Blog

Announcing Sardine's new compliance AI Agents for KYC, sanctions, and merchant risk

Simon Taylor
Simon Taylor
bg-image
bg-image
Announcing Sardine's new compliance AI Agents for KYC, sanctions, and merchant risk
SUBSCRIBE
Share

Every fraud analyst, compliance officer, and underwriter will have a team of AI analysts to help them. Today we're introducing three of these.

False positive ratios can be as high as 90% for key processes like sanctions screening and customer due diligence. This creates an excessive volume of mind-numbing work for human agents, creating burnout (experienced by more than 75% of compliance officers), with a high level of staff churn. Many financial institutions report difficulty hiring enough officers to fight crime effectively. This issue is damaging the ability to properly manage financial crime rates, as institutional knowledge is quickly lost.

The consequences are massive, we often miss criminal networks and gangs, leading to potential BSA/AML fines and banks lose millions in delayed or abandoned revenue through poor customer experience. This whitepaper introduces the Agentic Defense Model (ADM) - a framework that deploys AI agents to strengthen compliance controls.

Further this impacts customers who are falsely flagged, have transactions slowed, or are dropped as a client due to perceived (not actual) risk. This is lost revenue for the financial institution, and can result in potential law suits (such as the so called “debanking” debate).

First, we must understand the current fraud, risk and compliance setup in most organizations to understand how AI Agent teams will become possible.

The cost challenge of BSA/AML compliance

Know Your Customer has become notoriously labor-intensive, slow, and costly. It can be argued to be largely ineffective because of how inefficient it has become.

One top investment bank added hundreds of employees yet still had over 700 onboarding cases stuck in the process. Another institution saw its dispute resolution times balloon to 120 days despite significant staffing increases. Simply put, even the financial institutions with the largest headcount need an order of magnitude improvement that AI Agents can help to deliver.

Sanctions Screening, PEPs and adverse media. Transaction monitoring for AML generates an overwhelming volume of alerts that require investigation. Legacy rule-based systems often have false-positive rates above 90%, meaning analysts waste time investigating alerts that turn out to be benign when a single sanctions screening alert requires 5-10 minutes of manual review, and false positive rates exceed 90%

Meanwhile, financial crime grows more sophisticated, regulatory expectations increase, and customers demand instant digital experiences.

The hope on the horizon is that AI can make institutions more effective and efficient at fighting financial crime. Indeed, FinCEN’s recently proposed rules for “effective and reasonably designed” AML programs stress using risk-focused technology, and industry experts note that explainable AI systems can enhance efficiency while satisfying regulators’ demand for transparency

The best AI Agents would have access to the best data

At Sardine, we pride ourselves on building the tools we wish we had in our past lives.

  • We save risk teams time, effort and frustration.
  • We help payments teams convert more good customers.
  • We help more commerce happen by obsessing over the details.

Sardine fits around existing legacy infrastructure, but is a complete platform for fraud and compliance.

This is the ideal foundation for AI agents.

AI agents can onboard users, work manual queues, and be 10 times more effective than teams. While many companies offer one-off use cases and agents, the right to win requires building on the fraud squad's data, platform, and expertise.

Just like humans, AI agents become 10 times more effective when they have the right data and tools.

At Sardine, we’re building the best of both.

Here’s how we think about AI agents.

Today Sardine offers 3 compliance AI agents

Every dashboard, UI, and spreadsheet has the potential to be 10x more effective with an agent helping the risk professional. We’re just getting started and have begun making our first 4 AI agents general available.

1. KYC Onboarding Agent

For a BSA/AML compliant onboarding, name, address, date-of-birth and SSN have to be collected and verified. When mismatches are found, this can mean that the consumer failed to provide their correct name, address, or date of birth in the onboarding form. Or, it could be indicative of a stolen/synthetic identity being used. In such cases, the best practice is to automatically step-up the customer to request they submit a documentary identity (Passport, National ID card, Driver’s License) along with a selfie + liveness check. It is recommended to ensure that the face on the selfie matches the face on the ID. Further, it is recommended to ensure that the name, address, and date-of-birth on the Identity document match what was collected during onboarding.

KYC is filled with edge cases. Names appear in different orders across cultures, date formats vary, and mismatches cause unnecessary friction. Sardine automates these challenges. We automate the 1000s of Onboarding edge cases.

Mission: Simplify and accelerate customer due diligence (KYC/KYB) during onboarding while ensuring no compliance steps are missed.

Process: AI agent is first trained with a sample set of onboarding sessions from the CIP process as followed at the bank. The output of this training is then an Agentic framework, which represents the steps we undertake and their order. This Agentic framework essentially represents the checklists that a compliance officer follows as part of the bank’s CIP procedures.

Image

Once deployed, the AI agent evaluates matches using context from multiple data sources. They can automatically identify false positives (like name matches with mismatched birthdates).

Outcomes: In testing, Sardine could use automated resolution pathways for over 50% of onboarding cases. As humans continue to approve/decline these cases, the model will become more efficient. This translates to a 75% reduction in “routine” case workload, where the outcome was highly likely to be a false positive. For ongoing KYC updates (periodic reviews), the agent can move the industry toward “perpetual KYC” – continuously monitoring and refreshing customer data in the background rather than running catch-up or remediation projects periodically.

2. Sanctions Screening Agent

Common names like "John Doe" often trigger false flags, delaying onboarding. Sardine’s AI ensures legitimate users aren’t stuck in manual review queues.

Mission: Rapidly screen transactions and customers against sanctions, PEP, and adverse media lists with greater accuracy and fewer false positives.

Process: The agent is trained on standard operating procedures used by the compliance teams. While reviewing an alert, a Compliance officer might have a checklist of things they perform:

  • Match the name, address, and date of birth as provided at onboarding against the name on a document,
  • ensure the customer’s age follows their Terms of Use,
  • translate the names from foreign languages to English when needed,
  • match the state and addresses for the customer against the hits to ensure this is the same individual, etc.

The Agent presents its finding and leaves its recommendation – Accept the Customer, Decline the Customer – for the Compliance Officer to make a final determination.

Model Validation: The decision matrix uses the ADM framework to correlate AI recommendations with the Compliance officer’s judgments, and as such, it can be considered a dynamic Model Validation.

Edge Cases: Compliance Officers spend the majority of their time in edge cases. For example, one common name we use in testing leads to 60+ PEP hits and 1 Sanctions hit. However, the Sanctions hit leads to a LinkedIn page and an article that says this particular name is dead (so we can confidently clear this particular Sanctions Hit). These are the types of link traversals that our Agentic framework can automatically discover and perform.

Image

Outcomes

  • Sardine is able to use automated resolution pathways for over 50% of Sanctions. As humans continue to approve/decline these cases, the model will become more efficient.
  • One global investment firm implementing this approach saw analyst productivity increase by 80%, allowing them to focus on complex cases that truly required expertise.

3. Merchant Risk Agent

As more merchants enter the market, and can accept payments with their existing mobile device, traditional KYB processes do not scale to meet the risk. PSPs and merchant acquirers designed their systems for a much smaller scale, and that model needs to evolve.

Mission: Automate the risk assessment and ongoing monitoring of business customers (merchants, fintech partners, etc.), especially for fraud and compliance risks, in real-time

Process: Pulls together data on the business (registrations, licenses, owner backgrounds, better business) and gives a risk rating (e.g., low, medium, high-risk merchant) based on factors like industry, geographies of operation, predicted transaction patterns, etc. Flags traits that might indicate a fraudulent merchant (e.g., mismatch between stated business type and website content, or high-risk geographies involved). Then monitors the merchant’s transactions in real-time post-onboarding.

The Agent also summarizes complaints. Are they shipping on time? Are they issuing refunds properly? It connects this data with transaction activity to catch signs of transaction laundering and collusion fraud, such as merchants swiping thousands of stolen cards to siphon funds.

Image

Agents that comply with Fair Lending, BSA/AML and SR 11-7

In the United States, banking regulators and enforcement agencies – including the Office of the Comptroller of the Currency (OCC), Federal Reserve (Fed), Federal Deposit Insurance Corporation (FDIC), and the Financial Crimes Enforcement Network (FinCEN) – set clear expectations for technology use in compliance. A cornerstone is the Fed/OCC supervisory guidance SR 11-7, which establishes a comprehensive model risk management framework. SR 11-7 applies to all models (including AI/ML models) used by banks and requires robust governance, validation, and controls to manage the risk of errors or misuse.

In addition fair lending rules apply to all credit decisions os covered by the Federal Housing Act (FHA) and Equial Credit Opportunity Act (ECOA).

In practice, this means banks must maintain rigorous model inventories, documentation, and oversight for any AI-driven tool, just as they do for traditional models, to satisfy examiners that they “understand and control” their AI’s behavior.

These areas often translate into common due diligence questions banks ask AI vendors:

  • How transparent are the model’s decisions?
  • What data was it trained on, and could that data introduce bias?
  • How will the model be monitored and updated over time?

Regulators want assurance that financial institutions can answer these questions and have appropriate controls in place before deploying AI at scale. Banks are expected to implement independent model validation, rigorous testing, and ongoing performance monitoring for AI systems.

For example, before an “AI compliance agent” is put into production, banks should have qualified parties review its design and assumptions to “effectively challenge” the model and verify it works as intended. All model outcomes and limitations should be documented in detail, and must come with a clear audit trail.

SR 11-7 explicitly requires exhaustive documentation such that even someone unfamiliar with the model can understand its purpose, workings, and limitations. Encouragingly, the federal regulators have noted that innovative approaches “can strengthen BSA/AML compliance” and make better use of resources (Joint Statement on Innovative Efforts to Combat Money Laundering and Terrorist Financing). They even clarified that pilot programs using AI will not automatically draw criticism “even if the pilot programs ultimately prove unsuccessful,” as long as the bank continues to meet its obligations.

Implement Sardine AI Agents today

The traditional approach to compliance – throwing more resources at the problem – is unsustainable. The Agent Defense Model offers a proven path forward, combining human expertise with AI capabilities to accelerate revenue while strengthening controls.

Success requires:

  1. Clear strategic vision
  2. Stakeholder alignment
  3. Disciplined implementation
  4. Continuous improvement mindset

The evidence is clear: institutions that embrace the ADM framework gain a competitive advantage through faster revenue realization, stronger risk management, and improved customer experience. The question is no longer whether to adopt AI in compliance, but how quickly you can begin the journey.

Those who move first will set the standard for the industry. Those who wait risk falling permanently behind. The time to act is now.