An AI Agent Organization for Transaction Monitoring and Onboarding
Category
Compliance & Automation
/
/
For Round.ai, I designed two connected organizations of specialized AI agents that support financial compliance, one for transaction monitoring and one for KYC and KYB onboarding. Each is structured as a hierarchy, an orchestrator at the top, domain leads beneath it, and analyst agents doing the investigative work, so a decision is the product of specialists working together rather than a single model doing everything.

The challenge
Many institutions meet rising compliance volume by hiring more analysts, but headcount is an expensive lever that does not scale cleanly. Costs climb with every hire while the friction grows alongside them: decisions become less consistent from one reviewer to the next, knowledge stays siloed in individuals, hand-offs and escalations multiply, each new hire takes time to onboard, and the audit trail gets harder to keep clean across a larger team. The aim here was to scale the work without that drag, getting the speed and consistency of automation while keeping the rigor and auditability compliance demands. Doing it all by hand is slow and hard to keep consistent. Handing it to a single AI model risks the opposite, speed with no traceability or defensibility.
Both transaction monitoring and onboarding require many distinct checks, screening, jurisdiction risk, prohibited categories, UBO and identity, document validation, each needing its own expertise.
Every decision has to be explainable and evidence-backed, with a trail a regulator can reconstruct end to end.
Sensitive data has to be accessed on a need-to-know basis, not handed wholesale to every part of the system.
AI output cannot be taken on trust, since unsourced conclusions or invented evidence are unacceptable in a compliance setting.
The approach
I designed each organization as a layered hierarchy of specialized agents, deliberately mirroring how a real compliance team works, with clear roles, delegation, and sign-off.
Phase 1, the structure
Built a three-layer model, an orchestrator that runs the review and consolidates the outcome, domain lead agents that each own a specific area, and analyst agents that do the detailed investigation and report back, so every recommendation is the product of specialists rather than one generalist.
Phase 2, the policy that governs every agent
Wrote a binding compliance policy for each organization, one for transaction monitoring and one for onboarding, that all of its agents must follow, so reviews stay deterministic, explainable, and consistent across cases and over time. Rather than letting agents fall back on generalized AML knowledge or their own judgment, each policy defines exactly what to check, how to interpret it, and what counts as missing or insufficient, with binding reference lists for restricted jurisdictions, prohibited activities, and prohibited persons, a UBO threshold on the onboarding side, document standards, and strict rules on when OSINT screening may and may not run. Crucially, the policy is the only institution-specific part of the system: the agents, their prompts, their tools, and the hierarchy stay fixed, so adapting the whole organization to a new financial institution means writing a new policy rather than rebuilding anything, which keeps it client-agnostic and reusable.
Phase 3, transaction monitoring
Created leads for the key domains, prohibited businesses, restricted persons and jurisdictions, screening, transaction context, and documentation review, with the orchestrator producing a recommended outcome of approve, request information, or reject, plus an internal rationale and ready-to-send draft replies for partner RFIs or client requests.
Phase 4, KYC and KYB onboarding
Built a second organization on the same pattern with five domain leads, identity and UBO, corporate validation, sanctions and jurisdiction, OSINT, and financial crime and documentation, with a clear outcome taxonomy of pass, request information, enhanced due diligence, or reject, and logic that tells a fixable data gap apart from a genuine risk signal.
Phase 5, auditability and least privilege by design
Made every finding cite its sources, both internal documents and external checks, required the system to mark anything unverifiable as inconclusive rather than guess, logged every step immutably, and scoped each agent's data access to the minimum it needs for its task.
Phase 6, efficiency and cost control
Tuned the system to keep token consumption low. I refined each agent's prompts, gave every agent only the tools it actually needed for its job (web search, OCR for documents, database queries, and similar), and built gate logic so a review could stop early when the answer was already clear. Information was handed progressively from one agent to the next, and if a gate failed, for example a transaction flagged as tied to a restricted jurisdiction, the remaining agents never ran and the result was returned immediately, instead of completing a full and costly review.
Every recommendation is reviewed and approved by a person. The agents investigate, cite their evidence, and propose a risk-based outcome, but the final decision sits with a human, so the system works as decision support, not autonomous authority.
The impact
The result is a compliance review that behaves like a well-run team, but with the speed, consistency, and cost profile of software rather than growing headcount.
Every recommendation comes with a full evidence trail, each finding cited to an internal document or an external source, so a reviewer can verify it rather than take it on trust.
The same checks are applied the same way every time, governed by the policy, which removes the variability that creeps in across a larger human team.
Reusable across institutions: because all the institution-specific rules live in the policy, the same agent organization can serve a new financial institution by rewriting that one layer, with no change to the agents, tools, or structure.
Specialized agents mean each domain is handled with focus, instead of one model trying to do everything at once.
Built to run cheaply, with scoped tooling and early-exit gates that skip the full review when a single decisive signal, like a restricted-jurisdiction flag, already settles the outcome.
Sensitive data is accessed on a least-privilege, need-to-know basis, with every access logged.
Scale without losing the rigor
Compliance is exactly where AI tends to fall short. It can be fast, but fast is worthless if a decision cannot be explained or defended. By structuring the work as a team of specialized agents that follow a binding policy, cite their evidence, flag what they cannot verify, and log every step, and by keeping a person on the final decision, the system brings real scale to monitoring and onboarding without the rising cost of headcount. And because the institution-specific rules live entirely in the policy, the same organization can be adapted to a new client by rewriting that one layer, turning a one-off build into a product that can be deployed for any institution.

