Risk & Fraud

Intelligence & RiskPhase 1

Lead: Risk Orchestrator Agent

10 agents1 building9 planned

Linear: HB-RISK

48 permissions (3 write)Parallelization+ Evaluator-Optimizer

Architecture Pattern

Risk signals are evaluated in parallel (SEON, IP analysis, behavior patterns, device fingerprint). Results feed an evaluator-optimizer that refines risk scores.

Evaluation

4 metrics defined

Error Handling

3 scenarios covered

Self-Improvement

3 human checkpoints

Phase 1: Foundation

Foundation. Withdrawal automation and fraud prevention are day-one requirements. Blocks wallet automation.

Tools

SEONGrecoArkhamSumsubBack Office APIHexLinear

Goals

Stop fraud earlyMinimize false positivesAutomate withdrawalsOSINT-driven investigations

Agent Sizing Rationale

10 agents: 1 orchestrator + 5 risk assessment (odd for high-stakes fraud voting) + 4 investigation (including OSINT). This is the highest-stakes department — Condorcet theorem shows 5-agent panels achieve >99% accuracy when individual accuracy >70%.

Risk Assessment (5-agent voting panel)

AgentDescriptionComplexityRolesStatusActions

SEON Identity AgentRuns SEON device fingerprinting, email/phone analysis, and IP intelligence on every player action.medium

analystcommunicator

Greco Gameplay AgentAnalyzes gameplay patterns via Greco for bonus abuse, advantage play, and suspicious betting.medium

analyst

Arkham On-Chain AgentChecks wallet addresses against Arkham for sanctions, mixer usage, and entity associations.medium

executor

Behavioural Risk AgentAnalyzes player behaviour patterns (session times, bet sizing, deposit patterns) for anomalies.medium

analyst

Multi-Account Detection AgentIdentifies linked accounts using device, IP, wallet, and behavioural fingerprints.medium

executor

Investigation & Action (4 specialists + orchestrator)

AgentDescriptionComplexityRolesStatusActions

Withdrawal Risk AgentApplies the combined risk score to withdrawal requests. Auto-approves low risk, escalates high risk.medium

analystrouter

Bonus Abuse AgentDetects and acts on bonus abuse patterns — wagering manipulation, arbitrage, and systematic exploitation.medium

monitor

Greco Shadow AgentLearns from Greco's outputs to build internal risk models. Tracks accuracy to eventually reduce Greco dependency.medium

monitorgenerator

OSINT Investigation AgentConducts open-source intelligence investigations on flagged players. Cross-references usernames, emails, wallet addresses, and social media profiles against public databases, blockchain explorers, breach datasets, sanctions lists, and dark web forums. Builds evidence dossiers for high-risk cases. Identifies connections between accounts, links to known fraud rings, and validates player identities against public records. Feeds findings into the Risk Orchestrator for scoring adjustments.medium

generatorguardiancommunicator

Risk Orchestrator AgentSynthesizes all risk signals into unified risk scores, manages escalation thresholds, reports to you.complex

orchestratoranalystrouter

Agents Used From Other Departments

These agents from other departments feed data into or are called by this department's agents.

Player Intelligence & DataExternal

Segmentation AgentLTV Prediction Agent

Player LTV and segments help distinguish high-value players from fraudsters to reduce false positives.

Wallet & PaymentsExternal

Withdrawal AgentDeposit Agent

Transaction data is the primary signal for fraud detection.

Customer SupportExternal

Escalation & Complaints Agent

Flagged accounts may trigger CS outreach for verification.

Compliance & LegalExternal

KYC/AML AgentRegulatory Reporting Agent

AML flags from Risk feed into compliance reporting. Suspicious activity reports (SARs) are filed through Compliance. KYC verification outcomes inform risk scoring.

SportsbookExternal

Odds Monitoring AgentBet Settlement Agent

Bet pattern analysis for match-fixing detection requires sportsbook odds and settlement data. Unusual betting patterns trigger risk investigations.