Evidence with citations
Every screening finding is grounded in a source document and list entry. Reviewers and auditors can trace any claim back to where it came from - not to a model's recollection.
Governed run replay
Live - no signup
Onboard customers under your controls.
Watch a sanctions hit get rejected.
A governed AML/KYC onboarding run, replayed end to end: source-grounded evidence, deterministic screening checks, then a human approval gate where a compliance officer rejects a confirmed sanctions hit and writes a tamper-evident proof packet.
Read-only replay of an illustrative run - no inputs, no production credentials.
- Source-grounded screening evidence with citations
- A human approval gate that can stop onboarding
- A tamper-evident proof packet
- Self-hosted, EU-hosted - under your controls
AML / KYC onboarding
run_7b3e2aaml-kyc/v4
Run receivedstatus
Identity evidence extractednode
Sanctions screening hitnode
High-risk jurisdiction triggernode
Risk score 82/100 - highnode
Human approval gateapproval
A real governed run, replayed in full below - ending in a human rejection and an auditable proof packet.
Ready to run - press play
Run received
Identity intake & evidence extraction
Deterministic screening checks
Policy-trigger checks
Risk scoring
Human approval gate
Proof packet recorded
Review complete
Watch a governed run, end to end
Eight events, exactly as the platform recorded them - from intake to a human approval gate that stops onboarding. Nothing is simulated past what you see here.
status - seq 1
Run received
A new-customer onboarding application was submitted for governed screening. The run is registered against flow aml-kyc/v4 and begins under the workspace's controls - every step from here is recorded.
SubjectNew-customer onboarding application
Flowaml-kyc/v4
Run idrun_7b3e2a
RegionEU
node - seq 2
Identity intake & evidence extraction
Three documents were parsed and source-grounded evidence was extracted - each finding carries a citation back to the document and screening source it came from.
Identity document - name, date of birth, nationality verified
Sanctions screening - confirmed OFAC list match
Beneficial-owner declaration and source of funds
node - seq 3
Deterministic screening checks
Rule-based checks ran against the screening rule set. The identity checks passed - but a confirmed sanctions match fails the gate later depends on.
Identity document valid and within expiry
Proof of address matches application
Confirmed sanctions-list match
node - seq 4
Policy-trigger checks
Workspace policies were evaluated against the extracted evidence. One policy trigger fired on jurisdiction exposure.
Politically-exposed-person screening completed
Source of funds linked to a high-risk jurisdiction
node - seq 5
Risk scoring
The findings were combined into a composite onboarding risk score. The score is high, so the run is routed to a compliance officer rather than auto-cleared.
82/ 100High
0 - low70 - review threshold100 - high
Above the 70 review threshold -> routed to a human approval gate. No account is opened automatically.
approval - seq 6
Human approval gate
Sanctions-screening review
gate: sanctions-review
A compliance officer examined the run and rejected it at the approval gate. The customer cannot be onboarded, and the run stops here - no account is opened and no downstream write is performed.
Confirmed sanctions-list match on name and date of birth
Source of funds linked to a high-risk jurisdiction
output - seq 7
Proof packet recorded
aml-kyc_run_7b3e2a.packetsha256:7b3e...2a08
Decision
REJECTED
Onboarding stopped on a confirmed sanctions hit. No account created; suspicious activity report basis recorded.REJECTED
Reasons
Confirmed sanctions-list match on name and date of birth
Source of funds linked to a high-risk jurisdiction
Evidence (source-grounded citations)
Identity document verification id-doc 1.2
Sanctions-list match record ofac-list 2026-06
Beneficial-owner declaration ubo-form 4
Written once to a tamper-evident, append-only audit ledger - decision, officer, reasons, SAR basis, and evidence.
done - seq 8
Review complete
Finished with a recorded, auditable human decision
The run ended exactly where governance required: a person decided, the decision is logged, and there is a proof packet anyone can audit later. No account was opened on a confirmed sanctions hit.
OutcomeRejected at human gate
Decided byAML compliance officer
Proof packetrun_7b3e2a
Events recorded8 of 8
What just happened
Three governance moments, in one run.
The replay is not a chatbot demo. It is the control plane doing its job: grounding, gating, and proof - the parts a regulator asks about.
A human gate that can stop onboarding
A confirmed sanctions hit routes to a compliance officer, not an auto-approve. Here the officer rejected - and rejection is final at the gate. The run stops before any account is opened.
A tamper-evident proof packet
The decision, the officer, the reasons, the SAR basis, and the cited evidence are written once to an append-only audit trail. Months later, you can prove exactly why this applicant was rejected.
Built for regulated teams - designed to run under your controls
Self-hosted
EU AI Act controls
GDPR controls
Audit trail
Data sovereignty
PrivateFlow is not certified under any compliance framework. Controls are designed to support compliance preparation. This run is an illustrative, synthetic example.
See it on your own data
Run this on your own onboarding.
We'll stand up a governed pilot on your own data - sandbox first, no production credentials required. You decide what the gates do.