Solo Project · Multi-Agent · Gemini · Lobster Trap
Federated AML Investigation
Cross-bank money-laundering detection without sharing raw customer data. Three synthetic banks coordinate through a governed federation layer; a planted structuring ring that no single bank can see gets caught by the network.
The problem
Money-laundering rings deliberately span multiple banks because individual institutions can't see across their own walls. Section 314(b) of the USA PATRIOT Act explicitly authorizes cross-institution AML information sharing — but the operational primitives for actually doing it (privacy-preserving aggregation, signed audit chains, role-typed agents) didn't exist as a stack.
The opportunity: build the substrate that makes §314(b) operationally usable. The market comp is concrete — Verafin sold to Nasdaq for $2.75B in 2020 for the non-private version of cross-institution AML. Federated, DP-protected, signed-audit-chained AML is the version banks can adopt without taking on customer-privacy lawsuit risk.
Stack
Architecture
Three trust domains, six agents
Three synthetic banks (Alpha, Beta, Gamma) each run a transaction-monitoring agent (A1) and an investigator agent (A2). A federation layer in an assumed TEE hosts the cross-bank coordinator (F1), graph analyst (F2), sanctions/PEP screener (F3), SAR drafter (F4), compliance auditor (F5), and policy gate (F6). Every cross-domain message is signed, replay-protected, and policy-checked.
Differential privacy on every cross-bank release
Aggregate signals shared across banks carry calibrated Gaussian noise tuned to a formal privacy budget. Each requester holds a per-bank budget ledger; once spent, the bank refuses additional queries from that requester. This is the structural primitive that lets §314(b) become operational rather than aspirational — banks can share without exposing customers to re-identification.
Every agent-to-agent message policy-checked in transit
Inter-agent messages route through Veea's Lobster Trap proxy with a custom AML policy pack. Customer names are redacted before leaving a bank; sanctions-list contents never leak in the response; declared-purpose checks enforce §314(b) authorization framing. Every verdict is recorded in a hash-chained audit log a regulator can replay.
Investigation reports as the auditable artifact
Every case produces a reproducible Jupyter notebook with the full evidence chain: the AML question, the peer-bank statistics released under DP, the federation's synthesis, and the audit-ready conclusion. A regulator can re-execute the notebook against the same inputs and arrive at the same finding — without ever seeing raw customer data.
Results
Detection no single bank could surface alone
A 5-entity structuring ring spans all three banks, with each entity holding accounts at two of them. Per-bank activity stays noisy and sub-threshold, indistinguishable from ordinary small-business traffic; the federation surfaces the closed-cycle structure across institutions. Single-bank investigation of the same scenario fails by design — the cross-institution coordination is what makes detection possible.
Adversarial testing surface built into the product
A dedicated review tab exercises each trust boundary against real attack patterns: prompt injection, evidence fabrication, customer re-identification, audit tampering, privacy-budget exhaustion, sender impersonation. Each probe returns the verdict, the blocking layer, and the audit record — making the security posture visible to auditors and regulators rather than implied.
Hosted demo + regulator-readable outputs
Working UI on Google Cloud Run with a per-trust-domain swimlane topology, drawer inspectors, and executed-notebook investigation reports. Pitch deck includes a competitive-landscape framing against Verafin, NICE Actimize, and SAS/Oracle FCCM. Comprehensive test coverage (200+ tests) and a full audit chain from initial prompt through cross-bank coordination to SAR draft.
Context
Built for the TechEx Intelligent Enterprise Solutions Hackathon (May 2026), Track 1: Agent Security & AI Governance. The full architecture, threat model, and pitch deck are linked above.