Skip to main content

Overview

The Compliance & Governance tools enable agents to perform regulatory validation and approval workflows across multiple compliance frameworks. These tools ensure all high-risk operations maintain audit trails, segregation of duties, and regulatory compliance. Supported regulatory frameworks:
  • SOX (Sarbanes-Oxley): Segregation of duties requirements
  • ASIC RG94: NAV tolerance and valuation frequency requirements
  • AIFMD: Alternative Investment Fund Managers Directive compliance

Regulatory Frameworks

SOX Compliance (Sarbanes-Oxley)

Enforces segregation of duties to prevent conflicts of interest. Key rules:
  • Same user cannot initiate and approve transactions
  • Risk-based approval chains required
  • All actions logged with immutable audit trails
  • Enforcement through role-based access control

ASIC RG94

Australian Securities and Investments Commission guidance for fund managers. Validates:
  • Net Asset Value (NAV) tolerance within acceptable ranges
  • Valuation frequency requirements (daily/weekly based on fund type)
  • Consistent valuation methodologies
  • Timely disclosure of pricing discrepancies

AIFMD

European Union regulatory framework for Alternative Investment Fund Managers. Ensures:
  • Proper valuation procedures documented
  • Fair pricing of fund assets
  • Risk management compliance
  • Regular compliance reporting

Quick Start

Basic Compliance Check

# Check if action complies with all regulations
response = agent.invoke({
    "messages": [{
        "role": "user",
        "content": "Check if this transaction is compliant",
        "tool_call": {
            "tool": "check_compliance",
            "args": {
                "action_type": "transaction",
                "action_data": {
                    "amount": 50000,
                    "counterparty": "vendor_123",
                    "transaction_type": "payment"
                },
                "user_id": "user_456"
            }
        }
    }]
})

Approval Workflow

# Step 1: Request approval for high-risk action
approval_request = agent.invoke({
    "tool": "request_approval",
    "args": {
        "action_type": "override",
        "action_data": {"reason_code": "market_exception"},
        "requested_by": "user_123",
        "reason": "Market volatility exceeds normal parameters"
    }
})

# Step 2: Review pending approvals
pending = agent.invoke({
    "tool": "get_pending_approvals",
    "args": {"approver_id": "manager_789"}
})

# Step 3: Submit approval decision
decision = agent.invoke({
    "tool": "submit_approval",
    "args": {
        "request_id": approval_request["request_id"],
        "approver_id": "manager_789",
        "approved": True,
        "comments": "Exception approved due to market conditions"
    }
})

Tool Reference

check_compliance

Validates actions against regulatory requirements before execution. Input Schema: 
{
    "action_type": "string (approval|validation|transaction|override|etc)",
    "action_data": "dict (action-specific details)",
    "user_id": "string (optional, user performing action)"
}
Response: 
{
    "success": "boolean",
    "compliant": "boolean",
    "can_proceed": "boolean",
    "rules_checked": "number",
    "requires_approval": "boolean",
    "violations": "string (formatted violations)",
    "details": "array (detailed violation objects)",
    "message": "string"
}
Action Types:
  • approval: Multi-level approval requests
  • validation: Data validation operations
  • transaction: Financial transactions
  • override: Regulatory override requests
  • report: Compliance reporting
Returns:
  • compliant=true: Action passes all checks, safe to proceed
  • compliant=false, requires_approval=true: Use request_approval tool
  • compliant=false, requires_approval=false: Action violates mandatory rules
Example - Transaction Compliance Check: 
result = check_compliance(
    action_type="transaction",
    action_data={
        "amount": 100000,
        "recipient": "counterparty_001",
        "fund_id": "fund_123",
        "valuation_date": "2025-10-29"
    },
    user_id="trader_456"
)

# Response:
{
    "success": True,
    "compliant": True,
    "can_proceed": True,
    "rules_checked": 12,
    "message": "Action complies with all 12 applicable rules"
}
Example - Compliance Violation: 
result = check_compliance(
    action_type="transaction",
    action_data={
        "amount": 50000000,  # Exceeds SOD limits
        "recipient": "user_123",  # Same user as initiator
        "fund_id": "fund_123"
    },
    user_id="user_123"
)

# Response:
{
    "success": True,
    "compliant": False,
    "requires_approval": True,
    "can_proceed": False,
    "violations": "- SOX (SOD-001): Cannot approve own transaction\n- SOX (SOD-003): Amount exceeds daily limit",
    "details": [
        {
            "regulation": "SOX",
            "rule_code": "SOD-001",
            "description": "Cannot approve own transaction"
        },
        {
            "regulation": "SOX",
            "rule_code": "SOD-003",
            "description": "Amount exceeds daily limit"
        }
    ]
}

request_approval

Creates an approval request for high-risk actions or compliance overrides. Input Schema: 
{
    "action_type": "string (required)",
    "action_data": "dict (required)",
    "requested_by": "string (required, user ID)",
    "reason": "string (optional)"
}
Response: 
{
    "success": "boolean",
    "approval_requested": "boolean",
    "request_id": "string (UUID)",
    "required_role": "string (role needed to approve)",
    "expires_at": "ISO timestamp",
    "message": "string"
}
Required Roles by Action Type:
  • override: Manager or Compliance Officer
  • validation: Compliance Officer
  • transaction (high-value): Director or Officer
  • approval: Next approval level up
Example - Request Override Approval: 
result = request_approval(
    action_type="override",
    action_data={
        "nav_variance": 0.15,  # 0.15% above tolerance
        "fund_id": "fund_123",
        "resolution": "accept_variance"
    },
    requested_by="portfolio_mgr_001",
    reason="Market volatility caused NAV variance outside normal range"
)

# Response:
{
    "success": True,
    "approval_requested": True,
    "request_id": "req_f8d2a9c1-e4b5-4c3e-9f2a-1b3d5e7f9a1c",
    "required_role": "Compliance Officer",
    "expires_at": "2025-10-31T10:29:00Z",
    "message": "Approval request created. Requires approval from user with role: Compliance Officer"
}

submit_approval

Submits an approval or rejection decision for a pending request. Enforces segregation of duties. Input Schema: 
{
    "request_id": "string (required, UUID)",
    "approver_id": "string (required, user ID)",
    "approved": "boolean (required)",
    "comments": "string (optional)"
}
Response: 
{
    "success": "boolean",
    "request_id": "string",
    "status": "string (approved|rejected|expired)",
    "message": "string"
}
Constraints:
  • Approver must have required role
  • Cannot approve request initiated by same user (SOX segregation)
  • Request must not be expired
  • Comments required for rejections
Example - Approve Request: 
result = submit_approval(
    request_id="req_f8d2a9c1-e4b5-4c3e-9f2a-1b3d5e7f9a1c",
    approver_id="compliance_officer_002",
    approved=True,
    comments="Variance approved. Market conditions support NAV deviation."
)

# Response:
{
    "success": True,
    "request_id": "req_f8d2a9c1-e4b5-4c3e-9f2a-1b3d5e7f9a1c",
    "status": "approved",
    "message": "Request approved successfully"
}
Example - Reject Request: 
result = submit_approval(
    request_id="req_abc123",
    approver_id="compliance_officer_002",
    approved=False,
    comments="NAV variance exceeds acceptable threshold. Requires revaluation."
)

get_pending_approvals

Retrieves pending approval requests for a specific user based on their role. Input Schema: 
{
    "approver_id": "string (required, user ID)"
}
Response: 
{
    "success": "boolean",
    "pending_count": "number",
    "message": "string",
    "requests": [
        {
            "request_id": "string (UUID)",
            "action_type": "string",
            "requested_by": "string (user ID)",
            "required_role": "string",
            "risk_level": "string (low|medium|high|critical)",
            "expires_at": "ISO timestamp"
        }
    ]
}
Risk Levels:
  • low: Routine validations
  • medium: Standard transactions
  • high: High-value or sensitive operations
  • critical: Multi-level approvals or regulatory overrides
Example - Check Pending Approvals: 
result = get_pending_approvals(
    approver_id="manager_789"
)

# Response:
{
    "success": True,
    "pending_count": 3,
    "message": "Found 3 pending approval request(s)",
    "requests": [
        {
            "request_id": "req_f8d2a9c1-e4b5-4c3e-9f2a-1b3d5e7f9a1c",
            "action_type": "override",
            "requested_by": "portfolio_mgr_001",
            "required_role": "Manager",
            "risk_level": "high",
            "expires_at": "2025-10-31T10:29:00Z"
        },
        {
            "request_id": "req_2b4c5d6e-7f8g-9h0i-1j2k-3l4m5n6o7p8q",
            "action_type": "validation",
            "requested_by": "analyst_555",
            "required_role": "Manager",
            "risk_level": "medium",
            "expires_at": "2025-10-30T15:45:00Z"
        }
    ]
}

generate_compliance_report

Generates regulatory compliance reports for audit and governance purposes. Input Schema: 
{
    "report_type": "string (sox_audit|rg94_validation|aifmd|agent_activity|approval_workflow)",
    "period_days": "number (default: 30)",
    "user_id": "string (optional, user generating report)"
}
Response: 
{
    "success": "boolean",
    "report_id": "string (UUID)",
    "report_type": "string",
    "period": "string",
    "generated_at": "ISO timestamp",
    "summary": "object (framework-specific)",
    "message": "string"
}
Report Types:
  1. sox_audit: SOX compliance audit
    • Segregation of duty violations
    • Approval chain completeness
    • User access changes
    • High-risk transaction approvals
  2. rg94_validation: ASIC RG94 validation
    • NAV variance by fund
    • Valuation frequency compliance
    • Pricing discrepancies
    • Fund-specific metrics
  3. aifmd: AIFMD compliance
    • Valuation procedure adherence
    • Risk management compliance
    • Fee disclosure accuracy
    • Leverage limits
  4. agent_activity: Agent action summary
    • Tool usage statistics
    • Approval rates
    • Error counts
    • User activity summary
  5. approval_workflow: Approval process audit
    • Pending request count
    • Approval time metrics
    • Rejection rates
    • Role-based distribution
Example - Generate SOX Audit Report: 
result = generate_compliance_report(
    report_type="sox_audit",
    period_days=30,
    user_id="audit_user_123"
)

# Response:
{
    "success": True,
    "report_id": "rpt_8f3c2a1e-9d4b-4c7f-8e9a-2b3d5f7c8e9f",
    "report_type": "sox_audit",
    "period": "30 days",
    "generated_at": "2025-10-29T14:30:00Z",
    "summary": {
        "total_transactions": 1250,
        "approvals_required": 156,
        "approvals_obtained": 156,
        "violations_found": 0,
        "average_approval_time": "4.2 hours",
        "segregation_compliance": "100%"
    },
    "message": "Generated sox_audit report for 30 day period"
}
Example - Generate RG94 Report: 
result = generate_compliance_report(
    report_type="rg94_validation",
    period_days=7
)

# Response:
{
    "success": True,
    "report_id": "rpt_abc123def456",
    "report_type": "rg94_validation",
    "period": "7 days",
    "generated_at": "2025-10-29T14:30:00Z",
    "summary": {
        "funds_analyzed": 12,
        "nav_variance_events": 2,
        "max_variance": 0.12,
        "valuation_frequency_compliance": 98.5,
        "pricing_discrepancies": 1,
        "compliant_funds": 11
    }
}

verify_audit_integrity

Verifies the integrity of the audit trail using cryptographic hashing to detect tampering. Input Schema: 
{}
Response: 
{
    "success": "boolean",
    "integrity_verified": "boolean",
    "events_verified": "number",
    "last_event_hash": "string (SHA-256 hex)",
    "error": "string (if verification fails)",
    "event_id": "string (failing event UUID, if applicable)",
    "message": "string"
}
Technical Details:
  • Uses SHA-256 blockchain-inspired hash chaining
  • Each event contains hash of previous event
  • Verifies entire chain integrity
  • Returns error at first tampering detection
  • Prevents retroactive audit manipulation
Example - Successful Verification: 
result = verify_audit_integrity()

# Response:
{
    "success": True,
    "integrity_verified": True,
    "events_verified": 4823,
    "last_event_hash": "a3f5c8d2e9b1f4c7a9d5e2b8f1c4a7d9e2b5f8a1c4d7a0e3f6b9c2d5e8f1a4",
    "message": "Audit trail integrity verified. 4823 events checked."
}
Example - Integrity Failure (Critical): 
result = verify_audit_integrity()

# Response:
{
    "success": True,
    "integrity_verified": False,
    "error": "Hash chain broken at event 2847",
    "event_id": "evt_2847",
    "message": "CRITICAL: Audit trail integrity FAILED - Hash chain broken at event 2847"
}

Approval Workflow Details

Request Lifecycle

  1. Create: request_approval initiates request with required_role
  2. Pending: Request appears in approver’s queue via get_pending_approvals
  3. Approve/Reject: submit_approval with decision
  4. Expire: Requests expire after 48 hours if not processed
  5. Log: All transitions recorded in audit trail

Role-Based Access

Approval routing based on risk level and action type:
Action TypeRisk LevelRequired RoleApproval Time
validationlowAnalyst4 hours
validationmediumManager4 hours
transactionlowManager2 hours
transactionhighDirector1 hour
overrideanyCompliance Officer2 hours
approvalcriticalOfficer+30 min

Segregation of Duties

  • Initiator cannot approve own requests
  • Same role cannot form full approval chain
  • Director approval bypasses Manager approval
  • All decisions require documented justification

Error Handling

Common Errors

Compliance Check Fails: 
{
    "success": False,
    "error": "Database connection failed",
    "message": "Compliance check failed: Unable to reach database"
}
Approval Permission Denied: 
{
    "success": False,
    "error": "User role insufficient for approval",
    "message": "Approval failed: User role insufficient for approval"
}
Request Expired: 
{
    "success": False,
    "error": "Approval request expired",
    "message": "Approval submission failed: Approval request expired"
}

Best Practices

  1. Always Check Compliance First: Call check_compliance before executing high-risk operations
  2. Include Context: Provide detailed action_data and reason for approval requests
  3. Monitor Expiry: Check expires_at on approval requests before submitting
  4. Segregate Duties: Ensure approvers differ from requesters
  5. Audit Regularly: Generate compliance reports weekly for governance oversight
  6. Verify Integrity: Run verify_audit_integrity monthly to detect tampering

Configuration

All tools authenticate via JWT token in RunnableConfig: 
config = {
    "configurable": {
        "jwtToken": "eyJhbGciOiJIUzI1NiIs..."
    }
}
Tokens required for:
  • Supabase authentication
  • User role verification
  • Audit trail access
  • Report generation