How to Build a compliance checking Agent Using AutoGen in Python for investment banking

A compliance checking agent in investment banking reviews client emails, trade summaries, pitch decks, and internal chat transcripts against firm policy, regulatory rules, and jurisdiction-specific controls before anything gets sent or approved. It matters because the cost of a missed restriction is not just rework — it can mean regulatory breaches, audit findings, reputational damage, and blocked transactions.

Architecture

• •

  Policy ingestion layer

  • •Loads house rules, restricted lists, jurisdiction constraints, and approval thresholds from controlled sources.
  • •Keep this separate from the agent logic so compliance can update rules without code changes.
• •

  Document normalization layer

  • •Converts emails, PDFs, notes, and structured trade data into a common text payload.
  • •This is where you redact PII, normalize timestamps, and tag the business context.
• •

  Compliance analysis agent

  • •Uses an AssistantAgent to inspect the payload and produce a structured risk assessment.
  • •The output should be machine-readable: breach type, severity, rationale, and recommended action.
• •

  Review / escalation agent

  • •Uses a second AssistantAgent to validate borderline cases and request escalation when confidence is low.
  • •In banking, this should default to “escalate” rather than “approve” when evidence is incomplete.
• •

  Orchestration layer

  • •Uses GroupChat and GroupChatManager to coordinate analysis between agents.
  • •This keeps the workflow explicit and auditable.
• •

  Audit logging layer

  • •Persists inputs, outputs, model version, policy version, timestamps, and final disposition.
  • •You need this for internal audit and regulator-facing evidence.

Implementation

1. •Install AutoGen and define your compliance schema

Use the current AutoGen API from autogen. For a production workflow you want deterministic outputs from the model as much as possible, so ask for JSON-like structure in the prompt and validate it in code.

from autogen import AssistantAgent

compliance_agent = AssistantAgent(
    name="compliance_agent",
    llm_config={
        "config_list": [
            {
                "model": "gpt-4o-mini",
                "api_key": "YOUR_OPENAI_API_KEY",
            }
        ],
        "temperature": 0,
    },
)

review_agent = AssistantAgent(
    name="review_agent",
    llm_config={
        "config_list": [
            {
                "model": "gpt-4o-mini",
                "api_key": "YOUR_OPENAI_API_KEY",
            }
        ],
        "temperature": 0,
    },
)

2. •Build the compliance prompt around bank policy

The prompt needs explicit instructions for investment banking concerns: MNPI handling, restricted issuer lists, marketing approval rules, cross-border disclosures, and record retention. Do not rely on generic “be careful” language.

from autogen import UserProxyAgent

user_proxy = UserProxyAgent(
    name="user_proxy",
    human_input_mode="NEVER",
    max_consecutive_auto_reply=1,
)

policy_context = """
You are a compliance checking agent for an investment bank.
Check for:
- MNPI / insider information
- Restricted securities or issuers
- Missing legal disclaimers
- Unapproved marketing statements
- Cross-border data transfer issues
- Client confidentiality breaches

Return valid JSON with:
{
  "decision": "approve" | "reject" | "escalate",
  "severity": "low" | "medium" | "high",
  "issues": [{"type": "...", "detail": "..."}],
  "rationale": "...",
  "recommended_action": "..."
}
"""

payload = """
Draft email:
We should tell the client that our desk expects XYZ Corp to beat earnings next week.
Also attach the latest pitch book with performance figures.
"""

result = user_proxy.initiate_chat(
    compliance_agent,
    message=f"{policy_context}\n\nReview this material:\n{payload}",
)

3. •Add a second-agent review path for borderline cases

In banking workflows, a single model pass is not enough for high-risk items. Use another agent to review escalations and force human sign-off when needed. GroupChat gives you a clean way to structure that handoff.

from autogen import GroupChat, GroupChatManager

groupchat = GroupChat(
    agents=[compliance_agent, review_agent],
    messages=[],
    max_round=4,
)

manager = GroupChatManager(
    groupchat=groupchat,
    llm_config={
        "config_list": [
            {
                "model": "gpt-4o-mini",
                "api_key": "YOUR_OPENAI_API_KEY",
            }
        ],
        "temperature": 0,
    },
)

user_proxy.initiate_chat(
    manager,
    message="""
Assess this trade-related communication for compliance risk.
If there is any ambiguity around MNPI or restricted issuer references,
escalate instead of approving.
""",
)

4. •Persist results for audit and downstream controls

The agent output should be stored alongside policy versioning and document hashes. In practice you would write this into your case management system or GRC platform.

import json
from datetime import datetime

def persist_audit_record(input_text: str, output_text: str):
    record = {
        "timestamp_utc": datetime.utcnow().isoformat(),
        "input_hash": hash(input_text),
        "output_raw": output_text,
        "policy_version": "2026.04.1",
        "model_name": "gpt-4o-mini",
        "workflow": "investment_banking_compliance_check",
    }
    with open("audit_log.jsonl", "a", encoding="utf-8") as f:
        f.write(json.dumps(record) + "\n")

Production Considerations

• •

  Deploy inside your controlled environment

  • •For investment banking data, keep prompts and outputs inside approved cloud regions or on-prem infrastructure where required.
  • •Check data residency before routing content to external APIs.
• •

  Log everything needed for audit

  • •Store input document IDs, policy versions, model versions, timestamps, final decision, and human override actions.
  • •Regulators care about traceability more than clever prompts.
• •

  Add deterministic guardrails before model execution

  • •Block obviously prohibited content with rule-based checks first: sanctions names, confidential deal codes, unapproved external recipients.
  • •Use the agent for judgment calls; use code for hard stops.
• •

  Require human approval on high-risk classes

  • •Anything involving MNPI suspicion, cross-border disclosures, restricted securities, or client-facing marketing should escalate automatically.
  • •The agent should recommend; it should not be the final approver.

Common Pitfalls

• •

  Treating the LLM as the policy source of truth

  • •Don’t let the model invent compliance rules from memory.
  • •Load policies from governed documents or rule engines and inject them into every run.
• •

  Skipping structured outputs

  • •Free-form prose is hard to route into case management systems.
  • •Force JSON-like responses with fields such as decision, severity, issues, and recommended_action.
• •

  Ignoring jurisdiction differences

  • •A communication acceptable under one regime may fail under another because of disclosure or retention rules.
  • •Tag every request with region context: US broker-dealer rules are not the same as UK FCA or EU MiFID workflows.

Keep learning

• •The complete AI Agents Roadmap — my full 8-step breakdown
• •Free: The AI Agent Starter Kit — PDF checklist + starter code
• •Work with me — I build AI for banks and insurance companies

By Cyprian Aarons, AI Consultant at Topiax.