The Agentic Bank

Alert Triage Agent

⬡ Sift Disposition of transaction-monitoring alerts at scale.
◆ Autonomous Router

Reads each alert, pulls the customer and counterparty context, applies the typology playbook, and dispositions noise alerts with a written rationale built for regulatory review. Escalates the ambiguous remainder to the investigation agent with the enrichment already attached.

Memory

Working Per-alert scratchpad: hypotheses, evidence pulled, current disposition lean.
Episodic Prior alerts on the same customer/counterparty cluster.
Semantic The bank's typology library and disposition policy.
Procedural Learned disposition playbooks refined from judge-agent overrides.
Store Vector + knowledge-graph (entity/relationship) hybrid

Orchestration

router-fanout MCPA2A

Harness · Managed Agents … session event-log per alert; context editing clears stale tool output on long enrichment chains.

Tools

{ } Case management system API { } Core banking + payments API API Adverse-media / KYC retrieval Retrieval ›_ Graph queries (entity resolution) Code exec Escalation to investigation agent A2A

Evals & guardrails

  • Agent-as-judge sampling of closed alerts; precision/recall vs. a confirmed-case gold set.
  • Hard guardrail: cannot auto-close above a risk-score threshold … forced escalation.
  • Full OpenTelemetry trace of every tool call retained for control-plane audit.
  • Monthly typology-drift detection against newly confirmed cases.

Offline reflection

Nightly consolidation: replays the day's judge-agent overrides as Reflexion-style lessons, updating the disposition playbook (procedural memory).

Frontier edge

  • Eval-gated continual learning: overnight playbook self-edits (SEAL-style) ship only after passing the gold-set precision/recall gate.
  • Self-improving fleet: confirmed-typology lessons propagate to every triage instance between runs, so one judge-agent correction teaches the whole population.
  • Causal scoring over correlational rules: distinguishes a genuine structuring intent from coincidental sub-threshold deposits, cutting the false-positive tail.

A sample run

Trigger Structuring alert: 9 cash deposits just under $10k across 3 branches in 5 days.
  1. 1Resolve the entity graph … same beneficial owner behind the three accounts?
  2. 2Pull 13-month transaction history; compare to the customer's expected profile.
  3. 3Check adverse media + prior alerts on the cluster.
  4. 4Score against the structuring typology; draft rationale.
Output Escalates to the SAR desk with a pre-built packet … structuring pattern confirmed, expected-activity deviation quantified, narrative stub attached.

In numbers

14,200
Alerts dispositioned / day
92%
False-positive auto-clear rate
38s
Avg. time per alert

Handoffs

Fed by ← Scenario Tuning Agent
Hands to → Investigation Agent

More on the Transaction Monitoring desk

Scenario Tuning Agent
Tunes monitoring thresholds and scenarios to cut alert noise.
← Back to Financial Crime & Fraud