Three engagements. Built for the APRA clock.

APRA's 30 April 2026 letter set AI-specific expectations. CPS 230 amendments commence 1 July 2026. Both engagements are fixed-scope, measured in weeks, and deliver their outcomes as auditable artefacts.

Flagship engagement · Governance & assurance

APRA-Ready AI

We operationalise APRA’s AI expectations so your AI, agentic systems included, stands up to supervision, not just demonstration.

APRA has told industry what it expects of AI: inventories, model behaviour monitoring, lifecycle ownership and assurance. Few firms can evidence any of it. In 8–12 weeks we build that evidence: auditable artefacts your board, your auditors and your supervisor can inspect.

8–12 week fixed-scope engagement

Outcomes: as artefacts

  • Agent inventory & registry, live

    Every AI system and agent: owner, autonomy level and lifecycle stage on record, mapped to APRA’s stated expectations.

  • Evaluation & assurance machinery, running

    Behaviour monitoring and assurance harnesses producing evidence of control, not assertions of it.

  • Autonomy under authority

    Autonomy controls, kill switches and identity for non-human actors, with audit trails that reconstruct any agent decision end-to-end.

Flagship engagement · AML/KYC alert triage

Agentic Financial-Crime Investigation

Agentic triage for AML/KYC alert queues: evidence assembled, narratives drafted, dispositions recommended. Humans make every final call.

Banks commonly assign 10–15% of staff to KYC and AML work, much of it gathering evidence and writing narratives. Our agents do that assembly: they compile the case file, draft the investigation narrative and recommend a disposition. Your investigators review, decide and sign off. Explainable, auditable, human-in-the-loop by design.

6–10 week scoped pilot

Built by a founder with five years architecting financial-crime risk systems (KYC, transaction monitoring, fraud) at a global Tier-1 bank.

Outcomes: as artefacts

  • Faster investigations

    Industry results show ~50% time reduction per AML investigation (EY), and many institutions saving $1M+ annually in AML operations.

  • Decision-ready case files

    Agent-assembled evidence and draft narratives for every alert, so investigators spend their time judging, not gathering.

  • Audit-grade by construction

    Every recommendation explainable and traceable, with human disposition as a design guarantee, not a configuration option.

Flagship engagement · Compliance automation

APRA & Privacy Act Compliance Automation

Onshore, audit-ready AI pipelines built before the next regulatory deadline, not after the breach review.

The deadlines are set: CPS 230 and CPS 234 operational resilience expectations, and APP 1.7 automated decision-making transparency requirements commencing 10 December 2026. We audit your AI toolchain and build compliant, fully onshore pipelines on Australian cloud regions (AWS, GCP or Azure), so every inference, and every byte, stays within Australian borders.

2–4 week audit · ongoing retainer optional

Outcomes: as artefacts

  • Shadow AI, eliminated

    A complete audit of every AI tool touching your data, with unsanctioned usage replaced by governed, onshore alternatives.

  • Data residency, evidenced

    Pipelines architected to keep data within Australian borders, with the artefacts to prove it to your auditor, not just assert it.

  • ADM transparency, ready

    Automated decision-making disclosures and controls mapped to APP 1.7 ahead of its 10 December 2026 commencement.

The capabilities behind both engagements

Each engagement draws on the same four disciplines. They are also available as focused pieces of work where you already have part of the machinery.

Agent Governance & Registry

Every agent on record, every owner named

The foundation APRA expects: a live inventory of your AI (models and agents) with ownership, autonomy levels and lifecycle stages, built as an operational system, not a spreadsheet that goes stale.

  • Agent inventory & registry design and build
  • Lifecycle ownership model (build, operate, retire)
  • Autonomy-level classification framework
  • Identity for non-human actors
  • Policy-to-control mapping against APRA expectations
  • Registry operating procedures

Evaluation & Assurance Harnesses

Evidence of control, produced continuously

Behaviour monitoring and evaluation infrastructure that tests agents before they earn autonomy and watches them after, producing the assurance artefacts your auditors and supervisor will ask for.

  • Evaluation gate design (accuracy, boundaries, escalation)
  • Agent behaviour monitoring in production
  • Regression and drift detection for agent conduct
  • Assurance reporting for boards and auditors
  • Model and prompt change control
  • Evaluation evidence repository

Autonomy Controls & Kill Switches

Autonomy under authority, always

Hard limits engineered into the platform: bounded actions, human-override paths, kill switches and full decision reconstruction, so an agent can never do more than it has earned.

  • Autonomy boundary enforcement (allow-lists, hard limits)
  • Kill-switch and graceful-degradation engineering
  • Human-in-the-loop disposition workflows
  • End-to-end audit-trail and decision reconstruction
  • Escalation and incident-response runbooks
  • Access and permission design for agent actions

Financial-Crime Agent Systems

AML/KYC triage, human-in-the-loop by design

Agentic triage and investigation support for AML/KYC alert queues: evidence assembly, draft narratives and recommended dispositions, architected by a founder with five years in Tier-1 financial-crime risk systems.

  • Alert triage agent architecture
  • Evidence assembly and case-file automation
  • Investigation narrative drafting
  • Disposition recommendation with full explainability
  • Investigator review and sign-off workflows
  • Quality assurance and sampling framework

APRA has told you what it expects. Can you evidence it?

Thirty minutes with the founder: we built and led agentic AI to governed production inside a global Tier-1 bank, with 22+ years on Tier-1 banking platforms and five years inside financial-crime risk systems. We map where your AI plans stand against APRA’s expectations, and what the path to auditable production looks like. No pitch deck, no obligation.