The Orchestrator: Five Agents, One Timeline, Zero Gaps

James Aspinwall — February 2026

The five agents — Compliance Monitor, Regulatory Tracker, API Anomaly Detector, Exposure Monitor, KYC Orchestrator — each solve a specific compliance problem. Individually, they are useful. Together, they are a compliance nervous system.

This article is about the thing that makes them work together: the orchestrator. It routes events, manages tool invocations, aggregates outputs into a unified timeline, and enforces the governance rules that every German regulator demands. It does not make decisions. It makes sure the right agent sees the right data at the right time, and that a human sees the result before anything irreversible happens.

Why an Orchestrator

Five standalone agents would create five dashboards, five alert queues, five audit trails. A compliance officer already drowning in alerts does not need five more inboxes. They need one timeline that tells them: what happened, which domain it affects, how severe it is, and what they need to do next.

The orchestrator provides three things no individual agent can:

Temporal correlation. A regulatory gap flagged at 9:00 AM, a related compliance alert at 9:15 AM, and an exposure limit notification at 9:30 AM tell a story. Individually, they are three items in three queues. In a unified timeline, they are a pattern that demands immediate attention.

Cross-domain escalation. A credential stuffing attack detected by the API Anomaly Detector may enable unauthorized transactions that the Compliance Monitor must evaluate. A connected client discovery by the Exposure Monitor triggers a KYC refresh. A new BaFin circular picked up by the Regulatory Tracker creates gaps in the Compliance Monitor’s rule engine. These interactions are invisible when agents operate in isolation.

Single audit trail. MaRisk AT 6 requires that all risk-relevant processes be documented so a “knowledgeable third party” can understand the decisions made. One orchestrator, one timeline, one trail.

Architecture: Hub and Spoke

The orchestrator follows the supervisor pattern — a central hub that coordinates specialized agents through a shared tool protocol. No agent communicates directly with another agent. All coordination flows through the hub.

                    ┌──────────────────┐
                    │   Orchestrator   │
                    │   (MCP Server)   │
                    └────────┬─────────┘
                             │
              ┌──────────────┼──────────────┐
              │              │              │
    ┌─────────┴──┐  ┌───────┴────┐  ┌──────┴───────┐
    │ Compliance  │  │ Regulatory │  │ API Anomaly  │
    │  Monitor    │  │  Tracker   │  │  Detector    │
    └────────────┘  └────────────┘  └──────────────┘
              │              │
    ┌─────────┴──┐  ┌───────┴────┐
    │  Exposure  │  │    KYC     │
    │  Monitor   │  │ Orchestr.  │
    └────────────┘  └────────────┘

Each agent is a set of MCP tools with its own system prompt context, trigger conditions, and output format. The orchestrator owns the event loop: it receives data (transactions, RSS entries, API telemetry, portfolio changes, KYC applications), routes each event to the appropriate agent, collects outputs, and writes them to the unified timeline.

This is not a microservices architecture. It is a single application with one parallel process per agent domain, one shared timeline, one permission system. The MCP protocol provides the tool interface. The framework infrastructure provides the concurrency.

Deployment: One Instance Per Business

Each customer gets a dedicated instance — complete isolation by design, not by access control.

This eliminates an entire class of security and compliance concerns. Row-level security, tenant isolation, context switching, business hierarchies — none of these exist because there is nothing to isolate from. Each instance is a self-contained compliance system for one organization.

For customers running multiple business units, each unit gets its own instance. Consolidated billing and shared support management sit at the contract level, not the infrastructure level.

The 25 Tools

Every tool follows the same contract: structured input, structured output, human-readable narrative attached. The orchestrator exposes all 25 tools through a single MCP server.

Compliance Monitor (4 tools)

Tool Trigger Output
compliance_scan_transactions Continuous feed / batch Flagged transactions with rule citations
compliance_score_alert Per flagged batch Risk score 0-100, prioritized queue position
compliance_draft_sar Per scored alert Verdachtsmeldung narrative with GwG sections
compliance_alert_status On-demand Current alert queue with severity and SLA status

Regulatory Tracker (4 tools)

Tool Trigger Output
regulatory_check_feeds Daily / webhook New bulletin list with metadata
regulatory_classify Per bulletin Relevance, topic taxonomy, materiality
regulatory_map_controls Per classified bulletin Regulation-to-control mapping
regulatory_gap_analysis Per mapped bulletin Gaps with priority and remediation timeline

API Anomaly Detector (4 tools)

Tool Trigger Output
api_anomaly_check_health Continuous Latency percentiles, error rates, auth stats
api_anomaly_detect Per telemetry window Anomaly flags with statistical basis
api_anomaly_correlate Per anomaly set Incident narrative with MITRE ATT&CK mapping
api_anomaly_incident_report Per correlated incident DORA-formatted report draft

Exposure Monitor (5 tools)

Tool Trigger Output
exposure_calculate Per position change / daily Net exposures per counterparty/group
exposure_check_limits Per calculation Utilization dashboard with threshold status
exposure_explain Per threshold crossing Audit-trail explanation with recommended actions
exposure_breach_report Per breach BaFin notification draft
exposure_pretrade_check On-demand Headroom analysis for proposed trade

KYC Orchestrator (8 tools)

Tool Trigger Output
kyc_start_onboarding Per application Pipeline initialized, checks queued
kyc_verify_identity Phase 2 Document verification result
kyc_screen_sanctions Phase 2 (parallel) Sanctions match/near-match/clear with scores
kyc_screen_pep Phase 2 (parallel) PEP status with relationship detail
kyc_calculate_risk Phase 3 Weighted risk score with breakdown
kyc_decision Phase 4 Approve / review / escalate / decline
kyc_review_summary Phase 5 Human-readable review narrative
kyc_pipeline_status On-demand All in-flight onboarding cases

Cross-Agent Data Flows

The agents do not share state directly. They share events through the timeline. But certain events in one domain have consequences in another, and the orchestrator must route them.

Sanctions: Compliance Monitor ↔ KYC Orchestrator

Both agents screen against the same sanctions lists — EU Consolidated Financial Sanctions List, UN Security Council, OFAC. When the Compliance Monitor flags a transaction involving a customer currently in the KYC pipeline, the orchestrator links the two events. When the KYC Orchestrator identifies grounds for suspicion during onboarding (GwG Section 43), the orchestrator routes to the Compliance Monitor for Verdachtsmeldung assessment.

Regulatory Gaps: Tracker → All Agents

The Regulatory Tracker is the early warning system. A new EBA guideline on ESG risk management creates gaps in the Exposure Monitor’s control framework. A new BaFin circular on AML creates gaps in the Compliance Monitor’s rule engine. A DORA amendment creates gaps in the API Anomaly Detector’s incident reporting procedures. A new AMLR provision on KYC refresh intervals affects the KYC Orchestrator’s pipeline configuration.

When the Tracker identifies a gap, the orchestrator tags it with the affected domain. The responsible agent’s next scheduled review includes the gap in its context.

Security → Fraud: API Anomaly Detector → Compliance Monitor

A credential stuffing campaign detected by the API Anomaly Detector on /api/v1/transfers may result in unauthorized transactions. If the attack succeeds — even partially — the Compliance Monitor must evaluate those transactions for suspicious activity. A single breach event can trigger both a DORA incident report and a Verdachtsmeldung.

Connected Clients: Exposure Monitor → KYC Orchestrator

When the Exposure Monitor discovers that two previously separate counterparties share a common beneficial owner (Scenario 3 in the Exposure article), the combined exposure changes. But so does the KYC picture — the beneficial ownership records need updating, and a KYC refresh may be triggered. The orchestrator routes the reclassification event to both domains.

Shrinking Capital: Exposure Monitor → All Agents

A quarterly loss reduces Tier 1 capital. The Exposure Monitor recalculates all utilization ratios against the new, lower denominator. If breaches result, the orchestrator escalates across domains — the CRO needs the exposure analysis, the compliance function needs to assess whether the breach triggers reporting obligations, and the Regulatory Tracker should check whether any pending capital-related regulation affects the response.

The Unified Timeline

Every agent output lands in the same timeline. Each entry contains:

Field Purpose
timestamp When the event occurred
agent Which agent generated it
severity Critical / High / Medium / Low
category AML / Prudential / Regulatory / Security / KYC
summary One-line description
narrative Full LLM-generated explanation
action_required What the human needs to do
action_by Role responsible (MLRO, CRO, CISO, analyst)
sla_deadline When the action must be completed
status Open / In Review / Resolved / Escalated
audit_refs Links to full audit trail entries

The timeline serves three audiences:

Compliance officers see SAR drafts, KYC escalations, regulatory gap assessments. Their view filters by AML and KYC categories, sorted by SLA deadline.

Risk officers (CRO) see exposure gauges, breach notifications, remediation tracking. Their view filters by Prudential category, with the counterparty heatmap front and center.

IT/Security (CISO) see API health snapshots, incident narratives, DORA reporting status. Their view filters by Security category, with the severity matrix driving the sort order.

Every user sees the same underlying data. The filters change. The audit trail does not.

Governance: Three Regulations That Govern Everything

EU AI Act — The August 2026 Deadline

Every agent in this system is classified as high-risk AI under the EU AI Act (Regulation 2024/1689, Annex III). The Compliance Monitor is an AML detection system. The Exposure Monitor is a credit risk assessment system. The KYC Orchestrator is a customer due diligence system. The API Anomaly Detector is an ICT security monitoring system. The Regulatory Tracker is a compliance monitoring system.

All five must comply with Articles 9-15 by August 2, 2026:

Article Requirement How the Orchestrator Addresses It
Art. 9 Risk management system Each agent’s system prompt defines its operating boundaries. The orchestrator logs every tool invocation and output.
Art. 10 Data governance Synthetic data for the demo. Production deployments specify data lineage per agent.
Art. 11 Technical documentation The five agent articles plus this orchestrator article constitute the pre-deployment documentation.
Art. 12 Record-keeping Unified timeline with 5-year retention. Every AI recommendation and human decision logged.
Art. 13 Transparency Every alert includes the rule or pattern that triggered it, the data that matched, and the confidence level.
Art. 14 Human oversight No agent takes irreversible action. Every regulatory filing, customer decision, and security response requires human approval.
Art. 15 Accuracy and robustness Detection accuracy targets defined per agent. Back-testing required before rule changes.

The orchestrator is the governance layer. It does not just route data — it enforces the audit trail, the human-in-the-loop checkpoints, and the explainability requirements that the AI Act demands.

Penalties: up to EUR 35 million or 7% of worldwide turnover for prohibited practices. Up to EUR 15 million or 3% for other infringements.

DORA — Operational Resilience

DORA (Regulation 2022/2554) has been in force since January 17, 2025. It governs ICT risk management for all EU financial entities. The API Anomaly Detector is the primary DORA agent, but the regulation affects the entire system:

The orchestrator’s fallback mode: if the LLM is unavailable, the rule engines and threshold checks continue to fire. Alerts generate without narratives. Humans receive raw data instead of AI-drafted summaries. The system degrades gracefully — detection continues, explanation pauses.

MaRisk — The German Baseline

MaRisk AT 4.4.2 mandates the compliance monitoring function. MaRisk AT 6 mandates the audit trail. MaRisk AT 7.2 mandates model validation. Together, they define the minimum governance requirements:

The orchestrator enforces these by construction. The timeline is the audit trail. The human approval checkpoints are the four-eyes principle. The Regulatory Tracker is AT 4.4.2 in code.

Human-in-the-Loop: The Architecture

The orchestrator enforces a strict boundary: AI recommends, humans decide. This is not a design preference — it is a legal requirement under GwG, the EU AI Act, and BaFin’s AI Principles.

Actions That Require Human Approval

Action Approver Legal Basis
Filing a Verdachtsmeldung MLRO GwG Section 6 — personal liability
Dismissing an AML alert Compliance analyst MaRisk AT 6 — documented rationale required
Classifying a DORA incident as “major” CISO DORA Article 18 — triggers reporting obligations
Submitting a DORA notification CISO + CRO DORA Article 19
Approving a PEP relationship Senior management GwG Section 15
Accepting a high-risk KYC customer Senior compliance officer GwG Section 15
Declining a KYC application Compliance officer Institution policy
Submitting a BaFin large exposure breach notification CRO CRR Article 396
Blocking customer accounts Compliance officer False positive risk
Customer-facing communications Compliance + Legal Tipping-off risk (GwG Section 47)

Actions the Orchestrator Can Automate

Action Conditions Guardrails
Alert generation and scoring Always Logged, auditable
Data enrichment and context gathering Always Read-only
SAR/report narrative drafting Always Human reviews before filing
Low-risk KYC auto-approval All checks clean, risk score < 25 Periodic QA sampling, 5-10%
Sanctions false positive auto-clearing Differentiating data conclusive Logged with reasoning
Rate limiting escalation Threshold breach Reversible, reviewed within defined window
IP blocking of clearly malicious sources High confidence Reversible, logged

The orchestrator’s role at every decision point: present the evidence, present the recommendation, wait for human action. The timeline entry stays in “Action Required” status until a human resolves it. SLA clocks tick. Escalation rules fire if the clock expires.

From Assistant to Autonomous Platform

Currently, the agents analyze, recommend, and log their proposals, but execution still requires human approval and manual action. The next step: a one-click “Execute Recommendation” button in the dashboard.

What Execute Means Per Agent

Agent Recommendation One-Click Execution
Compliance Monitor “File Verdachtsmeldung” Pre-populate goAML submission form, stage for MLRO final sign-off
Exposure Monitor “Accelerate syndication of EUR 200M tranche” Initiate syndication workflow, notify portfolio management, draft term sheet
Regulatory Tracker “Create remediation plan for 3 identified gaps” Generate gap remediation tickets with owners, deadlines, and Jira/ServiceNow integration
API Anomaly Detector “Enable enhanced rate limiting on /transfers” Push rate limit config change to API gateway, log the change, set auto-revert timer
KYC Orchestrator “Escalate to EDD queue” Route case to senior compliance officer’s queue with pre-filled EDD checklist

This transforms the platform from “very helpful assistant” to “autonomous operations platform.” The agent does not just tell you what to do — it can do it for you, with appropriate oversight.

Guardrails for Autonomous Execution

Autonomous does not mean uncontrolled. Every executable action requires:

The Consulting Differentiator

This is the key positioning for the consulting pitch: “AI that not only tells you what to do, but can do it for you — with appropriate oversight.”

Generic AI can draft text. Industry-specific compliance and reporting is where generic AI falls flat on its face. BaFin reporting, SOX compliance, healthcare HIPAA logs, financial audit trails — these are not “write a report” tasks. They require domain-specific templates, regulatory knowledge, and integration with industry-standard submission systems like goAML, Bundesbank ExtraNet, and COREP filing platforms.

The agents become adapters. We are not selling generic AI — we are selling “AI that speaks BaFin” or “AI that understands your compliance framework.” Each industry vertical becomes a specialized offering with pre-built regulatory integrations. This makes the service stickier, harder to replace, and justifies premium pricing. Companies will pay handsomely for AI that already knows their regulatory language.

The Solaris Pitch

Solaris SE is under intensified BaFin supervision. A special representative has been monitoring the bank since 2022. In June 2025, BaFin fined Solaris EUR 500,000 for repeatedly exceeding CRR large exposure limits between January 2022 and March 2024. Since early 2023, Solaris may only accept new corporate clients with BaFin’s prior approval. BaFin has warned of further fines if AML control improvements are not completed on schedule.

Every agent in this demo addresses a documented failure:

Agent Solaris Problem What the Agent Does
Exposure Monitor Fined for repeated CRR limit breaches Detects breaches intraday, not next quarter
KYC Orchestrator Restricted from accepting new clients without BaFin approval Automates pipeline with full audit trail
Compliance Monitor Under special monitoring for AML controls Scans every transaction, drafts SARs in minutes
Regulatory Tracker 200-400 regulatory changes per year to assess Flags gaps within minutes of publication
API Anomaly Detector DORA compliance now mandatory Detects and reports ICT incidents per DORA Articles 17-19

The pitch is not “replace your compliance team.” The pitch is: “Your compliance team is doing this work manually, slowly, and incompletely. These agents do the first pass in minutes. Your team still reviews, still decides, still signs off. But they start with a draft SAR, a gap analysis, an exposure calculation, an incident narrative — not a blank page.”

Building It: The Implementation Path

Phase 1 — Synthetic Data Generator

A reusable data generator that produces:

This feeds all five agents. Build once, reuse across every demo.

Phase 2 — Compliance Monitor

The flagship agent. Full detection pipeline: sanctions screening → rule engine → ML scoring → LLM narrative. This establishes the template — ingest, detect, narrate, present — that the other four agents follow.

Phase 3 — Exposure Monitor

The simplest agent. Pure arithmetic plus LLM explanation. Sum positions, check against 25% limit, generate narrative when thresholds cross. Half-day build if the data generator is done.

Phase 4 — Regulatory Tracker

The most impressive agent for a live demo. Real BaFin RSS data — not synthetic. Scrape, classify, map to controls, detect gaps. The audience sees a real regulatory bulletin processed in real-time.

Phase 5 — API Anomaly Detector + KYC Orchestrator

The remaining two agents. The API Anomaly Detector is statistical baselines plus correlation logic. The KYC Orchestrator is a pipeline with parallel verification checks managed by the orchestrator. Both can be simplified for the demo — hardcoded thresholds instead of adaptive baselines, mock verification services instead of real API calls.

Phase 6 — Instance Provisioning

Infrastructure-as-code for customer deployment:

Phase 7 — Unified Dashboard

Single-page application showing the timeline. Color-coded severity. Agent source tags. Drill-down to full narrative. Role-based filtering. This is the presentation layer that ties everything together.

Demo Flow: Five Minutes, Five Agents

The demo runs live. Real-time. No slides.

Minute 1 — The Stream. Normal transaction data scrolling in the timeline. Salary deposits, utility bills, retail purchases. The dashboard is green. All five agents are running — their health indicators show active in the header.

Minute 2 — Compliance Monitor Fires. Eight transfers from the same sender, each EUR 9,750, within 36 hours. The structuring rule triggers. Risk score: 87/100. The LLM drafts a Verdachtsmeldung narrative citing GwG Section 43 and FATF structuring typology. The timeline entry appears in red: “Action Required — MLRO Review.” The SLA clock starts: 24 hours.

Minute 3 — Exposure Monitor Fires. A EUR 120 million drawdown on a revolving credit facility pushes EuroAuto AG from 74% to 87% of the CRR large exposure limit. The gauge on the dashboard slides from green to orange. The LLM explains: what happened, how much headroom remains, three recommended actions (freeze new approvals, accelerate syndication, evaluate CDS protection). “Action Required — CRO Review.”

Minute 4 — Regulatory Tracker Fires. A new BaFin bulletin appears on the real RSS feed. The agent classifies it: HIGH relevance, affects risk management and lending. Maps to existing controls. Finds 3 gaps — no control for ESG risk in market risk management, no social risk assessment framework, no ESG data governance policy. Remediation timeline auto-generated. “Action Required — Compliance Officer Review.”

Minute 5 — The Correlation. The audience sees the timeline: three events from three agents in four minutes. The orchestrator has tagged them with severity, category, responsible role. The compliance officer’s view shows the SAR draft and the gap assessment. The CRO’s view shows the exposure warning. The CISO’s view shows all five agents healthy, no security incidents.

Then, if time permits: the API Anomaly Detector fires on a credential stuffing scenario. 847 unique IPs, headless browser User-Agents, auth failures spiking 400%. The LLM generates the incident narrative with MITRE ATT&CK mapping. The KYC Orchestrator runs a clean applicant through the pipeline in 47 seconds, then hits a PEP match that escalates to the EDD queue.

Five agents. One timeline. Every alert explained. Every action requiring human approval. Every decision logged.

What This Proves

The demo does not prove that AI can replace compliance teams. It proves something more useful: AI can do the first pass — the reading, the screening, the calculating, the correlating, the drafting — so that compliance professionals start their work with evidence and analysis instead of raw data.

A compliance analyst manually processing a standard KYC application takes 30-60 minutes. The orchestrator does it in under a minute for clean passes. A regulatory change assessment takes 2-3 days. The orchestrator does the initial classification and gap detection in minutes. An exposure limit breach from an overnight FX movement gets caught next morning at best. The orchestrator catches it intraday.

The speed matters. But the completeness matters more. Every sanctions list was checked. Every threshold was calculated. Every gap was identified. Every alert comes with an explanation — not just “flag,” but “here is what happened, here is why it matters, here is what you should do, and here is the regulation that requires it.”

The orchestrator is the connective tissue. It turns five useful agents into a compliance nervous system. And when a BaFin examiner asks “how do you monitor this?” — the answer is a unified timeline with a complete audit trail, not a spreadsheet and a prayer.

What We Do Not Know Yet

We are missing critical operational data about Solaris itself. The architecture has monitoring agents, incident responders, compliance trackers — but we do not know if Solaris handles 10 incidents per day or 1,000.

To build a proper cost-reduction model and size the engagement correctly, we need a baseline:

Without this baseline, we cannot credibly say “this saves you X headcount” or “this reduces alert review time by Y%.” The demo proves the technology works. The business case requires their numbers.