Neural Pipeline

New KYC case enters the system. Source can be a case worker submitting manually, an API call from another system, or a client's delegated agent presenting credentials. The orchestrator receives the raw payload and begins.

If source is an external agent, the Client Agent Gateway activates. Verifies: signed assertion, agent_id, owner_id, scope boundaries, expiry, blacklist status. The six KYA questions must be answered before any data is accepted.

Orchestrator classifies the case: individual or corporate, initial risk assessment (low/medium/high), jurisdiction check (EU/EEA for v1). This determines which specialist agents are activated and what level of scrutiny applies.

The orchestrator fires simultaneous tasks to all required specialist agents. Each receives only the data it needs (least privilege). This is where the swarm comes alive — multiple agents working in parallel, each in its own sandbox.

Each agent runs in an isolated sandbox with specific tool permissions. Document agent runs OCR + template matching. Sanctions agent checks EU consolidated list. Transaction agent analyzes 12 months of patterns. Output: structured JSON findings.

Risk Scoring Agent collects all specialist outputs. Calculates composite risk score using configurable weights. Generates recommended action with confidence level. Cross-references findings for correlation (e.g., suspicious docs + unusual transactions).

Automated verification against internal rules: risk thresholds, never-events (cross-client data leak, unauthorized access, PII in output), mandatory escalation criteria. This is the last automated gate before routing.

The fork in the road. Low risk + no findings: auto-advance with human notification. Medium/High risk: full escalation to case worker with evidence package containing all findings, source documents, agent reasoning traces, and recommended action.

Case worker reviews the evidence package on their dashboard. Three actions: approve (case closes), reject (client notified), or request investigation (loop back to specialists with specific questions). Every decision logged with justification — EU AI Act audit trail.

When platform needs something only the human client can provide (liveness check, signature, missing document), it contacts the client directly — never through their agent. Secure channel: app push, SMS, or email with unique, time-limited link.