Collapsing bank compliance backlogs from 45 minutes to under 2 minutes with automated GSTN/MCA enrichment, graph-based mule-network detection, and FINnet 2.0‑ready agentic narrative generation.
Live Platform Preview
The VigilAI analyst console surfaces entity enrichment, network topology, and a pre-drafted STR narrative in a single unified pane — from the moment an alert fires.
Triggered Alerts
Velocity Anomaly
A/C ···4821 — 38 txns / 4h
Sub-Threshold Structuring
A/C ···0093 — ₹49,800 × 9
Circular Fund Routing
5-node mule cluster detected
Dormant A/C Reactivation
A/C ···7734 — 18mo inactivity
PEP Counterparty Match
A/C ···2219 — OFAC proximity 2
Entity: RAJESH KUMAR GUPTA · A/C ···4821
✓ GSTN
Verified
GST filing gap: 3 qtrs
✓ MCA21
2 directorships
1 struck off entity
⟳ CBS
Loading 90d
38% complete
Agentic STR Draft
FINnet 2.0 CompatibleSTR Reference
STR/2024-25/VIG/004821
Reporting Entity
State Bank of India, Mid-Corporate Branch, Mumbai — IFSC: SBIN0001234
Investigation Summary
The account holder, Rajesh Kumar Gupta (A/C ···4821), exhibits velocity anomalies consistent with mule-account layering under PMLA Schedule offence categories. 38 transactions totalling ₹18,74,200 were processed over a 4-hour window on 14-Jun-2024, representing a 1,840% deviation from the 90-day peer-group baseline.
Graph-theoretic analysis reveals a 4-hop circular routing pattern across five accounts (···4821 → ···0093 → ···7201 → ···3348 → ···4821). MCA21 records confirm one co-director entity (DIN: 07312948) was struck off under Section 248 of Companies Act 2013. GSTN filings are in arrears for 3 quarters.
Recommended Action
File STR with FIU-IND — within 7 days (PMLA §12)
Simulated analyst console. Entity names and account numbers are illustrative. In production, all data remains within your bank's AWS VPC.
The Market Gap
Detection engines fire alerts at machine speed. What happens next is entirely human, entirely manual, and operationally broken.
Speed 1
MuleHunter.ai & TMS Rules Fire in Milliseconds
RBIH's AI detection engine and internal transaction monitoring system (TMS) identify anomalous patterns — velocity spikes, sub-threshold structuring, PEP proximity — and generate alerts in near real-time.
Automated Alert Queue Population
Alerts are scored, prioritised, and routed to the Financial Crime Investigation Unit (FCIU) queue within seconds. The machine's job ends here.
High and Rising Alert Volumes
With UPI transaction volumes exceeding 14 billion/month, alert queues at commercial banks often contain 200–800 open items at any given time, with Payments Banks experiencing the sharpest growth.
System latency from transaction to alert:
Speed 2 — Broken
Manual GST Portal Lookup (7–12 min)
Analyst opens GSTN portal in a separate tab, searches by PAN/GSTIN, manually screenshots and copy-pastes filing history and turnover data into a local case notes file.
Manual MCA21 Director Lookup (5–8 min)
Separate login to MCA21 v3 to pull DIN records, company charge sheets, and cross-directorships. No API — strictly UI-driven. Results are copy-pasted into investigation notes.
CBS Ledger Pull Request (10–15 min queue)
Analyst submits a report request to the CBS team for 90-day ledger history. This often sits in a shared mailbox queue with SLAs measured in hours, not seconds.
STR Narrative Typed from Scratch (15–20 min)
With all data finally assembled across 6+ tabs, the analyst manually drafts a PMLA-compliant investigation narrative and reformats it for FINnet 2.0 XML upload. High error rate, low consistency.
Avg. analyst time per alert validation:
Core Capabilities
Each capability is architected to address a specific layer of the investigation workflow — enrichment, analysis, and filing — so your analysts never leave the platform.
The moment an alert is opened, VigilAI dispatches parallel API calls to GSTN, MCA21 v3, and your Core Banking System simultaneously. Results converge into a single enriched entity dossier in under 90 seconds — no context switching, no waiting, no copy-pasting.
Money-mule networks are graph problems. VigilAI builds a directed transaction graph per entity — surfacing circular fund routing, fan-out layering, and shared-identifier clusters (mobile, device ID, nominee DIN) that are invisible in tabular ledger views.
A sovereign, in-region LLM synthesises enrichment outputs and graph findings into a structured investigation narrative mapped to PMLA Schedule offences and FATF typologies. Output is pre-formatted for direct upload to FIU-IND's FINnet 2.0 portal — analyst reviews, edits, and submits.
Workflow
MuleHunter.ai or TMS generates a risk alert. VigilAI receives the event via secure webhook within your VPC.
Parallel async jobs pull GSTN status, MCA21 directorships, and 90-day CBS ledger. Enriched dossier ready in <90s.
Transaction network visualised. Circular routes, mule clusters, and shared identifiers flagged automatically for analyst review.
Agentic LLM pre-drafts the PMLA narrative. Analyst approves and submits directly to FIU-IND FINnet 2.0 portal.
Core Architecture & Security
VigilAI deploys entirely within your bank's existing AWS environment — every compute, inference, and graph workload runs inside a private network boundary in AWS Asia Pacific (Mumbai) ap-south-1. Customer financial data never traverses a public network, never touches a shared cloud tenant, and never leaves Indian soil.
All LLM inference and agentic STR-drafting pipelines run exclusively via Amazon Bedrock in the ap-south-1 (Mumbai) Region. Bedrock Agents orchestrate the enrichment-to-narrative workflow with full tool-use calling — no external model endpoint is ever contacted. Maintains 100% compliance with RBI's domestic data localisation mandate.
Real-time node-and-edge relationship maps — tracing multi-layered shell companies, circular fund routes, and shared-identity clusters — are powered by a fully managed Amazon Neptune graph database instance. Neptune's SPARQL and openCypher engines enable sub-second traversal across millions of entity relationships without ETL overhead.
The entire Copilot orchestration layer — every enrichment call to CBS, GSTN, and MCA21, every graph query to Neptune, every inference request to Bedrock — communicates exclusively through AWS PrivateLink endpoints inside the bank's Amazon VPC. No request ever traverses the public internet. No VPN tunnel required.
Amazon VPC — Bank Private Subnet
Amazon Bedrock
Agents · Model inference
ap-south-1 ✓
VigilAI App Layer
ECS Fargate · Private subnet
Isolated compute ✓
Amazon Neptune
Graph DB · Multi-AZ HA
openCypher · SPARQL ✓
Amazon RDS + S3
Case store · AES-256 · KMS
Encrypted at rest ✓
AWS PrivateLink Endpoints
Core Banking
↕ VPC Endpoint
GSTN API
↕ VPC Endpoint
MCA21 API
↕ VPC Endpoint
AWS CloudTrail
Immutable audit log · 5yr retention
AWS KMS
Customer-managed keys · CMK
Every service-to-service call flows through AWS PrivateLink. Zero public internet traversal. Traffic stays on the AWS private backbone end-to-end.
All inference, graph traversal, and storage workloads execute within AWS ap-south-1 (Mumbai). Satisfies the RBI's 2018 Payment System Data Storage circular and subsequent localisation guidance, with Amazon Bedrock enforcing in-region model execution at the infrastructure layer.
Customer PII is processed inside dedicated ECS Fargate task environments scoped per investigation, with AWS KMS customer-managed keys for field-level encryption. No cross-tenant data leakage. Audit logs retained 5 years via CloudTrail + S3 Object Lock — PMLA Section 12 compliant.
STR narrative generation and enrichment reasoning are handled exclusively by Amazon Bedrock foundation models with cross-region inference disabled. Investigation data never contacts OpenAI, Anthropic's API, Google Vertex, or any off-AWS endpoint — enforced at the VPC network policy layer.
Every analyst action, Bedrock inference call, Neptune graph query, and enrichment event is written to AWS CloudTrail with S3 Object Lock (WORM) enabled. Tamper-proof investigation records for FIU-IND examinations and internal audit — 5-year retention by default.
AWS Activate Portfolio — Deep Native Integration
Credit-Eligible ArchitectureVigilAI's infrastructure is built entirely on AWS-native managed services — no third-party databases, no off-cloud model endpoints, no hybrid licensing complexity. Every workload is metered directly through the AWS billing console, making credit application and burn-down reporting straightforward for the review board.
We're onboarding a select cohort of Indian banks for our private pilot programme. If you're a CISO, CCO, or Head of Financial Crime Operations at a commercial, small finance, or payments bank — let's talk.