← Agent catalogue
AI Agent Profile · LendingIQ · Bengaluru
KYC / AML Compliance Agent AI
Invoked via: onboarding & transaction monitoring pipelineRuntime: AWS Bedrock · ap-south-1Model: Claude Sonnet 4Context window: 200K tokens
DivisionLending Operations
Resume
What this agent does
The KYC / AML Compliance Agent AI performs customer due diligence at onboarding and periodic review, screens every customer and transaction against sanctions and PEP lists, monitors transaction patterns for AML rule triggers, and drafts Suspicious Transaction Reports when indicators are present. It supports the named human Principal Officer who holds statutory accountability under PMLA. The agent detects, documents, and drafts. The Principal Officer decides and files.
Primary functions
Customer Due Diligence
Per onboarding & periodic reviewInvoked when: new customer onboarding, periodic KYC refresh due, or material change in customer profile
- Reads all KYC documents — OVDs, CKYC record, VKYC outcome, liveness check result — and checks for completeness against the RBI KYC Master Direction requirements for the applicable customer category (individual / sole proprietor / company / trust). Identifies missing documents and flags the specific regulatory requirement that mandates each missing item.
- Verifies identity data across documents: name spelling consistency, date of birth match across PAN, Aadhaar, and bureau report, address consistency, and PAN validation against NSDL records. Flags every discrepancy with the specific fields that conflict rather than a generic mismatch warning.
- For business customers: maps the beneficial ownership chain using MCA director data and UBO declarations to identify Ultimate Beneficial Owners holding 25% or more, and checks whether UBO identification and verification documents are on file as required by the RBI Master Direction on KYC.
- Classifies the customer into a risk category — Low / Medium / High — based on the customer type, transaction profile, geography, and PEP / sanctions check outcome, and determines whether standard CDD or Enhanced Due Diligence (EDD) applies. EDD requirements are listed specifically, not generically.
Output: CDD completion report — document checklist status, identity verification result, UBO mapping for business customers, risk classification, CDD or EDD determination with specific EDD requirements listed, and any open items requiring follow-up before the KYC file is complete.
STR Filing Preparation
Triggered by transaction monitoring alertInvoked when: transaction monitoring system flags a pattern meeting an AML rule threshold, or the compliance team identifies a transaction warranting STR review
- Reads the flagged transaction data alongside the customer's full transaction history, KYC profile, and stated business purpose — and assesses whether the flagged pattern is consistent with the customer's known profile and business activity, or whether it deviates in ways that are difficult to explain by legitimate activity alone.
- Applies the PMLA predicate offence list to the transaction pattern — structuring, layering, smurfing, round-tripping, cash-heavy activity inconsistent with stated business — and identifies which specific AML indicator(s) from the FIU-IND STR guidance the pattern triggers.
- Drafts the STR in the FIU-IND prescribed format — describing the suspicious activity, the transaction details, the customer profile, the indicators triggered, and the reason for suspicion — for the Principal Officer to review, modify, and file or decide not to file. The draft is explicitly marked as a draft requiring Principal Officer review and decision.
- Does not decide whether to file. The Principal Officer reviews the draft, applies their judgment on context and relationship factors the agent cannot fully assess, makes the filing decision, and submits through the FIU-IND reporting portal under their own credentials and statutory accountability.
Output: STR preparation package — transaction pattern analysis with AML indicator mapping, customer profile context, draft STR in FIU-IND format marked "Draft — Principal Officer review required," and a supporting evidence summary for the compliance file regardless of whether the STR is ultimately filed.
Sanctions Screening
Every customer onboarding & daily batchInvoked when: new customer onboarding, daily batch run against active customer base, or sanctions list update detected
- Screens every customer name, alias, and associated entity (employer, beneficial owner, guarantor) against the configured sanctions and watchlist sources: UN Security Council list, OFAC SDN list, MHA designated terrorist list, RBI caution list, and any additional lists configured by the compliance team. Uses fuzzy matching logic to catch name variants and transliteration differences that exact matching would miss.
- For each potential match, produces a match analysis — the degree of similarity, the matching fields (name, date of birth, nationality, address), and whether the match is a confirmed hit, a probable match requiring investigation, or a false positive based on the distinguishing data available. A "probable match" is never silently cleared; it is escalated to the Principal Officer with the matching evidence.
- Runs a daily batch re-screen of the active customer base whenever the sanctions lists are updated — because a customer who was clean at onboarding may appear on a newly designated list. Sends an immediate alert for any active customer who appears on an updated list, because the regulatory obligation to freeze activity on a sanctioned entity applies from the moment of designation, not from the next periodic review.
Output: Sanctions screening report — all matches with match confidence level and distinguishing data, confirmed hits flagged as Immediate Human Action required, probable matches flagged for Principal Officer investigation, false positive clearances documented with the distinguishing information, and daily batch summary showing all lists screened and total customer base covered.
Knowledge base
RBI KYC Master Direction (RAG)
Full KYC Master Direction with all amendments — CDD requirements by customer type, EDD triggers, periodic review timelines, VKYC norms, and OVD categories. Retrieved at invocation, always current.
Sanctions & PEP Lists
UN, OFAC, MHA, and RBI caution lists — refreshed daily. The most time-sensitive data dependency: a day-old list creates a window of undetected sanctions exposure.
PMLA & AML Policy (RAG)
Prevention of Money Laundering Act 2002, PMLA Rules, FIU-IND STR filing guidelines, and LendingIQ's internal AML policy. The legal and policy framework for all STR and CDD decisions.
Transaction Monitoring Rules
Configured AML rule set — threshold limits, pattern triggers, structuring detection rules, and high-risk indicator definitions. Maintained by the compliance team and applied by the agent at runtime.
CKYC Registry
Central KYC record lookup for identity verification — reduces duplicate KYC effort for customers already verified elsewhere in the financial system.
KYC / AML Knowledge
Pre-training knowledge of Indian AML frameworks, PMLA obligations, FATF recommendations, and NBFC KYC compliance practice up to knowledge cutoff.
Hard guardrails
Will notFile an STR with FIU-IND. STR submission is a statutory act of the Principal Officer. The agent prepares the draft; the Principal Officer files under their own credentials and statutory accountability.
Will notClear a confirmed sanctions match. Any match against a designated sanctions list is escalated to the Principal Officer immediately, regardless of the agent's confidence in the match. False positive clearances require human review and documented rationale.
Will notFreeze or exit a customer account. Account actions in response to AML concerns require human compliance officer decision and follow the prescribed regulatory process for account restrictions.
Will notComplete KYC for a customer with a missing mandatory document by waiving the requirement. Incomplete KYC files are flagged as incomplete — the agent does not approve a workaround or exception without human compliance officer authorisation.
Known limitations
Sanctions list freshness is the most time-critical dependency. A sanctions hit that is detectable from the moment of designation but not caught until the next daily batch run creates a window of regulatory exposure. For high-risk customers and PEPs, the batch frequency may not be sufficient.Configure real-time screening triggers for high-risk customer categories — every transaction above a threshold for PEP accounts, and every list update for designated terrorist-linked entities. Reserve batch screening for the standard-risk customer population.
The agent cannot assess the true purpose behind a transaction. AML analysis identifies patterns that are inconsistent with the customer's stated profile — but it cannot determine whether an unusual transaction reflects criminal activity, a legitimate but undisclosed business change, or a data entry error. The STR decision requires the Principal Officer to apply relationship context that the agent does not have.Supplement transaction monitoring alerts with a structured enquiry step — before escalating to STR preparation, the compliance team should seek a transaction explanation from the customer for unusual patterns. If the explanation is unsatisfactory or not provided, the STR preparation pipeline is triggered. This reduces false positive STR drafts and creates a better-documented evidence trail.
Fuzzy name matching for sanctions screening produces both false positives and false negatives. Common name variants, transliteration differences across scripts, and name order differences (first-last vs last-first) make exact-match screening inadequate but fuzzy-match screening noisy. The match confidence assessment requires human judgment for probable matches.Maintain a documented false positive library — cleared matches with the distinguishing information that confirmed non-match. This library speeds up repeated false positive clearing for customers with common names and creates an audit trail showing the screening was thorough, not lazy.
Beneficial ownership mapping is limited by the quality of UBO declarations and MCA data. Shell company structures, nominee arrangements, and jurisdictions with opaque corporate registries can defeat the agent's UBO tracing capability. A UBO chain that the agent cannot fully trace is flagged as "incomplete — manual investigation required," not cleared as verified.For business customers from high-risk jurisdictions or complex ownership structures, mandate enhanced due diligence that includes independent UBO verification through a third-party corporate intelligence service before account opening.
Important Reads
Learn more about how to deploy KYC / AML Compliance Agent AI to your lending workflow.
- Use case #0001How KYC AI Screens 10,000 Customers Against Sanctions Lists in Real TimeA sanctions list match discovered after a loan has been disbursed is not a compliance success — it is a compliance failure with added paperwork. The KYC/AML AI screens every customer against every applicable sanctions list in under 500 milliseconds, at every stage where a match could be material: onboarding, annual review, and the moment a new name appears on any list. The institution never unknowingly holds a sanctioned exposure.Read article →
- Use case #0002Automated STR Filing: What KYC/AML AI Submits to FIU-INDUnder the Prevention of Money Laundering Act, a lending institution that detects a suspicious transaction must file a Suspicious Transaction Report with FIU-IND within 7 working days of becoming aware of the suspicion. The institution that relies on its compliance team to detect suspicious transactions manually, draft the STR, obtain approval, and file it is the institution that files late, files incompletely, or — most dangerously — fails to file at all because the transaction's suspicious nature was not recognised in time.Read article →
- Use case #0003KYC AI and PMLA Compliance: The Audit Trail That Satisfies RegulatorsA PMLA inspection is not an audit of intentions — it is an audit of evidence. The FIU-IND inspector who arrives at an institution is looking for documented proof that every obligation under the Prevention of Money Laundering Act was met, at the right time, by the right person, with the right records maintained. The KYC/AML AI generates that proof automatically, continuously, and in the exact format the inspector expects to examine.Read article →