Agent risk assessments help teams run structured due diligence workflows with an agent that gathers evidence, updates workflow tasks, summarizes risk findings, and prepares audit-ready review materials.
Beta feature: Agent risk assessments must be enabled by
Minerva before your organization can use them. Contact your Minerva
representative or support@gominerva.com to request beta access, workflow setup
support, and the API/application access needed for integrations.
- configure your first risk assessment workflow
- configure a client risk rating scorecard
- submit an agent risk assessment with subjects and documents
- review risks, task status, evidence, and comments
- collaborate with teammates during review
- use the relationships canvas for ownership and relationship analysis
- generate PDF reports for completed assessments
- use the risk assessment history page as a work queue
- adapt workflows for KYC, KYB, enhanced due diligence, and custom data source reviews
Agent risk assessments are designed for controlled, evidence-backed review.
The agent can accelerate research and drafting, but analysts remain
responsible for reviewing the evidence, resolving tasks, and concluding the
assessment according to internal policy.
Core Concepts
| Concept | What it means |
|---|
| Workflow | A reusable template that defines the assessment purpose, required tasks, enabled tools, and review expectations. |
| Assessment | A single run of a workflow for one case, customer, organization, or investigation. |
| Subject | An individual or organization assessed in the workflow. Assessments can include primary subjects and related parties. |
| Task | A required workflow item that tracks what the agent or reviewer needs to complete. |
| Evidence | Documents, web sources, screening results, or generated artifacts registered to support findings and decisions. |
| Risk finding | A structured risk observation tied to subjects, tasks, and evidence. |
| Client risk rating scorecard | A scoring model that evaluates configured criteria and returns a risk label such as Low, Medium, or High. |
| Relationships canvas | A visual workspace for reviewing people, organizations, ownership, control, and relationship edges. |
- a clear assessment purpose
- one primary subject type, such as individual KYC or organization KYB
- a short set of required tasks
- the minimum tools needed for the workflow
- explicit evidence expectations
- a default client risk rating scorecard, if CRR is part of the workflow
Create A Workflow
Select New workflow template and choose the closest starting point.
Use the workflow name to describe the policy use case, not the customer being reviewed.
Examples:
| Good workflow name | Why it works |
|---|
| KYC onboarding review | Clear individual onboarding scope. |
| KYB ownership review | Clear organization and ownership scope. |
| Enhanced due diligence | Clear higher-risk escalation workflow. |
| Custom source review | Clear workflow for organization-specific data source or file review. |
Define Workflow Tasks
Workflow tasks should match the review steps analysts already perform. Keep tasks specific enough that completion can be evaluated from evidence.
Examples:
- verify identity or registration details
- review sanctions and PEP exposure
- review adverse media
- assess ownership and control
- validate source of funds or source of wealth
- complete client risk rating
- document open limitations and reviewer decision
For each task, define what evidence is expected. This makes the resulting task status and risk findings easier to review.
The workflow determines which tools the agent can use. Keep the tool set aligned with the assessment purpose.
Common examples:
- screening tools for sanctions and PEP review
- web research for public source discovery
- ownership search for company and officer discovery
- document inspection for uploaded onboarding packages or memos
- domain write tools that update tasks, notes, evidence, subjects, and comments inside the assessment
Do not enable a tool solely because it is available. A smaller tool set is easier to review and audit.
Open the client risk rating configuration from the same risk assessment configuration area.
A scorecard defines the factors used to produce a client risk rating. Typical criteria include geography, sanctions or PEP exposure, ownership complexity, source of funds, source of wealth, product risk, adverse media, and custom policy criteria.
When creating a first scorecard:
- Name it after the risk model, such as Standard KYC CRR or KYB EDD CRR.
- Add criteria that map to your policy factors.
- Assign weights that add up to the expected model total.
- Define score ranges for risk labels such as Low, Medium, and High.
- Use descriptions to explain what each factor means and what evidence should support the score.
- Test the scorecard against known low-risk, medium-risk, and high-risk cases.
Scorecards are most useful when every criterion can be traced back to
evidence. If a factor is important but hard to evidence, write that limitation
into the criterion description so reviewers know what to expect.
Submit An Agent Risk Assessment
Open Risk Assessments and select New assessment.
Name The Assessment
Use a title that helps the history page work as a queue.
Good assessment names include:
- customer or case name
- assessment purpose
- date or period if useful
- escalation marker when relevant
Examples:
| Use case | Example title |
|---|
| KYC onboarding | Jane Doe KYC onboarding review |
| KYB onboarding | Northstar Holdings KYB onboarding review |
| Enhanced due diligence | Ari Vale EDD source of wealth review |
| Periodic review | Harbour Retail 2026 KYB refresh |
| Escalation or reopen | Cloud Relay ownership gap review |
Add Subjects
Add the primary subject first. Then add related subjects when the workflow needs them.
For individuals, include reliable identifiers when available:
- full legal name
- date of birth or age range
- known aliases
- nationality or residence
- occupation or role
- known addresses
For organizations, include:
- legal name
- registration number
- jurisdiction
- incorporation or founding date
- operating locations
- directors, officers, owners, and related entities
- known trade names or aliases
Structured identity fields help the agent match evidence more accurately and explain uncertainty in the final review.
Upload Documents
Upload documents that the agent should inspect or use as source evidence. Common examples include:
- onboarding forms
- corporate registry extracts
- ownership charts
- passports or identity documents, if permitted by your policy
- source of funds or source of wealth memos
- transaction or account summaries
- prior analyst notes
- adverse media packets
Use descriptive filenames before upload, such as northstar-ownership-chart-2026-05.pdf or jane-doe-source-of-wealth-memo.docx. Descriptive names make evidence easier to cite later.
When uploading documents:
- include only documents relevant to the assessment purpose
- avoid duplicate or stale versions where possible
- add context in the assessment description if a document has limitations
- do not rely on uploads alone when policy requires independent corroboration
Start The Run
After the assessment is created, start the agent run. The agent uses the selected workflow, subject details, uploaded documents, and enabled tools to complete tasks and gather evidence.
Use the agent trajectory panel to review what the agent did, which tools it called, and where it needs human input.
If the agent asks for confirmation or additional input, respond with a clear instruction. If you need the agent to change direction, use steering to add focused guidance, such as:
- “Prioritize official registry evidence before media sources.”
- “Do not conclude source of wealth until the supplied memo is inspected.”
- “Add the newly discovered parent company as a related subject.”
- “Re-check adverse media for the Spanish-language alias.”
Review The Assessment
Review starts when the agent has enough output for a human analyst to inspect. Depending on the run, the assessment may be running, waiting for user input, ready for review, reopened, concluded, cancelled, or failed.
Review The Summary
The summary view shows subject details, high-level status, risk findings, client risk rating, evidence, and task progress.
Use the summary to answer:
- What is the assessment trying to decide?
- Which subjects are in scope?
- Which tasks are complete, incomplete, or require review?
- What risk findings are active?
- Which findings have evidence?
- Is the client risk rating complete or still requiring review?
Review Risk Findings
Risk findings identify material observations discovered during the assessment.
For each finding, check:
- title and summary
- affected subject
- severity
- task linkage
- evidence IDs
- source URLs or uploaded document references
- whether the finding is active, resolved, or not material
- whether the rationale supports the task status
Do not mark a task complete only because the agent wrote a summary. Confirm the evidence is sufficient for your policy.
Update Tasks
Tasks are the operational checklist for the assessment. A task can be pending, in progress, complete, incomplete, or requiring review.
Use task status deliberately:
| Status | When to use it |
|---|
| Pending | Work has not started or is waiting behind another task. |
| In progress | The task is actively being worked by the agent or reviewer. |
| Requires review | The task has output that needs a human decision, evidence check, or policy interpretation. |
| Complete | Required evidence and review are sufficient. |
| Incomplete | The task cannot be completed with available information and the limitation should be documented. |
Review Client Risk Rating
The client risk rating summarizes scorecard criteria and the overall risk label.
For each criterion, review:
- score and risk label
- status
- rationale
- confidence, when shown
- evidence IDs and source URLs
- limitations or manual overrides
If a score seems unsupported, add a comment and reopen the task or update the assessment before concluding.
Use comments for review questions, decision explanations, and handoffs. Comments can be attached to assessment-level review, canvas work, tasks, or scorecard factors depending on the context.
Good comments are specific:
- “Please confirm whether the Ontario registry extract is current enough for the KYB decision.”
- “I disagree with Medium ownership risk because the nominee director is still unresolved.”
- “Source of wealth task can be completed if the uploaded memo is accepted as policy evidence.”
- “This assessment should remain reopened until the parent entity is added to the relationships canvas.”
Avoid comments that cannot be acted on, such as “please check” without naming what needs review.
Use Evidence For Audit
Evidence is the audit trail behind the assessment. Evidence can include uploaded files, web sources, screening results, generated artifacts, or dashboard links returned by integrated tools.
When reviewing evidence:
- open the cited source before accepting a material finding
- compare source dates with your policy requirements
- check whether evidence supports the exact subject, not just a similar name
- confirm uploaded documents are the intended version
- cite evidence IDs in notes when making a manual decision
- document limitations where evidence is incomplete, stale, or ambiguous
Evidence IDs are especially important for audit. They make it possible to trace a task decision, risk finding, CRR criterion, or report statement back to a concrete source.
Use The Relationships Canvas
The relationships canvas helps reviewers inspect ownership, control, roles, and related-party structure.
Use the canvas to:
- review discovered subjects
- add or validate ownership and control relationships
- distinguish officers, directors, beneficial owners, subsidiaries, and parent entities
- flag high-risk subjects in the structure
- add comments where the structure needs review
- export the relationship graph when it supports the assessment record
The canvas is most valuable for KYB, enhanced due diligence, sanctions evasion, nominee ownership, and complex corporate structure reviews.
When using the canvas:
- Start with the primary subject.
- Add directly known owners, directors, officers, and related entities.
- Use evidence to support every material relationship.
- Keep relationship labels specific.
- Review high-risk subjects and edge context before concluding.
- Add comments for unresolved links or ownership gaps.
- Export PNG or PDF from the canvas when the relationship graph should be included in downstream review materials.
Generate PDF Reports
When review is complete, open the assessment Reports tab and select Generate PDF report. Minerva queues a report job for that assessment.
The reports section lets you:
- generate a fresh PDF report for the current assessment
- review report job status
- inspect generated report artifacts
- download completed PDF artifacts
Generate the report after:
- required tasks are complete or documented as incomplete
- material risk findings have been reviewed
- CRR criteria are complete or explicitly marked for review
- comments that affect the conclusion are resolved or summarized
- limitations are captured in notes
- the assessment status is ready for review or concluded according to your internal process
If you change material assessment content after generating a report, generate a new PDF so the artifact reflects the current record.
Use History As A Work Queue
Open Risk Assessments > History to review your assessment queue.
The My Risk Assessments tab is useful for:
- active work you created
- assessments assigned to you by process
- items waiting for your input
- ready-for-review items you need to finish
- reopened assessments that need follow-up
The Team Risk Assessments tab is useful for:
- supervisor review
- balancing analyst workload
- identifying stale or failed assessments
- checking which cases are ready for review
- finding concluded assessments for audit or reporting
Status Triage
Use status to decide what to do next.
| Status | Queue meaning | Next action |
|---|
| Draft | Created but not started. | Add missing subjects or documents, then start the run. |
| Running | Agent work is in progress. | Monitor only if urgent, or wait for completion. |
| Waiting for user | The agent needs input or confirmation. | Open the assessment and respond. |
| Interrupted | The run stopped before normal completion. | Review the trajectory and resume or restart as appropriate. |
| Ready for review | Agent output is ready for human review. | Review tasks, risks, evidence, CRR, and comments. |
| Reopened | A concluded or reviewed assessment needs more work. | Resolve the reopened issue, then move back to review. |
| Concluded | Final decision has been recorded. | Generate or download reports when needed. |
| Cancelled | Work was cancelled. | Confirm cancellation is intentional and documented. |
| Failed | The run failed. | Review error context and contact Minerva if it repeats. |
Work Queue Best Practices
- Sort by updated time to find stale reviews.
- Filter to ready-for-review for analyst completion work.
- Filter to waiting-for-user for blocked agent runs.
- Review team queue statuses at least daily during beta rollout.
- Use consistent assessment titles so queue rows are self-explanatory.
- Do not conclude assessments directly from queue context. Open the assessment and review evidence first.
Example Workflows
KYC Onboarding
Use for individual customer onboarding.
Typical workflow:
- Add the individual as the primary subject.
- Upload onboarding forms and permitted identity evidence.
- Enable screening and public source tools required by policy.
- Ask the agent to verify identity details, sanctions exposure, PEP exposure, and adverse media.
- Review task output and evidence.
- Complete the CRR scorecard.
- Conclude with the onboarding risk decision and generate a PDF report if needed.
Recommended tasks:
- verify identity details
- screen sanctions and PEP
- review adverse media
- assess source of funds or source of wealth
- complete client risk rating
KYB Onboarding
Use for organization onboarding and ownership review.
Typical workflow:
- Add the organization as the primary subject.
- Upload registry extracts, ownership charts, and onboarding packages.
- Add known directors, officers, beneficial owners, and parent entities as related subjects.
- Use ownership search and public source tools to corroborate structure.
- Review the relationships canvas.
- Screen the organization and material related parties.
- Complete the CRR scorecard and document limitations.
Recommended tasks:
- verify registration details
- review ownership and control
- screen organization and related parties
- assess jurisdiction and product risk
- review adverse media
- complete KYB CRR
Enhanced Due Diligence
Use for higher-risk customers, escalations, or periodic reviews that require deeper evidence.
Typical workflow:
- Start from the known customer or case name.
- Add the trigger for EDD in the assessment description.
- Upload prior case notes and any relevant documents.
- Enable broader public source, screening, and ownership tools.
- Require evidence-backed task completion.
- Use comments for second-line review questions.
- Generate a PDF report only after reviewer comments and limitations are addressed.
Recommended tasks:
- confirm escalation trigger
- review sanctions, PEP, adverse media, and enforcement exposure
- validate source of funds or wealth
- review ownership and associates
- document residual risk and controls
- complete enhanced CRR
Custom Data Source Review
Use when your organization needs the agent to inspect uploaded files, internal exports, or special-purpose data sources.
Typical workflow:
- Create a workflow specific to the source and review purpose.
- Upload the source documents or data extracts.
- Explain the source context in the assessment description.
- Ask the agent to extract relevant facts, register evidence, and update tasks.
- Review evidence IDs carefully because source interpretation may be policy-specific.
- Document any source limitations before concluding.
Recommended tasks:
- inspect uploaded source documents
- extract relevant facts and identifiers
- compare extracted facts to subject records
- identify unresolved discrepancies
- document limitations and reviewer decision
Beta Rollout Checklist
Before broad rollout:
- confirm Minerva has enabled the beta for the intended tenant and workspaces
- configure one pilot workflow and one CRR scorecard
- run a small set of known cases through Calibration or a beta workspace
- compare agent output to existing analyst review results
- document evidence quality expectations
- define who can conclude assessments
- define when PDF reports should be generated
- define queue review cadence
- agree how comments, reopened assessments, and custom escalation statuses should be handled
