How to Build a KYC verification Agent Using AutoGen in TypeScript for insurance

By Cyprian AaronsUpdated 2026-04-21
kyc-verificationautogentypescriptinsurance

A KYC verification agent for insurance takes customer identity data, checks it against policy and compliance rules, and decides whether the case is clean, needs manual review, or must be rejected. In insurance, that matters because onboarding delays cost conversions, weak KYC creates regulatory exposure, and every decision needs an audit trail that compliance can defend.

Architecture

Build this agent with a small set of components that map to real insurance operations:

  • Case intake layer

    • Receives applicant data from your onboarding flow.
    • Normalizes fields like name, DOB, address, nationality, and ID document metadata.

  • KYC policy agent

    • Uses AutoGen to reason over the case against your internal KYC rules.
    • Produces a structured decision: approve, review, or reject.

  • Evidence retrieval tools

    • Pulls sanctions screening results, PEP checks, document OCR output, and internal customer history.
    • Keeps the model grounded in facts instead of free-form inference.

  • Audit logger

    • Stores inputs, tool outputs, model messages, and final decision.
    • Needed for compliance reviews and post-incident reconstruction.

  • Human review handoff

    • Routes ambiguous or high-risk cases to an underwriter or compliance analyst.
    • Prevents the agent from making unsupported decisions.

  • Policy store

    • Holds jurisdiction-specific rules for residency, document types, thresholds, and retention requirements.
    • Lets you vary behavior by country without changing code.

Implementation

1) Install AutoGen for TypeScript and define your KYC types

Use the TypeScript AutoGen package and keep your domain objects explicit. For insurance workflows, structured input matters more than chatty prompts.

npm install @autogenai/autogen zod

import { AssistantAgent } from "@autogenai/autogen";
import { z } from "zod";

const KycCaseSchema = z.object({
  caseId: z.string(),
  fullName: z.string(),
  dateOfBirth: z.string(),
  countryOfResidence: z.string(),
  idType: z.enum(["passport", "national_id", "drivers_license"]),
  idNumber: z.string(),
  sanctionsHit: z.boolean(),
  pepHit: z.boolean(),
  ocrConfidence: z.number().min(0).max(1),
});

type KycCase = z.infer<typeof KycCaseSchema>;

type KycDecision = {
  verdict: "approve" | "review" | "reject";
  reasons: string[];
  riskScore: number;
};

2) Create an AutoGen assistant with a strict insurance prompt

The agent should act like a compliance analyst, not a general-purpose chatbot. Keep the prompt focused on policy interpretation and escalation logic.

const kycAgent = new AssistantAgent({
  name: "kyc_verification_agent",
  systemMessage: `
You are a KYC verification agent for an insurance company.
Your job is to assess onboarding cases using only the provided facts and policy rules.

Rules:
- Do not invent missing data.
- If sanctionsHit or pepHit is true, escalate to review unless policy says reject.
- If ocrConfidence is below 0.85, escalate to review.
- Return a concise JSON object with verdict, reasons, and riskScore.
- Consider compliance impact, auditability, and jurisdiction-specific residency constraints.
`,
});

3) Add a tool-backed workflow for evidence-driven decisions

In production you should not ask the model to guess. Feed it evidence from screening systems and let it reason over those results. The pattern below uses AutoGen’s chat API directly with a single assistant message payload.

async function verifyKyc(caseData: KycCase): Promise<KycDecision> {
  const parsed = KycCaseSchema.parse(caseData);

  const prompt = `
KYC case:
${JSON.stringify(parsed, null, 2)}

Return JSON only in this shape:
{
  "verdict": "approve" | "review" | "reject",
  "reasons": string[],
  "riskScore": number
}
`;

  const result = await kycAgent.run(prompt);
  
  const content = result.messages.at(-1)?.content;
  if (typeof content !== "string") {
    throw new Error("Unexpected agent response format");
    }

  const decision = JSON.parse(content) as KycDecision;

  if (!["approve", "review", "reject"].includes(decision.verdict)) {
    throw new Error("Invalid verdict");
  }

  return decision;
}

4) Wrap the agent in an auditable service boundary

Insurance teams need deterministic logs. Store the raw case payload, model output, versioned policy snapshot, and final disposition in your audit store.

async function handleKycRequest(input: unknown) {
  const caseData = KycCaseSchema.parse(input);
  
    const decision = await verifyKyc(caseData);

    const auditRecord = {
      caseId: caseData.caseId,
      input: caseData,
      decision,
      agentName: "kyc_verification_agent",
      policyVersion: "kyc-policy-v3.2",
      timestamp: new Date().toISOString(),
    };

    // persistAudit(auditRecord)
    console.log(JSON.stringify(auditRecord, null, 2));

    return decision;
}

Production Considerations

  • Deploy in-region

    • Keep customer identity data in the same jurisdiction where your insurance entity operates.
    • This matters for GDPR, local banking-style privacy laws, and insurer data residency commitments.

  • Log everything needed for audit

    • Store prompts, tool outputs, policy version IDs, model version IDs, and final verdicts.
    • Make sure auditors can reconstruct why a case was approved or escalated.

  • Use hard guardrails for high-risk outcomes

    • Never let the model auto-reject without deterministic rule support.
    • For sanctions hits or low OCR confidence thresholds, force human review if your compliance team requires it.

  • Monitor false positives by segment

    • Track rejection and review rates by geography, document type, product line, and channel partner.
    • Insurance distributors often create skewed onboarding patterns that look like fraud but are just bad upstream data quality.

Common Pitfalls

  • Letting the model make unsupported judgments

    If you pass raw applicant data without screening results or policy context, the agent will fill gaps with inference. Avoid this by grounding every decision in explicit tool outputs and rules.

  • Skipping audit metadata

    A clean verdict is useless if you cannot explain it later. Always persist the exact input payloads plus model versioning and policy snapshots.

  • Using one global policy for all jurisdictions

    KYC requirements differ across countries and product lines. Split policy configuration by region so residency rules, document acceptance criteria, and escalation thresholds stay compliant.

Keep learning

By Cyprian Aarons, AI Consultant at Topiax.

ShareX / TwitterLinkedIn

Want the complete 8-step roadmap?

Grab the free AI Agent Starter Kit — architecture templates, compliance checklists, and a 7-email deep-dive course.

Get the Starter Kit

Related Guides

Related
build claims processing agent langchain python insurance
Related
build fraud detection agent llamaindex typescript healthcare
Related
build kyc verification agent llamaindex typescript healthcare
Related
build document extraction agent llamaindex typescript pension funds
Related
build underwriting agent llamaindex typescript investment banking