What a Suspicious Activity Report looks like when an AI co-pilot drafts the first pass. The full narrative, the supporting case file, and the time-to-analyst.
Most compliance teams spend two to four hours drafting a single SAR. The narrative writing is the slow part. The investigator gathers transaction history, pulls KYC artifacts, reviews adverse media, summarizes the suspicious pattern, and assembles it into FinCEN Form 111 format.
Luna does the first pass in under 90 seconds. The investigator reviews, modifies, and signs off. Total time drops from hours to minutes without removing the human judgment that keeps the program defensible.
This article shows the actual output. The case is based on a real deepfake-attempted account takeover at a mid-size US bank, with names and account numbers redacted.
Luna's input is a structured case file containing the flagged transaction, the customer's KYC artifacts and onboarding history, transaction history for the relevant period, adverse media and sanctions screening results, behavioral fingerprint anomalies, and device and session context.
In this case, the trigger was an attempted $47,000 outbound wire from a long-tenured customer (8 years), authorized over a video customer service callback. deepeye flagged the video session as a deepfake at 96% confidence.
Subject: [Customer Name Redacted] · Account: [Redacted] · Date of Activity: April 18, 2026 · Activity Type: Attempted account takeover via deepfake video impersonation
Summary. On April 18, 2026, the subject account experienced an attempted unauthorized outbound wire transfer of $47,000 to an external beneficiary not previously associated with the account. The transfer was authorized through a video-based customer service callback in which the caller appeared to be the account holder.
Real-time deepfake detection flagged the video session at a confidence level of 96 percent. The session was held for human review. A subsequent voice callback to the customer's primary phone number on file, conducted by a senior fraud analyst, confirmed the customer did not initiate or authorize the transfer.
Behavioral indicators supporting the determination. (1) The video session originated from an IP address geolocated 1,847 miles from the customer's verified primary residence. (2) The device fingerprint did not match any device previously enrolled for the account during 8 years of customer tenure. (3) The conversational behavior in the session deviated from the customer's established interaction pattern. (4) The beneficiary account was opened 11 days prior to the attempted transfer at a domestic neobank with no prior relationship to the subject account.
Action taken. The transfer was blocked prior to settlement. The customer was contacted and confirmed the unauthorized attempt. The account has been placed under enhanced monitoring with step-up authentication required for all video-based service interactions for 90 days. Law enforcement notification has been initiated.
The senior investigator made three edits before submission: removed the specific 1,847-mile geolocation distance and replaced with a more generic phrasing; adjusted the pattern reference to avoid disclosing intelligence in a regulatory filing; and added the bank's internal case number for cross-reference.
Total edit time: 8 minutes. Total time from alert to submitted SAR: 14 minutes. For reference, the bank's average SAR drafting time prior to Luna deployment was 3.2 hours.
Luna does not file SARs autonomously. The narrative above is a first-pass draft. The investigator reviews, modifies, and signs off before submission. Human-in-the-loop is the default and cannot be disabled without explicit configuration approval.
Luna also does not access transaction monitoring data without authorization. The case file Luna receives is scoped per-investigator, per-tenant, and logged for audit. Every Luna action is traceable from the prompt through the retrieval to the output.
Each Luna output includes a structured evidence chain showing every input the narrative drew on: KYC artifacts, transaction history, behavioral fingerprint, deepeye detection output, device intelligence, cross-account pattern data, and adverse media screening results. The investigator can drill into any line of the evidence chain to verify the source data before sign-off.
Does Luna actually draft this narrative end-to-end? Yes. The narrative above is a real first-pass output from Luna on a real case. Names, account numbers, and identifying details are redacted. The structure, language, and content are unchanged.
How accurate is Luna's first-pass narrative? Bank deployments typically see 92 to 98 percent of Luna narratives accepted with minor edits only. Major rewrites occur on roughly 4 to 8 percent of cases.
What FinCEN form structure does Luna use? FinCEN Form 111 (Suspicious Activity Report) for US domestic SARs. Other jurisdictions use the local equivalent (UK SARs, AUSTRAC SMRs, FINTRAC STRs).
Can Luna draft narratives in non-English languages? Yes. Luna supports SAR drafting in English, French, Spanish, Portuguese, German, Italian, Mandarin, Japanese, Korean, and Arabic.
What is the audit trail like? Every Luna action is logged with the prompt, retrieved context, generated output, investigator edits, and final sign-off status. Exportable in FFIEC, OCC SR 11-7, and EU AI Act formats.
How does Luna avoid hallucinating case facts? Luna's outputs are constrained to the case file inputs. Each fact in the narrative traces to a specific source in the evidence chain. Luna will refuse to write a narrative if it cannot ground a key claim in the case file.
Go live in minutes. No sandbox required, no hidden fees.
Traditional title searches take 5-10 days and miss identity fraud entirely. AI title search compresses the timeline to minutes — but still leaves a critical gap only identity verification can close.
4 million synthetic identities are active in the US financial system. Here's how they're created, why legacy KYC misses them, and what detection actually works.
A clean title does not mean a verified seller. Wire fraud exploits the gap between property records and human identity. Here's how to close it.
