KYC / CDD / AML Compliance Agent AI

Invoked when: new customer onboarding, periodic KYC / CDD refresh due, or material change in customer profile

• –Reads all KYC / CDD documents — OVDs, VKYC outcome, liveness check result — and checks for completeness against the CBUAE / SAMA KYC / CDD CBUAE Standard / SAMA circular requirements for the applicable customer category (individual / sole proprietor / company / trust). Identifies missing documents and flags the specific regulatory requirement that mandates each missing item.
• –Verifies identity data across documents: name spelling consistency, date of birth match across Emirates ID / Iqama and bureau report, address consistency, and Emirates ID / Iqama validation via ICA (UAE) or ABSHER (Saudi) records. Flags every discrepancy with the specific fields that conflict rather than a generic mismatch warning.
• –For business customers: maps the beneficial ownership chain using UAE Ministry of Economy / DED registry director data and UBO declarations to identify Ultimate Beneficial Owners holding 25% or more, and checks whether UBO identification and verification documents are on file as required by the CBUAE Standard / SAMA circular on KYC / CDD.
• –Classifies the customer into a risk category — Low / Medium / High — based on the customer type, transaction profile, geography, and PEP / sanctions check outcome, and determines whether standard CDD or Enhanced Due Diligence (EDD) applies. EDD requirements are listed specifically, not generically.

Invoked when: transaction monitoring system flags a pattern meeting an AML rule threshold, or the compliance team identifies a transaction warranting STR review

• –Reads the flagged transaction data alongside the customer's full transaction history, KYC / CDD profile, and stated business purpose — and assesses whether the flagged pattern is consistent with the customer's known profile and business activity, or whether it deviates in ways that are difficult to explain by legitimate activity alone.
• –Applies the UAE AML / CFT Law predicate offence list to the transaction pattern — structuring, layering, smurfing, round-tripping, cash-heavy activity inconsistent with stated business — and identifies which specific AML indicator(s) from the UAE FIU STR guidance the pattern triggers.
• –Drafts the STR in the UAE FIU prescribed format — describing the suspicious activity, the transaction details, the customer profile, the indicators triggered, and the reason for suspicion — for the Principal Officer to review, modify, and file or decide not to file. The draft is explicitly marked as a draft requiring Principal Officer review and decision.
• –Does not decide whether to file. The Principal Officer reviews the draft, applies their judgment on context and relationship factors the agent cannot fully assess, makes the filing decision, and submits through the UAE FIU reporting portal under their own credentials and statutory accountability.

Invoked when: new customer onboarding, daily batch run against active customer base, or sanctions list update detected

• –Screens every customer name, alias, and associated entity (employer, beneficial owner, guarantor) against the configured sanctions and watchlist sources: UN Security Council list, OFAC SDN list, UAE EOCN (Executive Office for Control & Non-Proliferation) sanctions list, CBUAE / SAMA caution list, and any additional lists configured by the compliance team. Uses fuzzy matching logic to catch name variants and transliteration differences that exact matching would miss.
• –For each potential match, produces a match analysis — the degree of similarity, the matching fields (name, date of birth, nationality, address), and whether the match is a confirmed hit, a probable match requiring investigation, or a false positive based on the distinguishing data available. A "probable match" is never silently cleared; it is escalated to the Principal Officer with the matching evidence.
• –Runs a daily batch re-screen of the active customer base whenever the sanctions lists are updated — because a customer who was clean at onboarding may appear on a newly designated list. Sends an immediate alert for any active customer who appears on an updated list, because the regulatory obligation to freeze activity on a sanctioned entity applies from the moment of designation, not from the next periodic review.