Finance

Banking & Financial Institutions

Financial institutions need AI agents that can monitor transactions in real-time, automate KYC workflows, and operate within strict regulatory boundaries. Tenzro provides the verifiable identity, confidential computing, and institutional-grade settlement infrastructure to make this possible.

The Problem

Banks and financial institutions face mounting pressure to deploy AI for compliance, fraud detection, and customer onboarding. But existing infrastructure creates fundamental challenges: AI models processing sensitive financial data run on shared cloud infrastructure with no hardware-level isolation, KYC decisions lack verifiable audit trails, and compliance agents cannot prove they operated within regulatory constraints.

■AML screening agents process PII without provable data isolation
■KYC automation lacks credential-based verification that regulators can audit
■Cross-institution settlement requires trusted intermediaries and multi-day clearing
■CBDC programmability needs smart contract execution within regulatory frameworks
■No way to prove an AI decision was made using a compliant model on compliant infrastructure

How Tenzro Solves It

Tenzro combines TEE confidential computing, Canton DAML smart contracts, verifiable credentials, and ZK proofs to give financial institutions an AI infrastructure layer that is auditable by construction. Every compliance decision carries cryptographic proof of the model used, the data processed, and the hardware it ran on.

TEE Confidential Computing

AML and fraud detection models run inside Intel TDX, AMD SEV-SNP, or AWS Nitro enclaves. Hardware attestation proves data isolation — customer PII never leaves the enclave. Certificate chain verification against Intel, AMD, AWS, and NVIDIA root CAs provides cryptographic proof.

KYC with Verifiable Credentials

TDIP identities carry W3C Verifiable Credentials for KYC attestations. Four KYC tiers (Unverified through Full) are enforced on-chain. Credential updates require cryptographic proof from an authorized issuer via update_kyc_tier_with_credential().

Canton DAML Settlement

Institutional settlement workflows execute on Canton DAML — purpose-built for regulated multi-party transactions. Two-step transfer flows (create, accept/reject), party-based access controls, and the JSON Ledger API v2 provide enterprise-grade contract execution.

ZK Compliance Proofs

Groth16 SNARKs on BN254 generate verifiable proofs that a compliance check was performed correctly without revealing the underlying data. Pre-built circuits include SettlementProofCircuit and IdentityProofCircuit for proving transaction validity and identity claims.

Architecture

A compliance agent processes a customer onboarding request, running KYC checks inside a TEE enclave, issuing verifiable credentials, and settling the result on Canton DAML.

Multi-Institution Orchestration

Traditional cross-border payments use static smart contracts with hardcoded rules. Tenzro enables intelligent, multi-party orchestration where agents from different institutions coordinate autonomously in real-time.

Instead of batch-processing and manual review queues, each institution runs their own agents on their own nodes. These agents negotiate, verify, and settle through the shared Tenzro settlement layer — all automated, all auditable, all in real-time.

Not Smart Contracts

Static rules can't adapt to context. Agents analyze transaction patterns, cross-reference live sanctions lists, and make nuanced decisions — all within TEE enclaves for privacy.

Multi-Party, Multi-Agent

Each institution deploys their own agents with their own compliance models. Agents from different parties negotiate via the A2A protocol, with delegation scopes controlling what each can do.

Verifiable & Auditable

Every step produces verifiable evidence: TEE attestation for computation integrity, ZK proofs for compliance without data exposure, and Canton DAML contracts for legal finality.

Code Example

Deploy a KYC compliance agent with TEE attestation and Canton DAML settlement:

Rust SDK

use tenzro_sdk::TenzroClient;

#[tokio::main]
async fn main() -> anyhow::Result<()> {
    let client = TenzroClient::new("https://rpc.tenzro.network");

    // Register compliance agent identity
    let agent = client.register_identity(
        "machine",
        "kyc-compliance-agent",
        Some("did:tenzro:human:compliance-officer"),
    ).await?;

    // Verify TEE attestation for the enclave
    let attestation = client.verify_tee_attestation(
        &tee_report_bytes,
        "intel-tdx",
    ).await?;

    // Issue KYC credential after verification
    let credential = client.add_credential(
        &customer_did,
        "KycAttestation",
        json!({
            "tier": "Enhanced",
            "verified_by": agent.did,
            "tee_attestation": attestation.hash,
        }),
    ).await?;

    // Submit DAML command for institutional record
    let result = client.submit_daml_command(
        "kyc-domain",
        json!({
            "templateId": "KycRecord:KycRecord",
            "payload": {
                "customer": customer_did,
                "tier": "Enhanced",
                "credential_hash": credential.hash,
                "attestation_hash": attestation.hash,
            }
        }),
    ).await?;

    // Generate ZK proof of compliance
    let proof = client.verify_zk_proof(
        "groth16",
        &proof_bytes,
        &public_inputs,
    ).await?;

    Ok(())
}

Relevant Tools & APIs

MCP Tools

register_identity

resolve_did

verify_zk_proof

deploy_contract

stake_tokens

get_provider_stats

Canton MCP Tools

canton_submit_command

canton_list_contracts

canton_get_events

canton_allocate_party

canton_get_balance

canton_dvp_settle

CLI Commands

tenzro-cli identity register

tenzro-cli canton submit

tenzro-cli canton contracts

tenzro-cli ceremony init