live ontology, policies, and actions — nothing is written yet.

  2. 02

    Verify the signature

    importApply re-checks hashOk and signatureOk first. A tampered bundle or a wrong secret fails closed with a 409 — there is no partial application, ever.

  3. 03

    Apply & operate

    On a valid pack, ontology types, policies, and actions idempotently upsert into your own tenant. Agents are captured for reference; the registry/licensing flow owns agent creation. Then operate the fleet from the Control Tower.

Governance included

The pack ships the controls your auditors already cite.

The ontology permissions, fail-closed policies, approval gates, and sealed Trust Ledger map directly to the frameworks this use-case reports against. Aligned with — never claiming a certification you don't hold.

BSA / AML · programOFAC · sanctions screeningFinCEN · recordkeepingSOC 2 · auditEU AI Act · logging

Ship KYC/AML review that an examiner can take apart.

Import the signed KYC/AML pack, verify it, and run screening under strict allowlists with dual-control on every adverse decision.