How to Build a fraud detection Agent Using LlamaIndex in Python for investment banking

A fraud detection agent in investment banking watches transaction streams, client activity, and internal case notes, then flags patterns that look like market abuse, account takeover, sanctions evasion, or suspicious wire behavior. It matters because the cost of missing a real issue is not just financial loss; it is regulatory exposure, audit failure, and reputational damage.

Architecture

• •

  Data ingestion layer

  • •Pulls structured data from trades, payments, KYC records, alerts, and case management systems.
  • •Normalizes records into a common schema with timestamps, entity IDs, and jurisdiction tags.
• •

  Document index

  • •Stores policies, prior investigations, SAR/STR guidance, compliance playbooks, and escalation procedures.
  • •Uses VectorStoreIndex so the agent can retrieve relevant precedent before making a recommendation.
• •

  Risk reasoning layer

  • •Uses an LLM with retrieval to explain why an event is suspicious.
  • •Produces a short rationale tied to policy references and historical cases.
• •

  Tooling layer

  • •Exposes deterministic tools for transaction lookup, client profile lookup, sanctions screening, and alert status updates.
  • •Keeps the agent from hallucinating over core facts.
• •

  Audit and evidence layer

  • •Captures every prompt, retrieved chunk, tool call, and final answer.
  • •Required for model governance and regulator review.
• •

  Human escalation workflow

  • •Routes high-risk cases to investigators instead of auto-closing them.
  • •Preserves maker-checker controls common in investment banking.

Implementation

1) Install the right packages

Use LlamaIndex core plus an OpenAI-backed LLM for the reasoning layer. In production you would swap the model provider to match your bank’s approved stack.

pip install llama-index llama-index-llms-openai llama-index-embeddings-openai

Set your API key in the environment:

export OPENAI_API_KEY="your-key"

2) Load fraud policy documents into a vector index

This example indexes internal fraud procedures and investigation notes. In practice these files should live in a controlled repository with residency constraints enforced at the storage layer.

from llama_index.core import VectorStoreIndex, SimpleDirectoryReader
from llama_index.embeddings.openai import OpenAIEmbedding

# Load internal documents: policies, playbooks, prior case summaries
documents = SimpleDirectoryReader(
    input_dir="./fraud_docs",
    recursive=True
).load_data()

# Build an index for retrieval
embed_model = OpenAIEmbedding(model="text-embedding-3-small")
index = VectorStoreIndex.from_documents(
    documents,
    embed_model=embed_model,
)

retriever = index.as_retriever(similarity_top_k=3)

This gives the agent access to policy context without hardcoding rules into prompts. For banking use cases that matters because policy changes faster than code deployments.

3) Add deterministic tools for transaction facts

The agent should not guess at balances or customer status. Use tools backed by your systems of record so the model only reasons over verified facts.

from typing import List
from llama_index.core.tools import FunctionTool

# Mock source of truth functions
def get_client_risk_rating(client_id: str) -> str:
    return "high"

def get_recent_wire_activity(client_id: str) -> List[dict]:
    return [
        {"amount": 2500000, "currency": "USD", "destination_country": "AE"},
        {"amount": 2400000, "currency": "USD", "destination_country": "AE"},
    ]

risk_tool = FunctionTool.from_defaults(fn=get_client_risk_rating)
wire_tool = FunctionTool.from_defaults(fn=get_recent_wire_activity)

In a real deployment these functions would query internal APIs behind authentication and full audit logging. Keep them read-only unless you explicitly need case actions like “create alert” or “assign investigator.”

4) Build the fraud detection agent

Use ReActAgent so the model can retrieve policy context and call tools before producing a recommendation. That pattern is useful when the answer needs both evidence and explanation.

from llama_index.core.agent import ReActAgent
from llama_index.llms.openai import OpenAI

llm = OpenAI(model="gpt-4o-mini", temperature=0)

agent = ReActAgent.from_tools(
    tools=[risk_tool, wire_tool],
    llm=llm,
    retriever=retriever,
    verbose=True,
)

query = """
Review client C123 for potential fraud risk.
Explain whether recent activity looks suspicious,
reference applicable policy guidance,
and recommend escalate or close.
"""

response = agent.chat(query)
print(response)

The important part here is that the model has three inputs:

• •verified client facts from tools
• •relevant policy text from retrieval
• •a constrained instruction to recommend action

That combination is what makes this usable in investment banking instead of being just another chatbot.

Production Considerations

• •

  Compliance and auditability

  • •Log every prompt, retrieved node ID, tool call result, and final decision.
  • •Keep immutable audit trails for model outputs that feed surveillance or investigations.
• •

  Data residency and access control

  • •Keep customer data in-region if your booking entities require it.
  • •Enforce row-level permissions so an analyst in one desk cannot query another desk’s cases through the agent.
• •

  Human-in-the-loop thresholds

  • •Never let the agent auto-close high-severity alerts.
  • •Use explicit thresholds for escalation when patterns involve sanctions exposure, politically exposed persons, or cross-border wires.
• •

  Monitoring and drift checks

  • •Track false positives by segment: region, product type, client tier, desk.
  • •Revalidate prompts and retrieval quality whenever policies or typologies change.

Common Pitfalls

1. •

   Using the LLM as the source of truth

   • •Mistake: asking it to infer balances, ownership structure, or trade details from memory.
   • •Fix: expose those facts through tools backed by systems of record.
2. •

   Skipping policy retrieval

   • •Mistake: relying on generic fraud prompts without current bank policy context.
   • •Fix: index internal procedures with VectorStoreIndex and retrieve before reasoning.
3. •

   Ignoring governance requirements

   • •Mistake: shipping an agent that cannot explain why it escalated a case.
   • •Fix: store evidence traces, retrieved chunks, model version IDs, and tool outputs for every decision path.

A fraud detection agent built this way does not replace investigators. It reduces noise, prioritizes real risk faster, and gives compliance teams an auditable trail they can defend in front of regulators.

Keep learning

• •The complete AI Agents Roadmap — my full 8-step breakdown
• •Free: The AI Agent Starter Kit — PDF checklist + starter code
• •Work with me — I build AI for banks and insurance companies

By Cyprian Aarons, AI Consultant at Topiax.