KYE AML & Financial-Crimes Governance Pack™ for AI-assisted AML actions.
When an AI agent triages a monitoring alert, clears or blocks a sanctions screening hit, drafts a suspicious-activity report, or completes a KYC/CDD onboarding case and that decision starts to move toward being committed — the alert disposed, the hit cleared, the SAR/STR filed, the customer onboarded — the consequential moment has arrived. The KYE AML & Financial-Crimes Governance Pack™ governs that action boundary: it binds every consequential action to a named compliance officer's or MLRO's authority, records the due diligence before the action, holds the action advisory until a named officer signs off — with two-person sign-off on the SAR/STR filing — and seals it into a replay-provable provenance record. KYE Protocol™ governs whether the AML action may proceed — it does not run transaction-monitoring models, decide whether a transaction is truly money-laundering, or replace the institution's AML program.
AI now triages alerts and drafts SARs — and the SAR/STR filing is the regulator-facing action where accountability concentrates.
Generative AML copilots, automated alert-disposition engines, sanctions-screening assistants, and KYC/CDD onboarding tools are producing decisions that move quickly toward the alert queue, the screening clearance, the financial intelligence unit, and the customer record. The high-value problem is not whether the model scored a transaction — it is the action boundary. Three facts converge:
- The consequential moment is the disposition, the clearance, and the filing — not the score. A model's alert score is inert; an alert closed, a sanctions hit cleared, a SAR/STR submitted to the financial intelligence unit, or a customer onboarded is consequential. The SAR/STR filing is a regulator-facing submission (FATF R.20; 31 CFR 1020.320 / FinCEN) where MLRO and institution accountability attaches at the moment the action proceeds — exactly where governance is weakest.
- The standards already exist; the enforcement of authority does not. The FATF 40 Recommendations' risk-based approach (R.1), customer due diligence (R.10), and suspicious-transaction reporting (R.20), the EU 6AMLD corporate-liability provisions, the US Bank Secrecy Act / FinCEN AML-program and SAR obligations, and the Wolfsberg sanctions-screening principles define what is required. KYE Protocol™ governs whether an AI-assisted AML action may proceed under those standards, under whose authority, with due diligence recorded before the action.
- Provenance is now an examiner expectation. An alert disposed under a risk-based program, the lists screened behind a sanctions clearance, and the inputs behind a SAR each must carry documented data integrity and lineage (FATF R.11; FinCEN / BSA record-keeping). KYE Protocol™ produces a signed, replay-derivable provenance pin at the moment the action commits.
- This is a governance wedge, not an AML engine. KYE Protocol™ does not compete with the transaction-monitoring, screening, or case-management tools. It governs the action boundary they feed — the named-authority + due-diligence + two-person sign-off + provenance layer the AI AML ecosystem currently lacks. The FATF R.16 Travel Rule is reused via the existing KYE FATF Travel Rule Sector Pack™, never re-mapped.
Survives an examiner, an FATF assessment, or a regulator spot check — due-diligenced, two-person-signed-off, and derivable from public keys alone.
- Due-diligenced by construction. An AI-assisted AML action that moves toward a disposition, clearance, filing, or onboarding must carry a recorded due-diligence result — a CDD / KYC determination (FATF R.10; FinCEN CDD Rule), a screening determination (sanctions / PEP / adverse-media match assessment; Wolfsberg), and a risk determination (FATF R.1) where applicable. An unscreened, low-confidence, or due-diligence-deficient action is refused at the action-admissibility gate.
- Sign-off-gated, two-person on the SAR/STR. An action stays advisory until a named compliance officer, MLRO / nominated officer, or BSA officer records sign-off. The SAR/STR filing additionally requires §36 GovernedUI two-person sign-off — the drafting analyst and an approving MLRO / BSA officer. Unreviewed AI-driven consequential actions are refused and routed dual-channel.
- Authority-bound. Every consequential action maps to a recorded named-authority decision — the agent, the AML artefact (alert, screening hit, SAR/STR draft, onboarding case), the intended action, and the named officer under whose authority it proceeds. An AI authorised for one purpose cannot proceed under another.
- Replay-provable provenance. A signed provenance pin binds the model and version, the screened lists and list versions / pinned source data, the due-diligence result, and the authority outcome — audit-grade data integrity an examiner, an FATF assessor, or a regulator can verify offline, against published keys alone, satisfying FATF R.11 and FinCEN / BSA record-keeping.
- Framework-anchored. The FATF 40 Recommendations, EU 6AMLD, US BSA / FinCEN, and the Wolfsberg Principles each map to a control row — with a 90-day attestation cadence.
Every consequential AML action — authority-bound at the action boundary.
One coherent spine governs four specializations — transaction-monitoring, sanctions-screening, sar-filing, and kyc-cdd — with no parallel packs. Each AI-assisted AML action that moves toward a consequential action flows through the same four rules, on the canonical KYE Protocol™ envelopes.
- 1 — Action proposed. An AI agent proposes an alert disposition, a sanctions-hit clearance or block, a SAR/STR draft, or a KYC/CDD onboarding decision that begins to move toward being committed.
- 2 — Due diligence + authority check. The Action Admissibility™ Gate verifies a recorded due-diligence result (CDD / screening / risk determination) and the named-authority under which the action proceeds, under the §25 Edge Governance Safety Floor. No due diligence, no authority = no action.
- 3 — Advisory pending sign-off. The action is advisory until a named compliance officer, MLRO / nominated officer, or BSA officer records sign-off — with two-person sign-off (analyst and approving officer) required on the SAR/STR filing. Low-confidence or unreviewed actions are refused and routed dual-channel.
- 4 — Provenance pin sealed. The runtime emits kye.purpose.request.v1 + kye.purpose.admissibility.v1 + kye.evidence.decision_map.v1 + kye.evidence.pack.v1 in lockstep, binding the model and version, the screened lists / pinned source data, the due-diligence result, the named officer, and the Authority Finality™ outcome — signed and replay-derivable for an examiner, an FATF assessor, or a regulator spot check.
Bound to the AI AML authority + due-diligence + provenance perimeter.
The pack binds the canonical KYE™ artefact set to the international AML / financial-crimes standards perimeter. Every claim resolves to a control row on the bound framework — the four regimes are consumed by the rule pack, never re-mapped, and the FATF R.16 Travel Rule is reused via the existing KYE FATF Travel Rule Sector Pack™ rather than duplicated.
| Framework | Control area | Pack coverage |
|---|---|---|
| FATF 40 Recommendations | Risk-based approach (R.1), CDD & beneficial ownership (R.10), record-keeping (R.11), Travel Rule (R.16, reused), suspicious-transaction reporting (R.20) | partial |
| EU 6AMLD | Predicate offences & scope, aiding/abetting/inciting, corporate / legal-person liability, competent-authority cooperation | partial |
| US BSA / FinCEN | AML program (31 U.S.C. 5318(h)), CDD Rule & beneficial ownership, Suspicious Activity Reporting (SAR), record-keeping | partial |
| Wolfsberg Principles | Risk-based KYC / CDD, sanctions & transaction screening governance, correspondent-banking due diligence | partial |
Honest scope. KYE Protocol™ governs the authority, due diligence, sign-off, and provenance of the AI instruction at the action boundary — whether the AML action may proceed. It does not run transaction-monitoring models, decide whether a transaction is truly money-laundering, run the screening engine, or replace the institution's AML program. Partial coverage means the bound surface satisfies the control area when paired with the institution's own AML program and analyst judgment.
Qualified AI AML partners — apply through the Foundry.
The KYE AML & Financial-Crimes Governance Pack™ is a §68 sector product productised through the KYE Sector Pack Foundry™ Build tier; commercial distribution is value-based, qualification-gated, and disclosed under NDA to qualified applicants.