- Customer — name, dob, nationalId (PII, restricted), riskRating
- Alert — alertType, matchScore, sanctionsHit, status
Screen under allowlist. Dispose under dual control.
A signed, versioned Solution Pack for KYC onboarding and AML review: screening and case-disposition agents under strict model and tool allowlists, with every decision explained, dual-controlled, and chained to evidence. Import it into your tenant with its hash and signature checked at the door.
off-allowlist model → 403 · dual-control disposition · verifyPack(hashOk + signatureOk)
One signed artifact — the whole governed solution.
The KYC/AML pack governs customer onboarding and the disposition of AML alerts. It bundles the screening ontology (customer, alert), the policies that enforce allowlists, sanctions-hit holds, and dual-control on adverse decisions, the Action Fabric actions that escalate or close a case, and three curated agents — so a high-scrutiny review workflow ships as one provable artifact that an examiner can take apart.
The targets the pack is tuned to.
Illustrative targets for this use-case, configurable per deployment — the gates that enforce them ship in the pack.
Four governed sections, one signed bundle.
A pack is a contents bundle plus its integrity envelope. The bundle carries the definitions; the envelope — canonicalize → sha256 contentHash → HMAC signature — is what makes it portable and provable.
- Off-allowlist model or tool → 403 (fail-closed)
- Sanctions hit → hold, escalate to human reviewer
- Adverse disposition → dual-control (two approvers)
- nationalId is restricted — read denied outside screening
- escalateCase — riskTier: medium, opens human review
- closeCase — riskTier: high, dual-control approval
- requestEDD — riskTier: low, enhanced due diligence
- KYC Screener — onboarding checks under strict allowlist
- AML Triage — scores alerts, cites the matched signals
- Case Disposer — proposes disposition, never closes alone
Governed agents, mapped to real Cortex controls.
Every capability in this pack is enforced by a runtime control you can audit — identity, policy, action approvals, and a sealed Trust Ledger. The pack configures them; the platform enforces them.
- Agents may use only allowlisted models and tools. An off-allowlist call returns 403 — there is no quiet fallback to an unapproved model on a sanctions decision.
- closeCase is a high-risk action requiring two approvers. No single agent — and no single human — can quietly clear an AML alert; the second pair of eyes is policy, not procedure.
- The AML Triage agent cites the signals behind each match score and sanctions hit. Dispositions carry a rationale a regulator can read — no opaque scoring.
- A sanctions match forces a hold and a human escalation by policy. The agent cannot self-clear a hit; it routes the case to a reviewer with the evidence attached.
- nationalId and dob are restricted properties — read-denied outside the screening agents that need them, keeping sensitive identity data out of unrelated prompts.
- Each escalation and closure is sealed in the hash-chained Trust Ledger with a signed receipt and 10-hop lineage — so a disputed disposition has a tamper-evident record behind it.
See what changes, verify the signature, then apply — to your tenant only.
Importing a pack is a verify-first, two-step flow. importPreview gives you a per-section diff against your live definitions; importApply re-checks the hash and signature, then idempotently upserts. Tamper with the contents and verifyPack returns hashOk:false — and any apply returns a 409 with no partial write.
- canonicalize → sha256 contentHash → HMAC signature — deterministic bytes, re-checkable offline
- verifyPack checks hashOk and signatureOk before a single row is written
- importPreview diff: added / changed / unchanged per section
- Tampered contents → hashOk:false → importApply 409, always your own tenant
How this pack gets into your tenant.
Cross-tenant distribution works because the HMAC signature is over the content hash with the deployment's signing secret — a pack published by one tenant verifies and installs cleanly for another, and install always targets the caller's own tenant.
- 01
Browse & preview
Find the signed pack in the registry on a stable or beta channel. importPreview shows verifyPack plus a per-section diff against your live ontology, policies, and actions — nothing is written yet.
- 02
Verify the signature
importApply re-checks hashOk and signatureOk first. A tampered bundle or a wrong secret fails closed with a 409 — there is no partial application, ever.
- 03
Apply & operate
On a valid pack, ontology types, policies, and actions idempotently upsert into your own tenant. Agents are captured for reference; the registry/licensing flow owns agent creation. Then operate the fleet from the Control Tower.
The pack ships the controls your auditors already cite.
The ontology permissions, fail-closed policies, approval gates, and sealed Trust Ledger map directly to the frameworks this use-case reports against. Aligned with — never claiming a certification you don't hold.
The pack is configuration — the runtime does the enforcing.
This pack rides the same governed runtime as every other Cortex solution. Explore the controls it configures and the industry it serves.
Banking & KYC/AML industry
Onboarding, screening, and case-disposition agents under strict allowlists and dual control.
Agent IAM
The model and tool allowlists that make an off-allowlist call return 403 are enforced at issuance.
Trust Ledger
Where every disposition is sealed — verifiable offline when an examiner challenges a decision.
Oversight
Dual-control approval modes for high-risk closures — autonomy can only tighten the gate.
Ship KYC/AML review that an examiner can take apart.
Import the signed KYC/AML pack, verify it, and run screening under strict allowlists with dual-control on every adverse decision.