EU AI Act: high-risk duties become enforceable on 2 Aug 2026 — automatic logging (Art. 12) and demonstrable human oversight (Art. 14) · read the briefing (PDF)
Home Platform Use cases AI Agents Investigator Console Decision record Operations Dashboard Live Demo Why & Security Trust Center Book a pilot →
Policy-bound · On-prem · Anti-black-box

Financial-crimedecisions at scale.Bounded by policy.

Forensio is an on-premise, policy-bound AI decisioning platform for financial crime compliance. AI agents investigate the alerts; a deterministic engine decides what's permissible; every decision is evidence-backed, auditable, and made inside your environment.

On-prem / air-gap Zero data egress Anti‑black‑box engine Regulator‑ready record
0 data egress1 evidence graph · screening + TM100% on-prem / air-gap
forensio · control towerAnalystMLROFront officelive
6Decisions sealed
1Awaiting checker
5QA passed
214Replayable history
Pending approvals — the checker's queue (1)
Vantage Commodities s.r.o.Suspicious activity → SAR · risk 51/100 · maker: J. Kowalski
Approve ✓
Recent decisions
Aleksandr PetrovFCC-2026-04471 · false positive → EDD · risk 72
QA passed
Meridian Trade HoldingsFCC-2026-04512 · suspicious → SAR · risk 92
SAR
policy v19 · baselinedecision table · declarativeledger intact ✓On-prem · zero egress
Designed to sit above the systems you already run
ActimizeSAS AMLOracle FCCMFICO SironComplyAdvantageQuantexaFircoSoftIn-house TM
ActimizeSAS AMLOracle FCCMFICO SironComplyAdvantageQuantexaFircoSoftIn-house TM
0%+
Of sanctions screening alerts are false positives*
0%
On-prem / private-cloud / air-gapped
0
Customer records leaving your environment
0
Evidence graph for screening & transaction monitoring

* Widely reported industry range for sanctions/name-screening alert volumes. Illustrative.

A decision — not a score

Most AI gives a risk number. Forensio gives a decision, and the reason.

"The model says 87% risk" is not an answer a regulator, an MLRO or a model-risk team will accept. Forensio resolves the alert into a defensible disposition — close, escalate, request EDD or draft a report — with the evidence, the rule, the policy clause and the human approval attached.

  • AI investigates, the engine decides. Agents gather and classify evidence; a deterministic engine certifies what's permissible.
  • Every conclusion is cited to a piece of evidence and a policy reference.
  • Nothing closes without a human. Maker-checker is enforced.
See a complete decision record
Generic / agentic AI
ForensioFCC-native
Output
Risk score
Bounded decision + rationale
Reasoning
Opaque model
Deterministic, policy-linked
Data
Leaves to the cloud
Never leaves your env
Audit
Hard to reconstruct
Sealed decision record
Screening + TM
Separate engines & queues
One evidence graph
Decision QA
No one checks the decision
Audited before it closes
Deployment
SaaS / cloud-first
On-prem / air-gap, zero egress
Policy change
Backtest on a sample — statistics
Exact replay of the whole sealed history
Counterfactuals
Post-hoc approximations
Exact — full re-executions per decision
Unknown patterns
Unsupervised ML — hard to validate
Peer envelopes you recompute by hand
Perpetual KYC
Cloud list services
Air-gapped list deltas, version sealed in
Built for the bar banks are held to

The controls a CISO, an MLRO and model risk all sign off on.

The market optimises for fewer false positives. So do we — but the reason institutions choose Forensio is everything below: governance, data sovereignty and defensibility, designed in, not bolted on.

Zero data egressOn-prem or air-gapped. Customer data and the AI models never leave your environment.
Maker–checker, enforcedNothing closes without a person; senior dispositions require a second approver.
Cited to evidence + policyEvery conclusion links to a specific piece of evidence and a versioned policy clause.
Model-risk validatableDeterministic rules you can read and validate — not an opaque score. SR 11-7 / EBA-aligned.
Sealed audit recordAppend-only and hash-chained: the regulator-ready artifact, produced as a by-product of the work.
Open frameworks, no lock-inAssembled from institution-grade open components — you own the stack, inside your walls.
The platform at a glance

Everything a decision needs — in one picture.

Data control
Zero data egress
Industry FP rate
False positives
95%
Network analysis

One alert. The whole network behind it.

Forensio resolves entities across screening and transaction monitoring onto a single graph — surfacing the ownership, counterparty and money-flow links a siloed alert never sees.

forensio · network analysisverifiedsuspicioussanctioned
CUSTOMER COUNTERPARTIES TRANSACTIONS HIGH-RISK · SANCTIONED hidden link A. Petrovsubject Acct ••4471 KYC verified Meridian Trade Cyprus Ltd OOO Sever Beneficiary B €148k wire €92k High-risk corridor SDN match Adverse media Shell co.
One platform · every perspective

Built for every seat at the desk.

The same governed case and one source of truth — surfaced the way each person needs it. Switch the seat and watch the screen change.

The impact

Outcomes a pilot puts a number on.

We don't quote a benchmark as a promise. A Decision‑Quality pilot measures the real figure — on your alerts, in your environment.

Fewer false positivesClear false positives disposed automatically — each with an audited rationale your QA can read.
Hours back to analystsAgents absorb triage and evidence‑gathering, so people work only the exceptions that need judgement.
Time to decisionFrom an alert in the queue to a sealed, regulator‑ready record — measured end to end.
Zero data egressMeasured against your sovereignty and air‑gap requirements — nothing leaves the building, by design.

Illustrative outcome dimensions — not a guarantee. The pilot quantifies each one on your data.

Proof & assurance

Designed to the standards your reviewers cite.

Aligned to
FATF risk-based approachEU AMLA / AMLRSR 11-7 · model riskEBA ML/TF guidelinesGDPR · data residencygoAML · SAR/STR export
On the roadmap
SOC 2 Type IIISO 27001

From AML alerts to regulator-ready decisions.

Without black-box AI, and without customer data leaving the bank.

Platform

One governed path from alert to sealed decision.

AI investigates, the deterministic engine decides what's allowed, a human approves — and it all runs on proven, open frameworks inside your environment.

The platform at a glance

What's under the hood.

Deterministic core
AI proposes · the engine permits
AIENGINEDECISION
Signature
Decision QA
Deploy
On-prem & air-gap
Pipeline
Evidence → rules → policy → decision
EVIDENCERULESPOLICYDECISION
Policy Studio · product preview

Change a rule. Replay the whole book.

The market backtests a sample and reports statistics. Forensio re-adjudicates every sealed decision under the draft policy — deterministically — and shows the exact per-case impact before anything goes live. Move a threshold and watch 214 engine cases recompute.

forensio · policy studio — deterministic time machineProduct preview · same decision table as forensio-core
Attribute mismatches to clear a nameAML-SC-03 · name_clear_min_mismatches
Deposits required to flag structuringAML-TM-09 · structuring_min_count
Structuring window — lower boundAML-TM-09 · structuring_low (EUR)

Draft v20 vs active v19 — recomputed in your browser with the engine's decision table over its 214-case demo history. In the product, the replay runs over your sealed history, and activation requires the checker to sign the exact sealed replay report. No replay, no activation.

0outcomes change
0citations only
214of 214 unchanged
Identical to the active policy — zero differences across 214 cases.
Book the live console demo Runs on your laptop or ours — zero egress either way.
How a decision is made

Explainable because it's always the same path.

01
Evidence
Graph assembled from your systems — read-only
02
Rules
Deterministic & versioned
03
Policy
Your approved policy repository
04
Typology & risk appetite
Bank-specific thresholds
05
Human approval
Maker-checker enforced
06
Decision record
Sealed & auditable forever
Two engines, one graph

Screening and transaction monitoring, decided together.

A sanctions hit means something different once you can see the money move. Forensio reasons across identity-based and behaviour-based risk on a single graph.

Engine A — Screening adjudication

Is it really them?

Separates a true match from a false positive across sanctions, PEP, adverse media and name screening — and explains the difference.

SanctionsPEPAdverse mediaUBO
Engine B — Transaction monitoring

Is the behaviour suspicious?

Assesses TM alerts against profile, history and policy — explainable, or needs EDD or reporting.

StructuringLayeringCorridorsMules
One Financial Crime Evidence Graph connects customer · counterparty · UBO · account · transactions · alerts · watchlist hits · documents · policy · typology · prior decisions.
Architecture · 100% self-hosted

Built on proven, open frameworks — scalable by design.

Not a black box and not a science project. Forensio assembles institution-grade open components into one governed decisioning layer that runs entirely inside your environment.

7
Regulatory & audit outputs
SAR/STR draft · MLRO summary · QA pack · regulator response · board report
6
Decision governance layer
Human approval · maker-checker · versioning · complete decision record
5
Local AI agent layer
Screening · Transaction · Entity · Policy · QA — bounded by the engine, local runtime
4
Deterministic reasoning engine
Bank policies · risk appetite · typologies · rules · control gates
3
Financial Crime Evidence Graph
Customer · UBO · counterparty · transaction · alert · sanction hit · evidence
2
Canonical FCC data model
Entities · accounts · payments · cases · alerts · lists · documents · decisions
1
Local connectors / ingestion
AML · screening · TM · KYC/KYB · core banking · case tools — API / SFTP / file
LayerFrameworkWhy it's the right call
Data modelFollowTheMoneyOpenSanctions / OCCRP · openA ready-made open ontology for financial-crime entities plus free sanctions & PEP data — we don't build the canonical model from scratch.
Evidence graphNeo4j / Memgraphself-hostedThe de-facto graph standard for fraud & AML — entity networks, hidden links, contextual queries.
Reasoning engineGoRules (DMN) / DroolsOMG DMN standardDeterministic, versioned, human-readable decision logic — the anti-black-box core an auditor can read.
WorkflowCamunda (BPMN)ISO/OMG standardMaker-checker, escalation and approval on an open, standardised process engine.
Entity resolutionSenzing / ZinggembeddableProven ER used across AML — resolves people and companies across systems without sending data out.
Local AI runtimevLLM / Ollamaopen modelsRuns capable open models on your own GPUs; updates ship as signed packages, prompts and data never leave.
DeploymentKubernetes / OpenShiftsigned images · SBOMOn-prem, private cloud or air-gapped, with signed releases and a full software bill of materials.

On-premise

Runs in your data center on your hardware. Customer-managed keys. Zero external calls.

Private cloud

Your VPC, your tenancy, your controls — the same governance, in your cloud.

Air-gapped

Fully isolated networks supported; model and policy updates delivered as signed packages.

Use cases

One decisioning layer across every alert type.

Forensio takes the alert all the way to a sealed decision — the same governed way every time, whatever fired it.

Is it really the listed person?

Forensio resolves sanctions, PEP and name-screening matches — transliteration, aliases, DOB and identifiers — and explains the difference between a true match and a false positive.

Alert
92% name match against an OFAC/EU consolidated entry.
Decides
DOB & nationality mismatch ⇒ false-positive eligible (R-SCR-12), cross-checked against the verified KYC identity.
Outcome
False positive with auto-suppress proposed — or escalate, rationale attached.

Hold the payment, or let it flow?

Real-time payment-screening alerts adjudicated against sanctions and policy with full ISO 20022 message context — so legitimate payments aren't held and true hits aren't released.

Alert
Outbound payment hits a sanctioned-name pattern.
Decides
Originator, beneficiary and message fields scored against watchlist + policy.
Outcome
Release · hold · escalate — sealed for audit.

Suspicious, or consistent with profile?

Transaction-monitoring alerts tested against the customer's profile, history and the bank's typology library — structuring, layering, rapid movement, mule patterns.

Alert
Structuring scenario fires on sub-threshold deposits.
Decides
Pattern compared to declared profile, corridors and typology.
Outcome
Close as explained, or escalate to EDD / SAR draft.

Material risk, or noise?

Adverse-media and negative-news hits assessed for materiality, recency and relevance — not just keyword matches against a name.

Alert
Negative-news hit on a customer name.
Decides
Materiality, source quality, dating and entity match assessed together.
Outcome
Discount as noise, or escalate with cited sources.

Complex ownership, decided.

Cross-border ownership and beneficial-owner structures resolved into a clear due-diligence decision, with the network and the gaps made explicit.

Alert
Periodic review or trigger event on a corporate customer.
Decides
UBO network resolved; gaps and high-risk links surfaced.
Outcome
Standard or enhanced due-diligence path, with evidence.
A scalable operating model

Decision capacity that scales — without scaling the team.

AI agents absorb the volume, the deterministic engine guarantees consistency, and your analysts spend their time only on the exceptions that genuinely need judgement.

Alerts in
100%
Every alert from your screening & TM systems, read-only.
AI adjudication
100%
Investigated and classified by the specialist agents.
Engine-disposed
majority
Clear false positives disposed with full, cited rationale.
Human review
exceptions
Analysts focus on the cases that actually need a person.

Illustrative split — actual ratios depend on your alert mix, policy and risk appetite, and are measured in a pilot.

Estimate the impact

What could decision automation free up?

Move the sliders to your numbers — an illustrative model, not a guarantee. A pilot measures the real figure on your data.

Alerts per month10,000
False-positive rate95%
Minutes per manual review12
Analyst cost (€/hour, loaded)45
Illustrative annual impact
Analyst hours / year spent on false positives
Addressable annual cost of false-positive handling
Full-time-equivalent analysts tied up
Model: alerts × FP-rate × minutes ÷ 60 × 12. FTE at 1,600 productive hours / year. Forensio targets a share of this through automated, audited disposition; the realisable portion is measured in a pilot.
Scope this on my data
Forensio AI Agents

A team of specialist agents — bounded by the engine.

Each agent investigates one dimension of the case and classifies what it finds as supporting, contradicting or missing evidence. They never decide on their own — the deterministic engine and a human do.

live
Screening

Screening Agent

Resolves sanctions, PEP and name-screening matches — transliteration, aliases, DOB, identifiers, jurisdiction.

OutputFalse positive · name match only
SanctionsPEPAlias
roadmap
Payments

Payment Screening Agent

Adjudicates real-time payment-screening alerts against sanctions and policy, with full message context.

OutputCleared · full message context
ISO 20022Sanctions
live
Behaviour

Transaction Monitoring Agent

Tests TM alerts against the customer profile, history and typology — structuring, mule networks, trade mispricing.

OutputOff-profile · €148k high-risk
StructuringMulesTBML
live
Identity

Entity Resolution Agent

Resolves people and companies across systems, builds ownership and UBO networks, surfaces hidden links.

OutputHidden link · Cyprus Ltd ⇢ SDN
UBONetworks
live
Peer envelopes

Behavioural Baseline Agent

Flags cases outside their peer-group percentile envelope — transparent statistics a validator can recompute by hand, from a versioned snapshot. Advisory: context, never a gate.

OutputAbove P95 of Retail·PL · n=88
ExplainableVersionedAdvisory
roadmap
Open source

Adverse Media Agent

Assesses materiality of adverse-media and negative-news hits — signal vs noise, dated vs current.

OutputNo material hits
MaterialityNPL
live
Governance

Policy Agent

Reads the bank's versioned policy repository and maps each case to the rules and typologies that apply.

Output2 policies apply · EDD
Policy repoVersioned
signature
Signature

Decision QA Agent

Audits the analyst's own decision for completeness, consistency and audit-readiness before anything closes.

OutputGaps flagged · not closeable
Maker-checkerAudit-ready
live
Narrative

Narrative & SAR Agent

Drafts the human-readable rationale and SAR/STR narrative — each paragraph tied back to evidence.

OutputSAR draft · evidence-linked
SAR/STRMLRO pack
live
Orchestration

Case Manager

Coordinates the agents, the engine and the human workflow into one auditable case lifecycle.

OutputRouted → MLRO · maker-checker
WorkflowLifecycle
Signature capability

The Decision QA Agent — it audits your team's decisions.

Every other vendor helps you reach a decision. Forensio also checks the quality of the one your analyst made — catching missing evidence, weak rationale and policy gaps before an inspector does.

  • Completeness — flags closes that ignore an open trigger or unverified UBO.
  • Consistency — detects analysts disposing of similar cases differently.
  • Audit-readiness — confirms the rationale survives a regulator's review.
⚑ QA agent — review
!
Ignores TM-07 trigger. High-risk corridor exposure unresolved.
!
UBO unverified. Beneficial owner not confirmed.
!
No EDD referral. Policy requires EDD before disposition.
Not regulator-ready — corrected to false positive + escalate to EDD.
Operations dashboard

Your financial-crime desk, at a glance.

A configurable overview of the open alert population. Add or remove widgets to match how your team works — your layout is remembered.

Welcome back
Live · refreshed just now · Daily
Forensio AI Insights Generated from your open alert population · synthetic demo Advisory · human-approved

Prioritise 23 sanctions alerts approaching their 30-day SLA to avoid breaches.

412 alerts match the clear false-positive pattern — eligible for audited automated disposition.

Review 6 cases with unverified UBO before they can be escalated to EDD.

2 customers show a structuring typology across 14 linked transactions — recommend EDD.

Decision QA flagged 3 closes as not yet audit-ready — re-open before sign-off.

Insights are advisory and explainable — Forensio never auto-decides; every action stays human-approved and policy-bound.
Shift briefAuto-generated · 06:00 local

Prepared automatically from your open alert population, SLA clocks and overnight agent activity — synthetic demo.

Forensio generated insights
  • Sanctions queue is 18% above the 4-week average — driven by an overnight watchlist refresh.
  • 23 alerts breach their 30-day SLA within 48h; the EDD backlog is the main blocker.
  • TM false-positive rate held at 94% — automation candidates are queued for review.
  • One structuring cluster (2 customers, 14 transfers) was escalated to the MLRO overnight.
Alert load · weekday × hourPeak · Tue 12–18h
CalmOverloaded
The deliverable

Not a score — a sealed, defensible decision.

Every alert Forensio touches produces one complete record: the evidence its agents gathered, the recommended action, the policy it is bound to, and the human who approved it — assembled for whoever receives it.

Prepared for
forensio · decision recordsealed · append-only
FCC-2026-04471
Aleksandr PetrovRetail · PL · customer since 2019 · Sanctions name match + TM
72
Risk scoreHigh
False positiveEscalate to EDDQA passed
Evidence collected 7 items · by the agents
Identity resolved — distinct verified KYC IDEntity Resolution
!
Sanctions name match 92% — OFAC SDN "A. Petrov"Screening · the alert
DOB −7y, nationality mismatch — not the listed personScreening
!
Wire €148k → high-risk corridor — off the retail profileTransaction Monitoring
!
Hidden link · Cyprus Ltd ⇢ SDN — indirect exposureEntity graph
Adverse media — no material hitsAdverse Media
UBO unverified — open gap, blocks a clean closeEntity Resolution
AI agent findings 5 agents · proposed only
ScreeningFalse positive · name only
Entity ResolutionExposure · risky link
Transaction MonitoringOff-profile · €148k
Policy2 policies apply
Decision QAGaps flagged
Agents investigate and classify evidence — they never decide. The deterministic engine permits; a human approves.
Recommendation & policy

Disposition false positive on the name, and escalate the case to Enhanced Due Diligence on the high-risk exposure.

AML-SC-03screening disposition
AML-TM-07mandatory EDD on high-risk exposure
Deterministic engine: permitted — consistent with policy & risk appetite
Decision & approvals
Escalate to Enhanced Due Diligence
MakerJ. Kowalski · Analystsubmitted 13:58
CheckerM. Nowak · MLROapproved 14:02
SHA-256 · a3f9…e1engine v2.4 · policy v19exported → case manager
Decision X-Ray — what would flip this decision13 exact re-executions · product preview
policy parameter
name_clear_min_mismatches 1 → 3 ⇒ Potential match → Escalate to EDD outcome flips
evidence
screening hit removed (match_score → 0) ⇒ Suspicious activity → SAR evaluation outcome flips
evidence
corridor exposure OR hidden link removed — alone ⇒ no change: the risk is carried by both facts independently decision holds
Exact, not approximated: each line is a full pipeline re-execution with one thing varied — the checker sees how close the call was before signing. Live in the engine: POST /xray/{case}.
Investigator console

Every signal on one screen.

A unified investigator view — the alert queue, customer 360, visual link analysis and the AI copilot in one workspace. Switch the seat (Analyst · MLRO · Front office), work a case, read the decision. This is a preview of the real console — the live engine ships the same seats, a Control Tower landing, a checker's pending-approvals queue and the Policy Studio; run it from forensio-core.

forensio · control towerAnalystMLROFront officeOn-prem · zero egress

Control Tower

live from the engine artifacts

The global picture for the ops lead and the MLRO — computed live from the sealed ledger, the active policy and the policy log. Click a decision to drill into the case; the queue is the investigator seat.

6decisions sealed
1awaiting checker
5QA passed
1QA blocked
214replayable history

Pending approvals — the checker's queue (1)

Vantage Commodities s.r.o.
Suspicious activity → SAR · risk 51/100 · maker: J. Kowalski · Analyst

Each signature is its own sealed event in the append-only chain — four-eyes as a ledger fact.

Case clocks · SLA

0overdue
1due soon
5on track
Meridian Trade HoldingsSAR · due 2d · DE
Atlas Cargo GmbHSAR · due 3d · DE
Aleksandr PetrovEDD · due 14d

Recent decisions · click to drill down

Aleksandr PetrovFCC-2026-04471 · false positive → EDD · risk 72
QA passed
Meridian Trade HoldingsFCC-2026-04512 · suspicious → SAR · risk 92
SAR
Marek LisFCC-2026-04588 · mule network → SAR
SAR
Vantage Commodities s.r.o.FCC-2026-04591 · legal-person → SAR
awaiting checker
Atlas Cargo GmbHFCC-2026-04597 · trade mispricing → SAR
SAR
Lena WhitfieldFCC-2026-04533 · nothing fired → human review
QA blocked

Policy in force

versionv19 · baseline
decision table4 rows · declarative
name_clear_min_mismatches1
structuring_min_count3
policy logintact ✓

Integrity & integration

ledger chainintact ✓
behavioural baselinebl-2026-07 · advisory
perpetual watchlist 2026-06
access controlRBAC opt-in
contracts/schemas · /openapi
Live product demo · synthetic data

Watch one alert become a regulator-ready decision.

A real adjudication flow you can click through — open any node in the evidence graph, follow the agents, read the cited decision. Nothing here leaves your browser. This is the experience competitors describe on a slide; here you can use it.

forensio · FCC Decisioning Vault — case workspaceOn-prem instance
CaseFCC-2026-04471Opened 18 Jun 2026 · 09:41
Alert typeSanctions name matchSource: screening engine
CustomerAleksandr PetrovRetail · PL · since 2019
Risk · status
72Open · unresolved
01Intake
02Evidence graph
03AI agents
04Deterministic engine
05Recommendation
06Decision QA
07Decision record

Step 01 · Intake

A sanctions screening engine fired a 92% name match against a consolidated watchlist. On the raw match alone, an analyst cannot tell a true hit from a false positive.

Raw alertSCR-ENGINE
Customer nameAleksandr Petrov
Watchlist entryA. PETROV — OFAC/EU consolidated
Match score92%
Customer DOB1979-03-12
Listed DOB1972-08-01
Customer nationalityPoland
Listed nationalityRussian Federation

Run Forensio adjudication

Forensio assembles the evidence graph, runs the local AI agents bounded by a deterministic engine, and drafts a decision — every line linked to evidence and bank policy.

Local model runtime · no data leaves the environment.

Step 02 · Financial Crime Evidence Graph

One graph, both worlds. The screening match sits beside the transaction-monitoring signal — click any node to read its evidence.

match 92%verified KYC€148k / 30dcorridornetwork link CUSTOMERA. Petrov SANCTIONEDA. PETROV KYC IDverified COUNTERPARTYRusTransGlobal HIGH-RISKjurisdiction PAYMENTS3 · €148k UBOunverified ADVERSEweak SANCTIONEDvia network
CustomerSanctions riskBehaviour signalSupportingWeak / missing

Step 03 · Local AI agents

Specialist agents investigate in parallel — bounded by the deterministic engine, they gather and classify evidence. They never decide.

Screening agent
idleFalse positive
Name match only.
DOB −7y, nationality mismatch, no shared identifiers. Not the listed person.
Entity agent
idleExposure found
Distinct identity, risky link.
Resolves to verified KYC ID — but linked to counterparty RusTransGlobal.
Transaction agent
idleOff-profile
€148k to high-risk corridor.
3 payments / 30d, inconsistent with declared retail profile.
Policy agent
idle2 policies apply
AML-SC-03 & AML-TM-07.
Screening disposition rule + mandatory EDD on high-risk exposure.
QA agent
idleGaps flagged
Not closeable yet.
UBO unverified; TM-07 trigger open. Blocks a "clean close".

Step 04 · Deterministic reasoning engine

This is the anti-black-box core. The AI proposes; the engine decides what is permissible under the bank's own rules, policy, typology and risk appetite.

Input
Evidence
Classified findings from the graph & agents
Rules
R-SCR-12
DOB + nationality mismatch ⇒ false-positive eligible
Policy
AML-TM-07
High-risk corridor exposure ⇒ EDD mandatory
Typology
Layering risk
Off-profile cross-border flow
Risk appetite
Gate
No closure while an EDD trigger is open
Why it matters: the language model can summarise and draft, but it cannot overrule policy. The recommendation that reaches a human is the one the deterministic engine certifies as permissible — and every step is versioned and logged.

Step 05 · Recommendation

A plain-language decision where every clause is a citation — click one to jump to its evidence.

Screening: false positive · Case: escalate to EDDConfidenceHigh

The sanctions name match is a false positive. The customer's date of birth differs by seven years and nationality does not match the listed individual [E1 · sanctioned entity], and the customer resolves to a verified KYC identity [E2 · KYC]. Rule [R-SCR-12] makes the alert false-positive eligible.

However, the case must not be closed. The customer sent three payments totalling €148k in 30 days to counterparty RusTransGlobal in a high-risk jurisdiction [E3 · payments], inconsistent with a declared retail profile, and that counterparty is network-linked to a sanctioned entity [E4 · network]. Policy [AML-TM-07] requires enhanced due diligence before any disposition.

● Screening verdict
  • Name match: 92% — identity mismatch on DOB & nationality
  • Disposition: false positive (R-SCR-12)
  • Auto-suppress future identical match: proposed
● Transaction verdict
  • Off-profile cross-border flow to high-risk corridor
  • Counterparty network-linked to sanctions
  • Action: escalate → EDD (AML-TM-07)

Step 06 · Decision QA agent

Forensio's signature check. Before anything closes, the QA agent audits the analyst's own draft decision for completeness, consistency and audit-readiness.

Analyst draft disposition
"Close — false positive (name mismatch)."

A reasonable first read of the screening alert in isolation — and exactly the kind of close that fails an inspection.

⚑ QA agent — 3 issues
!
Ignores TM-07 trigger. Transaction exposure to a high-risk corridor is unresolved.
!
UBO unverified. Beneficial owner of the counterparty has not been confirmed.
!
No EDD referral. Policy requires enhanced due diligence before disposition.
Not regulator-ready. Closing now would create audit exposure. Corrected disposition: false positive on screening + escalate case to EDD.

Step 07 · Complete decision record

The artifact an auditor actually wants: what was decided, on what evidence, under which rule and policy version, by whom, and when.

Decision record — FCC-2026-04471sealed · sha256:7f3a…c19b
Screening outcomeFalse positiveR-SCR-12 · auto-suppress proposed
Case outcomeEscalate → EDDAML-TM-07 mandatory
TypologyLayering riskoff-profile cross-border
Evidence4 items linkedE1 sanctioned · E2 KYC · E3 payments · E4 network
MakerAnalyst · M. Nowakdrafted 09:48
CheckerMLRO · K. Abaraapproved 10:12
Policy versionFCC-Policy v3.4signed package
Model versionforensio-local 1.6on-prem runtime
QA statusPassed (post-correction)3 issues resolved
Append-only · cryptographically sealed · exportable to your case manager
Step 1 of 7 — press Run adjudication to begin
Why Forensio & security

Designed for the bank's hardest reviewers.

Built for the people who say no: data residency, model risk, internal audit and the regulator — at exactly the bar the AMLA era demands.

Security at a glance

The controls, distilled.

Residency
Data never leaves
Control
Human-in-command
Model risk
Validation-ready
Supply chain
Signed updates
Why Forensio

Five things that are genuinely different.

01

On-prem only

Your AML data never leaves your bank. On-prem, private cloud or air-gapped — by design.

02

One evidence graph

Screening and transaction monitoring decided together — not two siloed tools.

03

Policy-bound reasoning

A deterministic engine ties every decision to a rule, policy clause and typology.

04

Decision QA agent

It audits the quality of the human's decision — catching gaps before an inspector does.

05

Complete decision record

Model, policy, rules, evidence, user, time, approval — sealed and reconstructable.

Promise

Alerts → regulator-ready decisions

Without black-box AI, and without customer data leaving the bank.

Built for your regulator

The bar you're held to — by jurisdiction.

The direction is the same everywhere — risk-based, explainable, auditable, sceptical of opaque models — but the instruments differ. Pick your market; roadmap items are marked honestly.

Security & compliance

The controls your reviewers will actually ask about.

Data never leaves

Full on-prem / private-cloud / air-gapped deployment. Customer-managed keys. No telemetry, no external calls.

Validation-ready

Deterministic gating plus full provenance gives model-risk teams the trail they need — aligned with SR 11-7 and EBA.

Signed updates

Models, policy packs and templates ship as cryptographically signed packages — no data exposure to receive an update.

Human-in-command

The system recommends; a human decides and approves. Maker-checker enforced. AI never closes a case on its own.

Append-only audit

Every action, version and approval is logged in a tamper-evident record exportable to your case manager.

Standards-aligned

Mapped to the frameworks your regulator already uses — so reviews start from common ground.

FATFEU AMLR / AMLAWolfsbergISO 20022goAMLSR 11-7 · EBAGDPRSOC 2 (roadmap)
Who it's for

For institutions where a wrong decision is a real liability.

Tier-1 & Tier-2 banks

High alert volumes, heavy audit scrutiny, and a mandate to keep data on-prem.

Payments, EMIs & PSPs

Real-time screening pressure and thin margins for false-positive handling cost.

Crypto / VASPs

Fast-moving typologies and regulators demanding explainable, auditable decisions.

Regulated fintechs

Scaling alert volumes without scaling the analyst headcount linearly.

Head of Financial CrimeMLROHead of AML OperationsChief Compliance OfficerChief Risk OfficerModel Risk ManagementInternal AuditCIO / CTO
Where we fit

A sharp wedge — not another platform war.

DimensionForensioSilent EightSAS / Oracle / ActimizeQuantexa
PositionOn-prem FCC decisioning vaultAI FCC partner (Iris 7)Core AML platformsDecision intelligence / graph
Core betEvidence-backed decisions + QA + governancePolicy-bound alert decisioningEnd-to-end detectionEntity resolution at scale
DeploymentOn-prem only, air-gap capableCloud / hybridHeavy enterpriseCloud / hybrid
AI controlAgents bounded by a deterministic engineAI agentsML modelsModels + graph
Decision QAYes — audits the human's decision
EntryDecision-quality pilot over your stackPlatform adoptionMulti-year programmePlatform adoption
Resources

The thinking behind policy-bound decisioning.

White papers and briefings on explainable, on-prem financial-crime decisioning — downloadable, no form-wall.

Trust Center

Artifacts, not promises.

B2B trust is earned with verifiable artifacts. Everything below is real and current — generated by the engine or prepared for your reviewers — downloadable without a form-wall.

Generated by the live engine

Download what the product produces.

Assurance documents

For your reviewers.

Procurement kit · on request

DORA, DPIA and the vendor file.

Prepared per engagement and shared under NDA — ask and we send the current versions.

Responsible disclosure: /.well-known/security.txt · A+ security headers on this site · signed release packages on the roadmap — the full control set lives on the Security page.
Get started

Begin where the risk is lowest.

A software product — not managed services. Start with a contained pilot on historical cases: no production decisions, no data leaving your environment.

Design Partner Program

Be one of the first banks to shape Forensio.

Forensio is early by design — and that's the opportunity. We partner with a small number of banks and fintechs to prove decision quality on their own historical cases, with no production risk. Honest about where we are: production-grade engineering, real frameworks, no fabricated logos or metrics.

Design partners get preferential pricing, direct roadmap influence, and a head start on AMLA-era explainability expectations.

  1. 1
    Scope — pick 500–5,000 historical screening + TM cases.
  2. 2
    Deploy — Forensio runs inside your environment, read-only.
  3. 3
    Replay — adjudicate the cases; compare against your analysts.
  4. 4
    Report — decision-quality gaps, FP-automation estimate, analyst-time benchmark.
Engagement

Pricing that starts safe.

Pilot
€75–150k / engagement

Decision-Quality & Explainability Pilot. Replay 500–5,000 historical cases. Prove value with zero production risk.

  • Screening + TM adjudication replay
  • Decision-quality & gap analysis
  • False-positive automation estimate
  • Analyst-time benchmark
  • One country, on-prem
Book the pilot →
Enterprise
€300–750k / year

Production decisioning for a mid-sized bank: live adjudication, governance and audit outputs.

  • Live screening + TM adjudication
  • Maker-checker & decision records
  • MLRO & audit packs
  • Policy / risk-appetite studio
  • Standard connectors
Tier-1 / Group
€1m+ / year

Multi-country, high-availability deployment with custom connectors and dedicated support.

  • Multi-jurisdiction policy packs
  • HA / air-gapped deployment
  • Custom connectors & SLAs
  • Model governance dashboard
  • Dedicated support
Flat annual licencePer institution — no per-seat fees, no per-alert or data-volume meters. Your growth is not our billing event.
Compliance packs includedThe generated audit binder (AI Act technical file, Wolfsberg mapping, governance extracts) ships with every tier — proof is not an upsell.
Exit-friendly (DORA)Art. 30 answers are short: your premises, no subcontracting, data never left. Open frameworks — leaving is a decision, not a project.
Support without secretsA deterministic engine reproduces any issue on synthetic data — support never needs production access. Your vendor-management file stays thin.
Where the money goes
Consulting-heavy model
Forensio
Tuning & validation docs
Consulting weeks, per cycle
Generated per release, manifest-hashed
Policy changes
Change requests + retest cycles
Replayed on the whole history, sealed, same day
Vendor management
Production-access reviews
No production access to review

Structural comparison of engagement models — not a claim about any named vendor's prices. Your numbers come out of the pilot.

US institutions · USDroadmap items marked

Same structure, priced in USD

SR 11-7-ready validation evidence and the FinCEN SAR e-file exporter (XML Schema 2.0) are included today. The NYDFS Part 504 evidence binder is on the roadmap — timed for the April 15 certification cycle.

Book a pilot or an investor demo.

Tell us which AML stack you run and roughly how many alerts your team works each month. We'll show you the live product on synthetic data, then scope a contained pilot on your own historical cases.

  • For banks & FIsDecision-quality pilot — no production decisions, no data leaves your environment.
  • For investorsFull walkthrough of the platform, architecture and category thesis.

Thank you — request received.

We'll come back to you within one business day. Prefer email? Write to us directly at [email protected].

FAQ

The questions your reviewers will ask.

Does any customer data leave the bank?
No. Forensio runs entirely inside your environment — on-prem, private cloud or air-gapped. The AI runs on a local model runtime. Updates arrive as signed packages; nothing is sent out to receive them.
You use AI agents — how is this "not black-box"?
The agents investigate, summarise and draft, but they never decide. Every recommendation passes through a deterministic engine that applies your rules, policy, typology and risk appetite, and a human approves it. Every step is linked to evidence and versioned.
How is Forensio different from Silent Eight?
We share the "policy-bound, decisions-not-recommendations" philosophy. Forensio's wedge is on-prem-only deployment, one evidence graph across screening and transaction monitoring, a deterministic engine you can read, and a Decision QA agent that audits your analysts' decisions — plus a live, interactive product you can try, not just a slide.
How does it help with model validation (SR 11-7 / EBA)?
Because the binding logic is deterministic and fully versioned, your model-risk team validates rules and policy they can read — not an opaque score. The complete decision record provides the provenance trail validation requires.
Do we have to replace Actimize / SAS / our TM engine?
No. Forensio is a layer above your existing stack. It ingests alerts from the systems you already run and turns them into auditable decisions.
What does a pilot involve?
A contained replay of 500–5,000 of your historical cases inside your environment. No production decisions. You get a decision-quality and gap analysis, a false-positive automation estimate, and an analyst-time benchmark.
Privacy & legal

We practice the posture we sell.

Zero third-party trackers, zero analytics cookies, self-hosted fonts, and a lead form that stores only what you type. Last updated 5 July 2026.