Aelix Guardian logo

Aelix Guardian · RegTech and compliance

Financial-crime operations you can prove, inside your own perimeter.

Aelix Guardian is a single-tenant, on-prem-first AML, KYC, KYB, and SAR platform. Trained models score transactions and entities from your data, real sanctions screening runs against a public OFAC list, and every alert flows to a case and a FinCEN-ready SAR. All behind one auditable system that never leaves your network.

Explore Aelix Guardian

Aelix Agents · Agentic AI · Now in active build

An agentic layer over financial-crime ops.

Guardian now includes an agentic layer. Autonomous, tool-using agents that act through Guardian's governed APIs, do the routine compliance work, and escalate the judgment calls to a human. Every agent is human-in-the-loop by default, runs inside your perimeter, and writes each step to the same append-only audit trail as the rest of the platform.

Alert Triage Agent.

Enriches a financial-crime alert with the entity graph, sanctions screen, and transaction history, then recommends close, escalate, or file.

SAR Drafting Agent.

Assembles the narrative and maps FinCEN fields from the case, leaving sign-off and signature to the BSA officer.

KYC Remediation Agent.

Works periodic-review and refresh gaps, requesting documents and re-screening on a schedule.

Agents act only through permissioned, least-privilege APIs. They never close an alert, file a SAR, or auto-clear a refresh without a credentialed human's sign-off, and the BSA officer's signature still stands on every filing. The reasoning model is a swappable component: run a local model on-prem for full data residency, or a hosted model where policy allows.

Now in active build. The first agents ship as configurable, versioned workflows.

The problem

A compliance tax on two fronts. Most teams pay both.

Financial-crime compliance has become a tax on two fronts at once, and most teams pay both.

Tool sprawl.

Detection lives in one system, screening in another, KYB and UBO mapping in a third, and SAR filing in a spreadsheet-and-PDF process bolted onto the end. Analysts swivel between consoles, and evidence scatters across them.

Detection you cannot stand behind.

“AI-powered” alerting too often turns out to be a handful of hardcoded rules or seeded demo data. When an examiner asks what fired an alert (and why), there is no honest answer.

Data residency you cannot honor.

Cloud-only AML suites ask you to ship customer PII, transaction histories, and beneficial-ownership records into someone else's tenancy. For sovereignty-bound and air-gapped institutions, that is a non-starter.

Guardian is built to close all three at once. Single-tenant, inside your walls, with detection that is real and measurable rather than a slide.

Available today

Shipped, running code. Detection that is computed, not seeded.

Computed detection: real trained models, not seeded demo data

At the core of Guardian are two real, trained scikit-learn models behind a stable scoring interface. A gradient-boosted classifier scores transaction fraud (structuring bands, high-risk corridors, dispersion, above-CTR cash, velocity). A calibrated classifier scores entity / KYC risk from aggregate behavior and sanctions exposure. Scores are computed from your actual Transaction and Entity rows. The detection pass aggregates each entity's history, scores every transaction, flags the ones over threshold, recomputes the entity's risk score, and raises an alert from the strongest signal. Nothing here is hardcoded in seed data anymore. The alert you see was computed from the data underneath it.

On a held-out synthetic test split, the transaction-fraud model reaches ROC-AUC approximately 0.90 and the entity-risk model ROC-AUC approximately 0.95, with full precision/recall/F1 recorded in a versioned model card. Those are measured numbers from a real training and evaluation pipeline, not marketing targets.

Real sanctions and PEP screening

Screening runs against a committed subset of the public OFAC SDN list. A real data file that is parsed, normalized (case, diacritics, legal-suffix and honorific stripping), and matched with token-overlap plus fuzzy sequence similarity to produce a confidence score and a clear match status (no match, potential, confirmed). A DOB corroboration step nudges confidence where it lines up. A pluggable live-provider adapter (ComplyAdvantage, Refinitiv World-Check, Dow Jones shape) sits behind the same interface and fails closed. It raises rather than fabricate a result when no vendor credentials are configured. You screen against a real list today, and wiring a live feed later is a config change, not a code change.

UBO and money-flow graphs from real rows

Guardian's entity graph is traversed from your database, not drawn from fixtures. Ownership mode walks the KYB application's beneficial owners and directors, screens each node, and flags ownership above the 25% disclosure threshold and any sanctions/PEP hits. Transaction mode aggregates an entity's real counterparties by volume, screens them, and flags flows to sanctioned parties or high-risk (FATF) jurisdictions. When there is no data for an entity, the graph is honestly small. Never an invented scenario.

One workflow: alert to case to signed SAR

Detection raises an alert with a model explanation and the transactions that drove it. Analysts triage it, open and assign a case, and compose a SAR. Guardian auto-maps FinCEN fields from the narrative, then renders a BSA E-Filing v2.4 SAR XML envelope. On sign-off, an authorized signer applies a SHA-256 signature, the XML is generated and stored, and the filing is downloadable for submission. One queue, one case, one filing. No swivel chair.

On-prem isolation as the default

Guardian is single-tenant and on-prem-first. It deploys inside the institution's own perimeter, supports air-gapped installs with internal-CA certificates, and keeps admin surfaces reachable only over your network. Your data never leaves your walls. And the platform is cloud-portable later, per service, without a rewrite.

Audit and access control, by construction

Every state-changing request lands in an append-only audit log written in the same transaction as the change it records. Actor, role, resource, outcome, and a structured diff. Access is governed by role-based controls for the roles compliance teams actually run. Fraud investigator, BSA officer, IT auditor. With MFA and OIDC authentication. The evidence an examiner asks for is a byproduct of normal operation, not a separate project.

How it works

One continuous flow from raw activity to a filed report.

01

Transactions and entities land.

In the platform through onboarding (KYC) and business onboarding (KYB, with beneficial owners and directors).

02

Detection scores the data.

The trained models compute a transaction-fraud score for each transaction and an entity-risk score from aggregate behavior and sanctions exposure.

03

Alerts are raised from the signal.

The strongest scored transaction over threshold becomes an alert, carrying its model explanation and the transactions behind it.

04

Analysts work the case.

Triage the alert, open and assign a case, pull up the UBO or money-flow graph, and screen names against the sanctions list.

05

A SAR is composed, signed, and exported.

FinCEN fields auto-map from the narrative, the SAR renders to BSA E-Filing XML, an authorized signer applies a SHA-256 signature, and the filing is downloaded for submission.

06

Everything is logged.

Each consequential action writes to the append-only audit log, feeding oversight and examiner evidence.

Proof, framed honestly

Mechanisms you can verify. Numbers framed with their conditions.

Trained models, held-out ROC-AUC approximately 0.90 and 0.95.

Transaction-fraud and entity-risk, real pipelines, recorded in a model card.

Scored in well under 1ms.

Single-transaction scoring latency, measured (p50/p95/p99) by a reproducible benchmark. Not asserted.

Real OFAC SDN screening.

A public list, normalized, with token plus fuzzy matching and a confidence score. Not a handful of hardcoded names.

Graphs from real rows.

UBO and money-flow graphs traversed from your KYB and transaction data.

Append-only audit.

Every state change recorded in-transaction, with RBAC, MFA, and OIDC.

What we deliberately do not print

We deliberately do not print "99.9% accuracy" or "sub-10ms detection" as facts. Those were slogans. The numbers above are what the code measures.

On the roadmap

Configuration and onboarding. Not rewrites. The interfaces are already in place.

Live screening-provider connectivity.

The adapter for ComplyAdvantage, Refinitiv World-Check, and Dow Jones is in place and fails closed today. Live calls await a vendor contract and credentials. The bundled OFAC matcher runs in the meantime.

Biometric fingerprint matching.

Today the biometric endpoint performs genuine image-quality validation. It decodes the capture, checks resolution, sharpness, and exposure, and rejects garbage instead of storing a blob. True 1:1 / 1:N fingerprint matching needs a certified vendor SDK (NIST NBIS-grade) and capture hardware, and is deferred until that is available.

Direct FinCEN e-filing.

Guardian composes, signs, and exports BSA E-Filing SAR XML today. Direct e-filing into FinCEN requires institutional filing credentials and is a roadmap item. Export is the Phase 1 scope.

Models trained on real institution data.

Today's models train on engineered synthetic data with realistic AML typologies behind a stable interface. Swapping in your labeled production data changes nothing downstream. It is the path to performance validated on real-world activity.

SOC 2 Type II and ISO 27001.

The controls these audits examine are already in the code. The certifications require completed third-party assessments, which are in progress.

Security and compliance

Engineered for the buyer whose data is not allowed to leave the building.

Guardian is engineered for regulated financial-crime operations from the ground up.

SOC 2-aligned controls.

Role-based access control across compliance roles, MFA and OIDC authentication, and an append-only audit log written in the same transaction as every state change.

GDPR-ready by design.

Built for institutions under strict data-handling obligations, with PII held inside your own perimeter rather than a shared cloud tenancy.

Data residency as a strength, not a checkbox.

Single-tenant, on-prem-first deployment with air-gapped support and internal-CA certificates means sovereignty and residency requirements are satisfied by architecture, not by promise. Cloud-portable later, per service, without a rewrite.

Certifications such as SOC 2 Type II and ISO 27001 are on the roadmap. The underlying controls they audit are already implemented.

See Guardian on your workflow

See Guardian on your own compliance workflow.

Bring your transactions, your entities, and your screening requirements. We will show you a computed alert with its model explanation, a real sanctions match, a UBO graph traversed from data, and a signed SAR XML. End to end, on real working software, inside your perimeter.

Explore Aelix Guardian

Frequently asked

Questions compliance teams ask in the second meeting.

Is the fraud scoring real ML, or seeded demo data?

Real ML. Guardian runs two trained scikit-learn models (a gradient-boosted transaction-fraud classifier and an entity-risk classifier) that compute scores from your actual transaction and entity rows. Alerts and risk scores are derived by the detection pass, not hardcoded in seed data. On a held-out synthetic split the models measure ROC-AUC approximately 0.90 and 0.95, with full metrics in a versioned model card.

Do you screen against real sanctions lists?

Yes. Screening runs against a committed subset of the public OFAC SDN list, with name normalization (case, diacritics, legal-suffix and honorific stripping) and token-plus-fuzzy matching that returns a confidence score and match status. A pluggable adapter for live providers (ComplyAdvantage, Refinitiv, Dow Jones) is in place and fails closed without credentials. It never fabricates a live result.

What are the models trained on, and what does that mean for us?

Today they train on engineered synthetic data with realistic AML typologies (structuring bands, high-risk corridors, dispersion, velocity) behind a stable scoring interface. Those metrics characterize the pipeline, not your portfolio. The interface is swap-ready for your labeled production data, which is the prerequisite before any production reliance and the path to performance validated on real activity.

Can we deploy this without our data leaving our network?

Yes. Guardian is single-tenant and on-prem-first. It installs inside your own perimeter, supports air-gapped deployment with internal-CA certificates, and keeps admin surfaces on your network. It is cloud-portable later, per service, if and when you choose. Without a rewrite.

Can we file SARs from Guardian today?

You can compose, sign, and export them. Guardian auto-maps FinCEN fields from the narrative, renders a BSA E-Filing v2.4 SAR XML envelope, applies a SHA-256 signature on sign-off, and lets an authorized signer download the filing. Direct e-filing into FinCEN requires institutional credentials and is on the roadmap. XML export is the current scope.

Customization available

Need this tailored to your environment?

Every Aelix product can be configured, extended, or built bespoke for your industry, data sources, and compliance constraints. Talk to our engineers about what would change.

Configurable workflows

Adapt rules, thresholds, and approval flows to match your operational policies.

Custom data integrations

Connect to your specific ERP, MES, SCADA, CRM, or proprietary systems.

Bespoke modules

Build product extensions tailored to your industry, region, or compliance needs.