An agnostic agentic layer is only the entry point. What makes it work is the domain depth beneath it.

At Money20/20 Europe in Amsterdam, the dominant feeling on the floor was fatigue with AI claims. Nearly every stand promised agentic AI; far fewer could show it resolving a real case. So in our Glass Box session at MoneyLab, we did the opposite of a roadmap pitch. We handed compliance officers a laptop and a set of genuine, messy money-mule cases and asked them to run the investigation themselves on Ray, our agentic investigation layer.

What they saw was concrete: the system pulling disparate data, tracing behavioral flows, and assembling an audit-ready case file in front of them. The value of that exercise was not the novelty of agents. It was watching teams who live inside legacy workflows recognize how much of their day the layer gives back.

The structural ceiling

Most operations leaders face the same ceiling. Monitoring and screening systems generate alert volume but little context. Skilled analysts spend a large share of their time on data assembly — looking up counterparties and geolocations, pulling prior alerts, compiling files — rather than on judgment. EY’s research on agentic AI in financial crime puts a number on the opportunity: a 50% reduction in time per AML investigation, roughly two hours of analyst labor saved per case. Applied to a 200-analyst financial intelligence unit, our own modeling puts the recurring annual saving in the multi-millions.

Who gets to build the agentic layer

The conversation usually narrows to a question of who is positioned to build this layer credibly. The market tends to come from one of two ends. Newcomers are agentic-native but thin on the financial-crime domain. Incumbents have the domain but are retrofitting AI onto rule-based architecture.

ThetaRay sits in neither camp. We come from the industry From over a decade of AI-based detection running in production at tier-one banks, backed by our own patents. That heritage is the reason Ray is more than an LLM wrapper. An agentic investigation layer is only as good as two things: the signals feeding it, and whether it understands what actually decides a case. We know what an investigator needs because we have spent years building the systems that generate those alerts in the first place.

Agnostic by design, deeper by choice

Ray Platform is deliberately agnostic. It connects via secure APIs and sits over whatever core case management, monitoring, or screening systems you already run — on-premise or cloud-native — with no migration and no rip-and-replace. For an institution caught between false-positive-heavy legacy systems and an IT organization that cannot absorb a multi-year replacement, that is the entry point: immediate capacity, zero infrastructure friction.

But it does not end there. Ray is one layer in a deeper stack we have built over years. Each layer stands on its own and works in concert with the others — detection and investigation as a coordinated, multi-layered defense rather than a single product. An institution can start with Ray over a third-party core and expand toward a fuller, more complete picture when it chooses. The better the detection beneath it, the sharper the investigation on top.

How it works

The moment an alert fires, Ray Platform’s agents act: pulling KYC, alert history, and adverse media across data boundaries, validating counterparties, and running historical analysis in parallel before drafting a natural-language case file. Two design choices matter for a compliance audience. Agents are grounded through tool augmentation:  they retrieve exact KYC profiles and alert data rather than generating them,  which keeps the output defensible rather than speculative. And an interactive assistant sits inside the case file, so investigators can interrogate anomalies directly. The infrastructure runs on Microsoft Azure.

In practice, this compresses investigation Level 1 and Level 2 work into minutes and brings end-to-end resolution times down by 40% to 70%, while final judgment stays with the analyst, where it belongs.

Scaling a compliance function by adding headcount has reached its limit. The more durable path is to give existing teams an investigation layer that does the assembly for them — and to build it on a foundation that already understands the work. Agnostic where you need it, deeper when you are ready.