Financial-crimedecisions at scale.Bounded by policy.
Forensio is an on-premise, policy-bound AI decisioning platform for financial crime compliance. AI agents investigate the alerts; a deterministic engine decides what's permissible; every decision is evidence-backed, auditable, and made inside your environment.
* Widely reported industry range for sanctions/name-screening alert volumes. Illustrative.
Most AI gives a risk number. Forensio gives a decision, and the reason.
"The model says 87% risk" is not an answer a regulator, an MLRO or a model-risk team will accept. Forensio resolves the alert into a defensible disposition — close, escalate, request EDD or draft a report — with the evidence, the rule, the policy clause and the human approval attached.
- AI investigates, the engine decides. Agents gather and classify evidence; a deterministic engine certifies what's permissible.
- Every conclusion is cited to a piece of evidence and a policy reference.
- Nothing closes without a human. Maker-checker is enforced.
The controls a CISO, an MLRO and model risk all sign off on.
The market optimises for fewer false positives. So do we — but the reason institutions choose Forensio is everything below: governance, data sovereignty and defensibility, designed in, not bolted on.
Everything a decision needs — in one picture.
One alert. The whole network behind it.
Forensio resolves entities across screening and transaction monitoring onto a single graph — surfacing the ownership, counterparty and money-flow links a siloed alert never sees.
Built for every seat at the desk.
The same governed case and one source of truth — surfaced the way each person needs it. Switch the seat and watch the screen change.
Outcomes a pilot puts a number on.
We don't quote a benchmark as a promise. A Decision‑Quality pilot measures the real figure — on your alerts, in your environment.
Illustrative outcome dimensions — not a guarantee. The pilot quantifies each one on your data.
Designed to the standards your reviewers cite.
From AML alerts to regulator-ready decisions.
Without black-box AI, and without customer data leaving the bank.
One governed path from alert to sealed decision.
AI investigates, the deterministic engine decides what's allowed, a human approves — and it all runs on proven, open frameworks inside your environment.
What's under the hood.
Change a rule. Replay the whole book.
The market backtests a sample and reports statistics. Forensio re-adjudicates every sealed decision under the draft policy — deterministically — and shows the exact per-case impact before anything goes live. Move a threshold and watch 214 engine cases recompute.
Draft v20 vs active v19 — recomputed in your browser with the engine's decision table over its 214-case demo history. In the product, the replay runs over your sealed history, and activation requires the checker to sign the exact sealed replay report. No replay, no activation.
Explainable because it's always the same path.
Screening and transaction monitoring, decided together.
A sanctions hit means something different once you can see the money move. Forensio reasons across identity-based and behaviour-based risk on a single graph.
Is it really them?
Separates a true match from a false positive across sanctions, PEP, adverse media and name screening — and explains the difference.
Is the behaviour suspicious?
Assesses TM alerts against profile, history and policy — explainable, or needs EDD or reporting.
Built on proven, open frameworks — scalable by design.
Not a black box and not a science project. Forensio assembles institution-grade open components into one governed decisioning layer that runs entirely inside your environment.
| Layer | Framework | Why it's the right call |
|---|---|---|
| Data model | FollowTheMoneyOpenSanctions / OCCRP · open | A ready-made open ontology for financial-crime entities plus free sanctions & PEP data — we don't build the canonical model from scratch. |
| Evidence graph | Neo4j / Memgraphself-hosted | The de-facto graph standard for fraud & AML — entity networks, hidden links, contextual queries. |
| Reasoning engine | GoRules (DMN) / DroolsOMG DMN standard | Deterministic, versioned, human-readable decision logic — the anti-black-box core an auditor can read. |
| Workflow | Camunda (BPMN)ISO/OMG standard | Maker-checker, escalation and approval on an open, standardised process engine. |
| Entity resolution | Senzing / Zinggembeddable | Proven ER used across AML — resolves people and companies across systems without sending data out. |
| Local AI runtime | vLLM / Ollamaopen models | Runs capable open models on your own GPUs; updates ship as signed packages, prompts and data never leave. |
| Deployment | Kubernetes / OpenShiftsigned images · SBOM | On-prem, private cloud or air-gapped, with signed releases and a full software bill of materials. |
On-premise
Runs in your data center on your hardware. Customer-managed keys. Zero external calls.
Private cloud
Your VPC, your tenancy, your controls — the same governance, in your cloud.
Air-gapped
Fully isolated networks supported; model and policy updates delivered as signed packages.
One decisioning layer across every alert type.
Forensio takes the alert all the way to a sealed decision — the same governed way every time, whatever fired it.
Is it really the listed person?
Forensio resolves sanctions, PEP and name-screening matches — transliteration, aliases, DOB and identifiers — and explains the difference between a true match and a false positive.
Hold the payment, or let it flow?
Real-time payment-screening alerts adjudicated against sanctions and policy with full ISO 20022 message context — so legitimate payments aren't held and true hits aren't released.
Suspicious, or consistent with profile?
Transaction-monitoring alerts tested against the customer's profile, history and the bank's typology library — structuring, layering, rapid movement, mule patterns.
Material risk, or noise?
Adverse-media and negative-news hits assessed for materiality, recency and relevance — not just keyword matches against a name.
Complex ownership, decided.
Cross-border ownership and beneficial-owner structures resolved into a clear due-diligence decision, with the network and the gaps made explicit.
Decision capacity that scales — without scaling the team.
AI agents absorb the volume, the deterministic engine guarantees consistency, and your analysts spend their time only on the exceptions that genuinely need judgement.
Illustrative split — actual ratios depend on your alert mix, policy and risk appetite, and are measured in a pilot.
What could decision automation free up?
Move the sliders to your numbers — an illustrative model, not a guarantee. A pilot measures the real figure on your data.
A team of specialist agents — bounded by the engine.
Each agent investigates one dimension of the case and classifies what it finds as supporting, contradicting or missing evidence. They never decide on their own — the deterministic engine and a human do.
Screening Agent
Resolves sanctions, PEP and name-screening matches — transliteration, aliases, DOB, identifiers, jurisdiction.
Payment Screening Agent
Adjudicates real-time payment-screening alerts against sanctions and policy, with full message context.
Transaction Monitoring Agent
Tests TM alerts against the customer profile, history and typology — structuring, mule networks, trade mispricing.
Entity Resolution Agent
Resolves people and companies across systems, builds ownership and UBO networks, surfaces hidden links.
Behavioural Baseline Agent
Flags cases outside their peer-group percentile envelope — transparent statistics a validator can recompute by hand, from a versioned snapshot. Advisory: context, never a gate.
Adverse Media Agent
Assesses materiality of adverse-media and negative-news hits — signal vs noise, dated vs current.
Policy Agent
Reads the bank's versioned policy repository and maps each case to the rules and typologies that apply.
Decision QA Agent
Audits the analyst's own decision for completeness, consistency and audit-readiness before anything closes.
Narrative & SAR Agent
Drafts the human-readable rationale and SAR/STR narrative — each paragraph tied back to evidence.
Case Manager
Coordinates the agents, the engine and the human workflow into one auditable case lifecycle.
The Decision QA Agent — it audits your team's decisions.
Every other vendor helps you reach a decision. Forensio also checks the quality of the one your analyst made — catching missing evidence, weak rationale and policy gaps before an inspector does.
- Completeness — flags closes that ignore an open trigger or unverified UBO.
- Consistency — detects analysts disposing of similar cases differently.
- Audit-readiness — confirms the rationale survives a regulator's review.
Your financial-crime desk, at a glance.
A configurable overview of the open alert population. Add or remove widgets to match how your team works — your layout is remembered.
Prioritise 23 sanctions alerts approaching their 30-day SLA to avoid breaches.
412 alerts match the clear false-positive pattern — eligible for audited automated disposition.
Review 6 cases with unverified UBO before they can be escalated to EDD.
2 customers show a structuring typology across 14 linked transactions — recommend EDD.
Decision QA flagged 3 closes as not yet audit-ready — re-open before sign-off.
Prepared automatically from your open alert population, SLA clocks and overnight agent activity — synthetic demo.
- Sanctions queue is 18% above the 4-week average — driven by an overnight watchlist refresh.
- 23 alerts breach their 30-day SLA within 48h; the EDD backlog is the main blocker.
- TM false-positive rate held at 94% — automation candidates are queued for review.
- One structuring cluster (2 customers, 14 transfers) was escalated to the MLRO overnight.
Not a score — a sealed, defensible decision.
Every alert Forensio touches produces one complete record: the evidence its agents gathered, the recommended action, the policy it is bound to, and the human who approved it — assembled for whoever receives it.
Disposition false positive on the name, and escalate the case to Enhanced Due Diligence on the high-risk exposure.
Every signal on one screen.
A unified investigator view — the alert queue, customer 360, visual link analysis and the AI copilot in one workspace. Switch the seat (Analyst · MLRO · Front office), work a case, read the decision. This is a preview of the real console — the live engine ships the same seats, a Control Tower landing, a checker's pending-approvals queue and the Policy Studio; run it from forensio-core.
Control Tower
live from the engine artifactsThe global picture for the ops lead and the MLRO — computed live from the sealed ledger, the active policy and the policy log. Click a decision to drill into the case; the queue is the investigator seat.
Pending approvals — the checker's queue (1)
Each signature is its own sealed event in the append-only chain — four-eyes as a ledger fact.
Case clocks · SLA
Recent decisions · click to drill down
Policy in force
Integrity & integration
Watch one alert become a regulator-ready decision.
A real adjudication flow you can click through — open any node in the evidence graph, follow the agents, read the cited decision. Nothing here leaves your browser. This is the experience competitors describe on a slide; here you can use it.
Step 01 · Intake
A sanctions screening engine fired a 92% name match against a consolidated watchlist. On the raw match alone, an analyst cannot tell a true hit from a false positive.
Run Forensio adjudication
Forensio assembles the evidence graph, runs the local AI agents bounded by a deterministic engine, and drafts a decision — every line linked to evidence and bank policy.
Local model runtime · no data leaves the environment.
Step 02 · Financial Crime Evidence Graph
One graph, both worlds. The screening match sits beside the transaction-monitoring signal — click any node to read its evidence.
Step 03 · Local AI agents
Specialist agents investigate in parallel — bounded by the deterministic engine, they gather and classify evidence. They never decide.
Step 04 · Deterministic reasoning engine
This is the anti-black-box core. The AI proposes; the engine decides what is permissible under the bank's own rules, policy, typology and risk appetite.
Step 05 · Recommendation
A plain-language decision where every clause is a citation — click one to jump to its evidence.
The sanctions name match is a false positive. The customer's date of birth differs by seven years and nationality does not match the listed individual [E1 · sanctioned entity], and the customer resolves to a verified KYC identity [E2 · KYC]. Rule [R-SCR-12] makes the alert false-positive eligible.
However, the case must not be closed. The customer sent three payments totalling €148k in 30 days to counterparty RusTransGlobal in a high-risk jurisdiction [E3 · payments], inconsistent with a declared retail profile, and that counterparty is network-linked to a sanctioned entity [E4 · network]. Policy [AML-TM-07] requires enhanced due diligence before any disposition.
● Screening verdict
- Name match: 92% — identity mismatch on DOB & nationality
- Disposition: false positive (R-SCR-12)
- Auto-suppress future identical match: proposed
● Transaction verdict
- Off-profile cross-border flow to high-risk corridor
- Counterparty network-linked to sanctions
- Action: escalate → EDD (AML-TM-07)
Step 06 · Decision QA agent
Forensio's signature check. Before anything closes, the QA agent audits the analyst's own draft decision for completeness, consistency and audit-readiness.
A reasonable first read of the screening alert in isolation — and exactly the kind of close that fails an inspection.
Step 07 · Complete decision record
The artifact an auditor actually wants: what was decided, on what evidence, under which rule and policy version, by whom, and when.
Designed for the bank's hardest reviewers.
Built for the people who say no: data residency, model risk, internal audit and the regulator — at exactly the bar the AMLA era demands.
The controls, distilled.
Five things that are genuinely different.
On-prem only
Your AML data never leaves your bank. On-prem, private cloud or air-gapped — by design.
One evidence graph
Screening and transaction monitoring decided together — not two siloed tools.
Policy-bound reasoning
A deterministic engine ties every decision to a rule, policy clause and typology.
Decision QA agent
It audits the quality of the human's decision — catching gaps before an inspector does.
Complete decision record
Model, policy, rules, evidence, user, time, approval — sealed and reconstructable.
Alerts → regulator-ready decisions
Without black-box AI, and without customer data leaving the bank.
The bar you're held to — by jurisdiction.
The direction is the same everywhere — risk-based, explainable, auditable, sceptical of opaque models — but the instruments differ. Pick your market; roadmap items are marked honestly.
The controls your reviewers will actually ask about.
Data never leaves
Full on-prem / private-cloud / air-gapped deployment. Customer-managed keys. No telemetry, no external calls.
Validation-ready
Deterministic gating plus full provenance gives model-risk teams the trail they need — aligned with SR 11-7 and EBA.
Signed updates
Models, policy packs and templates ship as cryptographically signed packages — no data exposure to receive an update.
Human-in-command
The system recommends; a human decides and approves. Maker-checker enforced. AI never closes a case on its own.
Append-only audit
Every action, version and approval is logged in a tamper-evident record exportable to your case manager.
Standards-aligned
Mapped to the frameworks your regulator already uses — so reviews start from common ground.
For institutions where a wrong decision is a real liability.
High alert volumes, heavy audit scrutiny, and a mandate to keep data on-prem.
Real-time screening pressure and thin margins for false-positive handling cost.
Fast-moving typologies and regulators demanding explainable, auditable decisions.
Scaling alert volumes without scaling the analyst headcount linearly.
A sharp wedge — not another platform war.
| Dimension | Forensio | Silent Eight | SAS / Oracle / Actimize | Quantexa |
|---|---|---|---|---|
| Position | On-prem FCC decisioning vault | AI FCC partner (Iris 7) | Core AML platforms | Decision intelligence / graph |
| Core bet | Evidence-backed decisions + QA + governance | Policy-bound alert decisioning | End-to-end detection | Entity resolution at scale |
| Deployment | On-prem only, air-gap capable | Cloud / hybrid | Heavy enterprise | Cloud / hybrid |
| AI control | Agents bounded by a deterministic engine | AI agents | ML models | Models + graph |
| Decision QA | Yes — audits the human's decision | — | — | — |
| Entry | Decision-quality pilot over your stack | Platform adoption | Multi-year programme | Platform adoption |
The thinking behind policy-bound decisioning.
White papers and briefings on explainable, on-prem financial-crime decisioning — downloadable, no form-wall.
The AMLA-era decisioning stack
The 2025–28 regulatory clock, where the market really stands, and the eight things to make any vendor demonstrate live before you sign.
Download PDF → Concept paper · PDF · roadmapCollaborative AML without data pooling
Forensio Beacon: pseudonymised risk signals between on-prem instances — no central platform, every exchange sealed in both audit trails. AMLR Art. 75 + §314(b) wrappers.
Download PDF → White paper · PDFAnti-Black-Box: why a deterministic engine beats a risk score
How policy-bound decisioning gives model-risk and audit teams a trail they can validate.
Download PDF → Briefing · PDFOne evidence graph for screening & transaction monitoring
Why identity-based and behaviour-based risk should be resolved together.
Download PDF → Blueprint · PDFSolution Blueprint: on-prem, policy-bound FCC decisioning
The decisioning model, the open-framework architecture, the four seats, and where the market falls short.
Download PDF → Guide · on requestOn-prem AI for FCC: a deployment & governance checklist
Data residency, model validation, signed updates and air-gap considerations.
Request a copy → Briefing · on requestForensio for US institutions
SR 11-7 validation evidence, the NYDFS Part 504 certification workflow, FinCEN SAR e-filing — what's included today and what's timed for the April 15 cycle.
Request the briefing →Artifacts, not promises.
B2B trust is earned with verifiable artifacts. Everything below is real and current — generated by the engine or prepared for your reviewers — downloadable without a form-wall.
Download what the product produces.
The audit binder, generated — not written
System card, EU AI Act (Arts. 9/11/12/14/15) and Wolfsberg mappings, policy governance, ledger attestation and test evidence enumerated from the suite itself — with a manifest hash.
Download the generated sample → STR filing · goAML XML sampleFrom sealed decision to FIU-ready filing
A SAR-escalated demo case exported to the goAML v5 report structure: fully cited narrative, policy-clause indicators, the source record's seal and the CAdES digest seam (DE · PL profiles).
Download the sample XML → Policy replay · live previewChange a rule, replay 214 cases in your browser
The Time Machine preview runs the exact decision table shipped in forensio-core — the impact numbers on this site are engine-truth, asserted in CI.
Open the preview →For your reviewers.
Solution Blueprint: architecture & roadmap
The decisioning model, the open-framework architecture, the four seats and the phased build plan.
Download PDF → White paper · PDFAnti-Black-Box: a decision, not a score
Why deterministic, policy-bound decisioning is what model risk and audit can actually validate.
Download PDF → Briefing · PDFOne evidence graph for screening & TM
Why identity-based and behaviour-based risk should be resolved together.
Download PDF →DORA, DPIA and the vendor file.
Prepared per engagement and shared under NDA — ask and we send the current versions.
Art. 30 clauses, pre-answered
On-prem answers are short: locations = your premises; subcontracting = none; data return = it never left. Exit-friendly by design.
Request → GDPR · DPIA templateDeployment DPIA, processing map filled in
GDPR Art. 35 for AML decisioning — data categories, lawful bases, retention clocks and the pseudonymisation design.
Request → DORA · register data sheetYour register of information, one page
Every field your DORA register needs about Forensio as an ICT provider — filled in, ready to file.
Request →Begin where the risk is lowest.
A software product — not managed services. Start with a contained pilot on historical cases: no production decisions, no data leaving your environment.
Be one of the first banks to shape Forensio.
Forensio is early by design — and that's the opportunity. We partner with a small number of banks and fintechs to prove decision quality on their own historical cases, with no production risk. Honest about where we are: production-grade engineering, real frameworks, no fabricated logos or metrics.
Design partners get preferential pricing, direct roadmap influence, and a head start on AMLA-era explainability expectations.
- 1Scope — pick 500–5,000 historical screening + TM cases.
- 2Deploy — Forensio runs inside your environment, read-only.
- 3Replay — adjudicate the cases; compare against your analysts.
- 4Report — decision-quality gaps, FP-automation estimate, analyst-time benchmark.
Pricing that starts safe.
Decision-Quality & Explainability Pilot. Replay 500–5,000 historical cases. Prove value with zero production risk.
- Screening + TM adjudication replay
- Decision-quality & gap analysis
- False-positive automation estimate
- Analyst-time benchmark
- One country, on-prem
Production decisioning for a mid-sized bank: live adjudication, governance and audit outputs.
- Live screening + TM adjudication
- Maker-checker & decision records
- MLRO & audit packs
- Policy / risk-appetite studio
- Standard connectors
Multi-country, high-availability deployment with custom connectors and dedicated support.
- Multi-jurisdiction policy packs
- HA / air-gapped deployment
- Custom connectors & SLAs
- Model governance dashboard
- Dedicated support
Structural comparison of engagement models — not a claim about any named vendor's prices. Your numbers come out of the pilot.
Same structure, priced in USD
SR 11-7-ready validation evidence and the FinCEN SAR e-file exporter (XML Schema 2.0) are included today. The NYDFS Part 504 evidence binder is on the roadmap — timed for the April 15 certification cycle.
Book a pilot or an investor demo.
Tell us which AML stack you run and roughly how many alerts your team works each month. We'll show you the live product on synthetic data, then scope a contained pilot on your own historical cases.
- For banks & FIsDecision-quality pilot — no production decisions, no data leaves your environment.
- For investorsFull walkthrough of the platform, architecture and category thesis.
- Direct[email protected]
Thank you — request received.
We'll come back to you within one business day. Prefer email? Write to us directly at [email protected].
The questions your reviewers will ask.
Does any customer data leave the bank?
You use AI agents — how is this "not black-box"?
How is Forensio different from Silent Eight?
How does it help with model validation (SR 11-7 / EBA)?
Do we have to replace Actimize / SAS / our TM engine?
What does a pilot involve?
We practice the posture we sell.
Zero third-party trackers, zero analytics cookies, self-hosted fonts, and a lead form that stores only what you type. Last updated 5 July 2026.
Privacy notice
Who we are
Forensio ("we") operates forensio.com from Warsaw, Poland. Data protection contact: [email protected] · general contact: [email protected].
What this site collects
Nothing, by default. There are no analytics cookies, no third-party trackers, no external font or script requests. Fonts are self-hosted; every request stays on this domain.
Preferences (localStorage only). Your theme, language and dashboard layout are stored in your own browser's localStorage. They never leave your device and we cannot read them server-side. Clear your browser storage to remove them.
The contact form. If you request a demo or pilot, we process what you submit (name, work email, organisation, role, message), plus the country derived from your connection and your browser's user-agent string — solely to respond to your enquiry. Legal basis: Art. 6(1)(b) GDPR (steps prior to a contract) and Art. 6(1)(f) (responding to enquiries).
Where it lives & how long
Form submissions are stored in Cloudflare Workers KV and, where enabled, forwarded to our mailbox. Cloudflare, Inc. acts as our processor (hosting/CDN); transfers are governed by the EU–US Data Privacy Framework and standard contractual clauses. We keep enquiries for up to 24 months after the last contact, then delete them.
Your rights
Under GDPR you can request access, rectification, erasure, restriction, portability, and object to processing — write to [email protected]. You may also lodge a complaint with your supervisory authority (in Poland: UODO).
The product itself
The Forensio platform is delivered on-premise: customer data is processed inside the customer's environment and never transits our infrastructure. The interactive demo on this site runs entirely in your browser on synthetic data.
Service provider
Forensio
Warsaw, Poland
[email protected]
Registered entity details are provided in commercial proposals and upon request.
Security disclosure
Found a vulnerability? See security.txt or write to [email protected]. We appreciate coordinated disclosure.
Sub-processors
Website only: Cloudflare, Inc. (hosting, CDN, form storage). The on-prem product introduces none.