Audit Scenarios/Vendor Risk Assessment

Vendor Risk Assessment Audit Trail

Every vendor, counterparty, and credit applicant decision your AI agent makes: logged with risk tier, KYC status, and sanctions screening results. Cryptographically attested and independently verifiable.

Available for Q4 2026 pilot Methodology for auditors

The problem

Vendor onboarding agents approve suppliers, run KYC checks, and screen against sanctions lists. When an auditor asks whether a sanctioned entity was blocked, or whether a critical-risk vendor received human review before onboarding, most teams cannot produce an immutable record.

OFAC and EU sanctions compliance require evidence that screening occurred and that hits were acted on. A missed sanctions match is not a false positive problem. It is a regulatory exposure.

Sanctions auto-reject

Sanctions hits are auto-rejected regardless of agent ALLOW/LIMIT/BLOCK state, the same pattern as segregation of duties auto-block in GL review. The rejection is immutable and included in period attestations. Compliance reviewers confirm or escalate each hit.

Critical tier oversight

Vendors assessed at critical risk tier automatically require human approval before onboarding proceeds. Reviewer assessments feed five reliability signals: reviewer agreement rate, false positive rate, sanctions detection rate, escalation rate, and approval accuracy.

Integration

Direct SDKLangChainMCP

pip install sigmodx

from sigmodx import SigmodxClient

client = SigmodxClient(api_key="...", agent_id="...")

input_hash = client.hash_inputs({
    "entity_ref": "VENDOR-2026-1182",
    "jurisdiction": "US",
    "credit_limit": 500000,
})

result = client.submit_vendor_risk_decision(
    decision_type="approve",
    input_hash=input_hash,
    rationale="KYC complete. No sanctions hits. Financial health stable.",
    entity_reference="VENDOR-2026-1182",
    entity_type="vendor",
    risk_tier="low",
    risk_score=0.12,
)

pip install sigmodx sigmodx-integrations

from sigmodx import SigmodxClient
from sigmodx_integrations import SigmodxCallbackHandler, VENDOR_RISK_CONFIG

client = SigmodxClient(api_key="...", agent_id="...")
handler = SigmodxCallbackHandler(
    client=client,
    config=VENDOR_RISK_CONFIG,
)

# Every tool call is automatically logged to Sigmodx
agent_executor.invoke(
    {"input": "Assess vendor VENDOR-2026-1182 for onboarding"},
    config={"callbacks": [handler]},
)

pip install sigmodx-mcp

SIGMODX_API_KEY=your-key \
SIGMODX_AGENT_ID=your-agent-uuid \
sigmodx-mcp

Claude Desktop / Cursor config:

{
  "mcpServers": {
    "sigmodx": {
      "command": "sigmodx-mcp",
      "env": {
        "SIGMODX_API_KEY": "your-api-key",
        "SIGMODX_AGENT_ID": "your-agent-uuid"
      }
    }
  }
}

Attestation verification strings use SIGMODX-VENDOR-[ORG]-[HASH] at /verify.

Available for Q4 2026 pilot

Vendor risk assessment scenario is live in repo. Pilot access for enterprise teams evaluating KYC and sanctions controls.

Request pilot access →