AI PM Portfolio · Fintech · Berlin, 2026

A fraud investigator's co-pilot for SEPA-native, BaFin-regulated banking

A human-in-the-loop agentic triage assistant — inspired by public N26 job postings and BaFin regulatory findings. Built in 14 days using LangGraph, Claude Sonnet 4.6, and the public IEEE-CIS dataset.

LangGraph · Claude Sonnet 4.6 · Streamlit
EU AI Act high-risk classification
Public IEEE-CIS dataset + synthetic SEPA rows
fraud-triage-agent · investigator review panel
CASE_004821 · 05.07.2025 · 02:14
€ 2,340.00
SEPA Instant · DE → NL · MCC 6012 Peer transfer
ESCALATE AML SIGNAL
Upstream fraud score
0.847 — high
SEPA type
Instant · irreversible
Velocity (30d)
14 txn — above threshold
Geography
Cross-border DE → NL
Agent reasoning trace
This SEPA Instant transfer of €2,340 shows three concurrent risk signals: (1) upstream fraud score of 0.847 — well above the high-confidence threshold; (2) high velocity — 14 transactions in 30 days exceeds the normal range for this customer segment; (3) cross-border transfer to a new payee in the Netherlands via a peer-transfer MCC. The combination of an irreversible payment type with a novel high-value cross-border payee raises an AML concern in addition to the fraud signal. I am not able to rule out either scenario with confidence.
Confidence
medium
Human review required. AML signal detected — this routes to SAR filing, not customer contact. Confidence is medium — mandatory escalation per EU AI Act Article 14 HITL rules.
Approve
Decline
Escalate →

Sample agent output — generated using public IEEE-CIS dataset. No real customer data.

Section 01 · Problem & market context

A documented failure, not a hypothetical pain point

BaFin, Germany's financial regulator, fined N26 €4.25M in 2021 and €9.2M in 2024 specifically for systematic delays in filing suspicious activity reports. A special audit in 2024 found serious deficiencies in risk management and complaint handling, leading to the appointment of a second special monitor. The root cause named in every enforcement action: compliance infrastructure that could not scale with the bank's transaction volume.

The bottleneck is not fraud detection. N26 has an upstream fraud scoring model. The bottleneck is the reasoning step between a flag and a human decision — investigators manually reviewing cases with no structured context, no explainability, and no way to log their decisions in a BaFin-auditable format at scale.

€9.2M
BaFin fine for delayed suspicious activity reporting, 2024
Source: BaFin enforcement notice, May 2024
Special compliance monitors appointed since 2021 — remediation did not hold
Source: BaFin / AML Intelligence, Dec 2025
4mo
Reported customer resolution time on a straightforward fraud case, Trustpilot 2024–25
Source: Trustpilot / n26.com, verified 2025
Art. 14
EU AI Act human oversight requirement — financial decisions must have a mandatory review gate
Source: EU AI Act, Annex III + Article 14

Section 02 · Why AI, not automation

Rules handle known patterns. The hard cases are the novel ones.

A rules-based system handles known SEPA fraud typologies well — velocity thresholds, blacklisted BICs, known mule IBAN patterns. N26 already has these. What it cannot do is reason over a case where signals conflict: a legitimate-looking high-value SEPA Instant transfer to a new payee that matches a known APP scam pattern but also matches normal behaviour for this customer segment.

These ambiguous cases are where investigators spend disproportionate time — and where delays in SAR filing accumulate. An LLM-based agent adds value here not by replacing the investigator's judgement, but by assembling the case file, naming the conflicting signals, and explaining its reasoning. The investigator's cognitive load shifts from gathering context to evaluating a structured argument — a much faster task.

Section 03 · User & job-to-be-done

One user, one job, one friction point

User: Fraud investigator, N26 Financial Crime team. Reviews 50–200 flagged transactions per shift. Has a fraud score but no context around it. Must log a defensible decision in a BaFin-auditable format.

Job to be done: Given a flagged transaction, gather relevant context, make an approve / decline / escalate decision, and move to the next case — in under 3 minutes per case, with a written rationale that satisfies a BaFin audit examiner.

Current friction: Steps 1–3 (gather context, cross-reference history, write rationale) are entirely manual and unstructured. The investigator opens 3–4 internal tools, runs queries, and types free-form notes. On novel cases — new payee, cross-border SEPA Instant, conflicting signals — this takes 10–20 minutes.

Section 04 · Product design decisions

Five decisions that separate this from a demo

01
Human-in-the-loop as a hard constraint, not a UI option
The system never auto-acts. Escalation rules are hardcoded in the agent graph — not configurable by users. Any low/medium confidence recommendation, any decline above €500, and any AML signal triggers mandatory human review. This is the EU AI Act Article 14 implementation, not a feature toggle.
02
Structured signal extraction in Python, not the LLM
Velocity counts, amount comparisons, and threshold checks happen in pandas before the LLM is called. LLMs hallucinate arithmetic over tabular data. The LLM receives structured findings ("14 transactions in 30 days — above normal threshold") and reasons over them — which is what it is actually good at.
03
Calibrated confidence, not just a label
The agent outputs a confidence band (high / medium / low) and a 0–1 score. The evaluation harness plots confidence vs correctness to check calibration — does "high confidence" actually correlate with correct recommendations? This is section 6 territory; the visual is in the evaluation section below.
04
AML vs fraud routing as a first-class output
German banks must distinguish fraud (block transaction / reimburse customer) from AML suspicion (Verdachtsmeldung to the FIU — the customer cannot be told). The agent outputs a secondary_flag field that routes AML-flagged cases to a separate escalation path, with an explicit note that this triggers reporting obligations rather than customer contact.
05
Audit log as a product feature, not infrastructure
Every agent recommendation, confidence score, and investigator override is written to an append-only SQLite log with a timestamp and case ID. This is the audit trail BaFin examiners would expect to see under MaRisk. The feedback loop — using investigator overrides to recalibrate confidence over time — is architecturally present; the recalibration visualisation was cut from v1 (see section 10).

Section 05 · Evaluation framework

Three metrics that prove this works, not just runs

Evaluated on a 50-case held-out set from the IEEE-CIS dataset (25 fraud, 25 legitimate), not used during prompt development. Results below — replace with your actual numbers after Day 10.

Agreement rate
100%
Agent recommendation directionally correct vs ground truth — fraud escalated or declined, legit approved or escalated
Calibration
0%
Fraud cases incorrectly approved — the metric that matters most under BaFin / PSD2 liability rules
Escalation rate
50%
Cases routed to mandatory human review by HITL rules — by design for EU AI Act Article 14 compliance
Reasoning quality
2/5
Traces cite case-specific values but show dataset homogeneity from the IEEE-CIS transformation — a known limitation documented in the case study

Section 06 · Regulatory classification

High-risk by design — not by accident

This system was designed from day one as high-risk under EU AI Act Annex III (systems affecting creditworthiness and financial access). The design decisions in section 4 flow directly from this classification — they are not bolted-on compliance checkboxes.

RegulationImplementation in this prototype
EU AI Act — Annex IIIClassified as high-risk. Decision-support only — no autonomous actions on accounts.
EU AI Act — Article 14Hardcoded HITL escalation rules. Human approval required on every case. Low/medium confidence → automatic escalation.
BaFin / MaRiskAppend-only SQLite audit log: timestamp, case ID, recommendation, confidence score, investigator decision, override reason.
GDPR — Article 22No solely-automated decisions. Written reasoning trace enables right-to-explanation. Data minimisation: agent retrieves only fields needed for the case.
PSD2Explicit fraud type classification: APP fraud (customer-initiated, different PSD2 liability) vs card fraud. Different escalation paths.
GwG / AMLAML secondary flag routes cases to SAR path — not customer contact — with explicit note on confidentiality obligation (Verdachtsmeldung).

Section 07 · Architecture snapshot

Five nodes. One hard boundary.

A LangGraph state graph — not a single-shot chain. Each node has a defined input and output. The HITL boundary is node 4 (apply_hitl_rules), not the UI. The decision to escalate is made in code, before a human ever sees the recommendation.

Retrieve case + history
Analyse pandas rules
Reason LLM call
HITL rules escalation gate
Log SQLite audit
Human investigator · Accept / Override / Escalate
LangGraph StateGraph · Claude Sonnet 4.6 · Streamlit UI · SQLite audit log

Section 08 · 90-day success metrics

What good looks like at day 30, 60, and 90

If this shipped as a real product at N26, these are the metrics I would track — and the ones I would use to argue for continued investment after the pilot.

Day 30
  • Average case review time <3 min (baseline: ~12 min manual)
  • 100% of escalated cases have a written reasoning trace
  • Zero auto-acted transactions (HITL compliance rate: 100%)
Day 60
  • Investigator override rate tracked and trending
  • SAR filing latency reduced vs pre-tool baseline
  • Calibration plot shows high-confidence cases are correct ≥85%
Day 90
  • Feedback loop: override patterns surfaced to prompt tuning team
  • BaFin audit readiness: full decision log exportable on demand
  • PM review: recommendation on expanding to additional case types

Section 09 · What was cut from v1

Scope decisions, not failures

DEFERRED
AML secondary routing UI. The AML flag and routing logic is present in the agent — the investigator sees the flag and escalation note. The separate investigator workflow for SAR filing (different screen, different team) was out of scope for a 14-day build.
DEFERRED
Recalibration visualisation. SQLite logging of investigator overrides works. The dashboard showing override patterns feeding back into confidence recalibration was cut — the architecture supports it, the UI does not yet expose it.
DEFERRED
Case queue view. The demo shows one case at a time. A real investigator UI would show a prioritised queue of open cases. Single-case view is sufficient to demonstrate the agent's core reasoning capability.
SIMPLIFY
Calibration plot replaced with accuracy table. The Brier score and calibration curve are computed — but a table is easier to read in a 14-day prototype context. A full calibration plot is available in the GitHub notebook.
KNOWN LIMIT
Dataset homogeneity. The IEEE-CIS velocity transformation caps at 50 transactions for a subset of cases, producing similar reasoning traces across the eval set. A production system would use real per-customer transaction history — this is documented transparently as a prototype limitation.

Section 10 · Data & tools

Everything is public. Nothing is borrowed.

Data transparency statement: All data used in this prototype is derived from the public IEEE-CIS Fraud Detection dataset (Kaggle) and synthetic records generated by the author. No real customer data, no N26 internal data, and no confidential information was used at any point. Company references are inspired by published job postings, public regulatory filings, and publicly available product direction — not insider knowledge.

Dataset
IEEE-CIS (Kaggle)
Public, 590k rows, rich features. Transformed to SEPA format.
Agent framework
LangGraph
Graph model — right abstraction for multi-node triage flow.
LLM
Claude Sonnet 4.6
Strong reasoning, structured output, cost-effective for iteration.
Feature eng.
Python / pandas
Deterministic arithmetic — not the LLM's job.
UI
Streamlit
Fast to build, shareable URL, looks like a real tool.
Audit log
SQLite
Zero infra overhead. Append-only. BaFin-auditable.

Built by [Your Name] · AI PM Portfolio · July 2026

See the agent reason through a live case

Deployed on Streamlit Community Cloud. No login required.