Building a Sandboxed Global KYC/KYB Agent on Weilchain

A technical deep-dive into deploying an AI-powered KYC due diligence agent as an on-chain applet, with full audit trail guarantees.

Overview

Regulatory compliance is expensive, slow, and manual. Know Your Customer (KYC) and Know Your Business (KYB) workflows require analysts to cross-reference public registries, securities filings, insider trading disclosures, corporate charge registers, and insolvency records — often across multiple jurisdictions — before onboarding a counterparty.

The KYC agent described in this document is a Rust-based applet that wraps a large language model and connects it to two MCP (Model Context Protocol) servers — one covering U.S. SEC filings (USkyc) and one covering the UK Companies House registry (UKkyc). The applet runs inside a deterministic WebAssembly sandbox on a blockchain runtime, which means every tool call the agent makes is cryptographically committed to an on-chain transaction. That transaction record is the audit log.

Architecture

User Prompt
     │
     ▼
┌─────────────────────────────────┐
│   KycAgentappletState         │  ← applet (WASM, on-chain)
│   - description                 │
│   - mcp_applet_addresses[]    │  ← pointers to USkyc / UKkyc applets
│   - server_names[]              │
│   - model (LLM config)          │
│   - model_key                   │
└────────────┬────────────────────┘
             │  delegates to
             ▼
┌─────────────────────────────────┐
│   BaseAgentHelper               │  ← shared on-chain helper applet
│   (base_agent_helper::weil)     │
└────────────┬────────────────────┘
             │  tool calls via MCP
      ┌──────┴──────┐
      ▼             ▼
  USkyc MCP     UKkyc MCP
  (SEC EDGAR)   (Companies House)

applet Entrypoint

The applet exposes a single public method:

// kyc_agent/src/lib.rs
#[query]
async fn run_task(&self, task_prompt: String) -> Result<String, String>

The Two MCP Toolsets

USkyc — U.S. SEC Filings

Backed by the SEC's EDGAR full-text search system and the EDGAR filing APIs. All form types publicly available since 1993.

Supported form types: 10-K, 10-Q, 8-K, DEF 14A, S-1, 424B5

Section identifiers for extract_filing_section:

• 1 — Business description
• 1A — Risk Factors
• 7 — Management's Discussion & Analysis (MD&A)
• 8 — Financial Statements

UKkyc — UK Companies House

Backed by the Companies House public API, which reflects the statutory register under the Companies Act 2006.

Company number format: 8-digit zero-padded string, e.g., 00527217.

What the Agent Can Do

Task Category 1: U.S. Public Company Due Diligence

The agent chains multiple USkyc calls to build a complete SEC filing profile.

Example prompt:

"Get the most recent 10-K for AAPL. Extract the Risk Factors section. Then check for any insider selling between 2024-01-01 and 2025-05-01."

Execution sequence:

USkyc.get_recent_filings(ticker: "AAPL", form_type: "10-K")
  → filing_url

USkyc.extract_filing_section(filing_url: <url>, section: "1A")
  → risk factor text

USkyc.get_insider_transactions(ticker: "AAPL", start_date: "2024-01-01", end_date: "2025-05-01")
  → list of Form 4 transactions

What you get: Key risk themes categorized from the annual filing plus a timeline of director/officer share disposals, surfacing potential governance concerns before they reach public news.

Task Category 2: UK Company KYB Check

The agent resolves a company name to a number and then performs a full statutory data pull.

Example prompt:

"Run a full KYB check on Diageo. I need the company type, SIC codes, registered directors, any charges, and whether there's any insolvency history."

Execution sequence:

UKkyc.search_companies(search_term: "Diageo")
  → company_number: "00000052"

UKkyc.get_company_profile(company_number: "00000052")
  → entity type, SIC codes, registered address, key dates

UKkyc.get_company_officers(company_number: "00000052")
  → current directors, secretaries, appointment/resignation dates

UKkyc.get_company_charges(company_number: "00000052")
  → secured obligations, charge status (Satisfied / Unsatisfied)

UKkyc.get_company_insolvency(company_number: "00000052")
  → insolvency cases, types, dates, status

Task Category 3: Cross-Border Screening

The agent coordinates both MCP servers in a single task to build a unified cross-jurisdictional risk profile.

Example prompt:

"Compare the SEC filing risk profile for GOOGL with the UK company profile for Alphabet UK. Summarize any compliance flags in both markets."

Execution sequence:

USkyc.search_filings(search_term: "regulatory antitrust", form_type: "10-K", ...)
USkyc.get_recent_filings(ticker: "GOOGL", form_type: "10-K")

UKkyc.search_companies(search_term: "Alphabet UK")
UKkyc.get_company_profile(company_number: <result>)
UKkyc.get_company_charges(company_number: <result>)

What you get: A unified report linking U.S. SEC risk disclosures to UK statutory records — directly relevant for firms with dual-jurisdiction counterparty exposure.

Task Category 4: Targeted Risk Signal Searches

The free-text search capabilities of USkyc.search_filings enable keyword-driven surveillance across the full EDGAR corpus.

The Audit Trail: On-Chain Transaction Records

This is the distinguishing feature of running the agent as a applet rather than a conventional server-side process.

When run_task is called, the runtime records a transaction that includes:

{
  "user": "b7e4d22d760cc8c995bd0e7fd697414ab04463e...",
  "timestamp": 1779715443709,
  "mcp_server_name": "UK-KYC",
  "task_id": "749f4461601e4527aa6c8ad061af5f3e",
  "applet_address": "aaaaaaqkmwabkehvouq27tmryvv3evtwuv4uudgf3kbva5pjfhyyayubcq",
  "applet_method": "search_companies",
  "request": { ... full prompt + tool arguments ... },
  "tool_output": { ... raw API response ... }
}

Every individual MCP tool call is a separate sub-record within the transaction. The screenshot earlier in this document shows exactly this: a search_companies call for Reckitt Benckiser against the UK-KYC server, with the full Companies House response (company number 00527217, status active, incorporated 1953-12-23, registered address Bath Road, Slough, Berkshire, SL1 3UH) stored verbatim in the Txn Result field.

What this means in practice:

• Immutability: the record cannot be altered after commitment. No one can retroactively change what query was run or what data was returned.
• Attribution: the user field is a cryptographic identity, not a username string. The caller cannot repudiate the action.
• Non-repudiation of source data: the raw API response is committed, not just a summary. If a downstream decision was based on this data, the exact data state at decision time is recoverable.
• Replay: any auditor can reconstruct the agent's reasoning by replaying the committed inputs against the same MCP tool.

The commitment field in the Input Data (d64c4d46792cf77e1ca8c3486caeae0703cc5f705a71b7f0300a00aed8df274a) is a hash of the task inputs, making tamper detection trivial.

Regulatory Context

United States

Securities Exchange Act of 1934 — Section 16 / Insider Trading USkyc.get_insider_transactions surfaces Forms 3, 4, and 5, which are the statutory filings required under Section 16 of the Exchange Act. Section 16(b) creates a private right of action for short-swing profit recovery. Compliance teams use this data to screen counterparties for undisclosed related-party relationships and to assess whether recent insider activity is consistent with public disclosures.

SEC Regulation S-K / EDGAR Disclosure Requirements The SEC requires public companies to file 10-K annual reports, 10-Q quarterly reports, and 8-K material event disclosures via EDGAR. USkyc.search_filings and USkyc.get_recent_filings directly access this corpus. extract_filing_section pulls structured content from specific items required under Regulation S-K (Item 1A for Risk Factors, Item 7 for MD&A, Item 8 for Financial Statements).

Bank Secrecy Act (BSA) / AML Obligations Financial institutions under FinCEN supervision are required to implement Customer Due Diligence (CDD) programs under 31 CFR § 1020.210. The agent's ability to surface SEC risk disclosures and insider transaction patterns directly supports CDD and Beneficial Ownership verification workflows under the Corporate Transparency Act (CTA), effective 2024.

United Kingdom

Companies Act 2006 All data returned by the UKkyc MCP is sourced from Companies House, the statutory registrar operating under the Companies Act 2006. The Act requires every UK-registered company to maintain a public register of: directors and secretaries (ss. 162–167), registered charges (ss. 860–894), and insolvency proceedings (Insolvency Act 1986). The agent surfaces all three.

Proceeds of Crime Act 2002 (POCA) / Money Laundering Regulations 2017 (MLR 2017) UK regulated firms under the MLR 2017 (implementing the EU's Fourth and Fifth Anti-Money Laundering Directives in domestic law) are required to conduct Enhanced Due Diligence (EDD) on higher-risk customers and business relationships. get_company_charges and get_company_insolvency are the primary signals for financial distress screening, while get_company_officers supports Politically Exposed Person (PEP) and sanctions screening pipelines by providing authoritative officer name data.

UK Economic Crime (Transparency and Enforcement) Act 2022 This Act strengthened the Register of Overseas Entities and expanded unexplained wealth order powers. For entities with UK operations, the corporate profile data returned by get_company_profile - specifically SIC codes, company type, and registration date - provides the baseline data layer for assessing compliance with these obligations.

FCA: Senior Managers and Certification Regime (SM&CR) For regulated financial services entities, get_company_officers appointment/resignation dates are relevant to SM&CR fitness-and-propriety assessments. Rapid or unexplained director turnover is a recognized risk indicator under FCA supervisory guidance.

Example: Full Global Screening Workflow

Prompt:
"I need a global compliance summary for IBM. Check recent U.S. SEC filings,
any insider selling, and if there's a UK subsidiary, pull its profile,
officers, and any charges."

Agent execution:

1. USkyc.get_recent_filings(ticker: "IBM", form_type: "10-K")
   → IBM 2024 annual report URL

2. USkyc.extract_filing_section(filing_url: <url>, section: "1A")
   → Risk factor text (regulatory, litigation, cyber)

3. USkyc.get_insider_transactions(
     ticker: "IBM", start_date: "2024-01-01", end_date: "2025-05-25"
   )
   → Form 4 director/officer trades

4. UKkyc.search_companies(search_term: "IBM UK")
   → company_number for IBM United Kingdom Limited

5. UKkyc.get_company_profile(company_number: <result>)
   → SIC codes, company type, registered address

6. UKkyc.get_company_officers(company_number: <result>)
   → Director roster, appointment dates

7. UKkyc.get_company_charges(company_number: <result>)
   → Registered charges, satisfaction status

Output: Consolidated risk summary across both jurisdictions,
        all raw data committed immutably to chain.

Summary

The agent's design collapses a multi-step manual compliance workflow into a single natural-language call, while the blockchain runtime provides the evidence layer that compliance and audit functions require — without any custom logging infrastructure.