← realitylayer.tech
AML & Sanctions Compliance

Deterministic AML enforcement for agentic AI

Agentic AI systems propose transactions. AML rules already exist as law — AMLD, BSA, FATF standards, UK MLR 2017, OFAC. Most enforcement today is a mix of rule engines, LLM-assisted review, and human judgment, all of which remain probabilistic and therefore can miss a violation. FCAL adds a final deterministic gate. When an agent proposes a transaction that would breach a codified AML limit, FCAL issues EXTINCT and execution stops. There is no override path the LLM can take.

Architectural axiom
AI proposes, deterministic oracles decide. The LLM never selects which oracles run, never knows what limits apply, and cannot negotiate with the verdict.

Three oracle primitives

FCAL's AML capability is three orthogonal oracles. Each holds a narrow, deterministic scope. Together they compose via verdict dominance — the worst verdict across all matched oracles wins.

1 Transaction-level AML
AML_THRESHOLD_V1 Per-transaction
Checks
Single-transaction reporting thresholds, Enhanced Due Diligence triggers, and single-event structuring patterns visible within one transaction.
Consumes
transaction_eur, transaction_type, customer_risk_level, is_split_transaction.
Does not do
Aggregate across time, compute risk scores, maintain customer profiles, or decide whether a pattern is "really" suspicious. It applies codified thresholds to one transaction at a time.
Failure codes (EXTINCT)
  • SAN_STRUCTURING_DETECTEDSplit transaction detected — structuring (critical, no override)
  • SAN_REPORT_REQUIREDTransaction exceeds reporting threshold
  • SAN_ENHANCED_DUE_DILIGENCEHigh-risk customer — EDD required before execution
Constraint basis: 4AMLD (Dir. 2015/849) Art. 11, Arts. 18–24a · TFR (Reg. 2023/1113) Art. 14 for crypto ≥ €1,000 · BSA 31 USC §5313 / 31 CFR §1010.311 (CTR ≥ $10,000) · BSA 31 USC §5324 (structuring)
2 Relational AML (cross-transaction patterns)
AML_COUPLING_V1 Multi-transaction
Checks
Four multi-transaction patterns against deterministic thresholds: smurfing (structuring — many sub-threshold transactions aggregating above reporting limit), layering (multi-hop chain through high-risk jurisdictions with new relationships), fan_in (many sources concentrating on a single target), fan_out (one source fanning to many targets).
Consumes
A claim from an upstream graph-analytics or rule engine: claim_type, pattern_type, transaction_count, entity_resolution_done, source_of_linkage (audit field), plus pattern-specific fields — e.g. for smurfing: account_count, time_window_hours, total_flow_eur, individual_amounts_eur, jurisdiction.
Does not do
Construct transaction graphs, perform entity resolution, maintain counterparty relationship histories, or decide which patterns are "suspicious" in a general sense. It applies thresholds to pattern claims presented by an upstream system.
Failure codes
  • CPL_AML_STRUCTURING_PATTERNSmurfing detected: sub-threshold transactions aggregating above reporting limit
  • CPL_AML_LAYERING_HIGH_RISKLayering through high-risk jurisdiction with new relationship
  • CPL_AML_FAN_IN_CONCENTRATIONFan-in concentration exceeds threshold
  • CPL_AML_FAN_OUT_CONCENTRATIONFan-out concentration exceeds threshold
  • CPL_AML_APPROACHING_STRUCTURINGApproaching threshold (SURVIVE_WITH_WARNING)
  • CPL_AML_APPROACHING_CONCENTRATIONConcentration approaching threshold (SURVIVE_WITH_WARNING)
Constraint basis: BSA 31 USC §5324 (aggregated structuring) · 6AMLD (Dir. 2018/1673) Art. 3 (ML offence, criminalization) · 4AMLD Art. 33 (STR obligation to FIU) · 4AMLD Art. 9 + Art. 18a (high-risk third countries) · FATF Rec. 19 (higher-risk countries), Rec. 20 (STR) · UK MLR 2017
3 Sanctions screening
SANCTIONS_SCREEN_V1 Counterparty match
Checks
Whether the counterparty has been matched against a sanctions list by an upstream screening system. A positive hit is always critical with no override path.
Consumes
counterparty_name, counterparty_country, external screening_result (hit / no_hit), list_source identifier.
Does not do
Perform fuzzy name matching, maintain sanctions lists, handle false-positive review, or decide whether partial matches should trigger. It consumes the hit/no-hit verdict from the screening provider and produces a deterministic execution verdict.
Failure codes
  • SAN_SANCTIONED_COUNTERPARTYCounterparty is on sanctions list (critical, no override)
  • DAT_SCREENING_NOT_DONEScreening has not been performed → INSUFFICIENT_INPUT
Constraint basis: OFAC Specially Designated Nationals (SDN) List (31 CFR Ch. V) · EU restrictive measures (various Council Regulations, e.g. Council Reg. 2580/2001 for terrorism) · UN Security Council sanctions · National sanctions regimes

Regulatory mapping

Each failure code maps to an exact regulatory anchor. FCAL does not invent AML policy — it enforces what lawmakers have already written.

Failure code Oracle Framework
SAN_REPORT_REQUIRED AML_THRESHOLD_V1 4AMLD (Dir. 2015/849) Art. 11 · TFR (Reg. 2023/1113) Art. 14 · BSA 31 USC §5313 / 31 CFR §1010.311
SAN_ENHANCED_DUE_DILIGENCE AML_THRESHOLD_V1 4AMLD Arts. 18–24a (Section 3: Enhanced Customer Due Diligence)
SAN_STRUCTURING_DETECTED AML_THRESHOLD_V1 BSA 31 USC §5324 · 4AMLD Art. 33 (STR obligation)
CPL_AML_STRUCTURING_PATTERN AML_COUPLING_V1 BSA 31 USC §5324 (aggregated) · 6AMLD (Dir. 2018/1673) Art. 3 · 4AMLD Art. 33 · FATF Rec. 20
CPL_AML_LAYERING_HIGH_RISK AML_COUPLING_V1 4AMLD Art. 9 + Art. 18a · FATF Rec. 19 · FATF high-risk jurisdictions list
CPL_AML_FAN_IN_CONCENTRATION AML_COUPLING_V1 4AMLD Art. 33 · 6AMLD Art. 3 · FATF Rec. 20
CPL_AML_FAN_OUT_CONCENTRATION AML_COUPLING_V1 4AMLD Art. 33 · 6AMLD Art. 3 · FATF Rec. 20
SAN_SANCTIONED_COUNTERPARTY SANCTIONS_SCREEN_V1 OFAC SDN (31 CFR Ch. V) · EU restrictive measures (Council Reg. 2580/2001 et al.) · UN Security Council sanctions
Citations reflect the framework in force as of April 2026. Regulation (EU) 2024/1624 (the AML Regulation) applies from 10 July 2027 and will partially replace Directive 2015/849. FCAL constraint-basis metadata will be updated in advance of that date.

API example — smurfing detection

An upstream graph-analytics system submits a structured claim to the FCAL /evaluate endpoint. FCAL dispatches to matching oracles, applies deterministic thresholds, and returns a verdict. The LLM agent sees the verdict but never sees the limits.

Request
curl -X POST "$FCAL_API/evaluate" \
  -H "Content-Type: application/json" \
  -d '{
    "claim_type": "aml_coupling",
    "pattern_type": "smurfing",
    "transaction_count": 6,
    "entity_resolution_done": true,
    "source_of_linkage": "graph_rule_engine",
    "account_count": 6,
    "time_window_hours": 48.0,
    "total_flow_eur": 54000.00,
    "jurisdiction": "EU",
    "individual_amounts_eur": [9500, 9400, 9200, 8900, 9000, 8000]
  }'
Response
{
  "portfolio_verdict": "EXTINCT",
  "matched_oracles": ["AML_COUPLING_V1"],
  "results": [
    {
      "oracle": "AML_COUPLING_V1",
      "verdict": "EXTINCT",
      "constraint_type": "regulatory",
      "errors": [
        {
          "code": "CPL_AML_STRUCTURING_PATTERN",
          "message": "Structuring detected: 6 accounts, total 54000.00 EUR over 48.0h, all individual amounts below 10000 EUR reporting threshold (EU)"
        }
      ],
      "evidence": [
        {"metric": "account_count", "value": 6},
        {"metric": "time_window_hours", "value": 48.0, "unit": "h"},
        {"metric": "total_flow_eur", "value": 54000.00, "unit": "EUR"},
        {"metric": "reporting_threshold_eur", "value": 10000, "unit": "EUR"},
        {"metric": "all_individual_below_threshold", "value": true}
      ],
      "messages": [
        "AML STRUCTURING: 6 accounts aggregating 54000.00 EUR via sub-threshold transactions — execution blocked"
      ]
    }
  ]
}

The LLM does not control thresholds, routing, or verdict computation. Execution halts when the claim breaches a codified limit. The event remains auditable end-to-end: input claim, matched oracle, applied constraints, evidence, and regulatory anchor.

What FCAL is not

FCAL is a thin deterministic gate at the execution boundary. It is not a compliance program. The rest of the stack remains where it already is.

Not in FCAL scope Where this lives
Customer Due Diligence (CDD), KYC, identity verification Upstream onboarding systems
Beneficial ownership registries National / EU registries (4AMLD Arts. 30–31)
Transaction monitoring, graph analytics, ML models Upstream AML platforms — FCAL consumes their output
Sanctions list maintenance, fuzzy name matching Dedicated screening providers
Suspicious Activity Report (SAR / STR) drafting and FIU filing Compliance team + FIU submission tools
Investigation, case management, resolution workflow Case management systems
Human judgment on edge cases and ambiguity Compliance officer's role — FCAL is the gate, not the brain

AML rules were written by lawmakers. FCAL enforces them deterministically at the execution boundary. Your LLM never needs to know the limits exist — it just cannot cross them.

Contact — jussi.lumiaho@gmail.com · LinkedIn