AI Agent Profile · LendingIQ · Frankfurt

KYC / AML Compliance Agent AI

Invoked via: onboarding & transaction monitoring pipelineRuntime: AWS Bedrock · eu-west-1Model: Claude Sonnet 4Context window: 200K tokens

DivisionLending Operations

Resume

Agent specs

Agent TypeCDD screening + STR drafting + Sanctions check

InvocationPer customer onboarding · Periodic review · Transaction trigger

MemorySession-scoped; customer risk profile via CDD store

Max Context200K tokens per session

Latency3–15 sec per CDD check; 15–40 sec for STR draft

Output FormatCDD report · STR draft · Sanctions alert

Statutory AuthorityNone — named human Principal Officer holds EU AML Directive (AMLD) accountability

Reasoning strengths

CDD document verificationStrong

Sanctions list matchingStrong

Transaction pattern analysisGood

STR narrative draftingGood

Beneficial ownership mappingGood

Independent STR filing to national FIUCannot do

Live integrations

KYC / AML Document StoreOVD scans, VKYC recordings, liveness check results

eIDAS Identity VerificationNational ID and eIDAS-compliant verification records

Sanctions & PEP List FeedUN, OFAC, EU Consolidated Sanctions, ECB / EBA caution list — daily refresh

Transaction Monitoring SystemFlagged transaction patterns, threshold breach alerts

National Company Registry & UBOBeneficial ownership and director linkage data (e.g. Companies House)

CCO AI AgentAML policy compliance routed to CCO for governance oversight

Escalation logic

AutoStandard CDD — clean KYC / AML, no sanctions hit

AutoPeriodic KYC / AML refresh — no material change

FlagPEP identification — enhanced due diligence required

FlagBeneficial ownership chain unclear

FlagTransaction pattern triggers AML rule

HumanSanctions list match — any hit

HumanSTR decision — file or not file

HumanAccount freeze or exit recommendation

What this agent does

The KYC / AML Compliance Agent AI performs customer due diligence at onboarding and periodic review, screens every customer and transaction against sanctions and PEP lists, monitors transaction patterns for AML rule triggers, and drafts Suspicious Transaction Reports when indicators are present. It supports the named human Principal Officer who holds statutory accountability under EU AML Directive (AMLD). The agent detects, documents, and drafts. The Principal Officer decides and files.

Primary functions

Customer Due Diligence

Per onboarding & periodic review

Invoked when: new customer onboarding, periodic KYC / AML refresh due, or material change in customer profile

Reads all KYC / AML documents — OVDs, VKYC outcome, liveness check result — and checks for completeness against the ECB / EBA KYC / AML ECB guide / EBA guideline requirements for the applicable customer category (individual / sole proprietor / company / trust). Identifies missing documents and flags the specific regulatory requirement that mandates each missing item.
Verifies identity data across documents: name spelling consistency, date of birth match across national ID / eIDAS and bureau report, address consistency, and national ID verification via eIDAS-compliant identity services. Flags every discrepancy with the specific fields that conflict rather than a generic mismatch warning.
For business customers: maps the beneficial ownership chain using national company registry director data and UBO declarations to identify Ultimate Beneficial Owners holding 25% or more, and checks whether UBO identification and verification documents are on file as required by the ECB guide / EBA guideline on KYC / AML.
Classifies the customer into a risk category — Low / Medium / High — based on the customer type, transaction profile, geography, and PEP / sanctions check outcome, and determines whether standard CDD or Enhanced Due Diligence (EDD) applies. EDD requirements are listed specifically, not generically.

Output: CDD completion report — document checklist status, identity verification result, UBO mapping for business customers, risk classification, CDD or EDD determination with specific EDD requirements listed, and any open items requiring follow-up before the KYC / AML file is complete.

STR Filing Preparation

Triggered by transaction monitoring alert

Invoked when: transaction monitoring system flags a pattern meeting an AML rule threshold, or the compliance team identifies a transaction warranting STR review

Reads the flagged transaction data alongside the customer's full transaction history, KYC / AML profile, and stated business purpose — and assesses whether the flagged pattern is consistent with the customer's known profile and business activity, or whether it deviates in ways that are difficult to explain by legitimate activity alone.
Applies the EU AML Directive (AMLD) predicate offence list to the transaction pattern — structuring, layering, smurfing, round-tripping, cash-heavy activity inconsistent with stated business — and identifies which specific AML indicator(s) from the national FIU STR guidance the pattern triggers.
Drafts the STR in the national FIU prescribed format — describing the suspicious activity, the transaction details, the customer profile, the indicators triggered, and the reason for suspicion — for the Principal Officer to review, modify, and file or decide not to file. The draft is explicitly marked as a draft requiring Principal Officer review and decision.
Does not decide whether to file. The Principal Officer reviews the draft, applies their judgment on context and relationship factors the agent cannot fully assess, makes the filing decision, and submits through the national FIU reporting portal under their own credentials and statutory accountability.

Output: STR preparation package — transaction pattern analysis with AML indicator mapping, customer profile context, draft STR in national FIU format marked "Draft — Principal Officer review required," and a supporting evidence summary for the compliance file regardless of whether the STR is ultimately filed.

Sanctions Screening

Every customer onboarding & daily batch

Invoked when: new customer onboarding, daily batch run against active customer base, or sanctions list update detected

Screens every customer name, alias, and associated entity (employer, beneficial owner, guarantor) against the configured sanctions and watchlist sources: UN Security Council list, OFAC SDN list, EU Consolidated Sanctions List, ECB / EBA caution list, and any additional lists configured by the compliance team. Uses fuzzy matching logic to catch name variants and transliteration differences that exact matching would miss.
For each potential match, produces a match analysis — the degree of similarity, the matching fields (name, date of birth, nationality, address), and whether the match is a confirmed hit, a probable match requiring investigation, or a false positive based on the distinguishing data available. A "probable match" is never silently cleared; it is escalated to the Principal Officer with the matching evidence.
Runs a daily batch re-screen of the active customer base whenever the sanctions lists are updated — because a customer who was clean at onboarding may appear on a newly designated list. Sends an immediate alert for any active customer who appears on an updated list, because the regulatory obligation to freeze activity on a sanctioned entity applies from the moment of designation, not from the next periodic review.

Output: Sanctions screening report — all matches with match confidence level and distinguishing data, confirmed hits flagged as Immediate Human Action required, probable matches flagged for Principal Officer investigation, false positive clearances documented with the distinguishing information, and daily batch summary showing all lists screened and total customer base covered.

Knowledge base

ECB / EBA KYC / AML ECB guide / EBA guideline (RAG)

Full KYC / AML ECB guide / EBA guideline with all amendments — CDD requirements by customer type, EDD triggers, periodic review timelines, VKYC norms, and OVD categories. Retrieved at invocation, always current.

Sanctions & PEP Lists

UN, OFAC, EU Consolidated Sanctions, and ECB / EBA caution lists — refreshed daily. The most time-sensitive data dependency: a day-old list creates a window of undetected sanctions exposure.

EU AML Directive (AMLD) & AML Policy (RAG)

EU AML Directive (AMLD), national AML laws, and EU member-state FIU STR filing guidelines, national FIU STR filing guidelines, and LendingIQ's internal AML policy. The legal and policy framework for all STR and CDD decisions.

Transaction Monitoring Rules

Configured AML rule set — threshold limits, pattern triggers, structuring detection rules, and high-risk indicator definitions. Maintained by the compliance team and applied by the agent at runtime.

eIDAS Identity Verification Records

National ID and eIDAS-compliant verification — supports identity matching across onboarding documents.

KYC / AML Knowledge

Pre-training knowledge of European AML frameworks, EU AML Directive (AMLD) obligations, FATF recommendations, and bank KYC / AML compliance practice up to knowledge cutoff.

Hard guardrails

Will notFile an STR with national FIU. STR submission is a statutory act of the Principal Officer. The agent prepares the draft; the Principal Officer files under their own credentials and statutory accountability.

Will notClear a confirmed sanctions match. Any match against a designated sanctions list is escalated to the Principal Officer immediately, regardless of the agent's confidence in the match. False positive clearances require human review and documented rationale.

Will notFreeze or exit a customer account. Account actions in response to AML concerns require human compliance officer decision and follow the prescribed regulatory process for account restrictions.

Will notComplete KYC / AML for a customer with a missing mandatory document by waiving the requirement. Incomplete KYC / AML files are flagged as incomplete — the agent does not approve a workaround or exception without human compliance officer authorisation.

Known limitations

Sanctions list freshness is the most time-critical dependency. A sanctions hit that is detectable from the moment of designation but not caught until the next daily batch run creates a window of regulatory exposure. For high-risk customers and PEPs, the batch frequency may not be sufficient.Configure real-time screening triggers for high-risk customer categories — every transaction above a threshold for PEP accounts, and every list update for designated terrorist-linked entities. Reserve batch screening for the standard-risk customer population.

The agent cannot assess the true purpose behind a transaction. AML analysis identifies patterns that are inconsistent with the customer's stated profile — but it cannot determine whether an unusual transaction reflects criminal activity, a legitimate but undisclosed business change, or a data entry error. The STR decision requires the Principal Officer to apply relationship context that the agent does not have.Supplement transaction monitoring alerts with a structured enquiry step — before escalating to STR preparation, the compliance team should seek a transaction explanation from the customer for unusual patterns. If the explanation is unsatisfactory or not provided, the STR preparation pipeline is triggered. This reduces false positive STR drafts and creates a better-documented evidence trail.

Fuzzy name matching for sanctions screening produces both false positives and false negatives. Common name variants, transliteration differences across scripts, and name order differences (first-last vs last-first) make exact-match screening inadequate but fuzzy-match screening noisy. The match confidence assessment requires human judgment for probable matches.Maintain a documented false positive library — cleared matches with the distinguishing information that confirmed non-match. This library speeds up repeated false positive clearing for customers with common names and creates an audit trail showing the screening was thorough, not lazy.

Beneficial ownership mapping is limited by the quality of UBO declarations and company registry data. Shell company structures, nominee arrangements, and jurisdictions with opaque corporate registries can defeat the agent's UBO tracing capability. A UBO chain that the agent cannot fully trace is flagged as "incomplete — manual investigation required," not cleared as verified.For business customers from high-risk jurisdictions or complex ownership structures, mandate enhanced due diligence that includes independent UBO verification through a third-party corporate intelligence service before account opening.

Important Reads

Learn more about how to deploy KYC / AML Compliance Agent AI to your lending workflow.