Skip to main content
The Agent Governance SDK’s ComplianceEngine is highly extensible, allowing you to create custom rules that cater to your organization’s unique compliance, policy, and quality assurance requirements. This guide will walk you through the process of creating, adding, and managing custom compliance rules.

Why Create Custom Rules?

While the SDK comes with built-in rules for common banking regulations (PII, Fair Lending, etc.), you may need custom rules to:
  • Enforce internal company policies.
  • Monitor for brand voice and tone consistency.
  • Check for adherence to specific product disclosure requirements.
  • Detect keywords related to upselling or cross-selling for quality review.
  • Implement compliance checks for regulations specific to your region.

Structure of a Compliance Rule

A compliance rule is an object with a specific structure. Let’s break down each property: 
interface ComplianceRule {
  id: string;                       // Unique identifier for the rule.
  name: string;                     // Human-readable name.
  description: string;              // What the rule checks for.
  category: ComplianceCategory;     // 'custom', 'privacy', etc.
  severity: 'info' | 'warning' | 'violation'; // Severity of a breach.
  isActive: boolean;                // Whether the rule is currently enabled.
  ruleFunction: (context: InteractionContext) => ComplianceResult; // The core logic.
}
The most important part is the ruleFunction, which takes an InteractionContext and returns a ComplianceResult.
  • InteractionContext: Contains the data about the interaction, such as agentResponse, userMessage, toolsUsed, etc.
  • ComplianceResult: An object indicating if the interaction was compliant, a list of any violations found, a calculated risk score, and whether it requires manual review.

Example 1: Product Disclosure Rule

Let’s create a rule to ensure that whenever a “mortgage” product is mentioned, a specific disclosure about interest rates is included in the agent’s response.
1

Define the Rule Object

const mortgageDisclosureRule = {
id: 'mortgage-disclosure-check',
name: 'Mortgage Rate Disclosure Check',
description: 'Ensures that mentioning "mortgage" is accompanied by a rate disclosure.',
category: 'consumer_protection',
severity: 'warning',
isActive: true,
ruleFunction: (context) => {
// Rule logic will go here
}
};
2

Implement the ruleFunction

function checkMortgageDisclosure(context) {
const violations = [];
const agentResponse = (context.agentResponse || '').toLowerCase();
const mentionsMortgage = agentResponse.includes('mortgage');
const hasDisclosure = agentResponse.includes('rates are subject to change');

if (mentionsMortgage && !hasDisclosure) {
violations.push({
rule: 'mortgage-disclosure-check',
severity: 'warning',
description: 'A mortgage product was mentioned without the required interest rate disclosure.',
context: {
fullResponse: context.agentResponse,
missingPhrase: 'rates are subject to change'
},
recommendation: 'Update the agent\'s knowledge base to include the standard rate disclosure when discussing mortgage products.'
});
}

return {
isCompliant: violations.length === 0,
violations,
riskScore: violations.length * 20,
requiresReview: violations.length > 0,
};
}

mortgageDisclosureRule.ruleFunction = checkMortgageDisclosure;
3

Add the Rule to the Compliance Engine

// Assuming 'monitor' is your initialized AgentMonitor instance
if (monitor.complianceEngine) {
monitor.complianceEngine.addRule(mortgageDisclosureRule);
console.log('Successfully added custom mortgage disclosure rule.');
}
Now, any agent response tracked by this monitor will be evaluated against your custom rule.

Example 2: Brand Voice and Tone Rule

Let’s create a rule to prevent the agent from using overly casual language, ensuring it maintains a professional tone. 
const professionalToneRule = {
  id: 'professional-tone-check',
  name: 'Professional Tone and Voice',
  description: 'Flags overly casual or unprofessional language.',
  category: 'custom',
  severity: 'info',
  isActive: true,
  ruleFunction: (context) => {
    const violations = [];
    const agentResponse = (context.agentResponse || '').toLowerCase();
    const casualWords = ['lol', 'imo', 'btw', 'hang on', 'no worries'];

    const foundWords = casualWords.filter(word => {
      const regex = new RegExp(`\\b${word}\\b`);
      return regex.test(agentResponse);
    });

    if (foundWords.length > 0) {
      violations.push({
        rule: 'professional-tone-check',
        severity: 'info',
        description: `Agent used casual language: ${foundWords.join(', ')}.`,
        context: { detectedWords: foundWords },
        recommendation: 'Review agent response and consider refining prompts to maintain a professional tone.'
      });
    }

    return {
      isCompliant: violations.length === 0,
      violations,
      riskScore: violations.length * 5,
      requiresReview: false,
    };
  }
};

// Add the rule to the engine
if (monitor.complianceEngine) {
  monitor.complianceEngine.addRule(professionalToneRule);
}

Managing Custom Rules

You can dynamically manage your custom rules at runtime.

Removing a Rule

monitor.complianceEngine?.removeRule('professional-tone-check');

Deactivating a Rule

monitor.complianceEngine?.setRuleActive('mortgage-disclosure-check', false);

Listing Rules

const allRules = monitor.complianceEngine?.getAllRules();
console.log(`There are ${allRules.length} rules loaded.`);

const activeRules = monitor.complianceEngine?.getActiveRules();
console.log(`${activeRules.length} rules are currently active.`);

Best Practices for Custom Rules

Each rule should have a single, clear purpose. Instead of one giant “policy” rule, break it down into smaller, more manageable rules (e.g., one for disclosures, one for tone, one for specific product details). This makes them easier to test and maintain.
Use a consistent naming convention for your rule IDs (e.g., [category]-[specific-check]). This makes it easier to identify and manage rules in logs and dashboards.
Rule functions are executed on agent interactions, so they need to be performant. Avoid complex, long-running operations. Use efficient regular expressions and cache patterns if necessary.
The recommendation field in a violation is crucial. It should provide clear, actionable advice for developers or compliance officers on how to fix the issue.
Before deploying a new rule, test it against a wide range of both compliant and non-compliant interactions to ensure it behaves as expected and doesn’t generate excessive false positives. See our Testing Guide for more details.
I