How to Build a compliance checking Agent Using CrewAI in Python for pension funds

A compliance checking agent for pension funds reviews documents, filings, investment actions, and member communications against regulatory rules before they go out or get executed. It matters because pension funds operate under strict obligations around fiduciary duty, disclosure, data retention, and jurisdiction-specific rules, so catching violations early reduces regulatory exposure and audit pain.

Architecture

• •

  Document intake layer

  • •Pulls policy docs, investment memos, member notices, and transaction summaries from approved sources.
  • •Normalizes PDF/text/HTML into plain text before analysis.
• •

  Rules and policy context

  • •Holds pension-fund-specific controls: disclosure requirements, investment restrictions, record retention rules, and jurisdiction filters.
  • •Should be versioned so every decision can be traced to the rule set in force at the time.
• •

  CrewAI agent layer

  • •One agent specializes in compliance review.
  • •Another agent can summarize findings into audit-ready language.
• •

  Tooling layer

  • •A retrieval tool for internal policies and regulatory excerpts.
  • •A file or database lookup tool for fund-specific rules and approved templates.
• •

  Decision and escalation layer

  • •Produces pass/fail/needs-review outputs.
  • •Escalates ambiguous cases to a human compliance officer.
• •

  Audit logging layer

  • •Stores input hashes, rule versions, model outputs, and reviewer actions.
  • •Required for defensible decisions during regulator or trustee review.

Implementation

1) Install CrewAI and define the compliance scope

Use CrewAI plus a simple retrieval setup. For pension funds, keep the scope narrow: one jurisdiction, one fund policy set, one document type at a time.

pip install crewai crewai-tools python-dotenv

Create a policy context that the agent will use every run. This keeps the output grounded in fund rules instead of generic LLM advice.

from dotenv import load_dotenv
from crewai import Agent, Task, Crew
from crewai_tools import FileReadTool

load_dotenv()

policy_tool = FileReadTool(file_path="policies/pension_fund_compliance_policy.md")

compliance_agent = Agent(
    role="Pension Fund Compliance Analyst",
    goal="Check pension fund documents against internal compliance policies and flag violations",
    backstory=(
        "You review pension fund materials for regulatory risk, "
        "fiduciary issues, disclosure gaps, and retention problems."
    ),
    tools=[policy_tool],
    verbose=True,
)

2) Create a task that forces structured compliance output

Do not ask for free-form analysis. Force the model to return an audit-friendly structure with clear disposition and evidence references.

review_task = Task(
    description=(
        "Review the following pension fund document for compliance issues.\n\n"
        "Document:\n"
        "{document_text}\n\n"
        "Use the policy file as the source of truth.\n"
        "Return:\n"
        "1. disposition: PASS | FAIL | NEEDS_REVIEW\n"
        "2. issues: bullet list of specific violations\n"
        "3. cited_policy_sections: list of section names or headings\n"
        "4. recommended_fix: concise remediation steps\n"
        "5. audit_summary: one paragraph suitable for compliance records"
    ),
    expected_output="Structured compliance assessment with disposition, issues, citations, remediation, and audit summary.",
    agent=compliance_agent,
)

3) Run the crew on a real document payload

This pattern works well when your upstream system extracts text from a PDF or Word file first. In production, keep extraction outside the LLM and pass only normalized text into the task.

def check_compliance(document_text: str):
    crew = Crew(
        agents=[compliance_agent],
        tasks=[review_task],
        verbose=True,
    )

    result = crew.kickoff(inputs={"document_text": document_text})
    return result


if __name__ == "__main__":
    sample_doc = """
    Proposed member communication states that benefits may be withdrawn
    without notice if administrative delays occur. It also includes no
    retention period for member consent records.
    """

    output = check_compliance(sample_doc)
    print(output)

4) Add a second agent for escalation summaries

For pension funds you usually need a clean handoff to legal or compliance officers. A second agent can convert findings into an escalation note without changing the underlying decision.

escalation_agent = Agent(
    role="Compliance Escalation Writer",
    goal="Turn compliance findings into an action note for human reviewers",
    backstory="You write short escalation notes for trustees and compliance teams.",
    verbose=True,
)

escalation_task = Task(
    description=(
        "Given this compliance result:\n{result}\n\n"
        "Write an escalation note with:\n"
        "- risk level\n"
        "- why it matters for a pension fund\n"
        "- what human reviewer should verify next"
    ),
    expected_output="Short escalation note.",
    agent=escalation_agent,
)

Production Considerations

• •

  Data residency

  • •Keep member data and fund documents inside approved regions.
  • •If your pension fund operates across jurisdictions, route EU/UK/member data to region-specific storage and models where required by policy.
• •

  Auditability

  • •Persist every run with document hash, policy version, agent version, timestamp, disposition, and reviewer override.
  • •Regulators care less about “the model said so” and more about reproducible evidence.
• •

  Guardrails

  • •Use deterministic pre-checks before the LLM: missing signatures, stale disclosures, unsupported jurisdictions.
  • •Reject documents that are out of scope instead of forcing an uncertain answer.
• •

  Human-in-the-loop controls

  • •Auto-pass low-risk items only when rules are explicit.
  • •Anything involving benefit changes, transfer restrictions, suitability language, or trustee decisions should go to manual review.

Common Pitfalls

1. •

   Using generic prompts without pension-specific policy context

   • •The agent will produce plausible but useless answers.
   • •Fix it by grounding every run in versioned internal policies plus jurisdiction-specific rules.
2. •

   Letting the model make final decisions on ambiguous cases

   • •That creates governance risk when disclosures are incomplete or regulations conflict.
   • •Fix it by using NEEDS_REVIEW as a first-class outcome and routing to humans.
3. •

   Skipping traceability

   • •If you cannot show what rule triggered a failure, your output is weak during audits.
   • •Fix it by storing citations to policy sections alongside each decision and keeping immutable logs of inputs and outputs.

Keep learning

• •The complete AI Agents Roadmap — my full 8-step breakdown
• •Free: The AI Agent Starter Kit — PDF checklist + starter code
• •Work with me — I build AI for banks and insurance companies

By Cyprian Aarons, AI Consultant at Topiax.