How to Build a compliance checking Agent Using CrewAI in TypeScript for wealth management

A compliance checking agent for wealth management reviews client-facing content, portfolio recommendations, and advisor notes against policy rules before they go out the door. It matters because one bad recommendation, missing disclosure, or unsuitable product suggestion can trigger regulatory exposure, client harm, and expensive remediation.

Architecture

• •

  Input collector

  • •Pulls the artifact to review: email draft, proposal text, call summary, or investment memo.
  • •Normalizes metadata like client jurisdiction, account type, risk profile, and advisor role.
• •

  Policy knowledge source

  • •Holds house rules for suitability, disclosure language, restricted products, marketing approvals, and jurisdiction-specific constraints.
  • •Should be versioned so every decision can be traced to a specific policy revision.
• •

  Compliance analysis agent

  • •Uses a CrewAI Agent to inspect the content for violations.
  • •Produces structured findings: severity, rule violated, evidence snippet, and recommended fix.
• •

  Audit logger

  • •Persists the input hash, model output, policy version, timestamp, and reviewer identity.
  • •Needed for internal audit and regulator review.
• •

  Decision gate

  • •Converts findings into an allow / block / needs-review outcome.
  • •In wealth management, this should default to human review when confidence is low or the content touches regulated products.
• •

  Output formatter

  • •Returns a clean JSON payload for downstream systems like CRM, approval workflows, or advisor tools.

Implementation

1) Install dependencies and define your compliance contract

Use the TypeScript package for CrewAI plus a schema validator. The key is to force structured output so your downstream workflow does not parse free text.

npm install @crewai/crewai zod

Define the shape of the decision first:

import { z } from "zod";

export const ComplianceFindingSchema = z.object({
  ruleId: z.string(),
  severity: z.enum(["low", "medium", "high", "critical"]),
  evidence: z.string(),
  recommendation: z.string()
});

export const ComplianceResultSchema = z.object({
  verdict: z.enum(["approve", "needs_review", "reject"]),
  summary: z.string(),
  findings: z.array(ComplianceFindingSchema),
  auditNotes: z.string()
});

export type ComplianceResult = z.infer<typeof ComplianceResultSchema>;

2) Create a compliance agent with explicit guardrails

For wealth management, keep the agent narrow. It should review against policy and flag risk; it should not invent legal advice or rewrite disclosures without approval.

import { Agent } from "@crewai/crewai";

export const complianceAgent = new Agent({
  name: "Wealth Management Compliance Checker",
  role: "Compliance reviewer for advisor communications and recommendations",
  goal:
    "Detect suitability issues, missing disclosures, restricted product references, and jurisdictional violations in wealth management content.",
  backstory:
    "You are a senior compliance analyst reviewing client-facing material under strict audit requirements.",
  verbose: true,
});

3) Build a task that forces structured review output

The task should include client context because suitability depends on it. A recommendation that is fine for an accredited investor may be wrong for a retail client.

import { Task } from "@crewai/crewai";
import { ComplianceResultSchema } from "./schemas";
import { complianceAgent } from "./agent";

export const buildComplianceTask = (input: {
  documentText: string;
  clientJurisdiction: string;
  accountType: string;
  riskProfile: string;
}) =>
  new Task({
    description: `
Review this wealth management content for compliance issues.

Client jurisdiction: ${input.clientJurisdiction}
Account type: ${input.accountType}
Risk profile: ${input.riskProfile}

Content:
${input.documentText}

Check for:
- suitability mismatches
- missing risk disclosures
- performance promises
- prohibited language
- restricted product mentions
- jurisdiction-specific issues
Return only structured findings.
`,
    expectedOutput:
      "A JSON object with verdict, summary, findings array, and auditNotes.",
    agent: complianceAgent,
    outputJsonSchema: ComplianceResultSchema
  });

4) Run the crew and persist an audit trail

This pattern keeps execution simple while still giving you traceability. In production you would write the result to your audit store with a hash of the input document and policy version.

import { Crew } from "@crewai/crewai";
import { buildComplianceTask } from "./task";

async function main() {
  const task = buildComplianceTask({
    documentText:
      "We recommend allocating 40% to private credit. This will outperform public markets.",
    clientJurisdiction: "US",
    accountType: "discretionary",
    riskProfile: "moderate"
  });

  const crew = new Crew({
    agents: [task.agent],
    tasks: [task]
  });

  const result = await crew.kickoff();

  console.log(JSON.stringify(result.raw ?? result.output ?? result));
}

main().catch(console.error);

If you want stricter control over the final decision gate, wrap the output in your own business logic:

function decide(verdict: string) {
  if (verdict === "reject") return "block";
  if (verdict === "needs_review") return "human_review";
  return "allow";
}

Production Considerations

• •

  Deploy inside your data boundary

  • •Wealth management content often contains PII and confidential portfolio data.
  • •Keep model calls in approved regions and avoid sending raw client identifiers unless required.
• •

  Version policies separately from code

  • •Store suitability rules, disclosure templates, and restricted lists as versioned artifacts.
  • •Log policyVersion alongside every decision so auditors can reproduce outcomes later.
• •

  Add deterministic guardrails

  • •Use schema validation on every response.
  • •Reject any output that is not valid JSON or that omits evidence snippets tied to specific rules.
• •

  Monitor false negatives aggressively

  • •Track how many risky drafts pass through without being flagged. ``

Keep learning

• •The complete AI Agents Roadmap — my full 8-step breakdown
• •Free: The AI Agent Starter Kit — PDF checklist + starter code
• •Work with me — I build AI for banks and insurance companies

By Cyprian Aarons, AI Consultant at Topiax.