At Amazon, we screen customers and transactions across our global business and its subsidiaries to comply with sanctions and other global laws. Failure to comply with these laws can result in severe financial penalties and reputational harm. Amazon’s Compliance team has developed an AI-driven screening and investigations system that has transformed Amazon’s compliance processes into an industry-leading solution: Amazon Compliance Screening, which screens approximately 2 billion transactions daily across 160+ businesses globally to prevent prohibited transactions. We enforce sanctions lists from multiple jurisdictions, including but not limited to the Office of Foreign Assets Control (OFAC’s) – Specially Designated Nationals and Blocked Persons List (SDN list) and the UK’s Her Majesty Treasury list (HMT list). Sanctions enforcement continues to intensify, with US regulators alone imposing $2 billion in penalties since 2023. Managing compliance at this scale requires thousands of human experts to review flagged transactions and conduct investigations in line with industry standards/best practices. However, this human-intensive approach creates significant bottlenecks—manual review cycles can take days, directly impacting customer experience through delayed transactions, account holds, and order fulfillment disruptions. At an ever-growing scale, Amazon must navigate complex and evolving regulatory requirements while maintaining high accuracy, reducing compliance costs, and accelerating complex investigations.
Solution overview: A three-tier intelligent compliance system
The Amazon Compliance Screening system employs a sophisticated three-tier approach that balances speed, accuracy, and thoroughness:
Tier 1 – Screening engine: Forms the foundation using advanced fuzzy matching algorithms and custom vector embedding models developed and deployed using Amazon SageMaker to compare each input entity data against entities on sanctions and other government lists. This layer is optimized for high recall to capture all potential matches even at the cost of false positives.
Tier 2 – Intelligent automation engine: Employs traditional machine learning models to filter out low-quality matches, significantly reducing noise. This layer decreases false positives by analyzing match quality signals, allowing compliance teams to focus on genuine risks.
Tier 3 – AI-powered investigation system: Conducts comprehensive evaluation of remaining high-quality matches using specialized AI agents deployed on Amazon Bedrock AgentCore Runtime. At a high level, these agents systematically gather relevant information, analyze it holistically following established Investigation Standard Operating Procedures (SOPs) curated by Amazon’s Compliance team, and generate detailed case summaries with recommendations. Human involvement is only required in rare cases where agents cannot reach a conclusive determination due to insufficient evidence or exceptional circumstances that fall outside standard investigation parameters.
This blog post focuses on Tier 3, exploring how Amazon’s Compliance team built its AI-powered investigation system through a series of AI agents built on AWS.
System architecture
When a potential match passes through Tiers 1 and 2, a case is created and routed to our AI-powered investigation system. Agents subsequently gather and analyze information and produce a comprehensive investigation summary with risk assessment and final decision. Our investigator AI agents are built on Strands agent framework, powered by large language models hosted on Amazon Bedrock , and deployed on Amazon Bedrock AgentCore Runtime. The system employs multiple AI agents that work collaboratively, each using specialized tools to interact with external systems, access data, and perform their designated functions.
Agent architecture
Our system consists of multiple AI agents, each designed to handle specific aspects of the investigation process.
- Name matching agent: Analyses name variations, transliterations, and cultural naming conventions across multiple languages and scripts. This agent recognizes that “Abel Hernandez, Jr.” and “Hernandez Abel” may refer to the same individual and handles complex scenarios involving nicknames, maiden names, and aliases etc. It processes non-Latin scripts including Arabic, Chinese, Japanese, and Cyrillic while understanding cultural naming conventions such as the order of given names and surnames in different cultures. For example, when investigating a match between “李明” (Li Ming) and “Ming Li,” this agent recognizes both the transliteration variation and the different name order conventions between Chinese and Western formats.
- Address matching agent: Focusses on geographic data, understanding address variations, abbreviations, and international formatting differences. It identifies when “123 Main St., New York, NY” and “123 Main Street, New York City, New York” refer to the same location. The agent handles international address formats and local abbreviations, validates addresses against geospatial data, and detects potential address obfuscation techniques. Consider this example: the agent can determine that “Flat No. 502, Sai Kripa Apartments, Plot No. 23, Linking Road, Bandra West, Mumbai – 400050, Maharashtra, India” and “Sai Kripa Apts., 5th Floor, Flat 502, 23 Linking Rd., Bandra (W), Mumbai, MH 400050″ references the same address despite formatting differences.
- Entity type inference agent: Determines the entity type (individual or organization) of input entities by first examining data from Amazon’s internal systems using a data aggregation tool. When evidence cannot be found in Amazon’s internal systems, it uses naming patterns and corporate indicators (LLC, Inc., Ministry) across multiple languages to determine the appropriate type of entity for that entry (for example, an individual or an organization).
- Verified customer information (VCI) agent: Examines the customer (or other party) provided information such as identification documents, business registrations, and account verification records.
- Recommendation agent: Synthesizes findings from all the AI agents, applies risk-weighted analysis, and generates final recommendations with detailed justifications based on the evidence gathered. It aggregates evidence from all investigative agents, applies risk scoring based on multiple factors, and generates detailed justifications for recommendations. The agent classifies cases as false positive or true positive with confidence levels, producing a comprehensive case summary including all evidence gathered, analysis from each agent, risk assessment, and a clear recommendation with supporting rationale.
- Orchestration agent: Coordinates the workflow between all agents. It sits on top of these agents and manages dependencies between agents, optimizes investigation sequence based on case complexity, handles parallel execution where appropriate, and monitors agent progress while handling exceptions. The orchestration agent is implemented using the Strands Graph Multi-Agent Pattern which allows deterministic execution order based on graph structure.
Tools
Tools serve as the primary mechanism for extending agent capabilities, enabling agents to interact with external systems, access data, and manipulate their environment. Our agents utilize a variety of tools—some built into Strands (for example, ThinkTool) and others that were developed for specific needs. The Amazon Compliance Screening system uses the following custom-built tools:
- Data aggregator tool: The data aggregator data tool functions as a data aggregator that serves as the critical bridge between our AI agents and Amazon’s extensive data ecosystem. The data aggregator microservice retrieves and consolidates information from multiple internal sources, including Know Your Customer (KYC) systems, transaction history systems, account verification records, party profile information, and historical compliance data.
- Maps tool: The maps tool provides geospatial intelligence and address validation capabilities. It performs address validation and standardization, geocoding and reverse geocoding, jurisdiction analysis, and distance calculations between locations. The tool integrates multiple geographical APIs to help agents verify location-based information and detect address discrepancies. This functionality is essential for the address matching agent to verify location-based information, detect suspicious address patterns, and understand geographic relationships between entities.
- Open source data tool: The open source data tool aggregates publicly available information from multiple third-party data providers, enabling comprehensive open source intelligence gatherings during investigations. This tool connects to various specialized data sources, including corporate registry databases.
Compliance-first design
All agents are instructed to follow strict guidance and Investigation Standard Operating Procedures (SOPs) curated by Amazon’s Compliance team. We follow these guidelines so that our AI reasoning aligns with regulatory requirements and company policies. Every decision and reasoning step is logged and traceable, allowing us to audit the complete investigation trail and understand exactly how the AI reached its conclusions. We have implemented rigorous checks to verify that agents strictly adhere to their assigned SOPs, maintaining consistency across all investigations regardless of case volume or complexity. For example, the recommendation agent cannot execute until it has received results from all AI agents (name matching, address matching, entity type inference agents, and the VCI agent), and when agent confidence scores fall below our defined threshold, the case is automatically escalated to a human investigator with a human-in-the-loop task.
Why Strands and Amazon Bedrock AgentCore Runtime?
Our AI agents are built using Strands and deployed on Amazon Bedrock AgentCore Runtime. Strands and AgentCore Runtime provide a powerful combination of agentic development, session management, security isolation, and infrastructure management, enabling our builders to focus on solving core problems and multi-agent orchestration while abstracting complex implementation details. Strands offer seamless integration with AWS services and external tools through standardized Model Communication Protocol (MCP) and Agent-to-Agent (A2A) constructs, with the entire Bedrock model selection at our disposal.
AgentCore Runtime serverless architecture is critical for our unpredictable workloads—when sanctions lists update daily, case volumes spike dramatically. AgentCore Runtime automatically scales up during surges and down during normal operations, providing efficient compute resource usage without manual intervention.
Results and performance
Our agentic AI-powered investigation system has transformed the investigation process through significant improvements. AI agents analyze hundreds of data points simultaneously, following complex procedures. They achieve 96% overall accuracy with 96% precision and 100% recall rates for historical decisions, outperforming humans, and automate decision-making for over 60% of our volume.
Learnings to apply
Based on our experience building the Amazon Compliance Screening system, we recommend the following:
Start with clear SOPs: The success of our AI agents depends heavily on having well-defined Standard Operating Procedures for investigations. We invested significant time working with compliance teams to document and formalize investigation procedures before implementing AI agents. This upfront investment proved crucial, as agents can only be as effective as the procedures they follow.
Iterative agent development: We did not deploy all agents simultaneously. We started with the name matching agent, validated its performance, then progressively added complexity with additional agents. This iterative approach allowed us to identify and resolve issues early, building confidence with stakeholders, and learning valuable lessons about agent design before scaling more complex multi-agent scenarios.
Balance autonomy and control: Finding the right balance between autonomy and control is crucial. Too much autonomy creates unpredictable behavior—in early iterations; agents skipped address verification when name similarity seemed low, reasoning it was unnecessary. Too much control limits effectiveness. We use different approaches based on function and risk. For the orchestration agent, we implemented Strands Graph Multi-Agent Pattern to enforce deterministic execution order (entity type inference before name matching), guaranteeing investigation of SOP compliance and audit trails. For AI agents like the name matching agent, model-driven approaches provide reasoning autonomy to handle complex scenarios—Arabic-to-English transliterations, Cyrillic variations, or Chinese romanization—requiring dynamic reasoning through linguistic patterns impossible with rigid rules.
Tool design is critical: The quality and reliability of tools directly impact agent performance. We learned to design tools with clear interfaces, comprehensive error handling, and detailed documentation so that agents can use them effectively. A well-designed tool makes the difference between an agent that consistently produces valuable insights and one that struggles with basic tasks.
Observability from day one: Building comprehensive logging, monitoring, and debugging capabilities from the start was essential. Understanding why agents make specific decisions is necessary for compliance and continuous improvement. We can trace every agent action, every tool call, and every reasoning step, which has proven invaluable for troubleshooting, auditing, and optimizing agent behavior.
Conclusion
Amazon’s AI-powered Amazon Compliance Screening system tackles complex compliance challenges through autonomous agents that analyze, reason through, and resolve cases with precision. Human involvement is only required in cases where agents cannot reach a conclusive determination due to insufficient evidence or exceptional circumstances that fall outside standard investigation parameters. This automation-first approach maximizes efficiency while maintaining accuracy and auditability—reserving manual investigations exclusively for edge cases requiring nuanced judgment. As regulatory landscapes evolve, our agentic approach delivers scalability to maintain high compliance standards while continuously expanding autonomous case resolution.
About the authors
Damodar Shetyo is a Principal Software Development Engineer with AWS Security, where he focuses on the compliance space. Passionate about AI agent technologies, he previously served as tech lead for AI agents on AWS Transform for VMware, pioneering the first Agentic AI service for transforming VMware workloads to AWS. Throughout his AWS career, Damodar has contributed to multiple AWS services including AWS Database Migration Service, AWS CodeArtifact, and AWS Resilience Hub, bringing deep expertise in cloud architecture.
Aravindan Veeramani is a Sr. Manager at Amazon, leading the technology organization for Amazon’s Global Sanctions Screening to ensure Amazon and AWS transactions adhere to global regulations. Aravindan has a background in enterprise-scale compliance technology and specializes in developing solutions that leverage agentic AI, machine learning, and natural language processing to prevent prohibited transactions worldwide. His work focuses on building cutting-edge AWS cloud-based systems that enable compliance at Amazon’s global scale.
Matt Padilla is a Senior Product Manger – Technical, with AWS security. With a focus on AI and automation solutions within the security and compliance domain, Matt’s background is in helping develop products that leverage generative and agentic AI in highly regulated fields. Matt has a passion for AI and collaborating with engineering teams to deliver solutions meeting the highest regulatory standards at Amazon’s global scale.
Vinodh Venkatesan is a Software Development Manager at AWS Security, leading engineering initiatives in the sanctions compliance space. He designs, builds, and operates large-scale, distributed systems that enhance the intelligence and automation of compliance workflows across Amazon and AWS. With deep expertise in Agentic AI and cloud-native distributed architectures, Vinodh plays a key role in advancing Amazon’s next-generation compliance capabilities.
Utkarsh Srivastava is a Sr. Software Development Engineer at AWS Security, specializing in Compliance and Regulatory solutions. With 7.5+ years of expertise in KYC and Screening technologies, he has built automated workflows and investigation capabilities at enterprise scale. Utkarsh combines ML/AI optimization expertise with cloud implementation experience, focusing on leveraging Agentic AI to transform regulatory compliance workflows across Amazon’s global operations.
Shobhit Swaroop is a Senior Product Manager – Technical at AWS Security, where he leads product strategy for Amazon’s Global Sanctions Screening engine. With 14+ years of expertise in financial crimes technology, he specializes in developing AI-powered compliance solutions and drives the implementation of cutting-edge screening capabilities by leveraging machine learning and natural language processing to ensure regulatory compliance at scale. A certified anti-money laundering specialist (CAMS) and fraud examiner (CFE), Shobhit combines deep domain expertise in financial crimes compliance with technical product management to build next-generation screening solutions.
