Automate transaction confirmations, fraud alerts, and KYC notifications with audit logs, human oversight gates, and zero sensitive data in transit.
Fintech companies operate at the intersection of startup speed and regulatory obligation. AI agents can handle high-volume customer communications — transaction confirmations, onboarding status, fraud alerts — faster and more consistently than human teams. But financial email carries strict requirements: disclosures must be accurate, account data must never appear in message bodies, fraud escalations must follow documented procedures, and every AI-generated customer communication must be audit-logged. MultiMail is built for this environment. The gated_send oversight mode lets agents compose and send routine notifications autonomously while routing high-stakes messages — dispute notices, adverse action letters, fraud alerts — through a human approval queue before delivery. Audit trails are captured on every message, and the API enforces content controls at the transport layer.
PCI DSS and GLBA prohibit transmitting full card numbers, account credentials, and bank routing details via email. AI agents composing messages at scale create new surface area for accidental data exposure — a hallucinated card number or a poorly templated account detail can trigger a reportable incident.
Fraud and risk teams require alerts to reach customers within defined time windows and follow documented escalation procedures. An agent that queues or batches fraud notifications introduces latency that regulators and customers will scrutinize. Every escalation path must be logged and reproducible.
TILA, EFTA, and state lending laws require specific language in certain customer-facing communications. An AI agent generating disclosures from context must not drift from approved templates. Changes to disclosure language require human review before any message is sent.
Regulators expect financial institutions to produce records of all customer communications, including those generated by automated systems. If an AI agent sent a billing notice or KYC status update, the audit log must capture the agent identity, timestamp, message content, and delivery status.
Fintech products frequently serve EU customers, triggering GDPR obligations around data minimization and processing records. Email communications sent on behalf of EU customers must respect data residency expectations and cannot include personal data beyond what is necessary for the stated purpose.
The gated_send oversight mode lets agents compose transaction confirmations and KYC updates autonomously but holds fraud alerts, dispute responses, and disclosure-heavy messages in a pending queue. Compliance officers review and approve before delivery. list_pending and decide_email give the approval interface a clean API surface.
Every send_email and reply_email call is logged with agent identity, message content, recipient, timestamp, and delivery status. Logs are immutable and queryable via the API, satisfying SOC 2 audit requirements and giving compliance teams the paper trail regulators expect for AI-generated communications.
Low-risk, high-volume notifications — payment confirmations, balance updates, billing receipts — can run fully autonomous once the template is approved. The monitored mode delivers messages immediately while preserving a full notification trail for your compliance team. No human in the loop for routine sends, but every action is visible.
Fraud detection agents that only need to classify and route inbound email — chargebacks, disputes, suspicious login reports — can operate under read_only. The agent reads and tags messages using check_inbox, read_email, and tag_email without any send capability, limiting blast radius if the agent is compromised or hallucinates.
Adverse action notices, lending disclosures, and account closure letters require legal sign-off on every message variant. gated_all mode routes every outbound message to the approval queue regardless of type, giving compliance full control before any AI-generated content reaches a customer.
from multimail import MultiMailClient
client = MultiMailClient(api_key="$MULTIMAIL_API_KEY")
"cm"># Transaction confirmation — sent immediately under gated_send
client.send_email(
from_address="[email protected]",
to=["[email protected]"],
subject="Payment confirmed: $247.00 to Acme Corp",
body=(
"Your payment of $247.00 to Acme Corp was processed successfully.\n"
"Reference: TXN-20260419-8821\n"
"If you did not authorize this transaction, reply to this email or "
"call 1-800-555-0100 immediately."
),
tags=["transactional", "payment-confirmation"],
)
"cm"># Fraud alert — routed to approval queue under gated_send
"cm"># Compliance officer reviews via decide_email before delivery
client.send_email(
from_address="[email protected]",
to=["[email protected]"],
subject="Unusual activity detected on your account",
body=(
"We detected a login attempt from an unrecognized device in Minsk, BY.\n"
"If this was you, no action is needed.\n"
"If not, secure your account at https://app.payments.multimail.dev/secure"
),
tags=["fraud-alert", "high-risk"],
)Send a payment confirmation that goes out immediately, while a fraud alert on the same account is held for human review. The oversight mode on the mailbox determines routing — no per-call flag needed.
from multimail import MultiMailClient
client = MultiMailClient(api_key="$MULTIMAIL_API_KEY")
def handle_kyc_decision(customer_email: str, status: str, reason: str | None = None):
if status == "approved":
subject = "Identity verification complete — your account is active"
body = (
"Your identity has been verified. You can now access all account features.\n"
"Log in at https://app.yourfintech.com"
)
elif status == "pending_documents":
subject = "Additional documents needed to complete verification"
body = (
f"We need the following to complete your verification:\n{reason}\n\n"
"Upload documents at https://app.yourfintech.com/kyc/upload"
)
else:
"cm"># Adverse action — route through gated_all mailbox for compliance approval
subject = "Account application update"
body = (
"We were unable to verify your identity at this time.\n"
"You have the right to request the reasons for this decision.\n"
"Contact us at [email protected]"
)
result = client.send_email(
from_address="[email protected]",
to=[customer_email],
subject=subject,
body=body,
tags=["kyc", f"kyc-{status}"],
)
return result["message_id"]
"cm"># Poll inbound KYC mailbox for document submissions
inbox = client.check_inbox(
mailbox="[email protected]",
filters={"unread": True, "tags": ["kyc-submission"]},
)
for email in inbox["emails"]:
msg = client.read_email(message_id=email["message_id"])
"cm"># Tag as processed to avoid duplicate handling
client.tag_email(message_id=email["message_id"], tags=["kyc-processed"])An onboarding agent polls for KYC decisions and sends the appropriate status email. Uses check_inbox to watch for inbound documents and send_email to dispatch status updates.
from multimail import MultiMailClient
client = MultiMailClient(api_key="$MULTIMAIL_API_KEY")
def process_fraud_alert_queue(reviewer_id: str):
"cm"># Fetch all fraud alerts pending human approval
pending = client.list_pending(
mailbox="[email protected]",
tags=["fraud-alert"],
)
for item in pending["messages"]:
msg_id = item["message_id"]
msg = client.read_email(message_id=msg_id)
risk_score = score_fraud_alert(msg["body"]) "cm"># your risk model
if risk_score >= 0.8:
"cm"># High confidence — approve and send immediately
client.decide_email(
message_id=msg_id,
decision="approve",
reviewer=reviewer_id,
notes="High-confidence fraud signal. Approved for immediate delivery.",
)
elif risk_score < 0.3:
"cm"># Low signal — cancel, do not send
client.cancel_message(message_id=msg_id)
else:
"cm"># Escalate for senior review — leave in queue with new tag
client.tag_email(
message_id=msg_id,
tags=["escalated", "senior-review-required"],
)
def score_fraud_alert(body: str) -> float:
"cm"># Integrate your risk model here
return 0.85A risk team workflow that lists pending fraud alerts awaiting human approval and processes the review decision. The decide_email call either approves delivery or cancels the message.
from multimail import MultiMailClient
client = MultiMailClient(api_key="$MULTIMAIL_API_KEY")
def draft_support_reply(thread_id: str, agent_draft: str) -> dict:
"cm"># Retrieve the full thread for context
thread = client.get_thread(thread_id=thread_id)
last_message = thread["messages"][-1]
"cm"># Agent composes a reply — held in queue under gated_all
"cm"># No message reaches the customer until a human approves via decide_email
result = client.reply_email(
message_id=last_message["message_id"],
body=agent_draft,
from_address="[email protected]",
tags=["support", "agent-drafted", "pending-review"],
)
return {
"queued_message_id": result["message_id"],
"status": result["status"], "cm"># "pending_approval" under gated_all
"thread_id": thread_id,
}
"cm"># Read unresolved dispute tickets and queue agent-drafted replies
inbox = client.check_inbox(
mailbox="[email protected]",
filters={"unread": True, "tags": ["dispute"]},
)
for email in inbox["emails"]:
draft = generate_agent_reply(email) "cm"># your LLM call here
queued = draft_support_reply(
thread_id=email["thread_id"],
agent_draft=draft,
)
print(f"Queued reply {queued[&"cm">#039;queued_message_id']} for compliance approval")A support agent reads inbound customer email and drafts replies, but every reply is held in the approval queue before sending. Appropriate for regulated topics like dispute resolution or account closure.
| Regulation | Requirement | How MultiMail helps |
|---|---|---|
| GLBA (Gramm-Leach-Bliley Act) | Financial institutions must safeguard customer nonpublic personal information and implement technical controls over automated systems that access or transmit customer data. | MultiMail never stores full account numbers, SSNs, or payment credentials. All API traffic is TLS-encrypted in transit. The audit log captures agent identity, message content, and delivery status on every call, satisfying GLBA's requirement to maintain records of how customer information was handled by automated systems. |
| PCI DSS | Cardholder data — full PANs, CVVs, PINs — must not be transmitted over unprotected channels including email. Any system that could route payment data through email must be scoped and controlled. | MultiMail's content controls operate at the API layer. The oversight queue gives compliance teams a checkpoint before any message reaches a customer, reducing the risk of accidental cardholder data exposure. The gated_send and gated_all modes ensure human reviewers can catch sensitive data before delivery. |
| SOC 2 Type II | Systems handling customer data must demonstrate availability, confidentiality, and integrity controls with auditor-verified evidence over a sustained period. | Every MultiMail API call is logged with immutable timestamps, agent identity, message ID, recipient, subject, body, and delivery outcome. Logs are queryable via the API and exportable for SOC 2 auditor review. The formally verified security model provides mathematical evidence that oversight and authorization controls behave as specified. |
| GDPR | EU customer data must be processed under a lawful basis, minimized to what is necessary, and protected against unauthorized access. Data subjects have rights to erasure and access. | MultiMail's API supports message deletion by message ID for erasure requests. Per-mailbox retention policies can automatically purge messages after a defined period. Audit logs record processing activity, supporting GDPR Article 30 records of processing activities requirements. |
| State Money Transmission Laws | Many states require licensed money transmitters to maintain records of customer communications related to transfers and to provide timely, accurate transaction notifications. | The monitored and gated_send modes ensure transaction notification emails are sent within required time windows. Every notification is audit-logged with delivery confirmation, providing the communication records state examiners expect to see during audits. |
Email infrastructure built for AI agents. Verifiable identity, graduated oversight, and a 50-tool MCP server. Formally verified in Lean 4.