Architecture · AI governance

Why our AI agents never make decisions

The architecture behind recommendation agents, and why human sign-off is not a limitation, it is the design.

Profile

  • Industry: Investment management
  • Location: Singapore (MAS-regulated)
  • Focus: AI governance architecture
  • Solution: Prudexis Recommendation Agent framework
  • Principle: Every agent output is a recommendation. Every decision is human.

The question every compliance head should ask

Before deploying AI in any regulated compliance workflow, there is one question that matters above all others: who is responsible for the decision?

Not who built the system. Not who configured it. Who is responsible when a specific decision is made about a specific customer on a specific day.

The answer, under MAS and every other serious regulatory framework, is the same: the firm. And within the firm, the compliance officer who signed off.

This is not a constraint on AI. It is the correct architecture for AI in compliance. And it is the architecture Prudexis is built around.

The recommendation agent model

Recommend, never decide. The agent's job is to make every decision defensible. The compliance officer's job is to make it.

The agent reviews the available evidence, applies the firm's uploaded policies, assesses the customer's circumstances, and produces a structured recommendation with its reasoning made explicit. The compliance officer reads the recommendation, evaluates the reasoning, and makes the decision. Their sign-off is logged. The audit trail captures both what the agent concluded and what the human confirmed.

This is not a compromise between automation and oversight. It is a deliberate design choice that produces better compliance outcomes than either extreme.

Pure automation removes the human judgment that regulators expect to see. Pure manual review introduces the inconsistency that undermines governance. Recommendation agents do neither.

Agent

Prepares

Reviews evidence, applies firm policies, and produces a structured recommendation with explicit reasoning.

Human

Decides

Reads the recommendation, evaluates the reasoning, approves, edits, or escalates. Accountable for the outcome.

Audit trail

Proves it

Agent reasoning and human confirmation are both captured. Every decision is evidenced, every time.

How it works across the platform

Prudexis is implementing the recommendation agent model across the compliance workflow. Three areas show how it operates in practice.

Screening and hit review

Live

When a watchlist hit is recorded, the agent reviews the investor profile, cross-references the watchlist entry, and produces a structured false-positive assessment with recommendation and rationale. The analyst reviews and confirms.

This was the first workflow Prudexis deployed the model in, and it remains a clear illustration of the principle: the agent does the analytical work, the human makes the call.

Policy-grounded CDD checklists

Live

Firms define CDD checklists with specific policy-derived requirements, and agents assess each item against the evidence on file.

The checklist item is precise. Not "check identification" but "a copy of a valid identification document is present in the files and the date on the document is not expired." The agent reviews uploaded documents, assesses each item against that standard, and returns pass or fail with evidence and reasoning.

If a utility bill is on file instead of a passport, the agent does not silently pass review. It flags the item as a fail, explains why a utility bill does not meet identification requirements under MAS regulations, and surfaces the gap for the analyst to act on.

This is policy operationalization at document level. The checklist is not a reminder. It is a structured assessment with every item evidenced and reasoned.

Risk ratings under the MAS framework

Coming next

The next phase is agent-generated risk ratings under the full MAS framework. The agent will assess customer profile across customer, product, channel, and geographic risk dimensions, apply firm risk weighting policy, and produce a recommended rating with documented rationale.

The output is not just a score. It is a reasoned assessment that shows regulators the firm considered the customer's specific circumstances, not only a formula.

What the screenshot shows

The following is not a mock-up. It is the Prudexis agent reviewing a real CDD checklist item.

CDD review #4 · checklist item assessment

Fail
Item A copy of a valid identification document is present in the files and the date on the document is not expired.

Only a proof-of-address document (utility bill) was found in Emma Reed's files. A utility bill is not a valid identification document. A valid identification document, such as a passport, driver's licence, or national ID card, is required to meet this requirement. The utility bill serves as address verification only and does not satisfy identification requirements for CDD review under Monetary Authority of Singapore regulations.

Next step The analyst sees exactly what is missing, exactly why it fails, and exactly which regulatory requirement it implicates. The decision about how to proceed is theirs.

Why this architecture matters for governance

The recommendation agent model produces something neither pure automation nor manual review reliably generates: a complete, reasoned record of every compliance decision.

  • Every checklist item has a status, an evidence reference, and a reasoning note.
  • Every risk recommendation has a rationale grounded in firm policy and MAS criteria.
  • Every hit assessment has a structured analysis the analyst can read and evaluate.
  • Every decision has a named human who reviewed the reasoning and confirmed it.

When a regulator examines compliance records, they do not just see outcomes. They see the thinking behind them: specific evidence considered, policy criteria applied, gaps identified, and the human judgment that resolved each case.

The broader principle

There is a version of AI in compliance that removes humans from the loop in the name of efficiency. Prudexis is not that.

The goal is not to automate decisions. The goal is to ensure every decision is made with the best available information, assessed against firm policy, with a full record of supporting reasoning, and a human compliance officer responsible for the outcome.

The agent prepares. The analyst decides. The audit trail proves it.

That is the architecture and the only architecture defensible in a regulated environment.

Customer quote

"I always know exactly why a decision was made. The agent shows its work. My team confirms it. That's the standard I want to be held to."

Head of Compliance, MAS-licensed fund manager, Singapore

Regulatory responsibility

Prudexis is compliance software and does not replace your internal AML/CFT programme, legal advice, or licensing obligations. All agent outputs are recommendations. Each firm remains responsible for final case decisions, policy interpretation, and local regulatory filings. Prudexis supports implementation with clear controls, structured documentation, and a full audit trail.

Book a demo Back to Prudexis