---
title: "Connect ComplyCube to ChatGPT: Automate KYC and AML Risk Screening"
slug: connect-complycube-to-chatgpt-automate-kyc-and-aml-risk-screening
date: 2026-07-16
author: Nachi Raman
categories: ["AI & Agents"]
excerpt: "Learn how to connect ComplyCube to ChatGPT using a managed MCP server. Automate KYC workflows, analyze AML risk profiles, and execute compliance checks."
tldr: "Connecting ComplyCube to ChatGPT via a Model Context Protocol (MCP) server allows AI agents to automate KYC screening and AML checks. This guide shows you how to securely deploy a managed Truto MCP server, configure ChatGPT to run multi-step identity verification workflows, and enforce strict access controls."
canonical: https://truto.one/blog/connect-complycube-to-chatgpt-automate-kyc-and-aml-risk-screening/
---

# Connect ComplyCube to ChatGPT: Automate KYC and AML Risk Screening


If you need to automate KYC onboarding, execute AML checks, or audit identity verification logs, you need to connect ComplyCube to ChatGPT. You can either build and maintain custom integration infrastructure yourself, or use a managed platform like Truto to dynamically generate a [Model Context Protocol (MCP) server](https://truto.one/what-is-mcp-and-mcp-servers-and-how-do-they-work/). If your team uses Claude, check out our guide on [connecting ComplyCube to Claude](https://truto.one/connect-complycube-to-claude-manage-identity-and-document-verification/) or explore our broader architectural overview on [connecting ComplyCube to AI Agents](https://truto.one/connect-complycube-to-ai-agents-power-global-kyc-and-aml-workflows/).

Giving a Large Language Model (LLM) read and write access to a sprawling compliance and identity verification platform is a massive engineering undertaking. You are dealing with strict PII requirements, multi-step relational data models, and complex document handling endpoints. This guide breaks down exactly how to use Truto to generate a secure, managed MCP server for ComplyCube, connect it natively to ChatGPT, and execute complex risk screening workflows using natural language.

## The Engineering Reality of the ComplyCube API

A custom MCP server is a self-hosted integration layer that translates an LLM's tool calls into REST API requests. While the MCP standard provides a predictable way for models to discover capabilities, implementing it against vendor APIs requires managing the entire [integration lifecycle](https://truto.one/auto-generated-mcp-tools-for-ai-agents-a-2026-architecture-guide/).

If you decide to build a custom MCP server for ComplyCube, you must handle the API's specific domain logic. You are not just writing standard CRUD wrappers; you are navigating a highly relational architecture designed around asynchronous identity checks.

Here are the specific engineering challenges that break standard integration assumptions when working with ComplyCube:

### Relational Dependency Chains
An AI agent cannot simply "run a background check" in a single API call. The ComplyCube API enforces a strict relational hierarchy. First, you must create a Client. Then, you must attach a Document or a Live Photo to that Client. Only after the supporting artifacts exist can you create a Check against those specific resource IDs. If your MCP server does not expose these underlying schemas perfectly, the LLM will hallucinate the required IDs, attempt to run checks on non-existent documents, and fail.

### Binary File Constraints and Multipart Uploads
Uploading passports or identity cards requires precise handling. The ComplyCube API demands that images are sent via `multipart/form-data`. The files must be strictly JPG, PNG, or PDF, and they must fall between 34 KB and 4 MB in size. If an LLM attempts to pass a base64 encoded string to a standard JSON body, the API will reject it. Your infrastructure must handle the translation between the LLM's text output and the multipart format expected by the upstream endpoints.

### Destructive Redaction vs Standard Deletion
In compliance contexts, deleting a record is rarely as simple as an HTTP DELETE request. ComplyCube utilizes specialized redaction endpoints (e.g., `comply_cube_checks_redact`). This process removes the sensitive PII from the record while maintaining the underlying audit log for compliance purposes. Your MCP tools must differentiate between destructive deletes and compliant redactions, exposing the correct schemas for both.

### Rate Limits and 429 Errors
ComplyCube rate limits API requests to protect system stability. If your AI agent gets caught in a loop querying hundreds of risk profiles, the API will return a `429 Too Many Requests` error. Truto does not retry, throttle, or apply automatic backoff on rate limit errors. Instead, Truto normalizes upstream rate limit info into standardized headers (`ratelimit-limit`, `ratelimit-remaining`, `ratelimit-reset`) per the IETF specification. When ComplyCube returns an HTTP 429, Truto passes that exact error back to ChatGPT. Your orchestration logic or the LLM itself is completely responsible for reading the reset window and executing the retry.

## The Managed MCP Approach

Instead of forcing your engineering team to build, host, and maintain a custom Node.js or Python MCP server, Truto dynamically generates one for you, as part of our platform's ability to [bring 100+ custom connectors to ChatGPT](https://truto.one/bring-100-custom-connectors-to-chatgpt-with-superai-by-truto/). 

When you authenticate a ComplyCube account through Truto, the platform reads the integration's resource definitions and automatically derives the corresponding MCP tools. These tools are served over a secure JSON-RPC 2.0 endpoint that any MCP client can consume. There is no manual schema mapping, no token refresh logic to write, and no infrastructure to deploy.

### Method 1: Creating the MCP Server via the Truto UI

The fastest way to generate an MCP server is through the dashboard.

1. Navigate to the **Integrated Accounts** page for your connected ComplyCube instance.
2. Click the **MCP Servers** tab.
3. Click **Create MCP Server**.
4. Select your desired configuration (name, allowed methods, tags, and expiry).
5. Copy the generated MCP server URL. This URL contains the cryptographic token required for authentication.

### Method 2: Creating the MCP Server via the API

For teams building automated onboarding or dynamic agent provisioning, you can generate MCP servers programmatically. Send a `POST` request to the `/integrated-account/:id/mcp` endpoint.

```bash
curl -X POST https://api.truto.one/integrated-account/YOUR_ACCOUNT_ID/mcp \
  -H "Authorization: Bearer YOUR_TRUTO_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "ComplyCube Risk Analysis Agent",
    "config": {
      "methods": ["read", "custom"],
      "tags": ["kyc", "reporting"]
    },
    "expires_at": "2026-12-31T23:59:59Z"
  }'
```

The API returns a database record containing the newly minted server URL. The token in this URL is cryptographically hashed via HMAC before being stored in a distributed key-value store, ensuring rapid reverse lookups without exposing raw credentials.

```json
{
  "id": "mcp_abc123",
  "name": "ComplyCube Risk Analysis Agent",
  "config": { 
    "methods": ["read", "custom"], 
    "tags": ["kyc", "reporting"] 
  },
  "expires_at": "2026-12-31T23:59:59.000Z",
  "url": "https://api.truto.one/mcp/tkn_789xyz..."
}
```

## Connecting the MCP Server to ChatGPT

Once you have your Truto MCP URL, you must connect it to your LLM interface.

### Option A: Connecting via the ChatGPT UI

If you are using ChatGPT Enterprise, Pro, or Plus, you can connect the server directly in the browser.

1. In ChatGPT, navigate to **Settings > Apps > Advanced settings**.
2. Enable **Developer mode**.
3. Under the custom connectors section, click to add a new server.
4. **Name:** "ComplyCube Compliance Agent"
5. **Server URL:** Paste the Truto MCP URL.
6. Click **Save**.

ChatGPT will perform the MCP handshake, validate the JSON-RPC 2.0 endpoint, and ingest the tool descriptions and schemas. The tools are immediately available in your prompt context.

### Option B: Connecting via Manual Configuration (Custom AI Apps)

If you are integrating this into a custom agentic framework or a local development environment, you can use the official `@modelcontextprotocol/server-sse` transport package. Since Truto exposes an SSE (Server-Sent Events) compliant endpoint, the configuration is straightforward.

```json
{
  "mcpServers": {
    "complycube": {
      "command": "npx",
      "args": [
        "-y",
        "@modelcontextprotocol/server-sse",
        "--url",
        "https://api.truto.one/mcp/tkn_789xyz..."
      ]
    }
  }
}
```

## ComplyCube Hero Tools

When the LLM connects to the MCP server, Truto dynamically generates the tool definitions from the integration's documentation records. The query parameters and request bodies share a flat input namespace, which Truto intelligently routes to the upstream API.

Here are the highest-leverage tools available for your ComplyCube agent.

### comply_cube_clients_get_risk_profile

Retrieves the comprehensive risk profile for a specific client, aggregating country risk, political exposure (PEP), and global watchlist data.

**Usage note:** This tool is essential for automated triage. Agents should call this immediately after an onboarding event to determine if manual review is required based on the `overallRisk` score.

> "Fetch the risk profile for client ID 'c_555444'. If the politicalExposureRisk or watchlistRisk is flagged as high, draft a summary of the risk factors for the compliance team."

### create_a_comply_cube_check

Initiates a new compliance check against a specific client. This can trigger standard identity verification, extensive screening, or document validation.

**Usage note:** You must pass the `clientId` and the specific `type` of check (e.g., `standard_screening_check`). The agent will receive a pending status and must query the check later to retrieve the final result.

> "Initiate a standard screening check for the newly created client ID 'c_999888'. Let me know what the initial status of the check is."

### comply_cube_checks_validate

Allows human-in-the-loop workflows or AI agents to explicitly validate and finalize the outcome of a pending or flagged check.

**Usage note:** Requires the `check_id` and the explicit `outcome` string. This is typically used when an automated check returns a "review" status, and the agent determines the flag was a false positive.

> "Update the outcome of check ID 'chk_111222' to 'clear'. It was flagged for a minor address mismatch, but the utility bill matches the stated residence."

### comply_cube_reports_generate_client_report

Generates a comprehensive PDF audit report for a specific client, containing all historical checks, documents, and risk profiles.

**Usage note:** The API returns the PDF as a base64-encoded string in the `data` parameter. The agent can decode this or pass it to downstream reporting systems.

> "Generate a full client report for client ID 'c_333222'. Extract the base64 data and let me know when the report generation is complete."

### comply_cube_documents_upload_image

Uploads an image attachment (front or back of an ID) to a specific document record within ComplyCube.

**Usage note:** Requires the `document_id`, the `side` (e.g., front or back), a `fileName`, and the binary `data`. The agent must ensure the file is under the 4 MB limit before attempting the upload.

> "Attach the provided passport scan as the front image for document ID 'doc_777888'. Ensure the file name is 'passport_front.jpg'."

### comply_cube_workflow_sessions_complete

Forces a workflow session to complete, instantly triggering all configured verification checks associated with that session template.

**Usage note:** Useful for bypass testing or forcing an immediate resolution on a session that is stuck in a 'started' state waiting for user input.

> "The user has uploaded all required documents via the portal. Trigger completion on workflow session ID 'ws_444555' so the background checks begin running."

To view the complete inventory of available resources, schemas, and custom methods, visit the [ComplyCube integration page](https://truto.one/integrations/detail/complycube).

## Workflows in Action

Connecting ChatGPT to ComplyCube unlocks autonomous compliance operations. By chaining multiple tools together, the LLM can resolve complex investigations without human intervention. Here are two real-world scenarios.

### Scenario 1: Automated KYC Alert Triage

When a high-volume onboarding pipeline flags a new user, compliance analysts waste hours manually reviewing standard false positives. An AI agent can automatically investigate the alert, retrieve the risk profile, and summarize the findings.

> "A new user onboarding just flagged in the system. Get the risk profile for client ID 'c_909090'. If the risk is elevated due to a watchlist hit, fetch their most recent checks and summarize the exact reason for the failure. Do not validate the check; just prepare the brief."

```mermaid
sequenceDiagram
    participant User as User Prompt
    participant GPT as ChatGPT
    participant Truto as Truto MCP
    participant CC as ComplyCube API

    User->>GPT: "Get risk profile for c_909090..."
    GPT->>Truto: call tool: comply_cube_clients_get_risk_profile (c_909090)
    Truto->>CC: GET /clients/c_909090/risk-profile
    CC-->>Truto: { overallRisk: "high", watchlistRisk: "match" }
    Truto-->>GPT: Return JSON profile
    
    GPT->>Truto: call tool: list_all_comply_cube_checks (clientId: c_909090)
    Truto->>CC: GET /clients/c_909090/checks
    CC-->>Truto: [ { id: "chk_123", type: "standard", status: "failed" } ]
    Truto-->>GPT: Return list of checks
    
    GPT->>User: "The client is flagged as high risk due to a watchlist match. Check chk_123 failed against the PEP database..."
```

**What happens:**
1. The agent calls `comply_cube_clients_get_risk_profile` to assess the overall threat level.
2. Upon seeing the `watchlistRisk` flag, the agent calls `list_all_comply_cube_checks` filtering by the client ID.
3. The agent reads the failure reason from the check results and synthesizes a concise, actionable brief for the compliance officer.

### Scenario 2: Generating Audit Evidence for Corporate Clients

During a regulatory audit, compliance teams must rapidly produce evidence of KYC checks for hundreds of accounts. The AI agent can fully automate the extraction and report generation process.

> "We have an audit request for Acme Corp. Search our company lookups for 'Acme Corp' in the UK. Find their associated client ID, generate a full PDF client report, and list out the active workflow sessions tied to that account."

```mermaid
sequenceDiagram
    participant User as User Prompt
    participant GPT as ChatGPT
    participant Truto as Truto MCP
    participant CC as ComplyCube API

    User->>GPT: "Search company lookups for Acme Corp..."
    GPT->>Truto: call tool: list_all_comply_cube_company_lookup (companyName: "Acme Corp", country: "GB")
    Truto->>CC: GET /company-lookups?companyName=Acme+Corp&incorporationCountry=GB
    CC-->>Truto: { id: "c_456456", name: "Acme Corp" }
    Truto-->>GPT: Return company record
    
    GPT->>Truto: call tool: comply_cube_reports_generate_client_report (clientId: c_456456)
    Truto->>CC: POST /clients/c_456456/reports
    CC-->>Truto: { data: "JVBERi0x...", contentType: "application/pdf" }
    Truto-->>GPT: Return base64 PDF data
    
    GPT->>User: "Found Acme Corp (c_456456). The client report has been generated. Here is the status of their active workflow sessions..."
```

**What happens:**
1. The agent searches for the entity using `list_all_comply_cube_company_lookup` to resolve the string name into a concrete ID.
2. Using the resolved ID, the agent triggers `comply_cube_reports_generate_client_report` to create the immutable audit artifact.
3. The agent queries `list_all_comply_cube_workflow_sessions` to verify if any secondary onboarding steps are still pending, providing the user with a complete picture of the account's compliance state.

## Security and Access Control

Exposing a compliance system to an LLM requires strict boundary enforcement. Truto provides four distinct layers of security at the MCP token level, which is essential when [handling auth and tool sharing in multi-agent frameworks via MCP](https://truto.one/handling-auth-tool-sharing-in-multi-agent-frameworks-via-mcp/).

*   **Method Filtering:** You can restrict a server to specific operations via `config.methods`. Passing `["read"]` ensures the agent can only execute `GET` and `LIST` requests, preventing it from accidentally creating new checks, updating client records, or deleting evidence.
*   **Tag Filtering:** Limit the surface area by specifying `config.tags`. For example, setting `tags: ["reporting"]` restricts the LLM to only discovering tools related to report generation, completely hiding the underlying KYC verification endpoints.
*   **API Token Authentication:** By default, the MCP URL acts as a bearer token. For higher security environments, setting `require_api_token_auth: true` forces the client to also provide a valid Truto API token in the `Authorization` header. This ensures that a leaked MCP URL cannot be exploited by unauthorized external actors.
*   **Automated Expiration:** For temporary audit tasks or contract worker access, set an `expires_at` timestamp. Truto utilizes an automated expiry scheduler to completely destroy the token and its associated capabilities at the exact specified time, leaving no stale access vectors.

## Orchestrating Compliance at Scale

Writing custom integration code to handle ComplyCube's multipart image uploads, relational dependencies, and continuous monitoring webhooks takes weeks of engineering effort. Maintaining those schemas as the API evolves is a perpetual tax on your development team.

By deploying a managed MCP server via Truto, you bypass the boilerplate entirely. Your AI agents gain immediate, schema-aware access to the ComplyCube API, complete with cursor pagination, standardized error handling, and robust access controls. You stop writing custom API wrappers and start shipping autonomous compliance workflows.

:::cta{buttonText="Talk to us" buttonUrl="https://cal.com/truto/partner-with-truto"} 
Ready to connect ComplyCube to your AI agents? Book a technical deep dive with our engineering team.
:::
