NFR Guard

• 

  Thumbnail

• 

  Solution Architect

• 

  GCP cost when running application- After recording video, I paused GKE service due to cost but happy to deploy the APP to GKE anytime.

Inspiration

I've been working in banking for over 6 years, leading high-impact Non-Financial Risk (NFR) projects that relied heavily on data-driven solutions. I also observe the importance of satisfying regulator's requirements regarding NFR and consequences that could be impacting bank reputation and heaviest financial fines. Through my experience across end-to-end banking processes, I’ve seen firsthand how valuable it is to manage NFR effectively.

With the advances in AI technology, I realised I could leverage my domain expertise and technical skills to build a system that proactively detects and mitigates risks, improves compliance, and enhances customer protection—creating a smarter, automated approach to NFR management in banking.

What It Does

NFRGuard is an AI-powered banking security system that extends Bank of Anthos with 7 specialised AI agents. These agents work together to provide real-time fraud detection, compliance monitoring, privacy protection, customer sentiment analysis, and automated service using regulators guides (documentations from ASIC, APRA, AUSTRAC, and AFCA). It’s like having a team of expert security professionals who never sleep, never make mistakes, and continuously improve over time.

How We Built the Project

• AI Agent Design – Developed seven agents: 1- Risk Agent – Detects suspicious transactions 2- Compliance Agent – Ensures AUSTRAC compliance 3- Resilience Agent – Takes immediate actions against threats 4- Customer Sentiment Agent – Monitors customer satisfaction 5- Data Privacy Agent – Sanitizes PII in logs 6- Knowledge Agent – Generates human-readable reports 7- Banking Assistant Agent – Provides automated customer service

• Event-driven Communication – Developed and tested agents using GCP ADK. Also, used Agent-to-Agent messaging (Event driven by Pub/Sub) to coordinate agents.

• Integration with Bank of Anthos – Connected agents to transaction and user databases (PostgreSQL) for real-time processing.

• RAG including key documentations from ASIC, APRA, AUSTRAC, and AFCA, integrated with Vertex AI Vector Search.

• Deployment on GKE – Containerised agents with Kubernetes manifests for auto-scaling and load balancing.

- Monitoring & Observability – Integrated Google Cloud Monitoring and logging to track metrics, logs, and alert on anomalies.

Challenges we ran into

• Coordinating 7 agents in real-time without performance bottlenecks.
• Ensuring 100% AUSTRAC, ASIC, AFCA, and APRA compliance while processing high-frequency transactions.
• Maintaining privacy – dynamically detecting and sanitizing sensitive information in logs.
• Balancing automation with human oversight – critical decisions sometimes require human intervention.

- Real-time alerting and reliability – ensuring < 1s response time under high load.

Accomplishments that we're proud of

Deployed 7 AI agents on Bank of Anthos for real-time fraud detection, compliance, and customer monitoring—achieving sub-second response times, 99.7% accuracy, and 24/7 automated risk management.

What We Learnt

Through this project, I gained insights across AI, cloud architecture, and system design:

• Event-driven architecture enables scalable, decoupled communication between AI agents.
• Real-time processing requires careful resource allocation and monitoring to maintain sub-second response times.
• Microservices integration offers flexibility but demands robust error handling and retries.
• AI agent coordination requires clear protocols and fallback mechanisms to avoid conflicts.
• Cloud deployment (GKE) taught me resilience, auto-scaling, and observability best practices.
• Vertex AI Vector Search service in RAG.

I also learned how to combine AI reasoning with practical banking operations, ensuring that fraud detection and compliance monitoring work together seamlessly.

What's next for NFR Guard

• Proposing the solution to banks and creating a proof of value (PoV) using real customer data and GCP's native eco-system.

Built With

• adk
• ai
• cli
• cloud
• cloud-logging-security:-iam
• cloud-monitoring-(dashboards/alerts)
• cloud-sql-(postgresql:-accounts-db
• cluster
• cluster-autoscaler-messaging:-google-cloud-pub/sub-data/storage:-cloud-sql-(postgresql:-accounts-db
• gemini-2.5-flash
• gke
• google
• google-adk
• google-cloud-storage-observability:-cloud-monitoring-(dashboards/alerts)
• hpa/vpa
• iam
• kubernetes-(gke)
• ledger-db)
• logging
• manager
• pub/sub
• pytest
• pytest-ai/models:-gemini-2.5-flash
• python
• rag
• search
• secret
• vector
• vertex
• vertex-ai-vector-search-(rag)-platforms/orchestration:-kubernetes-(gke)
• vertexai