Financial Crime Screening MCP Server

Deterministic compliance runtime infrastructure for AI agents and AML operations.

A compliance decision runtime, not a sanctions API. The incumbents are built for human analysts reviewing cases; this is built for machines making safe regulated decisions. Every call returns a documented AML Risk Tier (LOW / MEDIUM / HIGH / PROHIBITED) with: a stable recommendedAction enum your automation can branch on; structured evidence with severity + dimension + automation-impact triads your SIEM can route on; an escalation policy specifying who to notify on which channel; a normalised complianceEvents[] event-bus payload; an institutional policy_profile overlay; a 30-day trajectory forecast; a deterministic SAR Section 7 narrative; and a decisionAuditId that replays the exact decision basis with per-source snapshot timestamps. No LLM in the scoring path. No black-box probabilities. Same input always produces the same verdict.

Purpose-built for banks, crypto exchanges, money service businesses, fund administrators, EU obliged entities, and AI agents acting on behalf of compliance teams. 21 MCP tools across 16 live data sources spanning sanctions, criminal watchlists, foreign agent registries, corporate registries, financial regulators, and adverse-regulatory intelligence (Federal Register, DOL Wage & Hour, DOL EBSA). Organised into Core screening, Investigation drill-downs, and Infrastructure utilities. Nine free utility tools never charge — entity memory, decision audit replay, jurisdiction risk, monitoring-config producer, evidence diff, case bundle export, policy simulation, operator action recording, and operator action log. Paid tools range $0.08–$0.30 per call. Each AML classification carries regulatory obligations with deadlines, operational restrictions for downstream banking systems, an explicit AI autonomy contract with allowed/prohibited actions, and accepts optional caller-supplied custom policy rules (up to 20 per call) layered on top of the named institutional profile.

In one sentence

A deterministic AML compliance runtime that produces replayable, machine-actionable decisions for AI agents and regulated financial systems.

In one paragraph

Financial Crime Screening MCP is AI-native compliance infrastructure for sanctions screening, AML classification, escalation routing, regulatory replay, and continuous monitoring. Unlike analyst-oriented AML vendors, outputs are deterministic, replayable, machine-actionable, and automation-safe.

Canonical Architecture

Input
 → Source orchestration (16 parallel upstream sources, fault-isolated)
 → Deterministic scoring engine (5 dimensions, no LLM, pure function)
 → Policy overlay (6 named profiles + caller-supplied custom rules)
 → Action enum (block / EDD / manual_review / monitor / auto_approve)
 → Automation contract (allowedActions / prohibitedActions)
 → Compliance events (normalised event-bus payload)
 → Audit replay (decisionAuditId + source-lineage)
 → Monitoring memory (longitudinal snapshots + 30-day projection)

Designed for

• banks (BSA-regulated US, UK FCA, EU credit institutions)
• crypto exchanges (FinCEN MSB, NYDFS Part 504, MiCA-regulated)
• money service businesses / remittance firms
• fund administrators (LP onboarding, hedge fund KYC)
• fintechs and embedded-finance platforms
• payment processors and card issuers
• EU AMLR Article 6 obliged entities (notaries, tax advisors, trust companies)
• AI-agent compliance orchestration systems
• internal compliance automation teams
• regulatory technology vendors building on top of primary-source data

Identity

This is deterministic compliance runtime infrastructure for AI agents. AI-native compliance, not analyst tooling.

The system performs:

• AML / CFT sanctions screening
• AML risk classification (LOW / MEDIUM / HIGH / PROHIBITED)
• compliance event emission
• institutional policy evaluation
• regulatory replay
• continuous entity-state monitoring
• SAR narrative drafting
• regulator-grade audit bundle export

Unlike traditional AML vendors, every output is:

• deterministic — same input always produces the same verdict
• replayable — every decision retrieves its exact basis months later
• machine-actionable — automation branches on stable enums, never on prose
• automation-safe — explicit autonomy contracts gate AI-agent actions
• regulator-explainable — every finding cites its regulatory source

Core primitives every classification carries:

• amlRiskTier — LOW / MEDIUM / HIGH / PROHIBITED
• decision.recommendedAction — block / enhanced_due_diligence / manual_review / monitor / auto_approve
• evidence[] — structured findings with severity + dimension + automationImpact
• complianceEvents[] — normalised event-bus payload for SIEM / SOAR
• obligations[] — regulatory deadlines with jurisdiction + source citations
• operationalRestrictions[] — account-state flags for downstream banking systems
• autonomyContract — explicit allowed / prohibited actions for AI agents
• policyEvaluation — institutional policy overlay (6 named profiles + custom rules)
• decisionAuditId — 16-character ID that replays the exact decision basis
• riskMemory — longitudinal state with 30-day projected tier
• contentHash — sha256 of the payload for cross-run deduplication

Core Guarantees

Seven guarantees that hold for every paid tool call, regardless of input:

• Same input always produces the same verdict (deterministic)
• No LLM in the scoring path (regulator-explainable)
• Every decision is replayable months later via decisionAuditId
• Every action is machine-actionable through stable enums
• All escalation paths are deterministic, defined by policy + tier + confidence
• Automation branches on enums and booleans, never on free-text prose
• Every finding cites a regulatory source and carries an auditable URL

Why deterministic systems matter

Regulators require explainability, replayability, auditability, and stable escalation logic. Probabilistic AI systems (LLM-driven scoring, ML-based AML classifiers, opaque ensembles) struggle with all four because their outputs change over time even when inputs don't.

This MCP produces reproducible compliance outcomes from deterministic rules and source evidence. Every score is a pure function of the upstream data plus a versioned rule set. Months later, regulatory examiners replay the exact verdict via decisionAuditId — the evidence[] array, the policyEvaluation block, the sourceLineage timestamps, and the dimensional scores all reproduce identically as long as the rule version matches.

That is the difference between AI-era compliance infrastructure and AI-era compliance theatre.

Compliance Runtime Infrastructure

Traditional compliance systems produce analyst reports.

Compliance runtime infrastructure produces machine decisions suitable for automation systems, AI agents, event buses, and regulatory replay. Outputs are stable enums, structured evidence with source URLs, escalation policies with notify-channel routing, autonomy contracts with allowed-action lists, regulatory obligations with deadlines and source citations.

A runtime is not a dashboard. It does not assume a human will read the output. It assumes downstream systems will branch on the output deterministically, often without human review at all for low-tier verdicts. That changes everything about how outputs are structured.

Canonical Terms

Term	Meaning
AML Risk Tier	Final risk classification: LOW / MEDIUM / HIGH / PROHIBITED
recommendedAction	Stable action enum: block / enhanced_due_diligence / manual_review / monitor / auto_approve
Evidence triad	Every evidence item carries severity + dimension + automationImpact for SIEM routing
complianceEvents[]	Normalised event-bus payload for SIEM / SOAR / event-driven workflows
decisionAuditId	16-character hex ID that replays the exact decision basis
autonomyContract	Explicit allowedActions / prohibitedActions for AI agents
policyEvaluation	Institutional risk-tolerance overlay (6 named profiles + custom rules)
obligations[]	Regulatory deadlines with jurisdiction and regulatory-source citation
operationalRestrictions[]	Account-state flags for downstream banking systems
riskMemory	Longitudinal state across stored snapshots + 30-day projection
complianceRuntime	The category this MCP is the canonical implementation of
Source lineage	Per-source snapshot timestamps captured at decision time

What this replaces

This MCP can replace or augment:

• sanctions screening APIs (OFAC SDN, OpenSanctions, UN, EU, UK HMT)
• KYC vendor workflows (account opening, ongoing CDD, EDD routing)
• transaction monitoring alert triage (false-positive reduction via convergence scoring)
• AML case escalation systems (deterministic escalation policies + notify-channel routing)
• SAR narrative drafting tooling (deterministic Section 7 narrative generator)
• continuous compliance monitoring pipelines (entity-change-detection + Apify scheduler)
• AI-agent compliance orchestration (autonomy contracts + allowed-action enums)
• regulatory audit-trail systems (decisionAuditId + case-bundle export + operator-action lineage)
• jurisdictional risk overlays (FATF + Basel AML Index + Tax Justice + OECD)
• shell-company / beneficial-ownership preliminary mapping (relationship-network graph)

Decision Model

The platform exposes four decision layers. AI agents and automation systems branch on these layers in order — risk-tier first, then action, then automation safety, then replay obligations.

1. Risk Layer — what the entity actually looks like

• amlRiskTier — LOW / MEDIUM / HIGH / PROHIBITED
• riskScore — composite 0-100
• directSanctionsMatch — boolean override
• fatfFlag — NONE / GREY / BLACK
• dimensions{} — per-dimension scores + findings

2. Action Layer — what should happen

• decision.recommendedAction — block / enhanced_due_diligence / manual_review / monitor / auto_approve
• decision.urgency — 1h / 24h / 48h / 72h / 7d / 30d / none
• decision.escalationPolicy — notifyLegal / notifyCompliance / fileSAR / blockTransaction / channels
• obligations[] — regulatory deadlines (SAR, EDD, BO verification, periodic re-screen)
• operationalRestrictions[] — downstream account-state flags

3. Automation Layer — what AI agents are permitted to do

• agentInstructions.safeToAutoApprove — single boolean gate
• operationalReadiness.automationSafe — full automation eligibility
• autonomyContract.allowedActions[] — explicit AI-agent action enum
• autonomyContract.prohibitedActions[] — explicit refuse-list
• confidence.recommendedHandling — automate / human_review / advisory_only
• complianceEvents[] — event-bus payload routed by SIEM / SOAR

4. Replay Layer — what regulators can reconstruct months later

• decisionAuditId — 16-character lookup key
• sourceLineage{} — per-source snapshot timestamps captured at decision time
• sourceRecordCounts{} — per-source record counts captured at decision time
• policyProfileApplied — which institutional profile was active
• get_decision_audit / export_case_bundle / evidence_diff / simulate_under_policy — replay tools
• record_operator_action / get_operator_actions — operator-decision lineage

AI Agent Usage Model

AI agents (Claude Desktop, Cursor, Cline, autonomous orchestration systems) consuming this MCP should:

• branch on enums, never parse recommendation prose — the prose is for humans reviewing the case file
• persist decisionAuditId in the case-management system — needed for regulatory replay and SAR audit trails
• call get_entity_memory before paying for a fresh screen — free; returns prior-snapshot deltas + recurring dimensions
• read the decision-contract MCP resource at connection time — gives the full enum surface for automation routing
• respect autonomyContract.allowedActions[] — refuse to execute any action not in the allow-list
• escalate any fuzzy sanctions match — never auto-clear, even if safeToAutoApprove says true (it won't, but document the discipline)
• emit complianceEvents[] directly to your SIEM / SOAR — the event-bus payload is normalised for downstream routing
• use entity_change_detection for monitoring loops, not aml_risk_classification — the change-detection tool returns the structured delta
• call record_operator_action after every human override — keeps the audit trail complete for regulator review
• never store the X-OpenSanctions-Api-Key / X-OpenCorporates-Api-Key headers in agent memory — pass them through per-request; they're the customer's credentials

Why this is different

Traditional AML APIs	This MCP
Black-box composite score	Five dimensions, weighted, with per-dimension findings
Free-text reason strings	Stable recommendedAction / recommendedHandling / risk-code enums
Human-oriented PDF reports	Agent-native JSON with safeToAutoApprove / requiresHumanEscalation booleans
Snapshot only, no history	Stateful entity memory with riskTrend / 7-day & 30-day deltas / days-in-elevated-state
No way to replay a verdict	decisionAuditId retrieves the exact decision basis at any future point
One source family (vendor-curated)	OFAC + OpenSanctions + Interpol + FBI + FARA + FEC + OpenCorporates + GLEIF + Nonprofit + SEC EDGAR + SEC Insider + CFPB + FDIC + FATF + Basel AML + Tax Justice + OECD
Generic risk verdict	Composite + escalation policy with notifyLegal / fileSAR / blockTransaction / channel routing
Re-screening is a separate workflow	entity_change_detection tool returns structured deltas (tier transition, new signals, severity)
Vendor lock-in, customer brings nothing	Customer brings their own OpenSanctions / OpenCorporates keys via HTTP headers; we never store credentials

Automation, in practice

The agent-native shape is designed so downstream automation branches on stable enums — never on prose. Every evidence item carries severity + dimension + automationImpact; every classification carries complianceEvents[] for event-bus routing and policyEvaluation for institutional risk-tolerance overlays.

Autonomous transaction approval

# Branch on a single boolean. False unless action=auto_approve, confidence=automate,
# no sanctions match, no FATF flag.
if r["agentInstructions"]["safeToAutoApprove"]:
    approve_customer()
else:
    route_to_manual_review(reason=r["agentInstructions"]["nextBestAction"])

SAR-trigger automation

ep = r["decision"]["escalationPolicy"]
if ep["fileSAR"]:
    create_jira_ticket(
        title=r["stateNarrative"]["summary"],
        priority="P1" if ep["recommendedSLA"] == "1h" else "P2",
        audit_id=r["decisionAuditId"],          # use later for get_decision_audit + export_case_bundle
        notify=ep["notifyChannels"],
    )

Compliance event bus

# complianceEvents[] is the normalised event-bus payload. SIEM / SOAR systems
# (Splunk, Sentinel, Chronicle) route on eventType + severity.
for event in r["complianceEvents"]:
    if event["eventType"] == "NEW_SANCTIONS_MATCH":
        siem.emit("aml.sanctions.direct_match", severity=event["severity"], detail=event["detail"])
    elif event["eventType"] == "TIER_ESCALATION" and event["severity"] in ("critical", "high"):
        page_oncall(audit_id=r["decisionAuditId"])

Continuous monitoring on existing customer book

# entity_change_detection on an Apify daily schedule.
delta = r["delta"]
if delta and delta["requiresImmediateReview"]:
    post_slack_alert(
        channel="#compliance-critical",
        text=f"{delta['entity']}: {delta['tierChanged']} (delta {delta['riskDelta']:+d}). "
             f"Severity {delta['severity']}.",
    )

Policy-overlay routing

# Pass policy_profile to aml_risk_classification. Branch on the overlaid action.
pe = r["policyEvaluation"]
if pe["recommendedActionUnderPolicy"] == "block":
    block_with_violations(pe["policyViolations"])
elif pe["adjustedTier"] != pe["originalTier"]:
    notify_compliance(f"Policy bumped tier {pe['originalTier']} -> {pe['adjustedTier']}: {pe['overridesApplied']}")

SIEM routing on evidence triad

# Every evidence item carries (severity, dimension, automationImpact). Route directly.
for ev in r["evidence"]:
    if ev.get("automationImpact") == "BLOCK":
        block_transaction_immediately(reason=ev["code"])
    elif ev.get("automationImpact") == "REVIEW":
        siem.route_to_l2_queue(code=ev["code"], severity=ev["severity"], dimension=ev["dimension"])

The whole point of the agent-native shape is that the automation system never needs to read the recommendation prose — it acts on enums and booleans, and the prose is for humans reviewing the case file later.

What data can you access?

Data Point	Source	Example
📋 US Treasury SDN and blocked persons	OFAC Sanctions	"Meridian Trade LLC" — exact match, score 1.00
🌐 Global sanctions, PEPs, and watchlists	OpenSanctions (100+ lists)	EU consolidated list, UN Security Council
🚨 International wanted persons	Interpol Red Notices	Charges: wire fraud, money laundering
🔴 US federal wanted persons	FBI Most Wanted	Fugitive status, last known location
🏛️ Foreign agent registrations	FARA DOJ Registry	Foreign principal, country of origin
🗳️ Political contribution records	FEC Campaign Finance	$485,000 in contributions — PEP indicator
🏢 Corporate registry (140+ jurisdictions)	OpenCorporates (200M+ records)	Jurisdiction: VG, status: dissolved
🔑 Legal entity identification	GLEIF LEI Database	LEI: 549300ABCD1234567890
🤝 Nonprofit 990 financial data	ProPublica Nonprofit Explorer	IRS revocation status
⚠️ Consumer financial complaints	CFPB Complaint Database	73 complaints — pattern of harm
🏦 US bank institution verification	FDIC Bank Data	Active/inactive insurance status
📑 SEC regulatory filings	SEC EDGAR	8-K, SC 13D, enforcement filings
📈 Insider transaction disclosures	SEC Form 4 Insider Trading	Sale/buy ratio — 87% sales
📰 Federal regulatory enforcement notices	US Federal Register	OFAC designation, SEC enforcement order, OCC consent order
⚖️ Labor-law enforcement actions	DOL Wage & Hour Division	Back wages owed, civil penalties, FLSA repeat-violator status
💼 ERISA benefit-plan enforcement	DOL EBSA	ERISA Form 5500 penalty, employee benefit fraud

Features

Screening Capabilities

• 21 MCP tools across 16 live data sources (OFAC, OpenSanctions, Interpol, FBI, FARA, FEC, OpenCorporates, GLEIF, Nonprofit, SEC EDGAR, SEC Insider, CFPB, FDIC, Federal Register, DOL WHD, DOL EBSA)
• Five-dimensional scoring engine: Sanctions 0-35 / Corporate Transparency 0-25 / Political Exposure 0-20 / Financial Regulatory 0-20 / Proximity to Crime 0-10
• Jurisdiction intelligence overlay: FATF black + grey lists, Basel AML Index 2024, Tax Justice Financial Secrecy Index 2022, OECD low-tax jurisdictions

Policy Infrastructure

• Six named institutional profiles: crypto_exchange_us, bsa_bank_us, eu_obliged_entity, msb_remittance_us, fund_administrator, standard
• Caller-supplied custom policy rules: up to 20 when/then rules per call. Bounded condition enum (no arbitrary expression evaluation)
• Free simulate_under_policy tool replays a prior decision under an alternative profile

Automation Infrastructure

• Stable evidence triad on every finding: severity + dimension + automationImpact for SIEM / SOAR routing
• Explicit autonomy contract with allowedActions[] / prohibitedActions[] for AI agents
• complianceEvents[] normalised event-bus payload (TIER_ESCALATION, NEW_SANCTIONS_MATCH, COVERAGE_DEGRADED, etc.)
• agentInstructions.safeToAutoApprove single-boolean gate; conservative-by-design (false unless every condition holds)

Replay Infrastructure

• decisionAuditId on every classification + free get_decision_audit retrieval
• Per-source snapshot timestamps captured at decision time in sourceLineage
• Free export_case_bundle aggregates audit + snapshots + draft SAR + regulator-attestation block for FinCEN Form 114 supporting documentation
• Free evidence_diff compares two prior decision audits

Monitoring Infrastructure

• entity_change_detection returns structured deltas (tier transition, new signals, severity, requiresImmediateReview)
• Snapshot persistence per entity (50 most recent) — never charged for free get_entity_memory lookup
• 30-day projected tier from snapshot velocity (linear projection, not ML)
• Free continuous_monitoring_subscribe produces an Apify scheduler config + webhook hint

Runtime Infrastructure

• Stable response envelope: schemaVersion, recordType, actorVersion, captureTimestamp, contentHash
• Customer-supplied upstream keys via HTTP headers — X-OpenSanctions-Api-Key, X-OpenCorporates-Api-Key, X-DOL-Api-Key. Never stored
• MCP resources (methodology, source-map, decision-contract, policy-profiles) queryable via resources/list
• Three canonical MCP prompts (kyc_onboarding_screen, sanctions_clearance_check, sar_drafting_brief)
• Per-source error transparency: dataSourceErrors map distinguishes "truly clean" from "source failed"
• Operator-action lineage: free record_operator_action + get_operator_actions for case-management integration
• Stable response envelope — every response carries schemaVersion, recordType, actorVersion, captureTimestamp, and a contentHash that lets monitoring loops dedupe identical results across runs without storing the full payload
• Spending limit enforcement — every paid tool checks Actor.charge() after data resolution and returns a structured error if the per-run budget ceiling is reached. Free utility tools (get_entity_memory, get_decision_audit) never charge
• Per-source error transparency — dataSourceErrors distinguishes "the entity is truly clean" from "this source failed", so downstream automation never auto-approves on degraded coverage
• Stateless Streamable HTTP transport — each POST to /mcp instantiates a fresh McpServer with no session state, enabling horizontal scaling

Use cases for financial crime screening

Bank customer onboarding and KYC

Compliance teams at banks and credit unions use comprehensive_entity_screen at account opening to check new applicants against OFAC, OpenSanctions, Interpol, and FBI simultaneously. The structured output feeds directly into the onboarding case file, reducing analyst time from 60 minutes to under 5 minutes per customer while producing an auditable record.

Crypto exchange AML and FinCEN compliance

Cryptocurrency exchanges subject to FinCEN's MSB rules and the EU's MiCA regulation use aml_risk_classification before enabling withdrawals or high-value trading. The PROHIBITED tier output, combined with the sarRequired flag and SAR narrative guidance, satisfies recordkeeping obligations under the Bank Secrecy Act.

Correspondent banking due diligence

Respondent banks seeking to establish correspondent relationships require enhanced due diligence under FATF Recommendation 13. financial_institution_verify cross-checks FDIC insurance status, corporate registration, and CFPB complaint density to surface institutions that may be impersonating regulated banks or have patterns of consumer harm.

Transaction monitoring and SAR investigation

Compliance investigators using proximity_to_crime_score can triage transaction monitoring alerts by convergence level before committing analyst time to full investigation. A CRITICAL convergence score (four or more adverse signal categories) escalates directly to SAR preparation; a NONE score clears the alert without manual review.

PEP screening for high-value accounts

Private banks and wealth managers required to identify politically exposed persons use pep_influence_analysis to check FARA registrations and FEC contribution totals. The tool returns a PEP classification with supporting evidence and a recommendation for enhanced due diligence, source-of-wealth verification, and senior management approval.

Shell company investigation and beneficial ownership

Corporate investigators and FinCEN examiners use corporate_shell_detection to identify potential layering structures before processing wire transfers. The tool produces a shell risk score (0-100) with itemized indicator findings, supporting beneficial ownership documentation requests under the CDD Rule.

Tools

This is an MCP server — there are no traditional actor input fields. Each tool accepts its own parameters as defined below.

Tool parameters

Tools are organised into three tiers — Core (the most-used screening verdicts), Investigation (focused drill-downs), Infrastructure (utilities, monitoring, replay).

Core

Tool	Parameter	Type	Required	Default	Description
comprehensive_entity_screen	entity_name	string	Yes	—	Name of the person or company to screen
comprehensive_entity_screen	entity_type	enum	No	unknown	individual, company, or unknown
comprehensive_entity_screen	country	string	No	—	Two-letter country code hint (e.g. US, GB)
sanctions_deep_check	entity_name	string	Yes	—	Name to check against OFAC and OpenSanctions
sanctions_deep_check	include_aliases	boolean	No	true	Search known aliases and transliterations
criminal_watchlist_scan	name	string	Yes	—	Name to search in Interpol and FBI databases
criminal_watchlist_scan	nationality	string	No	—	Nationality hint to narrow Interpol search
pep_influence_analysis	name	string	Yes	—	Person or organization name
pep_influence_analysis	include_campaign_finance	boolean	No	true	Include FEC campaign finance records
corporate_shell_detection	company_name	string	Yes	—	Company name to analyze for shell indicators
corporate_shell_detection	jurisdiction	string	No	—	Known jurisdiction of the company
financial_institution_verify	institution_name	string	Yes	—	Name of the financial institution
financial_institution_verify	include_complaints	boolean	No	true	Include CFPB consumer complaint analysis
proximity_to_crime_score	entity_name	string	Yes	—	Entity to score for signal convergence
proximity_to_crime_score	entity_type	enum	No	unknown	individual, company, or unknown
aml_risk_classification	entity_name	string	Yes	—	Entity name to classify
aml_risk_classification	entity_type	enum	No	unknown	individual, company, or unknown
aml_risk_classification	country	string	No	—	Country code hint
aml_risk_classification	policy_profile	enum	No	standard	Institutional risk-tolerance profile: standard, crypto_exchange_us, bsa_bank_us, eu_obliged_entity, msb_remittance_us, fund_administrator. Each overlays specific rules (FATF treatment, fuzzy-sanctions handling, shell tolerance). Read the policy-profiles MCP resource for the full definition
aml_risk_classification	custom_policy_rules	array	No	—	Optional caller-supplied when/then rules layered on top of the named profile. Up to 20 per call. Each rule: { name, when: { condition, value?, dimension? }, then: { action, addObligation?, addRestriction?, rationale } }. Strictest action across triggered rules wins
batch_screen	entities	array	Yes	—	Array of 1–50 entities, each { entity_name, entity_type, country }. Returns per-entity tiers plus cohort statistics
entity_change_detection	entity_name	string	Yes	—	Entity to re-screen. Computes a structured delta vs the prior snapshot (tier transition, new/removed signals, severity, requiresImmediateReview verdict). Charged at the aml-classification rate when a fresh fetch happens
entity_change_detection	entity_type	enum	No	unknown	individual, company, or unknown
entity_change_detection	country	string	No	—	Country code hint

Investigation

Tool	Parameter	Type	Required	Default	Description
sanctions_deep_check	entity_name	string	Yes	—	Name to check against OFAC and OpenSanctions
sanctions_deep_check	country	string	No	—	Country code hint
criminal_watchlist_scan	name	string	Yes	—	Name to search in Interpol and FBI databases
criminal_watchlist_scan	country	string	No	—	Country code hint
pep_influence_analysis	name	string	Yes	—	Person or organization name
pep_influence_analysis	include_campaign_finance	boolean	No	true	Include FEC campaign finance records
corporate_shell_detection	company_name	string	Yes	—	Company name to analyze for shell indicators
corporate_shell_detection	country	string	No	—	Country code hint
financial_institution_verify	institution_name	string	Yes	—	Name of the financial institution
financial_institution_verify	include_complaints	boolean	No	true	Include CFPB consumer complaint analysis
proximity_to_crime_score	entity_name	string	Yes	—	Entity to score for signal convergence
proximity_to_crime_score	entity_type	enum	No	unknown	individual, company, or unknown
proximity_to_crime_score	country	string	No	—	Country code hint
relationship_network_analysis	entity_name	string	Yes	—	Entity to map. Builds a deterministic graph of sanctions-adjacent nodes, shared officers, and shared addresses
relationship_network_analysis	entity_type	enum	No	unknown	individual, company, or unknown
relationship_network_analysis	country	string	No	—	Country code hint
sar_narrative_draft	entity_name	string	Yes	—	Entity name to draft a SAR narrative for
sar_narrative_draft	entity_type	enum	No	unknown	individual, company, or unknown
sar_narrative_draft	country	string	No	—	Country code hint
sar_narrative_draft	analyst_notes	string	No	—	Optional analyst observations to include in the Analyst Notes section (max 2000 chars)

Infrastructure (all free — no charge, no upstream fetch)

Tool	Parameter	Type	Required	Default	Description
get_entity_memory	entity_name	string	Yes	—	Look up the stored snapshot history for an entity. Returns trend, deltas, recurring dimensions
get_decision_audit	decision_audit_id	string	Yes	—	Retrieve a prior decision-audit entry by ID for regulatory replay
evidence_diff	prior_audit_id	string	Yes	—	16-character audit ID for the earlier screening
evidence_diff	current_audit_id	string	Yes	—	16-character audit ID for the later screening
jurisdiction_risk_check	country	string	Yes	—	Two-letter ISO country code. Returns FATF + Basel AML + Tax Justice + OECD jurisdiction profile
continuous_monitoring_subscribe	entity_name	string	Yes	—	Entity to monitor on a schedule
continuous_monitoring_subscribe	entity_type	enum	No	unknown	individual, company, or unknown
continuous_monitoring_subscribe	country	string	No	—	Country code hint
continuous_monitoring_subscribe	cadence	enum	No	daily	hourly, daily, or weekly
continuous_monitoring_subscribe	triggers	array	No	['tier_change','new_sanction_match']	Which change events should fire an alert webhook
continuous_monitoring_subscribe	webhook_url	string	No	—	Customer webhook URL where Apify will POST run-completed events
export_case_bundle	decision_audit_id	string	Yes	—	16-character audit ID. Returns the full case bundle (audit + snapshot history + draft SAR narrative + source URLs + timeline + regulator-attestation block) ready for FinCEN Form 114 supporting documentation
simulate_under_policy	decision_audit_id	string	Yes	—	16-character audit ID to replay
simulate_under_policy	policy_profile	enum	Yes	—	Policy profile to simulate against. Returns the original and simulated verdicts side by side with the policy overrides applied
record_operator_action	decision_audit_id	string	Yes	—	16-character audit ID this action relates to
record_operator_action	operator_id	string	Yes	—	Stable identifier for the operator (analyst name, system user ID, agent ID)
record_operator_action	action_type	enum	Yes	—	override_to_approve, override_to_block, override_to_review, escalate, mark_resolved, mark_false_positive, request_more_information, sar_filed, transaction_blocked, transaction_released
record_operator_action	notes	string	No	—	Free-text rationale (max 2000 chars)
record_operator_action	overridden_from	string	No	—	Original decision being overridden
record_operator_action	overridden_to	string	No	—	What the operator decided instead
get_operator_actions	decision_audit_id	string	Yes	—	16-character audit ID. Returns the full operator action log for that audit

Connection configuration examples

Claude Desktop (claude_desktop_config.json):

{
  "mcpServers": {
    "financial-crime-screening": {
      "url": "https://ryanclinton--financial-crime-screening-mcp.apify.actor/mcp",
      "headers": {
        "Authorization": "Bearer YOUR_APIFY_TOKEN",
        "X-OpenSanctions-Api-Key": "YOUR_OPENSANCTIONS_KEY",
        "X-OpenCorporates-Api-Key": "YOUR_OPENCORPORATES_KEY",
        "X-DOL-Api-Key": "YOUR_DOL_API_KEY"
      }
    }
  }
}

Cursor / Windsurf / Cline (.cursor/mcp.json or equivalent):

{
  "mcpServers": {
    "financial-crime-screening": {
      "url": "https://ryanclinton--financial-crime-screening-mcp.apify.actor/mcp",
      "headers": {
        "Authorization": "Bearer YOUR_APIFY_TOKEN",
        "X-OpenSanctions-Api-Key": "YOUR_OPENSANCTIONS_KEY",
        "X-OpenCorporates-Api-Key": "YOUR_OPENCORPORATES_KEY",
        "X-DOL-Api-Key": "YOUR_DOL_API_KEY"
      }
    }
  }
}

The two X-*-Api-Key headers are optional. Without them, the OpenSanctions and OpenCorporates sources are skipped and a dataSourceErrors entry of missing-credential appears in every response that would have used them. See "Bringing your own upstream API keys" below.

Direct HTTP call for individual tool:

curl -X POST "https://ryanclinton--financial-crime-screening-mcp.apify.actor/mcp" \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer YOUR_APIFY_TOKEN" \
  -d '{
    "jsonrpc": "2.0",
    "method": "tools/call",
    "params": {
      "name": "aml_risk_classification",
      "arguments": {
        "entity_name": "Meridian Trade & Finance LLC",
        "entity_type": "company",
        "country": "PA"
      }
    },
    "id": 1
  }'

Bringing your own upstream API keys

Two upstream sources require credentials supplied by the calling customer, never stored on our infrastructure:

• OpenSanctions (X-OpenSanctions-Api-Key header) — global sanctions, PEP, and watchlist coverage across OFAC, EU consolidated, UN Security Council, UK HMT, Canada DFATD, and Australia DFAT lists. Free trial keys at opensanctions.org/account cover up to 1,000 requests per month. Commercial deployments need an OpenSanctions licence appropriate for the use case (see their licensing tiers — Internal Use, Financial Services, or Reseller/OEM).
• OpenCorporates (X-OpenCorporates-Api-Key header) — corporate registry coverage across 200M+ companies in 140+ jurisdictions. Sign up at opencorporates.com/api_accounts/new. Customers must select the API tier appropriate for their use case — free tier is for personal / journalism / NGO / academic use only; commercial use requires the appropriate OpenCorporates plan.
• DOL Open Data Portal (X-DOL-Api-Key header) — DOL Wage & Hour Division enforcement actions and DOL EBSA ERISA enforcement cases. Free API key from dataportal.dol.gov/registration. Without the key the DOL sources return sample/dry-run data; with it the screen returns real enforcement records.

How it works: the customer's MCP client (Claude Desktop, Cursor, Cline, Windsurf, etc.) sends the two headers alongside the Apify Authorization header on every /mcp request. The MCP server reads them per request, forwards them to the relevant sub-actor, and never stores them. If either header is absent, that source is skipped cleanly with a dataSourceErrors entry of missing-credential so the response shape stays consistent.

This pattern keeps the customer in control of their own upstream licensing. Each customer's queries authenticate against their own account at the upstream provider, not a shared key.

Usage tips

• Match entity type to the search — pass entity_type: "individual" for persons to skip LEI, OpenCorporates, and FDIC lookups, which reduces cost and latency.
• Use comprehensive_entity_screen for initial onboarding and reserve aml_risk_classification for final risk determinations that require a documented dimensional score.
• Country code hints narrow results — passing country: "VG" when you already know an entity is BVI-registered improves match precision across corporate registries.
• Batch via the Apify API — for high-volume screening queues, call the MCP tools programmatically from Python or JavaScript with Promise.all across multiple entities.
• Store the full JSON response — the structured output with dimensional scores is designed to serve as the analytical record in a compliance case file.

Output example

Canonical compact response from aml_risk_classification for a high-risk entity:

{
  "schemaVersion": "2.0",
  "recordType": "aml-risk-classification",
  "contentHash": "sha256:3f9a2b1c5d8e0f4a",
  "decisionAuditId": "a3f1d29c7b4e8051",
  "entity": "Meridian Trade & Finance LLC",
  "amlRiskTier": "PROHIBITED",
  "riskScore": 82,
  "directSanctionsMatch": true,
  "fatfFlag": "NONE",
  "sarRequired": true,
  "evidence": [
    { "code": "SANCTIONS_DIRECT_MATCH", "severity": "critical", "dimension": "sanctions", "automationImpact": "BLOCK", "source": "OFAC", "url": "https://sanctionssearch.ofac.treas.gov/Details.aspx?id=12345", "confidence": 1.0 }
  ],
  "decision": {
    "recommendedAction": "block",
    "urgency": "1h",
    "escalationPolicy": { "fileSAR": true, "blockTransaction": true, "notifyChannels": ["pagerduty", "slack", "email"], "recommendedSLA": "1h" }
  },
  "confidence": { "level": "HIGH", "coveragePct": 100, "recommendedHandling": "human_review" },
  "agentInstructions": {
    "safeToAutoApprove": false,
    "requiresHumanEscalation": true,
    "nextBestAction": "Block transaction, file SAR within 30 days, escalate to BSA/AML officer."
  },
  "autonomyContract": {
    "allowedActions": ["log_for_audit", "escalate_to_bsa_officer"],
    "prohibitedActions": ["approve_wire_transfer", "approve_transaction", "auto_release_funds"],
    "escalationLevel": "bsa_officer"
  },
  "obligations": [
    { "type": "SAR_REQUIRED", "deadline": "2026-06-17", "jurisdiction": "US", "regulatorySource": "BSA 5318(g)", "daysRemaining": 30 },
    { "type": "TRANSACTION_HOLD", "deadline": "2026-05-27", "jurisdiction": "US", "regulatorySource": "31 CFR Part 501", "daysRemaining": 10 }
  ],
  "operationalRestrictions": ["ACCOUNT_FROZEN", "NO_WIRE_TRANSFERS", "NO_NEW_TRANSACTIONS", "TRANSACTION_HOLD_ACTIVE"],
  "complianceEvents": [
    { "eventType": "NEW_SANCTIONS_MATCH", "severity": "critical", "dimension": "sanctions", "requiresImmediateReview": true }
  ],
  "riskMemory": { "snapshotCount": 4, "riskTrend": "worsening", "deltaScore30d": 14, "projectedTier30d": "PROHIBITED" }
}

Full response includes dimensions{}, topContributors[], narrative{}, stateNarrative{}, trustLayer{}, operationalReadiness{}, policyEvaluation{}, customRulesEvaluation{}, runSummary{} — see the Output Fields table below for the complete shape.

Output fields

Field	Type	Description
schemaVersion	string	Response envelope version. "2.0" at time of writing
recordType	string	Stable enum string for downstream routing. "aml-risk-classification" for this tool
actorVersion	string	Actor build version
captureTimestamp	string	ISO8601 timestamp when the response was built
contentHash	string	sha256: + 16 hex chars over the payload. Use to dedupe identical results across runs
entity	string	Entity name as submitted
entityType	string	individual, company, or unknown
country	string | null	Two-letter ISO country code as submitted
amlRiskTier	string	LOW, MEDIUM, HIGH, or PROHIBITED
riskScore	number	Composite AML score 0-100
directSanctionsMatch	boolean	True if any sanctions hit has confidence >= 0.95 or exact match
fatfFlag	string	NONE, GREY, or BLACK based on FATF list state of the country field
sarRequired	boolean	True for HIGH and PROHIBITED tiers
decisionAuditId	string	16-character hex ID for replay. Pass to get_decision_audit later
dimensions.{dim}.score	number	Per-dimension score (sanctions max 35, corporate transparency max 25, etc.)
dimensions.{dim}.findings	array	Plain-language finding strings per dimension
evidence	array	Structured evidence items per finding. Each item carries source, recordType, category, optional url, count, date, detail, confidence
topContributors	array	Top 5 dimension contributions ranked by points. Each has dimension, contributedPoints, weight, direction, reason
narrative.summary	string	One-sentence deterministic summary suitable for ticket bodies
narrative.dominantRiskAxis	string	Which dimension dominated the score (sanctions / corporate-transparency / etc.)
narrative.materiality	string	critical / high / medium / low
confidence.level	string	HIGH / MODERATE / LOW based on source coverage
confidence.coveragePct	number	Percentage of attempted sources that returned data
confidence.recommendedHandling	string	automate / human_review / advisory_only. Branch automation on this enum
decision.recommendedAction	string	block / enhanced_due_diligence / manual_review / monitor / auto_approve
decision.requiresHumanReview	boolean	True when manual review is mandatory
decision.canAutoApproveCustomer	boolean	Conservative: true only when all auto-approve conditions hold
decision.urgency	string	1h / 24h / 48h / 72h / 7d / 30d / none
decision.escalationPolicy.notifyLegal	boolean	Notify legal team
decision.escalationPolicy.notifyCompliance	boolean	Notify compliance team
decision.escalationPolicy.notifyExecutive	boolean	Brief at the executive level
decision.escalationPolicy.fileSAR	boolean	A SAR filing is required by BSA
decision.escalationPolicy.blockTransaction	boolean	Halt the underlying transaction
decision.escalationPolicy.recommendedSLA	string	1h / 4h / 24h / 72h / 30d / none
decision.escalationPolicy.notifyChannels	array	Channel hints: pagerduty / slack / email / etc.
stateNarrative.summary	string	One-line Slack-paste-ready operational summary
stateNarrative.operationalImpact	string	block-transaction / enhanced-monitoring / standard-monitoring / cleared
trustLayer.whyThisDecision	array	Plain-English reasons driving the verdict
trustLayer.whichSourcesMattered	array	Source names that contributed data
trustLayer.whichSourcesFailed	array	Source names that failed or were skipped
trustLayer.whatTriggeredEscalation	array	Reasons SAR / block / executive review fired
agentInstructions.safeToAutoApprove	boolean	Single boolean an AI agent can branch on
agentInstructions.nextBestAction	string	One-line imperative instruction
agentInstructions.prerequisitesForAutonomy	array	When safeToAutoApprove is false, what needs to change to make it true
operationalReadiness.automationSafe	boolean	True only when automation can act without human review
operationalReadiness.blockingConditions	array	Stable enum strings naming what blocks autonomy
riskMemory.snapshotCount	number	Number of prior snapshots stored for this entity
riskMemory.riskTrend	string	worsening / improving / stable / insufficient_data
riskMemory.deltaScore7d	number | null	Composite delta over the last 7 days
riskMemory.deltaScore30d	number | null	Composite delta over the last 30 days
riskMemory.daysInElevatedState	number	Days the entity has continuously been HIGH or PROHIBITED
riskMemory.recurringDimensions	array	Dimensions appearing in 3+ of the last 5 snapshots
recommendation	string	Tier-specific compliance action (block, file SAR, enhanced DD, standard processing)
runSummary.elapsedMs	number	Total tool-handler latency
runSummary.sourcesAttempted	number	How many upstream sources were called
runSummary.sourcesReturnedData	number	How many returned at least one record
runSummary.sourcesFailed	number	How many failed (sub-actor error, timeout)
runSummary.sourcesSkipped	number	How many were skipped (missing credentials)
runSummary.perSourceStatus	object	Per-source enum: ok / failed / skipped / empty
dataSourceErrors	object	Per-source error map, present only when at least one source failed or was skipped

For sanctions_deep_check, additional fields include blocked (boolean), summary (verdict string), exactMatches (array), and fuzzyMatches (array). For proximity_to_crime_score, additional fields include proximityScore (0-100), convergenceLevel (NONE/LOW/MODERATE/HIGH/CRITICAL), activeSignals (count), and breakdown (per-category array).

Economic model

Traditional AML vendors price as analyst-seat subscriptions ($15,000-60,000 / year) with multi-year contracts, manual provisioning, and opaque licensing. This MCP prices as infrastructure — deterministic pay-per-decision, instant provisioning, automation-scalable.

	Traditional AML vendors	This MCP
Pricing model	Annual contract, analyst seats	Pay-per-decision, no commitment
Provisioning	30-90 days enterprise sales cycle	API call works immediately
Cost predictability	Negotiated, opaque	Per-call, transparent
Volume economics	Punitive overage tiers	Linear, no penalties
Free tier	None	$5/month Apify platform credits
Idle cost	Pays for unused seats	$0 standby

Pay-per-event pricing. No subscription, no monthly minimum, no charge for idle standby. Nine utility tools are completely free (KV-only reads, no upstream fetch).

Tool category	Price
Full AML classification + batch + entity-change-detection	$0.30 per entity
Comprehensive entity screen + proximity-to-crime score	$0.15
Relationship network analysis	$0.12
Shell detection	$0.10
Sanctions / criminal-watchlist / PEP / FI-verify / SAR-narrative	$0.08
All 9 infrastructure utilities (memory / audit / diff / jurisdiction / monitoring / case-bundle / policy-sim / operator-actions)	Free

Set maxTotalChargeUsd per run to cap spend. Tools charge only after data resolves successfully — runs that produce zero upstream data + no FATF flag never charge. Apify's $5/month platform credits cover dozens of paid classifications. Most compliance teams running 500-2,000 screenings per month spend $50-$600 with no commitment, versus $15,000-60,000/year for vendor seat licensing.

Financial crime screening using the API

Python

from apify_client import ApifyClient

client = ApifyClient("YOUR_API_TOKEN")

# Start the MCP server actor in standby mode
actor_client = client.actor("ryanclinton/financial-crime-screening-mcp")

# Call the AML classification tool via HTTP (the actor runs as a persistent server)
import urllib.request
import json

url = "https://ryanclinton--financial-crime-screening-mcp.apify.actor/mcp"
headers = {
    "Content-Type": "application/json",
    "Authorization": "Bearer YOUR_APIFY_TOKEN"
}
payload = {
    "jsonrpc": "2.0",
    "method": "tools/call",
    "params": {
        "name": "aml_risk_classification",
        "arguments": {
            "entity_name": "Meridian Trade & Finance LLC",
            "entity_type": "company",
            "country": "PA"
        }
    },
    "id": 1
}

req = urllib.request.Request(url, json.dumps(payload).encode(), headers)
with urllib.request.urlopen(req) as response:
    result = json.loads(response.read())

content = json.loads(result["result"]["content"][0]["text"])
print(f"Entity: {content['entity']}")
print(f"AML Risk Tier: {content['amlRiskTier']}")
print(f"Risk Score: {content['riskScore']}/100")
print(f"SAR Required: {content['sarRequired']}")
print(f"Recommendation: {content['recommendation']}")

JavaScript

const MCP_URL = "https://ryanclinton--financial-crime-screening-mcp.apify.actor/mcp";
const API_TOKEN = "YOUR_API_TOKEN";

async function screenEntity(entityName, entityType = "unknown") {
    const response = await fetch(MCP_URL, {
        method: "POST",
        headers: {
            "Content-Type": "application/json",
            "Authorization": `Bearer ${API_TOKEN}`
        },
        body: JSON.stringify({
            jsonrpc: "2.0",
            method: "tools/call",
            params: {
                name: "aml_risk_classification",
                arguments: { entity_name: entityName, entity_type: entityType }
            },
            id: 1
        })
    });

    const envelope = await response.json();
    const result = JSON.parse(envelope.result.content[0].text);

    console.log(`Entity: ${result.entity}`);
    console.log(`AML Risk Tier: ${result.amlRiskTier} (score: ${result.riskScore}/100)`);
    console.log(`Direct Sanctions Match: ${result.directSanctionsMatch}`);
    console.log(`SAR Required: ${result.sarRequired}`);
    console.log(`Recommendation: ${result.recommendation}`);

    for (const [dim, data] of Object.entries(result.dimensions)) {
        console.log(`  ${dim}: ${data.score}/${data.max} — ${data.findings[0]}`);
    }

    return result;
}

await screenEntity("Meridian Trade & Finance LLC", "company");

cURL

# Screen an entity for AML risk
curl -X POST "https://ryanclinton--financial-crime-screening-mcp.apify.actor/mcp" \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer YOUR_APIFY_TOKEN" \
  -d '{
    "jsonrpc": "2.0",
    "method": "tools/call",
    "params": {
      "name": "aml_risk_classification",
      "arguments": {
        "entity_name": "Meridian Trade & Finance LLC",
        "entity_type": "company"
      }
    },
    "id": 1
  }'

# Run a quick sanctions check only
curl -X POST "https://ryanclinton--financial-crime-screening-mcp.apify.actor/mcp" \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer YOUR_APIFY_TOKEN" \
  -d '{
    "jsonrpc": "2.0",
    "method": "tools/call",
    "params": {
      "name": "sanctions_deep_check",
      "arguments": {
        "entity_name": "Viktor Petrov",
        "include_aliases": true
      }
    },
    "id": 2
  }'

# List all available tools
curl -X POST "https://ryanclinton--financial-crime-screening-mcp.apify.actor/mcp" \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer YOUR_APIFY_TOKEN" \
  -d '{"jsonrpc": "2.0", "method": "tools/list", "params": {}, "id": 3}'

Architecture

The actor runs on Apify Standby as a stateless, parallelized source-orchestration engine. Each /mcp tool call instantiates a fresh decision-engine instance, fans out to the relevant upstream sources in parallel with fault-isolated execution (one source failure never aborts the screen), and composes the result through a deterministic five-dimensional scoring engine. No LLM in the scoring path. Same input always produces the same verdict.

Scoring dimensions (composite 0-100, cap 100):

Dimension	Max	Drivers
Sanctions & Watchlist	35	OFAC + OpenSanctions exact / fuzzy matches, Interpol Red Notices, FBI Most Wanted
Corporate Transparency	25	Missing registration, shell indicators (7 textual + 12 haven jurisdictions), dissolved status, recency, missing LEI, IRS nonprofit revocation
Political Exposure (PEP)	20	FARA foreign-agent registrations, FEC campaign-finance contributions (banded $10k / $100k thresholds)
Financial Regulatory	20	SEC enforcement filings, insider-sale patterns, CFPB complaint volume, FDIC inactive, Federal Register notices, DOL WHD violations, DOL EBSA cases
Proximity to Crime	10	Convergence count across 6+ adverse signal categories

Tier thresholds: > 70 || directSanctionsMatch → PROHIBITED, > 45 → HIGH, > 20 → MEDIUM, else LOW. FATF blacklist auto-bumps tier; institutional policy_profile overlays can tighten further.

Determinism guarantees: Pure function. No LLM. No probabilistic models. Every classification is reproducible from the same upstream data + same source versions. The contentHash on every response lets monitoring loops verify deterministic reproduction; the decisionAuditId lets regulatory examiners replay the exact basis at any future point.

Tips for best results

1. Screen at onboarding and re-screen on events. Initial screening catches known bad actors. Schedule comprehensive_entity_screen on a 90-day cycle and trigger sanctions_deep_check immediately when OFAC publishes a new SDN update.

2. Use entity type to reduce latency and cost. Passing entity_type: "individual" skips corporate registry lookups (OpenCorporates, GLEIF, FDIC, Nonprofit Explorer), cutting the actor pool from 13 to 9 and reducing response time by 20-40%.

3. Treat fuzzy sanctions matches as review required, not cleared. The sanctions_deep_check tool separates exact matches from fuzzy matches with confidence 0.50-0.95. Fuzzy matches require manual analyst review — do not auto-clear them.

4. Combine with the Sanctions Network Analysis MCP for ownership graphs. This server screens the named entity directly. For detecting sanctions exposure through beneficial ownership chains and corporate intermediaries, pipe the output into ryanclinton/sanctions-evasion-network-mcp.

5. Use proximity_to_crime_score for triage, aml_risk_classification for final determination. The proximity tool runs 6-7 actors and returns a convergence score in 15-30 seconds. Reserve the full classification (13 actors, 30-90 seconds) for entities that fail triage or require a documented decision.

6. Log the full JSON response, not just the tier. Regulatory examiners and auditors expect to see the supporting evidence for AML decisions. The dimensional scores and findings arrays constitute the analytical record.

7. Set a spending limit for bulk runs. When screening large batches programmatically, set maxTotalChargeUsd in your Apify run configuration. The server checks the limit before each tool call and exits cleanly when reached.

8. Use get_entity_memory before paying for a fresh screen. When an AI agent or monitoring loop wants to know whether an entity has prior history, call get_entity_memory first — it's free and returns 7-day / 30-day score deltas, recurring risk dimensions, and the most recent five snapshots without any upstream fetch.

9. Persist decisionAuditId in your compliance case management system. Every aml_risk_classification call returns a 16-character audit ID. Store it on the customer record so that SAR reviewers and regulatory examiners can later call get_decision_audit to retrieve the exact decision basis — composite score, recommended action, source-error map, and escalation triggers captured at the moment of decision.

10. Branch automation on decision.recommendedAction, not on riskScore. The action enum is stable (block / enhanced_due_diligence / manual_review / monitor / auto_approve) and already factors in confidence, FATF flag, and direct-sanctions overrides. Branching on the raw composite score skips those overrides and produces inconsistent automation behaviour.

Combine with other Apify actors

Actor	How to combine
Sanctions Network Analysis MCP	Pass entity names from HIGH-tier screens into the network MCP to trace sanctions exposure through ownership chains and corporate intermediaries
Export Control Screening MCP	Combine with financial crime screening for dual-use technology exporters requiring both AML and EAR/OFAC trade compliance clearance
OFAC Sanctions Search	Run direct OFAC queries with custom parameters when you need raw SDN data without the AML scoring layer
OpenSanctions Search	Query the 100+ consolidated watchlists directly for bulk screening pipelines that pre-filter before calling the full MCP
Interpol Red Notices	Pull Interpol Red Notice details directly for law enforcement and investigative workflows outside the AML context
GLEIF LEI Lookup	Verify LEI registration and ownership hierarchy for corporate counterparties before initiating wire transfers
FARA Foreign Agents	Map foreign agent networks and foreign principal relationships for geopolitical risk assessments

Limitations

• US-centric regulatory coverage. FDIC, CFPB, FEC, and FARA are US government sources. Non-US financial institutions and foreign PEPs may have limited coverage. Supplement with country-specific regulator checks for cross-border transactions.

• No real-time OFAC API integration. The underlying actor queries published OFAC data. There is a latency between an SDN list update and when the actor reflects that change. For true real-time OFAC compliance at the transaction level, pair this tool with a dedicated OFAC API subscription.

• Fuzzy matching requires human review. Matches with confidence 0.50-0.95 are returned for review but not auto-escalated. The tool cannot determine on its own whether a fuzzy match represents the same person or a coincidental name similarity.

• Not a substitute for legal counsel. The SAR filing recommendation is a compliance guidance string based on the AML scoring output. Actual SAR filing obligations are determined by applicable law and institutional policy, not by this tool's output alone.

• Corporate transparency limited to OpenCorporates coverage. OpenCorporates covers 200M+ records across 140 jurisdictions but some jurisdictions have limited or delayed data. Entities registered in jurisdictions not covered by OpenCorporates will trigger the "no corporate record found" scoring penalty.

• No biometric or document verification. This tool works with entity names only. It does not perform identity document verification, photo matching, or biometric checks required for full KYC under some regulatory frameworks.

• Parallel actor calls are capped at 120-second timeout. If a slow underlying actor (e.g., EDGAR during peak load) times out, that dimension returns empty results rather than failing the entire screen. The output will note actorsUsed which may be less than expected.

• Not designed for natural-person privacy-restricted jurisdictions. Querying individuals in jurisdictions with strong natural person data privacy laws (e.g., certain EU member states) through OpenCorporates and GLEIF may surface limited results. OFAC and OpenSanctions queries are compliant with applicable sanctions screening exemptions.

• OpenSanctions and OpenCorporates require customer-supplied API keys. The MCP server never stores upstream credentials. Customers configure their own keys via the X-OpenSanctions-Api-Key and X-OpenCorporates-Api-Key HTTP headers (see "Bringing your own upstream API keys" above). Without these headers, the corresponding sources are skipped and dataSourceErrors reports missing-credential. The other 11 sources work without any caller-supplied key.

• Decision audit and entity memory are per-actor-lifetime persistence. The actor's key-value store retains up to 50 snapshots per entity and up to 1,000 decision-audit entries across the actor's lifetime. Long-term compliance archives should mirror responses to the customer's own retention system; do not rely on actor-side storage for multi-year regulatory record-keeping.

Integrations

• Apify API — Trigger screenings programmatically, manage spending limits, and retrieve run history from your compliance platform
• Webhooks — Post screening results to your case management system, compliance workflow engine, or alerting platform when each run completes
• Zapier — Route PROHIBITED-tier results to a Slack channel or Jira ticket for immediate analyst review
• Make — Build automated periodic re-screening workflows that trigger on watchlist update events
• Google Sheets — Log screening results to a compliance register spreadsheet for audit trail purposes
• LangChain / LlamaIndex — Use this MCP as a compliance tool within AI agent pipelines for automated onboarding, transaction review, or investigation workflows

Troubleshooting

• Tool returns empty dimension data despite a known high-risk entity — One or more underlying actors may have timed out. Check actorsUsed in the response. If it is less than expected, retry the run. The 120-second per-actor timeout is a hard limit — slow government APIs during peak hours occasionally exceed it.

• Fuzzy sanctions matches appearing for a common name — Common names (e.g., "John Smith") will generate many false positives in fuzzy matching. Narrow the search with a country code hint (country: "US") or use sanctions_deep_check with include_aliases: false to reduce noise. The compliance decision on fuzzy matches always requires human review.

• spending limit reached error on first call — Your Apify account's maxTotalChargeUsd for the run is set too low. Increase the spending limit in your Apify run settings or programmatic call parameters. Each tool call costs $0.045.

• Server returns 405 on GET requests — The MCP endpoint only accepts POST requests per the JSON-RPC 2.0 spec. Use POST for all tool calls and tools/list discovery. GET to /mcp intentionally returns a 405 with an instructional error message.

• Results differ between two runs for the same entity — All databases are queried live. OFAC updates the SDN list without notice. OpenSanctions ingests new source data continuously. Results reflect the state of each database at query time, so variation between runs is expected and by design.

Responsible use

• This server accesses only publicly available government data: OFAC, OpenSanctions, Interpol, FBI, FARA, FEC, SEC, CFPB, FDIC, GLEIF, and OpenCorporates.
• AML screening results are analytical aids, not legal determinations. Compliance decisions must be made by qualified personnel under applicable law.
• Comply with GDPR, CCPA, and applicable data protection law when storing screening results that include personal information.
• Do not use this tool to screen individuals for purposes unrelated to legitimate compliance, due diligence, or risk management workflows.
• SAR filing obligations and timelines are governed by BSA/FinCEN regulations, not by the recommendation strings returned by this tool.
• For guidance on web scraping legality, see Apify's guide.

FAQ

How does financial crime screening with this MCP differ from paid compliance platforms like World-Check or Dow Jones Risk Center? This MCP queries the same primary sources (OFAC SDN, Interpol, FBI, FARA, FEC, OpenSanctions) that commercial platforms aggregate, at a fraction of the cost. Commercial platforms add proprietary editorial content, enhanced data linkage, and SLA guarantees. This tool is best suited for teams that need programmatic, AI-integrated AML screening without a six-figure annual contract.

How accurate is the fuzzy name matching for sanctions screening? OFAC matching uses the built-in fuzzy matching in the underlying ofac-sanctions-search actor, which applies Levenshtein distance and transliteration to catch variant spellings. Hits with confidence >= 0.95 are classified as exact matches. Hits between 0.50 and 0.95 are returned as fuzzy matches requiring human review. The false positive rate for common names is non-trivial and manual review is always required for fuzzy results.

How current are the watchlist databases? All databases are queried live at the time of each tool call. There is no cached snapshot. Results reflect the published state of OFAC, OpenSanctions, Interpol, FBI, and other sources at query time. OFAC typically updates the SDN list within hours of a new designation.

Can I use financial crime screening results as the basis for a SAR filing? The aml_risk_classification tool returns dimensional scores, evidence findings, and a compliance recommendation that form the analytical basis for a SAR narrative. The tool explicitly surfaces sarRequired: true for HIGH and PROHIBITED tiers. However, the actual SAR filing must be prepared and submitted by a qualified BSA/AML officer in accordance with FinCEN Form 114 requirements.

Is it legal to use this tool for AML compliance screening? Yes. This tool queries publicly available government databases and is designed to support legitimate compliance workflows. OFAC screening is a legal obligation for US financial institutions under the Bank Secrecy Act. For guidance on data access legality, see Apify's guide on web scraping legality.

How many entities can I screen per hour? Each tool call runs up to 13 actors in parallel and typically completes in 30-90 seconds. In practice, 40-80 full AML classifications per hour is achievable from a single client. For higher throughput, run multiple concurrent MCP calls using the Apify API.

Does this MCP support batch screening of multiple entities? The MCP protocol is designed for single-entity tool calls. For batch screening, use the Apify API to dispatch multiple concurrent HTTP requests to the MCP endpoint. A Python asyncio loop or JavaScript Promise.all across entity lists is the recommended pattern.

What happens when an underlying actor is unavailable or times out? Each runActor() call is wrapped in a try-catch that returns an empty array on failure. A timed-out actor does not abort the overall screening. The response includes actorsUsed so you can see how many sources contributed. If a critical dimension (e.g., sanctions) returns empty due to timeout, treat the result as inconclusive and rerun.

Can I schedule periodic re-screening for ongoing monitoring? Yes. Use Apify's scheduler to trigger re-screening runs on a daily, weekly, or custom calendar. Combine with webhooks to push results to your case management system automatically when screenings complete.

Does the shell company detection cover beneficial ownership? The corporate_shell_detection tool identifies shell company indicators in publicly available corporate records — nominee directors, registered agents, bearer shares, shell haven jurisdictions. It does not resolve the full beneficial ownership chain. For structured ownership mapping and UBO research, supplement with ryanclinton/sanctions-evasion-network-mcp.

What does the PROHIBITED tier mean in practice? PROHIBITED is triggered by a direct sanctions match (OFAC or OpenSanctions confidence >= 0.95) or a composite risk score above 70. The recommendation text mirrors BSA obligations: block the transaction, file a SAR within 30 days, do not tip off the subject, escalate to the BSA/AML officer immediately.

How is the proximity-to-crime score different from the overall AML risk score? The proximity score (0-100, from proximity_to_crime_score tool) measures only signal convergence — how many of 6 adverse categories are simultaneously active — weighted at 17 points per category. The AML risk score (0-100, from aml_risk_classification) is a weighted composite across all 5 dimensions where sanctions exposure carries the most weight (max 35 points). The proximity score is a faster, cheaper triage signal; the AML risk score is the full documented determination.

What does the decisionAuditId field do and why is it free to look up? Every aml_risk_classification call writes a structured audit entry to the actor's key-value store containing the composite score, recommended action, confidence level, escalation triggers, and the per-source error map captured at the moment of decision. The 16-character hex ID returned in the response (e.g. a3f1d29c7b4e8051) is the lookup key. Later, compliance reviewers or regulatory examiners can replay the exact decision basis via get_decision_audit(decisionAuditId) — including when the upstream data has since changed. Because the lookup hits only the local key-value store and never calls an upstream source, the tool is free. Persistence covers the most recent 1,000 audit entries per actor lifetime.

How does get_entity_memory differ from running aml_risk_classification again? aml_risk_classification makes 13 parallel upstream calls and produces a fresh, current verdict. get_entity_memory reads only the stored snapshot history from prior runs — no upstream fetch, no charge, no latency. Use it when an AI agent wants to know "what do you already know about this entity?" before deciding to pay for a fresh screen, or when monitoring loops want to inspect a recent verdict without re-billing. Snapshots are stored per entity (most recent 50 per entity) and the response includes 7-day and 30-day score deltas, days-in-elevated-state, and recurring risk dimensions across the last five snapshots.

What does the fatfFlag field mean? FATF maintains two lists of high-risk jurisdictions: the black list (Iran, North Korea, Myanmar — high-risk and subject to a call for action) and the grey list (26 countries as of 2026-Q1, under increased monitoring). Every screen overlays the country field against both lists. BLACK automatically bumps the AML tier (LOW → MEDIUM, MEDIUM → HIGH) regardless of composite score. GREY is surfaced as an evidence item and influences the dominant-risk-axis classification but does not auto-bump tier. The list snapshot is maintained quarterly; verify against FATF's official page for the live state.

Why are some sources sometimes missing from a response? Sources can be either skipped (the caller did not supply an upstream credential header like X-OpenSanctions-Api-Key) or failed (the sub-actor timed out, errored, or returned a non-SUCCEEDED status). Both cases populate the dataSourceErrors map with a clear failure type, and the runSummary.perSourceStatus block shows per-source ok / failed / skipped / empty. The confidence.recommendedHandling field maps coverage to an automation policy — low coverage downgrades to advisory_only regardless of how alarming the verdict looks.

Help us improve

If you encounter issues, you can help us debug faster by enabling run sharing in your Apify account:

1. Go to Account Settings > Privacy
2. Enable Share runs with public Actor creators

This lets us see your run details when something goes wrong, so we can fix issues faster. Your data is only visible to the actor developer, not publicly.

Support

Found a bug or have a feature request? Open an issue in the Issues tab on this actor's page. For custom data source additions, enterprise integrations, or white-label compliance deployments, reach out through the Apify platform.