M&AIslamic financeMulti-agentPrototype

AI Due Diligence Agent for M&A with Shariah Screening

Autonomous multi-agent system covering the full M&A due diligence pipeline, including Shariah compliance verification for Islamic finance transactions.

Executive summary

An autonomous multi-agent system covering the full M&A due diligence pipeline: target sourcing, data room analysis, contractual clause extraction, risk scoring, and Shariah compliance verification for Islamic finance transactions. Designed for M&A teams handling files of 50 to 5,000 documents under time pressure.

Business problem

A standard M&A due diligence on a mid-market target requires 3 to 5 weeks of analysis by a team of 4 to 6 people. For transactions involving Islamic finance, an additional layer of manual Shariah verification is required — debt ratio screening, identification of prohibited activities (riba, gharar, maysir), validation of structures (Murabaha, Sukuk, Mudarabah) — which can double processing time and introduce interpretation inconsistencies across jurisdictions.

Solution

A multi-agent pipeline orchestrated by LangGraph: a sourcing agent continuously scans market signals, a triage agent categorises data room documents, an extraction agent identifies critical clauses (change of control, indemnities, IP), a scoring agent aggregates risks into a dashboard, and a Shariah agent verifies compliance against AAOIFI and DJIM standards. Every decision is traced, explained, and auditable.

Target KPIs

5 sem. → 4j

Average due diligence duration

100%

Document coverage (vs 5–10% manual)

60%

Shariah compliance processing reduction

< 2h

Initial scoring time on new target

Technical architecture

A pipeline of 6 orchestrated LangGraph agents. Agent 1 — Sourcing: continuous monitoring of market signals (financial databases, sector news, regulatory filings), alerts on potential targets. Agent 2 — Data room ingestion: multi-format parsing (PDF, Word, Excel, emails), OCR on scanned documents, automatic classification. Agent 3 — Contractual extraction: identification of critical clauses (change of control, indemnities, non-compete, IP), cross-contract comparison, anomaly detection. Agent 4 — Risk scoring: aggregation into a weighted score by category (financial, legal, operational, regulatory), interactive dashboard. Agent 5 — Shariah compliance: screening per AAOIFI, DJIM, FTSE Shariah, ratio verification, prohibited activity identification, Islamic structure validation. Agent 6 — Synthesis: automatic generation of the due diligence report with source citations, confidence levels, and prioritised recommendations.

General architecture

draw.ioPipeline M&A Due Diligence — Vue générale
COUCHE 1 — SOURCES DE DONNÉESData room VDRDocuments dealContrats, financiersBases financièresBloomberg, RefinitivBenchmarks sectorielsFilings publicsSEC, AMF, ESMARapports annuelsNews et signauxActualité M&AAlertes stratégiquesCOUCHE 2 — INGESTION ET PARSINGOCR + ParsingMulti-format PDF/WordExcel, emails scannésClassificationJuridique / financièrePar catégorie docMetadata extractionDates, parties, montantsClauses identifiéesCOUCHE 3 — AGENTS SPÉCIALISÉSAgent ExtractionClauses critiquesChange of control, IPAgent ScoringRisques pondérésScore par catégorieAgent ShariahAAOIFI, DJIM, FTSEScreening islamiqueAgent AnalyseRatios financiersValorisationCOUCHE 4 — ORCHESTRATIONLangGraphOrchestration statefulReplay de sessionsMémoire partagéeRedis inter-agentsContext windowContext mgmtCompressionToken budgetingHuman-in-the-loopCheckpoints critiquesValidation humaineCOUCHE 5 — OUTPUTSRapport DDDue diligence completCitations sourcesDashboard risquesScore pondéréVue par catégorieScoring Shariah5 méthodologiesRatios brutsRecommandationsDeal teamHiérarchiséesCOUCHE 6 — AUDIT ET TRAÇABILITÉAudit trailDécisions tracéesCitations sourcesExtraction référencéeNiveaux confianceScore par findingExport VDRRapport + données brutesLÉGENDE — OPTIONS PAR COUCHESources : VDR (Datasite, Intralinks) + Bloomberg Terminal + EDGAR / AMF + web scrapingIngestion : AWS Textract (OCR) + Unstructured.io (PDF complexes) + LangChain document loadersAgents : LangGraph multi-agent stateful — chaque agent a son propre tool registry et mémoireOrchestration : LangGraph orchestrator + Redis mémoire partagée + checkpoints humains natifsOutputs : rapport PDF (Puppeteer) + dashboard Next.js + export Excel + scoring Shariah multi-méthodologieAudit : PostgreSQL immuable + citations par finding + niveaux de confiance + export compliance

Chosen concrete stack

draw.ioPipeline M&A Due Diligence — Stack concrète
SOURCESBloomberg TerminalAPI financièreDonnées deal-timeRefinitiv EikonM&A compsFilings sectorielsSEC / AMF FilingsRapports annuelsProspectus, 10-KPlaywrightWeb scrapingNews, signauxINGESTION — AWS S3 + Textract + LangChainAWS S3Data room isoléeBucket par deal_idAWS TextractOCR managé99%+ précisionLangChain LoadersPDF, Word, ExcelEmails, HTMLUnstructured.ioPDF complexesTables, layoutsVECTOR STORE — pgvector Supabase (isolation deal_id)Table documentsid · content · embedding(1536) · metadata jsonb · deal_id · locked_atIndex HNSWcosine similarity · RLS actif par deal_idIsolation totale0 fuite inter-dealORCHESTRATION — LangGraph + LangSmith + RedisLangGraphMulti-agent statefulCheckpoints natifsLangSmithTraces completsAudit exportableRedisMémoire partagéeContext inter-agentsHuman-in-the-loopCheckpoints dealValidation critiqueLLM — Claude Opus 4.6 + Claude Sonnet 4.6 + Halal TerminalClaude Opus 4.6Raisonnement juridique1M ctx — data rooms densesClaude Sonnet 4.6Extraction haute vitesseClassification, scoringHalal Terminal APIAAOIFI, DJIM, FTSEMSCI, S&P — 58 endpointsOUTPUT — Next.js + Puppeteer + ExcelNext.js DashboardRisques interactifsPDF PuppeteerRapport completExport ExcelDonnées brutes dealSÉCURITÉAES-256 + RLSAudit trail PostgreSQLSTACK CHOISIE — JUSTIFICATIONSLangGraphOrchestration stateful multi-agent, checkpoints humains natifs, replay de sessions en cas d'erreurClaude Opus 4.6Meilleur modèle pour raisonnement juridique long, 1M ctx pour data rooms de 2 000+ documentsClaude Sonnet 4.6Extraction et classification haute vitesse — 3x plus rapide qu'Opus pour les tâches structuréespgvectorIsolation deal_id native SQL, ACID transactions, 0 fuite inter-deal — alternative à Pinecone évitéeHalal TerminalSeule API avec 5 méthodologies simultanées (AAOIFI, DJIM, FTSE, MSCI, S&P) et intégration MCPAWS TextractOCR managé AWS, 99%+ précision sur documents financiers scannés, intégration S3 nativeLangSmithTraçabilité complète des décisions agent, audit trail exportable pour compliance réglementaire

Competitive advantages

Market tools (Kira, Harvey, LEGALFLY) cover contractual analysis but none natively combines M&A due diligence and Shariah verification in a unified pipeline. The integration of 5 simultaneous Islamic screening methodologies (AAOIFI, DJIM, FTSE, MSCI, S&P) with full ratio traceability is unique in the European market and represents a decisive advantage on deals involving Gulf funds, Malaysian institutions, or Sukuk structures.

Risks and mitigations

Primary risk: hallucination on critical legal clauses. Mitigation: mandatory source citations on every extraction, displayed confidence score, systematic human validation on high-impact findings.

Second risk: Shariah interpretation divergence across jurisdictions (Malaysia, Gulf, Europe). Mitigation: the Shariah agent exposes all 5 methodologies simultaneously with raw ratios, the final decision remains human.

Third risk: deal data confidentiality in LLM calls. Mitigation: prompt engineering without nominal data, embedding encryption, on-premise option via Claude on AWS Bedrock.

Impact

Prototype / evaluation in progress.

Detailed impact data available on request.

Project scope

Pilot scope: 1 mid-market deal, corpus of 500 to 2,000 documents, including 20 to 50 contracts with Shariah clauses. POC duration: 8 weeks. Constraints: absolute deal data confidentiality, per-transaction isolation, regulatory audit trail. Compliance: GDPR, EU-hosted data, end-to-end encryption, role-based access per deal team.

Hosting and resilience

AWS eu-west-3 infrastructure for EU data residency. Full per-deal isolation: each transaction in a dedicated Supabase namespace with RLS. Target availability: 99.5% during the active deal period. Automatic data purge 90 days post-closing. Degraded mode: non-critical agents deactivate without blocking the main pipeline.

Role

Architecture multi-agent, Shariah compliance design, LangGraph orchestration, security review

Tech stack

LangGraphClaude Opus 4.6Claude Sonnet 4.6pgvectorSupabaseAWS TextractAWS S3LangSmithHalal Terminal APIAAOIFIUnstructured.ioNext.jsRedisPlaywright

Timeline

1

S1–S2

Ingestion

Data room ingestion and OCR pipeline

2

S3–S4

Extraction

Extraction agents and risk scoring

3

S5–S6

Shariah

Shariah agent and LangGraph orchestration

4

S7–S8

Production

Dashboard, audit trail, live deal test