← All products
Sentinel ◆ Triage · Watchlist · SAR

Your transaction monitoring system is 95% false positive.

Your investigators know this. Sentinel is the reasoning layer that fixes it — AI-assisted AML alert triage with cited evidence and a complete audit trail, designed to sit on top of Actimize, SAS, Verafin, Oracle FCCM or any internal monitoring system.

Book a 30-minute walkthrough →See the architecture

40–60%

Alert volume auto-cleared

4–12s

Per-alert analysis

100%

Audit-traceable

$1B–$50B

AUM sweet spot

The hidden cost

Four of five investigation steps are assembly, not judgment.

Per alert · L1 investigator

15–45 min

  • Pull 90 days of transaction history
  • Check prior alerts on the customer
  • Compare behavior to peer baselines
  • Review KYC + related-party data
  • Write the disposition rationale ← the part that needed a human all along

Per alert · with Sentinel

4–12 sec

Context is assembled by Sentinel. A two-pass Claude analysis returns a structured disposition with cited evidence. The investigator reviews a prepared case, not a triage screen.

Easy cases auto-clear with cited rationales. Ambiguous cases arrive with specific questions for the investigator to answer. Hard cases keep the human firmly in the loop — with the evidence already in front of them.

What this is worth

The math at three different scales.

Conservative assumptions: 30 minutes average L1 handle time, 50% FP-rate reduction (the midpoint of the 40–60% range), $85,000 fully-loaded L1 analyst salary (USD).

$1B–$3B

Small bank

12,000 alerts/year

Alerts auto-cleared

6,000

Hours saved

3,000

FTE equivalent

1.6

Annual loaded-cost recovered

$134,211

FP cleared50%
Most common

$5B–$20B

Mid-size bank

30,000 alerts/year

Alerts auto-cleared

15,000

Hours saved

7,500

FTE equivalent

3.9

Annual loaded-cost recovered

$335,526

FP cleared50%

$20B–$50B

Neobank / Tier-2

80,000 alerts/year

Alerts auto-cleared

40,000

Hours saved

20,000

FTE equivalent

10.5

Annual loaded-cost recovered

$894,737

FP cleared50%
Assumptions: 30-minute average L1 handle time per alert · 50% reduction in false-positive volume (midpoint of observed 40–60% range) · $85,000 fully-loaded L1 analyst salary · 1,900 productive working hours per year. Real numbers vary by typology mix, current FP rate, and L1 seniority. We'll calibrate to your actuals in the proof-of-value engagement.

Three modules · same architecture

One reasoning pattern, three AML queues.

01

Triage

Behavioral analysis of TM alerts.

Pulls 90 days of transaction history, peer baselines, prior alerts and KYC. Runs a two-pass Claude analysis. Returns a structured disposition (clear · clear with note · escalate to L2 · escalate to SAR · request info) with cited evidence.

90-day contextPeer-baselineTwo-pass critiqueDisposition + rationale
02

Watchlist

Fuzzy sanctions + PEP adjudication.

Identity match plus jurisdictional analysis on fuzzy hits. Hybrid model split (Haiku 4.5 first pass, Sonnet 4.5 critique) keeps cost low while preserving rigor on the calls that matter.

Identity matchJurisdiction riskHybrid Haiku + SonnetPer-hit audit trail
03

SAR

FinCEN Form 111 narrative drafting.

Consumes the upstream Triage analysis and produces a 7-section narrative (5 W's + how + actions). Every section carries citations; every citation traces back to a specific transaction ID, KYC field or prior alert.

7-section narrativeCitation-lockedBoth passes SonnetLineage: alert → triage → SAR

The product in hand

Three cases from the demo sandbox.

Case 1

Obvious false positive

Riverbend Hardware · score 12/100 · auto-clear

Structuring rule fires on a small-business owner with 24 months of consistent cash-deposit history. Sentinel clears it in 4 seconds, cited.

Obvious false positive
Case 2

Genuine layering pattern

Apex Global Trading · score 90/100 · escalate to SAR

$187,500 BVI wire in, $185,000 to related entity five hours later, shared UBO. Cited evidence chain plus FinCEN advisory reference, ~12 seconds.

Genuine layering pattern
Case 3

Genuinely ambiguous

Northgate Realty · score 48/100 · human review

Round-dollar wire activity that could be legitimate real-estate closings — or layering. Sentinel flags it with specific questions for the investigator.

Genuinely ambiguous

How it's built

Architecture: one pattern, end-to-end traceable.

Source

Your existing TM system

Actimize · SAS · Verafin · Oracle FCCM · internal

Step 1

Context assembler

90-day txns · prior alerts · KYC · peer baselines

Step 2

Two-pass Claude reasoning

Analyzer (Sonnet) → Critique (Sonnet) · Pydantic-validated JSON

Step 3

Structured disposition + cited evidence

Clear · clear-w-note · escalate-L2 · escalate-SAR · request-info

Step 4

Investigator UI · prepared case

React queue · red flags · cited evidence · recommended action

Always-on

Audit log — every decision reproducible

Prompt v · model v · context hash · raw passes · human disposition

Data layer

DuckDB · single-file, embedded analytics

Backend

Python 3.11+ · FastAPI · Pydantic-validated schemas

Reasoning

Anthropic SDK · Sonnet + Haiku · two-pass + critique

Frontend

React + Vite · Tailwind · shadcn/ui

Audit

Per-analysis JSON · content hash · prompt + model version

Deploy

Runs in your environment · no SaaS data flows

Non-negotiables

  • Every rationale cites specific transaction IDs or customer data points. No vague reasoning.
  • Structured output only. Every Claude call returns Pydantic-validated JSON.
  • Two-pass reasoning. Analysis + critique, both logged.
  • Complete audit trail per decision. Reconstructable months later.
  • No real PII, ever. Synthetic-only for the demo. Your data, your environment for paid engagements.
  • Sits on top of your existing TM system. We sync, never replace.

How it lands

Two-week proof-of-value. Fixed fee.

We run on your sanitized or synthetic data. Up to 5 typologies. Up to 10,000 historical alerts. Onsite walkthrough for your FinCrime and compliance leadership at the end. Model-risk documentation sized for your second line.

Week 101

Discovery + data ingest

Sanitized or synthetic data from your environment. Map your typologies and risk appetite. Stand up the sandbox with your alert schema.

Week 102

Prompt + reasoning tuning

Calibrate the analyzer prompts to your alert taxonomy. Hand-grade 30 alerts per typology to confirm rationale quality before scaling.

Week 203

Audit trail + model-risk docs

Wire the full audit log: prompt version, model version, content hash, raw passes, human disposition. Produce model risk documentation for your MRM team.

Week 204

Onsite walkthrough

Demo to your FinCrime + compliance leadership on your data. Executive summary sized for the board packet, MRM docs sized for your second line.

You leave with

  • · Working sandbox in your environment
  • · Prompt library tuned to your typologies
  • · Full audit-trail documentation
  • · Board-packet-sized executive summary

Runs on your stack

  • · DuckDB or your existing data warehouse
  • · Python + FastAPI, deployed in your VPC
  • · Anthropic API or AWS Bedrock (Claude)
  • · No SaaS data egress required

Who it's for

  • · Mid-size banks ($1B–$50B AUM)
  • · Neobanks + fintechs scaling AML
  • · Enforcement-prep / exit remediation
  • · FIUs evaluating incumbent tuning

Next step

Sit with us for thirty minutes.

We'll walk you through the three demo cases on live data, answer model-risk questions, and come back inside one week with a proof-of-value scope sized for your taxonomy. Two-week engagement, fixed fee, no production-system risk.

Request a walkthrough →Email us directly

SEYSO Services Inc. · Toronto, ON · info@seysoservices.com