Policies
Financial Policy
Fraud & Risk Control for Fintech Agents
Financial Policy
The Financial Policy Pack (financial.yml) is designed for high-risk fintech environments where agents interact with payment gateways, ledgers, or banking APIs.
Rules
| ID | Rule Name | Description | Action |
|---|---|---|---|
| FIN-001 | amount-limit-hard | Block transactions > $50,000 | DENY |
| FIN-002 | amount-limit-soft | Flag transactions > $10,000 for review | ESCALATE |
| FIN-003 | velocity-check | > 5 transactions/min from same agent | DENY |
| FIN-004 | offshore-transfer | Detect international IBANs/SWIFT codes | ESCALATE |
| FIN-005 | crypto-address | Block transfer to known crypto wallet patterns | DENY |
| FIN-006 | insider-trading | Detect keywords related to non-public info | ESCALATE |
| FIN-007 | auth-bypass | Detect attempts to modify auth headers | DENY |
Usage
In your abs-config.json or .env:
{
"policies": {
"financial": "enabled"
}
}Advanced Configuration
1. Dynamic Thresholds (Agent Tiering)
Instead of hardcoded limits, you can use expressions to set dynamic thresholds based on agent metadata:
# rules/financial.yml
- id: FIN-003
name: velocity-check
description: "Dynamic velocity limit based on agent tier"
condition:
# VIPs get 50/min, others get 5/min
limit: "${agent.tier == 'vip' ? 50 : 5}"
window: "60s"
action: DENY2. State Architecture (Velocity Checks)
Velocity checks require state. ABS Core supports two state backends:
| Backend | Latency | Consistency | Use Case |
|---|---|---|---|
| In-Memory (Default) | <5ms | Eventual (Per-Region) | Dev / Low-Risk |
| Redis / KV | ~30ms | Strong | Production / High-Risk |
Note: The
velocity-checkrule automatically uses atomic counters. If using In-Memory, counters reset if the worker node restarts. For production, configure a Redis connection string in your.env.
3. State Flow Diagram
Visualizing how the engine handles stateful checks:
graph TD
A[Agent Request] --> B{Identity Extracted?}
B -- No --> D[DENY: Unauthenticated]
B -- Yes (AgentID) --> C[Fetch State (Redis)]
C --> E{Check Threshold}
E -- Limit Exceeded --> F[DENY: Rate Limit]
E -- Within Limit --> G[Update Counter (+1)]
G --> H[ALLOW: Pass to LLM]
style C fill:#f9f,stroke:#333
style G fill:#bbf,stroke:#3333. Latency Benchmarks
- Stateless Checks (Regex/Static): < 5ms
- Stateful Checks (Velocity/Frequency): 20-50ms (dep. on external store)
JSON Schema
The policy enforces the following schema on financial.transfer events:
{
"amount": "number",
"currency": "string",
"recipient": "string",
"reason": "string"
}