How AI Risk Agents Are Changing Merchant Underwriting
AI risk agents automate merchant underwriting by researching, scoring, and decisioning applications in seconds. See how they work and what to evaluate.
AI risk agents automate merchant underwriting by researching, scoring, and decisioning applications in seconds. See how they work and what to evaluate.

AI risk agents are changing how payment platforms, ISOs, and PayFacs evaluate merchant applications, reshaping everything from initial underwriting to ongoing transaction monitoring. Rather than acting as chatbots or simple automation tools, AI risk agents execute full underwriting workflows. They research merchants, analyze risk signals, document findings, and make policy-driven decisions with minimal human intervention.
For organizations processing hundreds or thousands of merchant applications each month, the challenge is no longer collecting data. It's turning that data into consistent, defensible underwriting decisions without expanding risk teams at the same pace as portfolio growth.
Traditional underwriting requires analysts to move between business registries, website reviews, sanctions screening, and litigation databases. They must consult internal systems before recommending an approval or decline. AI risk agents compress those manual workflows into a repeatable process that executes in seconds while producing a complete audit trail for every decision.
Importantly, AI risk agents should not be viewed as replacements for experienced underwriters. Their greatest value comes from operationalizing underwriting policies, automating repetitive research, and ensuring every merchant is evaluated consistently. Human expertise remains essential for policy design, exception handling, and complex investigations.
This guide explains how AI risk agents work and how they support merchant underwriting. It covers where they create the greatest operational value and what payment organizations should evaluate when selecting a platform.
Manual underwriting works well when application volume is relatively low. Analysts can review business registrations, verify ownership, inspect websites, and document decisions without creating meaningful operational delays.
As portfolios grow, however, underwriting challenges become operational rather than technical.
Applications arrive faster than analysts can review them. New merchant types introduce unfamiliar risks. Decision consistency becomes harder to maintain across multiple reviewers.
Sponsor banks expect stronger governance, while merchants expect faster onboarding experiences.
The result is a familiar set of problems for many PayFacs and ISOs:
In practice, many organizations discover that underwriting capacity becomes the first operational bottleneck as merchant portfolios scale. Hiring additional analysts can temporarily relieve pressure, but it rarely solves the underlying challenge of maintaining consistent decision quality across a growing portfolio.
One mistake we frequently see is organizations attempting to automate data collection while leaving decision logic fragmented across individual analysts. Without standardized policies, automation simply accelerates inconsistent outcomes.
The objective of modern underwriting is not only to process applications faster. It is to apply the same underwriting standards consistently, document every decision, and create workflows that continue to perform as merchant volume increases.
An AI risk agent is autonomous software that executes underwriting tasks using predefined policies, trusted data sources, and large language models (LLMs). It interprets information that would traditionally require human review.
Unlike conventional automation, which follows fixed rules for individual tasks, AI risk agents coordinate multiple activities within a single workflow. They gather information, evaluate merchant risk, document findings, and determine the appropriate next step based on your underwriting policies.
For example, an AI risk agent may:
This distinction is important.
A rules engine answers predefined questions.
An AI risk agent investigates the merchant before answering them.
Rather than simply checking whether a business registration exists, an agent evaluates whether a merchant's digital presence aligns with its stated business model. It identifies discrepancies across multiple sources and explains why those discrepancies warrant additional review.
That ability to combine structured and unstructured information is what differentiates AI risk agents from traditional underwriting automation.
Although implementations differ across platforms, most AI risk agents follow a similar underwriting workflow.
The process begins with structured merchant information such as:
Rather than simply storing this information, the agent standardizes it into a format that can be evaluated consistently across every application.
Clean, structured input significantly improves downstream decision quality.
The agent validates the business using government registries, Secretary of State records, ownership databases, and identity verification providers.
This stage establishes that the business exists, ownership information is legitimate, and beneficial owners match regulatory requirements.
However, experienced underwriting teams recognize that valid documentation does not necessarily indicate a low-risk merchant.
Business impersonation has become increasingly common. Fraudsters submit legitimate business registration information while operating entirely different websites or selling different products than the legitimate company.
Documentation may pass verification.
Merchant intelligence often tells a different story.
This is where AI risk agents create the greatest operational value.
Instead of requiring analysts to manually investigate every application, the agent automatically researches multiple external signals, including:
The objective is not simply to collect data but to build context around the merchant.
For example, a merchant may apply as a software consulting company while its website promotes subscription supplements or products associated with higher chargeback rates. The application itself may appear legitimate, but the external signals tell a different story.
Similarly, synthetic business identities often combine legitimate registration information with fabricated ownership details. Generative AI is accelerating this threat, making them increasingly difficult to detect through documentation alone.
In practice, this stage often determines whether underwriting becomes a strategic advantage or a manual bottleneck. Experienced risk teams rely on contextual intelligence—not isolated data points—to make consistent decisions.
Organizations evaluating AI risk agents often compare them to rules engines or predictive risk models. While these technologies are complementary, they serve different purposes within the underwriting workflow.
A rules engine evaluates predefined conditions. For example, it can automatically decline applications from prohibited merchant categories or flag merchants operating in unsupported countries.
Traditional risk models go a step further by assigning a risk score based on historical data and statistical patterns. They help prioritize applications but typically stop short of making complete underwriting decisions.
AI risk agents operate at a higher level. Rather than producing a single score or executing isolated rules, they orchestrate the entire underwriting workflow. They gather information, interpret structured and unstructured data, apply underwriting policies, document findings, and determine the appropriate next action.
The distinction matters because underwriting rarely depends on a single signal. Experienced analysts combine multiple sources of information before making a decision. AI risk agents replicate much of that investigative process while ensuring every application follows the same workflow.
Rather than replacing rules engines or predictive models, AI risk agents coordinate them into a single, repeatable decision process.
Modern underwriting involves far more than verifying whether a business exists. Analysts spend much of their time gathering information, validating merchant claims, documenting decisions, and routing cases for additional review.
AI risk agents automate many of these operational tasks while preserving opportunities for human judgment where it adds the most value.
The first responsibility is confirming that the merchant is legitimate.
AI risk agents validate:
They compare application data against authoritative sources and immediately highlight inconsistencies for review.
In practice, many underwriting delays stem not from fraud but from incomplete or conflicting information. Automating these verification steps allows analysts to focus on resolving meaningful exceptions rather than performing repetitive lookups.
A merchant's website often provides more insight than the application itself.
AI risk agents evaluate:
One mistake we frequently see is organizations treating KYB as a complete underwriting process.
KYB verifies that a business exists.
It does not confirm that the merchant is conducting the business it claims.
For example, an applicant may register as a marketing consultancy while operating a website selling subscription-based health supplements. Both businesses may be legitimate, but they present very different risk profiles from an underwriting perspective.
Website intelligence helps identify these differences before approval.
Experienced underwriters rarely rely on documentation alone.
They also investigate external context.
AI risk agents automatically review:
Instead of requiring analysts to manually search multiple sources, the agent consolidates relevant findings into a structured case summary.
This creates two advantages:
First, analysts spend less time gathering information.
Second, every merchant receives a consistent level of investigation regardless of application volume.
Merchant category codes (MCCs) influence underwriting policies, pricing, reserve requirements, and ongoing monitoring.
AI risk agents compare:
This helps identify merchants whose actual business activities differ from their application.
Merchant category misrepresentation is not always intentional. Some businesses evolve over time, while others misunderstand classification requirements.
Regardless of intent, identifying these discrepancies early reduces downstream operational risk.
Not every underwriting decision should be automated.
Experienced organizations reserve human judgment for applications where additional context is required.
Rather than replacing analysts, AI risk agents prepare investigations by:
Analysts begin with a complete case file instead of a blank screen.
That shift dramatically reduces investigation time while improving consistency across reviewers.
Organizations typically evaluate AI risk agents based on operational outcomes rather than technical features.
Low-risk merchants no longer wait for analysts to perform routine research.
Automated investigation allows straightforward applications to move through merchant underwriting in minutes rather than days, improving both merchant experience and time to revenue.
Consistency is one of the most overlooked benefits of automation.
When every application follows the same workflow, organizations reduce analyst-to-analyst variation and create underwriting decisions that are easier to explain, review, and audit.
Sponsor banks increasingly value this consistency because it demonstrates governance rather than relying solely on individual judgment.
The objective is not to eliminate analysts.
It is to eliminate repetitive work.
Research, documentation, and standard approvals consume a significant portion of an underwriter's day.
By automating those activities, organizations allow experienced analysts to focus on:
This improves throughput without requiring proportional increases in headcount.
Fraud prevention begins long before the first transaction.
Business impersonation, synthetic business identities, merchant category misrepresentation, and evolving fraud tactics often leave subtle signals across multiple data sources.
AI risk agents help surface those signals consistently before merchants enter the portfolio.
As payment fraud becomes increasingly automated—AI-enabled fraud surged 1,210% in 2025—underwriting programs that combine AI-driven research with human oversight are better positioned to reduce fraud losses. Research from Unit21 on transaction monitoring in banks highlights how layered monitoring reduces exposure across the merchant lifecycle. They also help maintain an efficient approval process.
One concern organizations often have is whether AI risk agents replace underwriting policy with generic automation.
The opposite is true.
Effective AI risk agents enforce your underwriting policies—not the vendor's defaults.
Organizations configure:
This flexibility allows underwriting teams to maintain control while automating execution.
One implementation lesson we frequently see is that automation should follow policy—not define it.
Organizations that first standardize their underwriting criteria typically realize greater value than those attempting to automate inconsistent decision processes.
The most successful implementations treat AI risk agents as an extension of the underwriting team. Human expertise establishes the policies, while AI executes those policies consistently at scale.
Merchant onboarding is only the beginning of the risk lifecycle. Effective transaction monitoring is essential to managing that lifecycle.
According to IBM's overview of transaction monitoring, continuous monitoring helps organizations detect anomalies that point-in-time reviews miss. Without it, portfolio risks can go undetected beyond the initial review.
One misconception we frequently see is organizations treating underwriting as a one-time decision rather than an ongoing risk management process. In reality, some of the most significant fraud losses occur after a merchant has already been approved.
Businesses evolve. Ownership changes. Product offerings expand.
Financial health deteriorates. Fraudsters adapt their tactics over time. A merchant that appears low risk during onboarding may present a very different risk profile six months later.
This is why leading payment organizations increasingly pair AI risk agents with continuous transaction monitoring. Robust transaction monitoring and portfolio monitoring work together to surface emerging risks.
Instead of evaluating merchants only once, AI risk agents continuously analyze new information and determine whether a merchant's risk profile has materially changed.
Examples include:
Rather than waiting for analysts to discover these changes during periodic reviews, AI risk agents surface meaningful changes automatically. They prioritize merchants that require investigation.
In practice, continuous monitoring often prevents larger losses than onboarding alone because emerging risks are identified before they become portfolio-wide problems.
Speed is often the most visible benefit of automation.
Governance is often the most valuable.
As merchant portfolios grow, underwriting programs become increasingly difficult to manage consistently across multiple analysts, offices, and business units.
Without standardized workflows, organizations frequently encounter:
AI risk agents help address these challenges by creating structured, repeatable workflows.
Every action is documented.
Every data source is recorded.
Every recommendation is traceable back to the evidence used during the investigation.
For sponsor banks, acquiring partners, and internal audit teams, this level of documentation improves transparency and makes underwriting decisions significantly easier to review.
Rather than relying on institutional knowledge, organizations create an operational record that demonstrates how underwriting policies were applied consistently across the portfolio.
Technology alone does not improve underwriting.
Implementation determines whether AI risk agents become a competitive advantage or simply another workflow tool.
The most common mistakes include:
Organizations sometimes attempt to automate underwriting before standardizing their decision criteria.
AI can execute policies consistently, but it cannot resolve ambiguity in those policies.
Before implementation, underwriting teams should clearly define:
Automation performs best when policies are already well understood.Configurability of rules and operating procedures
Can you customize agent behavior to match your specific policies, or are you locked into generic thresholds that don't reflect your business?
Business registration checks and identity verification remain foundational components of merchant onboarding.
However, they represent only one part of the underwriting process.
Experienced underwriters evaluate context, not just documentation.
Website analysis, merchant reputation, processing behavior, adverse media, litigation history, and transaction activity often provide stronger indicators of future risk than submitted documents alone.
Organizations that rely exclusively on KYB and KYC frequently overlook risks that become apparent only through broader merchant intelligence.
Approving a merchant is not the same as managing merchant risk.
Businesses change.
Fraud evolves.
Regulatory expectations shift.
Without ongoing transaction monitoring, organizations lose visibility into how merchant risk develops over time. Transaction monitoring helps close that gap before losses occur.
Many high-profile merchant fraud cases occur because the business approved during onboarding is no longer the business operating months later. Alloy's guide to transaction monitoring explains why ongoing monitoring is critical for payment platforms managing evolving merchant risk.
Continuous transaction monitoring helps identify these changes before they translate into financial losses or compliance issues. Flagright's analysis of real-time transaction monitoring outlines how real-time signals improve detection of emerging fraud patterns.
Every payment portfolio has a unique risk appetite.
A platform onboarding restaurants has different underwriting requirements than one focused on SaaS companies, marketplaces, or high-risk merchants.
Organizations should avoid relying exclusively on vendor-default configurations.
Instead, underwriting policies, thresholds, escalation paths, and monitoring rules should reflect:
Customization improves both underwriting accuracy and operational flexibility.
Selecting an AI risk agent platform involves more than comparing features.
The objective is to determine whether the platform supports how your organization manages merchant risk today. It must also remain flexible enough to evolve as your portfolio grows.
Evaluate the quality and diversity of data sources.
Look beyond business registration records to understand whether the platform incorporates:
Broader context generally produces stronger underwriting decisions than isolated verification checks.
No two underwriting teams operate exactly the same way.
A platform should support configurable:
Organizations should be able to adapt workflows as fraud patterns, regulations, and business priorities change.
One of the most overlooked evaluation criteria is operational ownership.
Ask questions such as:
Many organizations underestimate the operational effort required to maintain underwriting programs over time.
The strongest platforms empower risk teams to evolve policies without relying heavily on technical resources.
Perhaps the most important question is whether the platform supports only onboarding or the entire merchant lifecycle.
Modern merchant risk extends beyond application review.
Organizations should evaluate whether AI risk agents continue supporting:
A platform that ends at onboarding often requires multiple additional systems to manage merchants after approval.
Sponsor banks increasingly evaluate the quality of a payment organization's merchant risk program—not just the speed of merchant onboarding.
During audits and portfolio reviews, sponsor banks often expect organizations to demonstrate:
AI risk agents support these expectations by creating standardized workflows and comprehensive audit trails that explain how each underwriting decision was reached.
As regulatory expectations continue to evolve, organizations that invest in governance alongside automation are better positioned to scale merchant portfolios. This helps maintain sponsor bank confidence.
AI risk agents deliver the greatest value when they are integrated into a broader merchant risk strategy rather than deployed as standalone automation.
For many payment organizations, the challenge is not simply collecting more merchant data. It is connecting underwriting, monitoring, investigations, and transaction risk into a single operational workflow.
Coris addresses that challenge by combining merchant intelligence, configurable workflows, AI risk agents, and transaction monitoring into one platform. It supports the entire merchant lifecycle.
Instead of requiring analysts to switch between multiple systems, Coris centralizes the information needed to evaluate, investigate, and monitor merchants. This covers initial application through ongoing portfolio management.
Effective underwriting depends on context, not just verification.
Coris Merchant Intelligence continuously aggregates external signals that help underwriting teams understand how merchants operate beyond the information provided in an application.
These signals include:
Rather than asking analysts to manually collect this information, AI risk agents assemble and interpret these signals automatically. This allows teams to focus on decision-making instead of research.
Every payment organization manages risk differently.
Coris provides configurable underwriting workflows that align with an organization's policies, sponsor bank requirements, and operational processes.
Risk teams can define:
This flexibility enables organizations to standardize underwriting decisions while retaining full control over their risk policies.
Coris AI Risk Agents automate repetitive underwriting work while keeping experienced analysts in control of complex decisions.
They can:
The goal is not to replace underwriting expertise.
The goal is to enable underwriting teams to apply that expertise more consistently across every merchant application.
Merchant risk continues to evolve long after onboarding.
Coris extends AI risk agents beyond initial underwriting by continuously monitoring approved merchants for meaningful changes that could affect portfolio risk.
Examples include:
Rather than waiting for scheduled portfolio reviews, organizations can identify emerging risks earlier and respond before they develop into larger operational or financial issues.
An AI risk agent is software that autonomously performs merchant underwriting tasks using predefined policies, trusted data sources, and large language models (LLMs). Unlike traditional automation, AI risk agents can gather information, interpret findings, document decisions, and coordinate multi-step workflows with limited human intervention.
No.
AI risk agents are designed to augment experienced underwriting teams rather than replace them.
They automate repetitive research and documentation while allowing human analysts to focus on policy decisions, complex investigations, and exception handling where judgment remains essential.
Organizations generally achieve the best results by combining AI-driven automation with experienced risk professionals.
AI risk agents analyze multiple internal and external data sources simultaneously to identify patterns that may indicate elevated merchant risk.
Examples include:
Evaluating these signals together helps organizations identify risks that may not be apparent through document verification alone.
Sponsor banks increasingly expect payment organizations to demonstrate consistent underwriting practices, documented decision-making, and ongoing merchant oversight.
AI risk agents help support these expectations by standardizing workflows, creating comprehensive audit trails, and applying underwriting policies consistently across every merchant application.
Yes.
Merchant risk changes over time.
Ownership may change, websites may be updated, financial conditions may deteriorate, or fraud patterns may emerge after onboarding.
Organizations that combine underwriting with continuous monitoring generally gain earlier visibility into emerging risks than those relying solely on point-in-time onboarding reviews.
AI risk agents represent the next stage in the evolution of merchant underwriting.
Their value is not simply in automating repetitive tasks. It lies in helping payment organizations build underwriting programs that are consistent, scalable, and resilient as merchant portfolios grow.
As fraud tactics become more sophisticated—46% of institutions noted increased sophistication in 2025—regulatory expectations continue to evolve. Underwriting teams face increasing pressure to approve legitimate merchants quickly while maintaining strong governance and defensible risk decisions.
Organizations that treat AI risk agents as part of a broader merchant lifecycle strategy will be better positioned to balance growth and fraud prevention. They can also improve operational efficiency and sponsor bank confidence. They should avoid treating them merely as onboarding tools.
The most effective merchant risk programs combine experienced underwriters, well-defined policies, high-quality merchant intelligence, and AI-driven automation into a unified operating model. Rather than replacing human expertise, AI risk agents operationalize it, enabling organizations to scale decisions without sacrificing consistency, transparency, or control.
For payment organizations evaluating how to modernize merchant underwriting, the question is no longer whether AI will become part of the process. The more important question is how to implement it in a way that strengthens governance, improves operational efficiency, and supports the entire merchant lifecycle.