How to Build a transaction monitoring Agent Using AutoGen in Python for pension funds

A transaction monitoring agent for pension funds watches contribution, withdrawal, transfer, and investment activity, then flags patterns that may indicate fraud, policy breaches, or regulatory issues. It matters because pension operations are high-trust systems: a missed anomaly can become a compliance failure, an audit finding, or a member-impacting loss.

Architecture

• •

  Data ingestion layer

  • •Pulls transactions from core pension admin systems, custodians, and payment rails.
  • •Normalizes fields like member ID, employer ID, amount, timestamp, jurisdiction, and transaction type.
• •

  Rules and policy engine

  • •Encodes pension-specific controls such as contribution caps, early withdrawal checks, duplicate payments, and suspicious transfer patterns.
  • •Produces deterministic flags before any LLM reasoning happens.
• •

  AutoGen agent orchestrator

  • •Uses AssistantAgent to analyze flagged cases.
  • •Uses UserProxyAgent or a custom executor to run deterministic tools like SQL queries or rule checks.
• •

  Evidence retrieval layer

  • •Fetches member history, plan rules, KYC status, prior alerts, and audit notes.
  • •Keeps the agent grounded in source data instead of free-form guesses.
• •

  Case management output

  • •Writes alert summaries into a case system with reason codes, confidence scores, and evidence references.
  • •Supports reviewer sign-off and audit trails.
• •

  Governance and audit logging

  • •Stores prompts, tool calls, outputs, model version, and final decisions.
  • •Required for compliance review and post-incident reconstruction.

Implementation

1) Install AutoGen and define the transaction schema

Use the current AutoGen Python package and keep your transaction record explicit. Pension workflows break when developers pass around loose dictionaries with missing fields.

pip install pyautogen pydantic

from pydantic import BaseModel
from typing import Literal

class Transaction(BaseModel):
    transaction_id: str
    member_id: str
    employer_id: str | None = None
    txn_type: Literal["contribution", "withdrawal", "transfer", "investment"]
    amount: float
    currency: str
    country: str
    timestamp: str
    channel: str

2) Build deterministic checks before the LLM sees anything

For pension funds, you want rules to catch obvious policy breaches first. The agent should investigate exceptions, not rediscover business logic.

def rule_flags(txn: Transaction) -> list[str]:
    flags = []

    if txn.txn_type == "withdrawal" and txn.amount > 50000:
        flags.append("HIGH_VALUE_WITHDRAWAL")

    if txn.txn_type == "transfer" and txn.country not in {"ZA", "BW", "NA"}:
        flags.append("CROSS_BORDER_TRANSFER")

    if txn.txn_type == "contribution" and txn.amount > 30000:
        flags.append("POTENTIAL_CONTRIBUTION_CAP_BREACH")

    return flags

3) Create an AutoGen assistant that writes case notes from evidence

Here is the actual AutoGen pattern using AssistantAgent plus a callable tool. The tool returns structured evidence; the assistant turns that into an alert summary for human review.

import os
import autogen

config_list = [
    {
        "model": "gpt-4o-mini",
        "api_key": os.environ["OPENAI_API_KEY"],
    }
]

llm_config = {
    "config_list": config_list,
    "temperature": 0,
}

def fetch_member_context(member_id: str) -> dict:
    # Replace with real DB / API access.
    return {
        "member_id": member_id,
        "kyc_status": "verified",
        "last_90d_withdrawals": 2,
        "prior_alerts": ["LOW_RISK_DUPLICATE_CHECK_CLEARED"],
        "plan_rule_notes": ["No early withdrawal without approved hardship reason"],
    }

assistant = autogen.AssistantAgent(
    name="transaction_monitor",
    llm_config=llm_config,
)

user_proxy = autogen.UserProxyAgent(
    name="ops_proxy",
    human_input_mode="NEVER",
    code_execution_config=False,
)

# Register a simple tool on the user proxy side.
@user_proxy.register_for_execution()
@assistant.register_for_llm(description="Fetch member context for transaction monitoring.")
def get_member_context(member_id: str) -> dict:
    return fetch_member_context(member_id)

txn = Transaction(
    transaction_id="TXN-10021",
    member_id="MEM-77881",
    employer_id="EMP-2201",
    txn_type="withdrawal",
    amount=75000,
    currency="ZAR",
    country="ZA",
    timestamp="2026-04-21T10:15:00Z",
    channel="online_portal",
)

flags = rule_flags(txn)

prompt = f"""
You are monitoring pension fund transactions.
Transaction: {txn.model_dump()}
Rule flags: {flags}

Call get_member_context(member_id) before writing your assessment.
Return:
1. risk_summary
2. why_it_matters_for_pension_fund_compliance
3. recommended_next_action
4. evidence_used
"""

chat_result = user_proxy.initiate_chat(
    assistant,
    message=prompt,
)

print(chat_result.summary)

This pattern works because the assistant is constrained by structured input and tool-fetched evidence. In production, you would replace fetch_member_context() with read-only access to your case database or service layer.

4) Route only high-risk cases to the agent

Do not send every transaction to an LLM. Use rules or a scoring model first; then hand borderline or high-risk cases to AutoGen for explanation and triage.

def needs_agent_review(txn: Transaction) -> bool:
    return len(rule_flags(txn)) > 0 or txn.amount >= 100000

if needs_agent_review(txn):
    print("Send to AutoGen review queue")
else:
    print("Auto-close or archive")

Production Considerations

• •

  Auditability

  • •Persist every prompt, tool call result, model response, and reviewer action.
  • •Store immutable case IDs so auditors can reconstruct why a transaction was escalated.
• •

  Data residency

  • •Keep member data in-region where pension regulations require it.
  • •If you use hosted models, verify tenant isolation and regional processing guarantees before sending personal data.
• •

  Guardrails

  • •Redact national IDs, bank account numbers, and contact details before prompt construction unless strictly needed.
  • •Use allowlisted tools only; do not let the agent query arbitrary endpoints or write back to source systems.
• •

  Monitoring

  • •Track false positive rate by alert type: withdrawals, transfers, contributions.
  • •Monitor latency separately for real-time screening vs batch review jobs so operational SLAs stay visible.

Common Pitfalls

1. •

   Sending raw transactional dumps into the prompt

   • •This creates noise and increases leakage risk.
   • •Fix it by pre-filtering records into a small evidence bundle with only relevant fields.
2. •

   Letting the LLM make final compliance decisions

   • •Pension funds need deterministic policy enforcement plus human approval for material cases.
   • •Fix it by using AutoGen for explanation and triage only; keep final disposition in a rules engine or case officer workflow.
3. •

   Ignoring plan-specific rules

   • •A generic AML template will miss contribution caps, benefit-access restrictions, vesting conditions, or early withdrawal requirements.
   • •Fix it by encoding plan rules as first-class checks and passing those results into the agent context before any analysis.

Keep learning

• •The complete AI Agents Roadmap — my full 8-step breakdown
• •Free: The AI Agent Starter Kit — PDF checklist + starter code
• •Work with me — I build AI for banks and insurance companies

By Cyprian Aarons, AI Consultant at Topiax.