This section collects the materials most often requested during assessment of Convier under the AI Act

1. Purpose of this Document

This document describes how Convier AI Agents are designed to support governance, control, transparency, traceability, and responsible use of artificial intelligence within financial crime and compliance workflows.

The document is intended to support Customers in their assessment and governance of Convier AI Agents under Regulation (EU) 2024/1689, the Artificial Intelligence Act.

This document may also support assessments relating to GDPR, internal AI policies, information security requirements, outsourcing requirements, operational resilience, and other governance or risk management requirements applicable to the Customer’s use of AI.

Convier will support the Customer by providing product information, technical documentation, configuration information, operational evidence, and reasonable assistance relevant to the Customer’s AI governance and assessment processes.

This document is not legal advice. The final legal and regulatory determinations for the Customer’s own use of AI remain with the Customer.

The classification and obligations applicable to an AI system depend on the specific intended use, configuration, workflow, degree of automation, user role, data processed, and operational context.

2. Executive Summary

Convier AI Agents are designed to operate within configured Convier workflows. They are not general-purpose AI assistants operating independently from the Customer’s Convier configuration.

The AI Agents service is designed to support and automate tasks within licensed workflows, including customer due diligence, ongoing monitoring, transaction monitoring investigations, reporting, and related financial crime prevention processes.

Convier’s approach is based on the following principles:

Convier provides the operating environment, orchestration layer, governance controls, documentation, and evidence needed to support controlled use of AI agents. The Customer provides the organisational context, internal procedures, model approval, legal basis, and final legal and regulatory determinations for its own use of AI.

3. Description of Convier AI Agents

An AI agent is a configurable software component within the Convier platform that uses artificial intelligence to perform predefined tasks within an approved workflow configured in Convier.

AI agents operate within the same Convier environment as authorised users and use the configured data integrations, workflows, controls, analysis functionality, and reporting mechanisms made available within the Customer’s Convier deployment.

Depending on the agreed scope and configuration, an AI agent may:

AI agents operate within the workflows, permissions, data sources, instructions, controls, and review requirements configured for the Customer in Convier.

4. Architecture and Technical Setup

Convier AI Agents are designed to operate within the Customer’s technical environment and in connection with the Customer’s existing Convier deployment.

Unless otherwise agreed, the AI agents use the Customer’s own AI environment, such as Azure AI Foundry, Azure OpenAI, Google’s enterprise AI platform, or an equivalent AI service environment approved by the Customer.

The Customer selects, provides, configures, and maintains access to the relevant large language models and AI services used by the AI agents. These models will typically be GPT-family models or other models made available in the Customer’s approved AI environment.

Convier operates as an orchestration, workflow, and governance layer for the Customer’s selected AI environment. Convier does not normally operate a proprietary language model.

Convier orchestrates the AI agent workflow through the Convier platform. This may include:

Unless otherwise agreed, Convier does not provide the underlying foundation AI model, operate the Customer’s AI environment, enter into the Customer’s agreement with the relevant AI model or AI service provider, decide which models the Customer may use, or control the terms on which the Customer’s selected AI model or AI service processes data.

5. Intended Use and AI Act Classification

The AI Act classifies AI systems based on their intended use. The relevant question is therefore not only what Convier AI Agents are technically capable of doing, but how a specific Customer configures and uses them in practice.

Convier AI Agents are intended to support and automate tasks within configured workflows. Convier will support the Customer in documenting the intended use of each AI agent, including:

Based on Convier’s current standard functionality for financial crime workflows, Convier does not consider the AI Agents service to fall within the prohibited AI practices set out in Article 5 of the AI Act.

For financial institutions, the most important assessment is whether the AI system is used in a way that makes or materially influences decisions affecting natural persons, including decisions relating to access to financial services, creditworthiness, customer treatment, customer risk assessment, or similar outcomes.

Use of AI in AML, fraud, or compliance processes should not automatically be treated as high-risk merely because it concerns financial crime prevention. The assessment depends on the specific intended use and whether the system falls within an AI Act high-risk category or materially influences a relevant decision.

The AI Act distinguishes between administrative analysis of information in an AML context and AI systems used for law enforcement, criminal investigation, prosecution, or judicial decision support. Banks and other obliged entities perform their own obligations under AML legislation. They are not law enforcement authorities. Use of AI in a bank’s AML work should therefore not automatically be treated as use of AI for law enforcement purposes.

If an AI agent is used only to support narrow procedural tasks, information retrieval, summarisation, drafting, or preparation of material for human review, this may support an assessment that the AI system does not materially influence the outcome of decision-making. However, that assessment must be made based on the concrete configuration and operational use.

If an AI agent is configured to autonomously initiate, complete, recommend, or materially influence decisions or workflow actions with significant legal, regulatory, financial, or operational consequences for natural persons, the Customer should perform a more detailed high-risk assessment. Convier will support such assessment by providing configuration information, workflow descriptions, task instructions, automation settings, logging information, and other relevant evidence available in the platform.

A future or customer-specific configuration may require separate assessment if AI agents are used to create alerts, propose or assign customer risk classifications, escalate cases automatically, recommend measures towards customers, or otherwise materially affect decisions concerning customers.

This does not mean that such a use case is automatically high-risk. It means that the classification assessment should be based on the system’s intended purpose, actual operational role, degree of autonomy, and the significance of AI output for decisions affecting customers.

6. Governance Model and Responsibilities

Convier and the Customer work together to support responsible and controlled use of AI agents within the Customer’s Convier deployment.

Convier provides the operating environment, orchestration layer, configuration functionality, Control Tower, logging, traceability, human oversight functionality, and documentation support for AI-supported financial crime workflows.

The Customer provides the organisational and regulatory context in which the AI agents are used, including the relevant workflows, internal procedures, risk appetite, approval requirements, model selection, and legal or regulatory requirements applicable to its organisation.

6.1 Convier Support

Convier will support the Customer by providing relevant information, documentation, configuration support, implementation support, and reasonable assistance relating to:

Convier will also provide information and evidence reasonably available in the Convier platform to support the Customer’s AI governance, internal control, audit, risk assessment, data protection assessment, and AI Act assessment processes.

Such support may include information about system architecture, data flow, configured workflows, AI agent instructions, data sources, output formats, Control Tower settings, logging, review steps, and AI-generated or AI-assisted outputs.

6.2 Customer Input and Decisions

The Customer provides the organisational and regulatory input required to configure and govern the AI agents appropriately.

This includes input on the intended use of the AI agents, applicable workflows, internal procedures, permitted data sources, model or AI service provider, permitted degree of automation, human oversight requirements, access rights, retention requirements, and relevant internal governance requirements.

The Customer makes the final determinations regarding its own legal, regulatory, operational, AI governance, data protection, and compliance obligations, including the classification of its intended use under the AI Act.