Vortalis for Financial services

Passive fraud detection and case management (fraud monitoring)

The trust layer for AI agents detecting fraud and preparing investigation cases for human review.

Passive fraud detection and case management is the safest AI surface in financial services and the most regulated. The fraud-monitoring sub-vertical pack codifies transaction flagging and clearing, fraud-case lifecycle management, and customer-impacting actions (suspension, reversal) behind certified-investigator approval. The MLRO-to-agent attribution flows through the principal-chain so FCA SYSC 6.3 financial-crime supervisory expectations are met on every governed action.

Regulators covered

Which frameworks the financial services pack maps to today.

Framework

Jurisdiction

Coverage

Notes

BSA/AML (FinCEN customer due-diligence rule)

US (Federal)

Partial

The Vortalis chain captures the agent's flagging, case-opening, and customer-impacting actions; the firm's SAR filing path to FinCEN is operator-side. Coverage is partial because the SAR filing itself is not in the contract surface; the binding lands with the first US AML-led engagement.

EU 5MLD

Partial

Same shape as BSA/AML. The Vortalis chain captures the agent's actions; the firm's national-FIU reporting is operator-side.

FCA Financial Crime Guide and SYSC 6.3

vortalis_proxy/compliance/fca_smcr.py
tests/conformance/regulators/fca_smcr/

Full

The MLRO is a Senior Manager Function (SMF17 in the firm's Statement of Responsibilities). The SM&CR pack binds the MLRO attribution through the principal-chain on every fraud-monitoring action; SYSC 6.3 financial-crime governance reads the chain.

UK Proceeds of Crime Act (POCA)

Partial

POCA suspicious-activity-reporting obligations sit at the operator's NCA-reporting channel. The Vortalis chain provides the contemporaneous record that backs the SAR; the SAR submission itself is operator-side.

GDPR

vortalis_proxy/compliance/frameworks.py

EU and UK

Full

Customer PII (name, contact, account numbers, national identifiers) is tokenised under deny_listed posture; unwrap requires compliance approval.

Adapter coverage

Upstream services Vortalis adapts for this vertical.

No Vortalis-side adapters ship for fraud monitoring. The calling system holds the transaction-stream access, the case-management system credentials, and the core-banking enforcement endpoint directly. Vortalis governs the action at the agent boundary; the operator's existing infrastructure carries the action through to the customer record.

Action vocabulary

The policy template for this vertical.

Actions allowed

Each action gated by policy at the hot path.

Anticipated require_human actions

customer.suspended
transaction.reversed

Rate-limit posture

2 000 transaction.flagged per 1-hour rolling window; 200 customer.flagged per 1-hour rolling window; 50 customer.suspended per 24-hour rolling window; 50 transaction.reversed per 24-hour rolling window. Defensible for a mid-sized retail bank; larger institutions raise after agreement with the MLRO.

Template path: policies/sectors/financial-services/fraud-monitoring-template.yaml

Integration brief

The implementation guide your engineers read first.

Available

docs/governance/integration-briefs/financial-services-fraud-monitoring.md

Honest limits

What this sector pack does not do.

Vortalis does not file SARs; the firm's national-FIU channel is operator-side.

The Vortalis chain provides the contemporaneous record of the case-preparation activity that backs the SAR (case opened, investigated, closed with disposition). The actual SAR submission to FinCEN, the NCA, or the equivalent national FIU happens through the firm's existing filing channel. Vortalis records what the agent and the human investigator did; the regulator-facing filing is the operator's responsibility.

The MLRO-to-agent attribution chain depends on operator tenant configuration.

FCA SYSC 6.3 binds the MLRO (SMF17) to the firm's financial-crime governance. Vortalis enforces the principal-chain on every governed action; the assignment of which MLRO is responsible for which AI screening agent lives in Tenant.config. The operator threads the MLRO-to-agent map at provisioning time.

Customer-impacting actions require a human investigator; Vortalis enforces the gate.

customer.suspended and transaction.reversed both return require_human regardless of the agent's confidence. The certified investigator approves in the Vortalis dashboard; the calling system resumes execution only after the approval is discovered. The chain captures the original suspension proposal, the investigator's approval timestamp, and the actual upstream enforcement outcome, all linked by the same correlationId.

Segregation of duties between case-opening and case-closing is operator-side.

The Vortalis policy engine can refuse a configuration where the same actor identity opens and closes a case, but the firm's SoD model is operator-supplied. The calling system records the SoD rejection as agent.action_blocked with ruleId='sod.case_open_close_conflict'; the chain reflects the considered-but-blocked closure.

The general-purpose honest limits sit at /security/limitations; this list is specific to the financial services pack.

Bring Vortalis to your financial services agents.

Read the integration brief if you would rather start with the engineering detail. Talk to us first if you would rather start with a conversation about your threat model.

Read the integration brief Talk to an engineer