FinGuard-Copilot

FinGuard Compliance Copilot logo: AI-powered transaction compliance assistant built on Splunk Agent ecosystem.
Core risk metrics dashboard displaying overall compliance statistics and risk distribution.
Filterable transaction table auto-tagging high-risk activities under RBAC access control.
LangChain AI agent workspace for automated case research with Splunk & compliance RAG.
Network graph visualizing fund transfer chains to detect hidden money-laundering paths.
SHA256 hash-chained audit trail recording all user queries and AI operations for regulation compliance.

Inspiration

Compliance analysts spend 10 minutes per alert. Thousands of alerts daily. They work late, get tired, miss real fraud. It's not their fault. The system is broken. I built FinGuard to fix it.

What it does

Turns 10-minute manual reviews into 10-second AI investigations. One query. The AI automatically checks user profiles, transaction patterns, device history, and compliance laws. Returns risk score, anomalies, and regulatory citations. No clicks. No searching. Just results.

How I built it

I built this solo.

LangChain ReAct - Think → Act → Observe loop for multi-step reasoning
Streamlit - Interactive dashboard UI
Chroma - Vector search for compliance RAG (AML, PIPL laws)
OpenAI GPT-4o-mini - LLM backend
Security layer - RBAC, SHA256 audit trail, PBKDF2 pseudonymization, LLM Guard
Synthetic data - 10 users, 500 transactions with realistic fraud patterns

Challenges I ran into

Prompt injection prevention - Built LLM Guard to detect and block malicious inputs like "ignore previous instructions."

Audit trail integrity - Implemented SHA256 hash chain where every entry links to the previous. Any tampering breaks the chain.

PII protection - Used PBKDF2-HMAC-SHA256 with 100k iterations. Irreversible. Compliant with both PIPL and AML simultaneously.

ReAct agent latency - Optimized tool calls to complete all 4 investigations within 10 seconds.

Accomplishments I'm proud of

10 minutes → 10 seconds. 98% faster investigations.

Banking-grade security in a hackathon project. Four layers: RBAC, SHA256, PBKDF2, LLM Guard.

Real compliance RAG. Not just ChatGPT. Actual AML and PIPL laws cited with sources.

Tamper-proof audit trail. Every query logged in a cryptographic hash chain. Detectable if anyone changes data.

Zero PII exposure. Pseudonymization ensures real identities never surface.

One person. Full stack. 10 days. From concept to working demo with security, UI, agent, and data.

What I learned

AI alone is not enough. Security must be built in from day one, not added later.

ReAct framework works. Simple "Think → Act → Observe" loop is powerful for investigation tasks.

Local matters. Running on localhost means data never leaves the internal network. Banks care about this.

Synthetic data is powerful. Generated realistic fraud patterns without real user information.

Judge empathy matters. "They can go home on time now" lands harder than any performance metric.

What's next for FinGuard-Copilot

Real Splunk API integration - Replace mock data with live Splunk queries.

More anomaly detection models - ML models for pattern recognition beyond rule-based.

Multi-language support - Compliance laws from US, EU, APAC regions.

Blockchain audit storage - Immutable audit trail on chain.

Enterprise RBAC - LDAP/SSO integration for real bank deployment.

Production ready - Docker, CI/CD, cloud deployment options.

Built With

Updates

shuibuxing0.0 Wang started this project — Jun 15, 2026 05:56 AM EDT

Leave feedback in the comments!

Log in or sign up for Devpost to join the conversation.