Turn compliance breaches into defensible, AI-triaged evidence.
The Compliance Logger is the single source of truth for every breach, incident, and whistleblower disclosure - named or anonymous. Each one is automatically scored, triaged, and mapped to your own uploaded policies, the moment it is reported. In a world of FICA, POCA, King IV™, and the Protected Disclosures Act, “we didn’t know” is no longer a defence.
Your most critical control is still running on email.
Regulators, boards, and auditors now expect firms to demonstrate - not merely assert - that breaches are identified, logged, investigated, and remediated. Spreadsheets and inboxes fail on every dimension a modern regulator tests.
Fragmented evidence
Breach details live across Outlook, Teams, WhatsApp, and personal notebooks. When the regulator asks for a chronology, nobody can produce one.
Inconsistent triage
Two officers assess the same incident differently. Severity is subjective, with no link back to the policy that was actually breached.
Whistleblower risk
The Protected Disclosures Act, the EU Whistleblower Directive, and Sarbanes-Oxley §806 all demand safe, confidential channels. A shared inbox does not meet that bar.
Policy drift
Policies are updated annually, but breaches get assessed against whatever version someone last remembered. Gap analysis is ad-hoc and rarely documented.
Audit anxiety
When the SARB, FSCA, IRBA, or an external auditor arrives, teams burn weeks rebuilding timelines from screenshots - the definition of an un-defensible control.
Personal liability
Under King IV™ and the Companies Act §76, directors carry personal accountability. Without a demonstrable logging and remediation trail, that liability is unmanaged.
The result: compliance teams spend more time proving they are compliant than actually being compliant. The Compliance Logger closes that gap.
From reported breach to remediated, on the record.
One consistent workflow takes every incident - named or anonymous - from the moment it is reported to the moment it is archived.
Capture
A breach or disclosure is reported through your branded portal - named or fully anonymous. The reporter gets a unique reference code to track status, with no account and no login required.
AI triage
The moment it lands, the AI triages the incident against your own uploaded policies: severity rating, cited policy clauses, regulatory exposure, and escalation flags - before a human opens the case.
Investigate
Assign the case, add internal or public notes, change status, and attach further evidence. Every single action is timestamped and written to an immutable audit log.
Prove
The audit trail is your evidence pack. Export a self-contained incident report for board packs, regulator submissions, or external audit - in one click, always defensible.
Not a logging tool. A decision-making engine.
Four AI capabilities set the Compliance Logger apart from every legacy GRC or spreadsheet-based approach - and every one of them is grounded in your policies, not a vendor’s template.
Upload your own policies. The AI reads them, not templates.
Most tools ship a generic policy library you have to bend your business around. The Compliance Logger inverts that. Upload your actual AML programme, Code of Conduct, Sanctions Policy, POPIA/GDPR procedures, and Whistleblower Charter - in PDF, Word, or plain text. The system extracts, indexes, and semantically maps every clause, so all downstream reasoning is grounded in your policies exactly as they exist today.
AI-powered scenario testing & policy gap analysis.
Run “what-if” scenarios against your uploaded policies and get a policy-grounded verdict in seconds - complete with exact clause citations, a residual risk rating, the gaps where your policy is silent or contradictory, and recommended amendments written in your existing policy voice. This turns policy from a static document into a living, testable control.
A relationship manager accepts a USD 5,000 hospitality invitation from a PEP-linked client. Does our policy cover it?
Automated breach & whistleblower triage.
When a breach or anonymous disclosure lands, the AI triages it against your policies before a human even opens the case. Within seconds each incident is enriched with a severity rating and rationale, the applicable policy clauses, the regulatory provisions potentially triggered, suggested investigative steps, and escalation flags. Human reviewers stay in control - but they start every case with a defensible first draft, not a blank page.
Smart risk scoring & audit-ready everything.
Every incident carries a quantitative, explainable risk score derived from severity, reporter type, evidence weight, policy criticality, and regulatory exposure. Every AI recommendation is traceable - you can see exactly which policy clause, which precedent, and which regulation drove the output. The result is what regulators and auditors actually want: explainable AI, immutable audit trails, and reproducible reasoning.
Everything a compliance function needs in one workspace.
A purpose-built workspace for compliance professionals who need speed, clarity, and defensibility in equal measure.
Dual-Mode Capture
Log both named and fully anonymous disclosures through a single workflow, with a cryptographically unique reference code issued to every reporter.
Embeddable Public Portal
A branded, tokenised reporting portal for your website, email footer, intranet, posters, or QR code - file uploads and extended-period tracking included.
Reference-Code Tracking
Anonymous reporters check the status of their report at any time with no account - satisfying the feedback duty under the EU Whistleblower Directive.
Real-Time Dashboard
Status filters, searchable tables, trend graphs, department filtering, overdue indicators, and one-click drill-down into any incident.
Case Workflow
Assign incidents to specific admins, add public or internal notes, change status, and record the resolution reasoning behind every decision.
Overdue Detection
Scheduled background sweeps flag incidents that breach SLA thresholds - surfacing risk before the regulator or the board ever asks about it.
Immutable Audit Log
Every submission, status change, note, upload, download, and policy check is timestamped and attributed - satisfying FICA §42/43 record-keeping.
Evidence Vault
Secure file storage with signed download URLs, a per-file audit trail, and admin-controlled deletion. Evidence never leaves the platform.
Audit-Ready Reports
One-click, self-contained incident report exports for board packs, regulator submissions, and external audit files under ISAE 3000 or IRBA standards.
Role-Based Access
Compliance officers, MLROs, admins, and read-only auditors each see only what they should - with full multi-tenant organisation isolation.
Department Admin
Manage departments, assign managers, and soft-detach retired departments while preserving historical incident context and defensibility.
API-First & SSO
Every capability is available through a typed API for your GRC or SIEM stack, with single sign-on across the entire KYCopilot suite.
From un-defensible to audit-ready.
Breach details scattered across Outlook, Teams, WhatsApp, and notebooks
One system of record - every incident timestamped, attributed, and searchable
Two officers assess the same incident differently, with no policy link
AI triages every case against the same policies, the same way, every time
Whistleblowers email an inbox nobody is required to protect
A branded, anonymous portal with a unique reference code and safe status tracking
Incidents judged against whatever policy version someone remembers
Every case scored against your policies exactly as they exist today
Audit prep means weeks rebuilding timelines from screenshots
The immutable audit trail is the evidence pack - exported in one click
The board sees stale quarterly summaries, already out of date
Live dashboards: overdue cases, trends, and systemic hotspots in real time
See your own policies triage a real breach.
Upload a policy, drop in a scenario, and watch the Compliance Logger produce a defensible, cited assessment in under 60 seconds. Compliance is no longer measured by the existence of policies - but by the evidence that they are known, tested, and remediated on the record.
Also in KYCopilot
Due Diligence
EDD Reports
Comprehensive AI-generated EDD reports in under 5 minutes - every risk area COMFORT scored, source-cited, and audit-ready.
Entity Mapping
I2G™ Intelligence
Near-instant screening for persons and companies - sanctions, PEP/PIP, and adverse media across 22 categories - with corporate network mapping on every connected entity.
Risk Scoring
COMFORT Score™
A single auditable risk score summarising your full due diligence picture across 22 categories.
Jurisdiction Intel
Country Risk
FATF, Basel AML Index, and treaty compliance data across 200+ jurisdictions, continuously updated.