Overview
The Agent Governance SDK includes a powerful compliance engine that automatically monitors agent interactions for regulatory violations. This page demonstrates real-world compliance monitoring scenarios specific to banking and financial services.Basic Compliance Setup
Initialize Compliance Monitoring
Copy
import { AgentMonitor } from '@agent-governance/node';
const monitor = new AgentMonitor({
apiKey: process.env.AGENT_GOVERNANCE_API_KEY,
organizationId: process.env.AGENT_GOVERNANCE_ORG_ID,
environment: 'production',
enableComplianceChecks: true, // Enable real-time compliance
enableLogging: true,
logLevel: 'warn'
});
// Register a banking agent with comprehensive compliance settings
await monitor.registerAgent({
id: 'personal-banking-agent',
name: 'Personal Banking Assistant',
category: 'tool_calling',
specialty: 'personal_banking',
version: '2.1.0',
llmProvider: 'anthropic',
model: 'claude-3-5-sonnet-20241022',
description: 'AI assistant for personal banking services with full compliance monitoring',
complianceSettings: {
sr11_7_enabled: true,
fair_lending_monitoring: true,
bsa_aml_checks: true
}
});
PII Detection Examples
Automatic PII Detection
The compliance engine automatically detects and flags personally identifiable information:Copy
const agentId = 'personal-banking-agent';
const sessionId = 'compliance-session-001';
// This response will trigger PII compliance violations
monitor.trackAgentResponse(
agentId,
sessionId,
'Your Social Security Number is 123-45-6789 and your email address is john.doe@email.com. You can reach us at (555) 123-4567.',
{
llmLatency: 850,
tokensUsed: { input: 45, output: 32, total: 77 }
}
);
// The compliance engine will automatically detect:
// - SSN: 123-45-6789
// - Email: john.doe@email.com
// - Phone: (555) 123-4567
// And flag this as a violation requiring immediate review
Handling PII Violations
Copy
// Set up a violation handler
monitor.on('complianceViolation', (violation) => {
if (violation.category === 'privacy' && violation.severity === 'violation') {
console.log('🚨 PII Violation Detected!');
console.log(`Rule: ${violation.rule}`);
console.log(`Description: ${violation.description}`);
console.log(`Content: ${violation.context.detected}`);
// Implement immediate response
alertComplianceTeam(violation);
redactSensitiveContent(violation.sessionId, violation.context.detected);
}
});
async function alertComplianceTeam(violation) {
// Send immediate alert to compliance team
await sendSlackAlert({
channel: '#compliance-alerts',
text: `🚨 PII Violation: ${violation.description}`,
fields: [
{ title: 'Agent ID', value: violation.agentId },
{ title: 'Session ID', value: violation.sessionId },
{ title: 'Severity', value: violation.severity },
{ title: 'Detected Content', value: violation.context.detected }
]
});
}
async function redactSensitiveContent(sessionId, detectedContent) {
// Implement content redaction in your system
console.log(`Redacting content in session ${sessionId}: ${detectedContent}`);
}
Fair Lending Compliance
Monitoring for Discriminatory Language
Copy
// Example of interactions that would trigger fair lending violations
const fairLendingExamples = [
{
userMessage: 'I'd like to apply for a mortgage',
agentResponse: 'People like you typically have trouble getting approved for loans in this amount.',
expectedViolation: 'Discriminatory language: "people like you"'
},
{
userMessage: 'What interest rate can I get?',
agentResponse: 'Based on your background, you might want to consider our subprime lending options.',
expectedViolation: 'Potentially discriminatory: "based on your background"'
}
];
// Track these interactions and monitor for violations
for (const example of fairLendingExamples) {
const sessionId = `fair-lending-test-${Date.now()}`;
monitor.trackUserMessage(agentId, sessionId, example.userMessage);
monitor.trackAgentResponse(agentId, sessionId, example.agentResponse);
// The compliance engine will automatically flag these responses
}
Fair Lending Violation Response
Copy
// Set up specific handling for fair lending violations
monitor.on('complianceViolation', async (violation) => {
if (violation.category === 'fair_lending') {
console.log('⚖️ Fair Lending Violation Detected!');
// Immediate actions for fair lending violations
await Promise.all([
escalateToCompliance(violation),
pauseAgentForReview(violation.agentId),
documentViolation(violation),
initiateRetraining(violation.agentId)
]);
}
});
async function escalateToCompliance(violation) {
// Create high-priority compliance ticket
await createComplianceTicket({
priority: 'HIGH',
type: 'Fair Lending Violation',
description: violation.description,
agentId: violation.agentId,
sessionId: violation.sessionId,
requiredActions: [
'Review conversation transcript',
'Assess training data for bias',
'Update agent guidelines',
'Conduct bias testing'
]
});
}
async function pauseAgentForReview(agentId) {
console.log(`🛑 Pausing agent ${agentId} for compliance review`);
// Implement agent pause logic in your system
}
BSA/AML Monitoring
Suspicious Activity Detection
Copy
// Monitor for BSA/AML compliance violations
const bsaAmlExamples = [
{
userMessage: 'I need to deposit $9,500 in cash today',
agentResponse: 'I can help you with that cash deposit. Would you like to split it across multiple days?',
riskFactors: ['large_cash_amount', 'structuring_suggestion']
},
{
userMessage: 'How can I avoid reporting requirements?',
agentResponse: 'You could break the transaction into smaller amounts under $10,000.',
riskFactors: ['avoid_reporting', 'structuring_advice']
}
];
// Track and monitor these high-risk interactions
for (const example of bsaAmlExamples) {
const sessionId = `bsa-aml-test-${Date.now()}`;
monitor.trackUserMessage(agentId, sessionId, example.userMessage);
monitor.trackAgentResponse(agentId, sessionId, example.agentResponse, {
riskFactors: example.riskFactors,
requiresReview: true
});
}
SAR Generation Workflow
Copy
// Comprehensive SAR (Suspicious Activity Report) workflow
class SARWorkflow {
constructor(monitor) {
this.monitor = monitor;
this.agentId = 'bsa-aml-monitor';
}
async evaluateSuspiciousActivity(interaction) {
const sessionId = `sar-evaluation-${Date.now()}`;
// Track the evaluation process
this.monitor.trackConversationStart(this.agentId, sessionId, null, {
evaluationType: 'sar_evaluation',
originalSessionId: interaction.sessionId
});
// Analyze transaction patterns
const suspiciousIndicators = await this.analyzeSuspiciousPatterns(interaction, sessionId);
if (suspiciousIndicators.length > 0) {
await this.initiateSARProcess(interaction, suspiciousIndicators, sessionId);
}
this.monitor.trackConversationEnd(this.agentId, sessionId, {
duration: 5000,
resolutionStatus: suspiciousIndicators.length > 0 ? 'sar_initiated' : 'no_action_required',
indicatorsFound: suspiciousIndicators.length
});
}
async analyzeSuspiciousPatterns(interaction, sessionId) {
const indicators = [];
// Track the analysis
this.monitor.trackToolCall(
this.agentId,
sessionId,
'analyze_suspicious_patterns',
{
customerProfile: interaction.customerProfile,
transactionHistory: interaction.transactionHistory,
currentRequest: interaction.currentRequest
},
{
structuringIndicators: ['amount_just_under_threshold', 'frequent_cash_deposits'],
geographicRisk: 'high_risk_jurisdiction',
customerBehavior: 'evasive_responses',
suspicionScore: 85
},
2500
);
// Check for specific patterns
if (interaction.amount >= 9000 && interaction.amount < 10000) {
indicators.push('potential_structuring');
}
if (interaction.userMessage.toLowerCase().includes('avoid report')) {
indicators.push('avoid_reporting_intent');
}
return indicators;
}
async initiateSARProcess(interaction, indicators, sessionId) {
// Create SAR case
this.monitor.trackToolCall(
this.agentId,
sessionId,
'create_sar_case',
{
customerId: interaction.customerId,
suspiciousIndicators: indicators,
interactionDetails: interaction,
urgency: 'high'
},
{
sarCaseId: `SAR-${Date.now()}`,
filingDeadline: new Date(Date.now() + 30 * 24 * 60 * 60 * 1000).toISOString(),
assignedTo: 'bsa_compliance_team',
status: 'under_investigation'
},
1800
);
// Track the compliance violation
this.monitor.track(this.agentId, {
sessionId: sessionId,
interactionType: 'compliance_violation',
metadata: {
violationType: 'bsa_aml',
severity: 'violation',
description: 'Suspicious activity requiring SAR filing',
indicators: indicators,
riskScore: 85,
requiresImmediateAction: true
}
});
}
}
// Usage
const sarWorkflow = new SARWorkflow(monitor);
Real-time Compliance Dashboard
Compliance Metrics Tracking
Copy
class ComplianceMetricsTracker {
constructor(monitor) {
this.monitor = monitor;
this.metrics = {
violations: new Map(),
trends: [],
agentRiskScores: new Map()
};
}
trackViolation(violation) {
const key = `${violation.category}-${violation.severity}`;
const current = this.metrics.violations.get(key) || 0;
this.metrics.violations.set(key, current + 1);
// Track trend data
this.metrics.trends.push({
timestamp: Date.now(),
category: violation.category,
severity: violation.severity,
agentId: violation.agentId
});
// Update agent risk score
this.updateAgentRiskScore(violation.agentId, violation);
}
updateAgentRiskScore(agentId, violation) {
const current = this.metrics.agentRiskScores.get(agentId) || { score: 0, violations: 0 };
// Weight violations by severity
const severityWeights = { info: 1, warning: 5, violation: 20 };
const weight = severityWeights[violation.severity] || 1;
current.score += weight;
current.violations += 1;
current.lastViolation = Date.now();
this.metrics.agentRiskScores.set(agentId, current);
// Alert if risk score exceeds threshold
if (current.score > 50) {
this.alertHighRiskAgent(agentId, current);
}
}
alertHighRiskAgent(agentId, riskData) {
console.log(`⚠️ High-risk agent detected: ${agentId}`);
console.log(`Risk score: ${riskData.score}`);
console.log(`Total violations: ${riskData.violations}`);
// Implement alerting logic
this.sendComplianceAlert({
type: 'high_risk_agent',
agentId: agentId,
riskScore: riskData.score,
violations: riskData.violations,
recommendedActions: [
'Immediate review of agent training',
'Temporary suspension pending review',
'Enhanced monitoring',
'Compliance team assessment'
]
});
}
generateComplianceReport() {
const now = Date.now();
const last24Hours = now - (24 * 60 * 60 * 1000);
const recentViolations = this.metrics.trends.filter(t => t.timestamp > last24Hours);
return {
period: '24_hours',
totalViolations: recentViolations.length,
violationsByCategory: this.groupBy(recentViolations, 'category'),
violationsBySeverity: this.groupBy(recentViolations, 'severity'),
topRiskAgents: Array.from(this.metrics.agentRiskScores.entries())
.sort(([,a], [,b]) => b.score - a.score)
.slice(0, 5),
trends: {
privacyViolations: recentViolations.filter(v => v.category === 'privacy').length,
fairLendingViolations: recentViolations.filter(v => v.category === 'fair_lending').length,
bsaAmlViolations: recentViolations.filter(v => v.category === 'bsa_aml').length
},
recommendations: this.generateRecommendations(recentViolations)
};
}
groupBy(array, key) {
return array.reduce((groups, item) => {
const group = item[key];
groups[group] = groups[group] || [];
groups[group].push(item);
return groups;
}, {});
}
generateRecommendations(violations) {
const recommendations = [];
const privacyCount = violations.filter(v => v.category === 'privacy').length;
if (privacyCount > 5) {
recommendations.push('Review PII handling procedures and agent training');
}
const fairLendingCount = violations.filter(v => v.category === 'fair_lending').length;
if (fairLendingCount > 0) {
recommendations.push('Immediate fair lending compliance review required');
}
const criticalCount = violations.filter(v => v.severity === 'violation').length;
if (criticalCount > 10) {
recommendations.push('Consider temporary suspension of high-risk agents');
}
return recommendations;
}
}
// Usage
const metricsTracker = new ComplianceMetricsTracker(monitor);
// Set up violation tracking
monitor.on('complianceViolation', (violation) => {
metricsTracker.trackViolation(violation);
});
// Generate daily reports
setInterval(() => {
const report = metricsTracker.generateComplianceReport();
console.log('📊 Daily Compliance Report:', JSON.stringify(report, null, 2));
// Send to compliance dashboard
sendToDashboard(report);
}, 24 * 60 * 60 * 1000); // Daily
Compliance Workflow Automation
Automated Violation Response
Copy
class AutomatedComplianceResponse {
constructor(monitor) {
this.monitor = monitor;
this.responseRules = this.initializeResponseRules();
}
initializeResponseRules() {
return [
{
trigger: { category: 'privacy', severity: 'violation' },
actions: ['immediate_redaction', 'compliance_alert', 'session_review'],
escalation: 'immediate'
},
{
trigger: { category: 'fair_lending', severity: 'violation' },
actions: ['agent_pause', 'compliance_escalation', 'bias_review'],
escalation: 'critical'
},
{
trigger: { category: 'bsa_aml', severity: 'violation' },
actions: ['sar_evaluation', 'transaction_review', 'customer_investigation'],
escalation: 'regulatory'
}
];
}
async handleViolation(violation) {
const matchingRules = this.responseRules.filter(rule =>
this.matchesTrigger(violation, rule.trigger)
);
for (const rule of matchingRules) {
await this.executeActions(violation, rule.actions);
await this.handleEscalation(violation, rule.escalation);
}
}
matchesTrigger(violation, trigger) {
return Object.keys(trigger).every(key => violation[key] === trigger[key]);
}
async executeActions(violation, actions) {
for (const action of actions) {
try {
await this.executeAction(violation, action);
} catch (error) {
console.error(`Failed to execute action ${action}:`, error);
}
}
}
async executeAction(violation, action) {
switch (action) {
case 'immediate_redaction':
await this.redactContent(violation);
break;
case 'compliance_alert':
await this.sendComplianceAlert(violation);
break;
case 'agent_pause':
await this.pauseAgent(violation.agentId);
break;
case 'session_review':
await this.flagSessionForReview(violation.sessionId);
break;
case 'sar_evaluation':
await this.initiateSARProcess(violation);
break;
default:
console.warn(`Unknown action: ${action}`);
}
}
async redactContent(violation) {
console.log(`🔒 Redacting content for violation: ${violation.rule}`);
// Implement content redaction logic
}
async sendComplianceAlert(violation) {
console.log(`🚨 Sending compliance alert for: ${violation.description}`);
// Implement alert logic
}
async pauseAgent(agentId) {
console.log(`⏸️ Pausing agent: ${agentId}`);
// Implement agent pause logic
}
}
// Set up automated response
const automatedResponse = new AutomatedComplianceResponse(monitor);
monitor.on('complianceViolation', (violation) => {
automatedResponse.handleViolation(violation);
});
Testing Compliance Rules
Compliance Testing Suite
Copy
class ComplianceTestSuite {
constructor(monitor) {
this.monitor = monitor;
this.testResults = [];
}
async runComplianceTests() {
console.log('🧪 Running compliance test suite...');
const tests = [
this.testPIIDetection,
this.testFairLendingDetection,
this.testBSAAMLDetection,
this.testFalsePositives
];
for (const test of tests) {
try {
const result = await test.call(this);
this.testResults.push(result);
} catch (error) {
this.testResults.push({
testName: test.name,
passed: false,
error: error.message
});
}
}
return this.generateTestReport();
}
async testPIIDetection() {
const testCases = [
{
input: 'Your SSN is 123-45-6789',
expectedViolations: ['ssn_detected']
},
{
input: 'Contact us at john@example.com or (555) 123-4567',
expectedViolations: ['email_detected', 'phone_detected']
},
{
input: 'Your account balance is $1,234.56',
expectedViolations: [] // Should not trigger PII
}
];
const results = [];
for (const testCase of testCases) {
const sessionId = `pii-test-${Date.now()}`;
this.monitor.trackAgentResponse('test-agent', sessionId, testCase.input);
// Check if violations were detected
const violations = await this.getViolationsForSession(sessionId);
const violationTypes = violations.map(v => v.type);
const passed = testCase.expectedViolations.every(expected =>
violationTypes.includes(expected)
) && violationTypes.length === testCase.expectedViolations.length;
results.push({ passed, testCase, actualViolations: violationTypes });
}
return {
testName: 'PII Detection',
passed: results.every(r => r.passed),
details: results
};
}
async testFairLendingDetection() {
const discriminatoryPhrases = [
'people like you',
'your kind typically',
'based on your background'
];
const results = [];
for (const phrase of discriminatoryPhrases) {
const sessionId = `fair-lending-test-${Date.now()}`;
this.monitor.trackAgentResponse('test-agent', sessionId, `Unfortunately, ${phrase} usually don't qualify.`);
const violations = await this.getViolationsForSession(sessionId);
const hasFairLendingViolation = violations.some(v => v.category === 'fair_lending');
results.push({
phrase,
passed: hasFairLendingViolation,
violations: violations.length
});
}
return {
testName: 'Fair Lending Detection',
passed: results.every(r => r.passed),
details: results
};
}
async testBSAAMLDetection() {
const suspiciousKeywords = [
'avoid reporting',
'split the transaction',
'cash structuring',
'just under 10000'
];
const results = [];
for (const keyword of suspiciousKeywords) {
const sessionId = `bsa-aml-test-${Date.now()}`;
this.monitor.trackAgentResponse('test-agent', sessionId, `You could try to ${keyword} to make it easier.`);
const violations = await this.getViolationsForSession(sessionId);
const hasBSAViolation = violations.some(v => v.category === 'bsa_aml');
results.push({
keyword,
passed: hasBSAViolation,
violations: violations.length
});
}
return {
testName: 'BSA/AML Detection',
passed: results.every(r => r.passed),
details: results
};
}
async testFalsePositives() {
const safePhrases = [
'Your account number ends in 1234',
'We serve customers from all backgrounds',
'Large deposits are processed securely',
'Please provide your contact information'
];
const results = [];
for (const phrase of safePhrases) {
const sessionId = `false-positive-test-${Date.now()}`;
this.monitor.trackAgentResponse('test-agent', sessionId, phrase);
const violations = await this.getViolationsForSession(sessionId);
const criticalViolations = violations.filter(v => v.severity === 'violation');
results.push({
phrase,
passed: criticalViolations.length === 0, // Should not have critical violations
violations: violations.length
});
}
return {
testName: 'False Positive Prevention',
passed: results.every(r => r.passed),
details: results
};
}
async getViolationsForSession(sessionId) {
// This would integrate with your actual violation tracking system
// For testing purposes, we'll simulate this
return this.mockViolationDatabase.filter(v => v.sessionId === sessionId);
}
generateTestReport() {
const totalTests = this.testResults.length;
const passedTests = this.testResults.filter(r => r.passed).length;
const failedTests = totalTests - passedTests;
return {
summary: {
total: totalTests,
passed: passedTests,
failed: failedTests,
passRate: `${((passedTests / totalTests) * 100).toFixed(1)}%`
},
results: this.testResults,
recommendations: this.generateTestRecommendations()
};
}
generateTestRecommendations() {
const failedTests = this.testResults.filter(r => !r.passed);
const recommendations = [];
if (failedTests.some(t => t.testName === 'PII Detection')) {
recommendations.push('Review PII detection patterns and update regex rules');
}
if (failedTests.some(t => t.testName === 'Fair Lending Detection')) {
recommendations.push('Update fair lending keyword detection and add training data');
}
if (failedTests.some(t => t.testName === 'False Positive Prevention')) {
recommendations.push('Tune compliance rules to reduce false positives');
}
return recommendations;
}
}
// Run compliance tests
const testSuite = new ComplianceTestSuite(monitor);
const testResults = await testSuite.runComplianceTests();
console.log('📋 Compliance Test Results:', JSON.stringify(testResults, null, 2));
Best Practices
Proactive Monitoring
Proactive Monitoring
- Enable real-time compliance checks for all agent interactions
- Set up automated alerts for critical violations
- Implement risk scoring to prioritize review efforts
- Monitor trends to identify systemic issues
Violation Response
Violation Response
- Establish clear escalation procedures for different violation types
- Implement immediate response actions for critical violations
- Document all compliance incidents for regulatory reporting
- Conduct root cause analysis for recurring violations
Continuous Improvement
Continuous Improvement
- Regularly test compliance rules with realistic scenarios
- Update detection patterns based on new regulations
- Analyze false positives and tune rules accordingly
- Train compliance teams on new violation patterns
Documentation & Audit
Documentation & Audit
- Maintain detailed logs of all compliance activities
- Generate regular compliance reports for management
- Document rule changes and their business justification
- Ensure audit trails are complete and accessible
Troubleshooting
High false positive rates
High false positive rates
Review and tune compliance rule sensitivity. Consider implementing context-aware rules that understand banking terminology vs. actual violations.
Missing critical violations
Missing critical violations
Expand keyword lists and patterns. Review recent regulatory guidance for new violation types. Consider implementing machine learning-based detection.
Performance impact
Performance impact
Optimize compliance rule execution. Consider async processing for non-critical rules. Implement rule caching for frequently accessed patterns.
Integration issues
Integration issues
Verify compliance engine configuration. Check that all required compliance categories are enabled. Test rule execution in isolation.