cravings

Compliance

Replaced an outsourced KYC/AML review team with an explainable compliance agent

An EU payments company brought its €2.1m outsourced onboarding review in-house as an AI-native service. 64% straight-through, onboarding 3 days → under 4 hours, analysts 40 → 9, zero regulatory findings.

The brief: A fast-growing EU payments company outsourced its KYC and AML onboarding review to a managed-services provider — forty analysts adjudicating documents, screening hits, and clearing alerts. Onboarding took three days, the contract cost €2.1m a year, and every regulator conversation came back to the same worry: could they prove, case by case, why an account was approved? They asked us to turn the review function into an AI-native service they controlled.

Why this was a fit, not a copilot

  • The work was already a defined, outsourced process with a regulator-facing quality bar — exactly the shape an agent can take over end-to-end.
  • The hard constraint was not accuracy alone. It was explainability: every decision had to carry a reasoned, auditable rationale a regulator could read.
  • Volume was spiky. The managed-services team was sized for the peak and idle in the troughs — a cost structure an agent erases.

What we built

  • Wrote the eval set first. 4,200 historical cases — approvals, rejections, and escalations — re-adjudicated by the MLRO and two senior analysts, with the rationale for each captured as the graded standard.
  • A document and screening-adjudication agent. Reads identity documents and proof-of-address, runs structured extraction with confidence scores, and adjudicates sanctions, PEP, and adverse-media hits against the firm’s risk policy encoded as deterministic rules — never as model discretion.
  • An explanation built into every decision. For each case the agent emits a written rationale, the documents and rules it relied on, and a confidence band. Nothing is approved on a number alone.
  • Four-eyes on risk. High-risk categories, any adverse-media hit, and anything below the confidence threshold route to a human analyst with the agent’s full reasoning attached. The MLRO retained sign-off on the policy itself.
  • Shadow against the outsourcer. Eight weeks running in parallel with the managed-services team on live onboarding, graded against their decisions and against the eval set, before taking a single live case.

What changed

  • Cases cleared straight-through (within policy, full rationale, no human needed): 0% → 64%, with the rest escalated to analysts.
  • Median onboarding time from three days to under four hours; clean cases in minutes.
  • Analyst headcount required for the same volume: 40 → 9, all in-house, all on the judgement cases.
  • Annual run-rate (model calls + in-house team + Cravings retainer): €0.8m versus the €2.1m outsourcing contract, which was wound down.
  • Regulatory audit six months post-launch: the examiner could pull any case and read exactly why it was decided. Zero findings on the review process.

What we left behind

A compliance review service the firm now owns outright — eval suite, decision agent, audit trail, and a review console the in-house analysts run. The risk policy lives in version-controlled rules the MLRO edits directly; the agent enforces it and shows its work. The function that used to be a line item on someone else’s invoice is now a controlled, explainable system inside the business.