Compose an AML policy. Export a machine-readable AP2 mandate.

Translate BSA program controls, transaction-monitoring rules, and customer-risk policy into a structured AP2 v1.0 JSON mandate an agentic payment system can read, follow, and audit against. Configure customer risk tiers, TM rule parameters, SAR-filing triggers, sanctions screening cadence and escalation workflows; the mandate emits as @ainumbers.co/aml-mandate-v1.

Zero PII · Client-side Agentic AML: humans set policy, agents enforce; this demo emits the policy Last Reviewed · 2026-05-13

BSA · FATF · 6AMLD — enforcement clocks running

U.S. Bank Secrecy Act (31 USC §5311 ff.) remains the foundational AML regime; FinCEN's AML/CFT National Priorities set the 2026 examination focus. FATF Recommendation 16 (the Travel Rule) and the 6th AML Directive (EU 2018/1673) add personal liability for senior management. AMLA (EU) begins direct supervision of selected obliged entities from 2028 with a single rulebook (Regulation (EU) 2024/1624).

Sources: 31 USC §5311–§5336 · FinCEN AML Priorities (2021, updated 2026) · FATF R.16 · EU Reg. 2024/1624 (AMLR) · EU Dir. 2018/1673 (6AMLD)

§1 · AML Use Case Customer risk + TM

Pick the policy domain

Each use case maps to a slice of an AML programme. Combine multiple to compose a multi-domain mandate.

§2 · Customer Risk Tiers FATF Risk-Based Approach

Tier thresholds

Composite risk score (0–100) blends geographic, product, customer-type and behavioural factors. Tier boundaries determine onboarding friction, monitoring frequency and EDD obligations.

Low → Medium cutoff Standard onboarding becomes Enhanced Due Diligence above this score.

Medium → High cutoff High-risk customers trigger EDD, periodic review (≤12mo), senior approval.

High → Prohibited cutoff Above this score, the agent must refuse onboarding and refer to compliance.

§3 · TM Rule Parameters Velocity · Structuring · Geo

Transaction-monitoring thresholds

Calibrate three families of TM rules. Lower thresholds raise sensitivity (and false positives); higher raises miss-rate (and SAR exposure). The mandate emits explicit threshold floors for the runtime to enforce.

Cash velocity threshold (per day, $) Aggregate cash-equivalent activity flagged for review.

10,000

Structuring detection window (days) Rolling window for aggregating sub-CTR transactions across accounts.

Geographic anomaly delta (km) Two transactions ≥X km apart inside 1h triggers behavioural alert.

500

§4 · Screening · SAR · Escalation FinCEN 30-day clock

Cadence & workflow

Lower-cadence sanctions screening reduces friction but extends exposure window. SAR filing deadline is FinCEN's hard 30 calendar days from initial detection.

Sanctions screening cadence

SAR trigger sensitivity

Escalation workflow

§5 · Mandate Preview @ainumbers.co/aml-mandate-v1

AP2 output

Live preview. Switch tabs to see what an agent will load, what your CCO will sign, and what an MCP client will discover.

AP2 v1.0 schema · valid · @ainumbers.co/aml-mandate-v1

Compose with

Pair with #11 — AML Transaction Monitoring Rule Builder to expand the TM rule layer, or #7 — AP2 Visual Policy Guardrail to visualise the same mandate as agent-traversal guardrails. The full 259-tool atlas is at the Tool Chain Composer — #23 sits inside the Agentic Runtime cluster.