A perspective from Andreas Kapsos, CEO of Match-Prime Liquidity
AI has been a sought-after capability in financial risk management for years due to its potential to shorten investigation cycles and respond far faster than manual workflows allow. But turning that promise into systems that genuinely remove work from the team has been much harder than the headlines often suggest.
Key Challenges in Risk Operations
Risk operations sit at the intersection of regulatory expectations, commercial consequences, and adversarial behavior. Building an AI system that can be trusted to act within that environment – not just assist around it – requires much more than a capable model.
It depends on strong upstream evidence preparation, clearly defined decision boundaries that hold up under stress, governance that can withstand audit, and an operational model that does not fail the moment the system encounters a case it has not seen before.
Faced with that complexity, most firms have stayed with a familiar model. Surveillance systems generate alerts, risk teams investigate manually, and decisions to act – whether restricting an account, halting a flow, or escalating a case – are ultimately made by humans. AI may support parts of that process, but the operational authority still sits with the team, and the response window is limited by how quickly that team can read, interpret, and act.
For threats that unfold slowly enough for human review, that approach works well. For threats that move faster, it becomes a hard ceiling.
Introducing a Risk AI Agent
Match-Prime has built and deployed an AI agent specifically designed to operate beyond those limits. Based on available public information, it is the first agent of its kind to make autonomous decisions at this level of operational consequence in the prime-of-prime liquidity space.
The system, internally referred to as the Risk AI Agent, addresses one of the more economically significant patterns in broker risk: coordinated, structured abuse of gold flow. It is a pattern that recurs regularly. The financial impact can compound quickly, and the traditional investigation cycle – surveillance flag, escalation, dealer review, protective action – often takes days. The behavior being investigated does not wait that long.
How the AI System Works
The AI agent’s architecture consists of three layers.
The first is surveillance. Match-Prime’s existing risk management system, HawkEye, identifies cases worth investigating using the same real-time infrastructure that supports session-level toxic flow detection across the firm’s wider risk operations. Its role is to surface candidates from large volumes of trading activity.
The second layer is quantitative validation. Here, a statistical engine reconstructs the recent trading context around the flagged event, calibrates it against historical cases, and tests whether the pattern shows the structural characteristics of genuine abuse rather than coincidental market noise. Its purpose is selectivity: separating signal from noise before any consequential decision is made.
The third is AI decision-making. Once a case has passed the first two layers, the Risk AI Agent reviews a prepared evidence package and makes the final judgment. When the required conditions are met, the agent triggers the protective restriction directly and in real time.
Human oversight remains part of the process. The risk team receives the full evidence package – including charts, quantitative results, and the agent’s reasoning – and retains the authority to validate, adjust, or reverse the action. Governance comes through explainability, auditability, and post-action protective response.
From Recommendations to Decisions
In practice, there is a critical difference between an AI system that recommends, and one that decides what makes the operational impact meaningful. Compressing time-to-action from days to minutes comes from one structural change: removing the manual gate between detection and response.
Two architectural points are worth naming.
First, the agent’s autonomy is tightly bounded. It does not act on raw suspicion. It acts only after upstream surveillance and quantitative validation have already raised the case to a level of evidence that, in a manual workflow, would typically justify action. What has changed is not the evidentiary standard, but the speed of the final step.
Designed for Evolving Patterns
The system was designed for change. The decision logic is not locked into fixed model weights that need retraining every time a new pattern variant appears. Instead, it sits in the evidence preparation layer and in the way the agent’s task is framed.
That means adapting to a new abuse variant – or even applying the same architecture to a structurally similar problem in another asset class – does not require a full retraining cycle. In a market where adversarial behavior is constantly evolving, that flexibility is a core part of the system’s resilience.
What Comes Next?
Match-Prime built the AI agent because threat dynamics began to outpace response times. Beyond the gold use case, the question is which other risk-decision classes can run on the same architecture under the same governance discipline. This is the next area Match-Prime is exploring.
