Compliance Logger

Turn compliance breaches into defensible, AI-triaged evidence.

The Compliance Logger is the single source of truth for every breach, incident, and whistleblower disclosure - named or anonymous. Each one is automatically scored, triaged, and mapped to your own uploaded policies, the moment it is reported. In a world of FICA, POCA, King IV™, and the Protected Disclosures Act, “we didn’t know” is no longer a defence.

flag
REF-7F3A9C
Anonymous disclosure · Finance
AI Triaged
Severity
HIGH
Risk score
78/100
policy
Policy match
AML Programme - Clause 4.2, p.11
gavel
Regulatory exposure
FICA §29 - reportable to the FIC in 15 business days
bolt
Recommended action
Freeze transaction · escalate to MLRO
check_circleGrounded in your policies · triaged in 4.2s · fully traceable
~80%
Reduction in incident triage time - AI drafts the assessment in seconds
~70%
Faster audit preparation - the audit trail is the evidence pack
<60s
To triage a real breach against your own uploaded policies
1
Single source of truth for every breach, incident, and disclosure
Why It Matters

Your most critical control is still running on email.

Regulators, boards, and auditors now expect firms to demonstrate - not merely assert - that breaches are identified, logged, investigated, and remediated. Spreadsheets and inboxes fail on every dimension a modern regulator tests.

FATF 40 RecommendationsFICAPOCAProtected Disclosures ActKing IV™IRBA CodeEU Whistleblower Directive
scatter_plot

Fragmented evidence

Breach details live across Outlook, Teams, WhatsApp, and personal notebooks. When the regulator asks for a chronology, nobody can produce one.

balance

Inconsistent triage

Two officers assess the same incident differently. Severity is subjective, with no link back to the policy that was actually breached.

campaign

Whistleblower risk

The Protected Disclosures Act, the EU Whistleblower Directive, and Sarbanes-Oxley §806 all demand safe, confidential channels. A shared inbox does not meet that bar.

history

Policy drift

Policies are updated annually, but breaches get assessed against whatever version someone last remembered. Gap analysis is ad-hoc and rarely documented.

schedule

Audit anxiety

When the SARB, FSCA, IRBA, or an external auditor arrives, teams burn weeks rebuilding timelines from screenshots - the definition of an un-defensible control.

gavel

Personal liability

Under King IV™ and the Companies Act §76, directors carry personal accountability. Without a demonstrable logging and remediation trail, that liability is unmanaged.

The result: compliance teams spend more time proving they are compliant than actually being compliant. The Compliance Logger closes that gap.

How It Works

From reported breach to remediated, on the record.

One consistent workflow takes every incident - named or anonymous - from the moment it is reported to the moment it is archived.

campaign
01

Capture

A breach or disclosure is reported through your branded portal - named or fully anonymous. The reporter gets a unique reference code to track status, with no account and no login required.

auto_awesome
02

AI triage

The moment it lands, the AI triages the incident against your own uploaded policies: severity rating, cited policy clauses, regulatory exposure, and escalation flags - before a human opens the case.

fact_check
03

Investigate

Assign the case, add internal or public notes, change status, and attach further evidence. Every single action is timestamped and written to an immutable audit log.

verified_user
04

Prove

The audit trail is your evidence pack. Export a self-contained incident report for board packs, regulator submissions, or external audit - in one click, always defensible.

The Intelligence Inside

Not a logging tool. A decision-making engine.

Four AI capabilities set the Compliance Logger apart from every legacy GRC or spreadsheet-based approach - and every one of them is grounded in your policies, not a vendor’s template.

01Grounded in Your Reality

Upload your own policies. The AI reads them, not templates.

Most tools ship a generic policy library you have to bend your business around. The Compliance Logger inverts that. Upload your actual AML programme, Code of Conduct, Sanctions Policy, POPIA/GDPR procedures, and Whistleblower Charter - in PDF, Word, or plain text. The system extracts, indexes, and semantically maps every clause, so all downstream reasoning is grounded in your policies exactly as they exist today.

PDF, Word, or plain-text ingestion
Every clause extracted, indexed, and semantically mapped
All AI output cites your policy - by section and page
auto_awesomePolicy Library
4 documents indexed
descriptionAML Programme.pdf
check_circle48 clauses
descriptionCode of Conduct.docx
check_circle31 clauses
descriptionSanctions Policy.pdf
check_circle27 clauses
descriptionWhistleblower Charter.pdf
check_circle36 clauses
check_circle142 clauses indexed · grounding all AI reasoning
02Test Before It Happens

AI-powered scenario testing & policy gap analysis.

Run “what-if” scenarios against your uploaded policies and get a policy-grounded verdict in seconds - complete with exact clause citations, a residual risk rating, the gaps where your policy is silent or contradictory, and recommended amendments written in your existing policy voice. This turns policy from a static document into a living, testable control.

Policy-grounded verdict with exact clause citations
Residual risk rating: Low / Medium / High / Critical
Alignment checks against FATF, FICA §21-29, and King IV™ P13
auto_awesomeScenario Test
Policy gap analysis
What-if query

A relationship manager accepts a USD 5,000 hospitality invitation from a PEP-linked client. Does our policy cover it?

VerdictPARTIALLY COVERED
Residual riskHIGH
Gap identifiedNo monetary threshold for PEP-linked gifts
check_circleRecommended amendment drafted in your policy voice
03Every Case, Pre-Assessed

Automated breach & whistleblower triage.

When a breach or anonymous disclosure lands, the AI triages it against your policies before a human even opens the case. Within seconds each incident is enriched with a severity rating and rationale, the applicable policy clauses, the regulatory provisions potentially triggered, suggested investigative steps, and escalation flags. Human reviewers stay in control - but they start every case with a defensible first draft, not a blank page.

Severity + rationale, cited policy clauses, regulatory exposure
Escalation flags - e.g. reportable to the FIC under FICA §29
Suggested investigative and remediation steps
auto_awesomeIncident Triage
REF-7F3A9C
SeverityHIGH
Policy clauseAML Programme §4.2 · Sanctions Policy §2.1
Regulatory exposureFICA §29 · POCA §31
EscalationFIC - 15 DAYS
check_circleFirst-draft assessment produced in 4.2 seconds
04Explainable by Design

Smart risk scoring & audit-ready everything.

Every incident carries a quantitative, explainable risk score derived from severity, reporter type, evidence weight, policy criticality, and regulatory exposure. Every AI recommendation is traceable - you can see exactly which policy clause, which precedent, and which regulation drove the output. The result is what regulators and auditors actually want: explainable AI, immutable audit trails, and reproducible reasoning.

Quantitative, weighted, fully explainable risk score
Every recommendation traceable to clause + precedent + regulation
Aligned with the EU AI Act & NIST AI RMF on AI accountability
auto_awesomeRisk Score
Explainable
Severity of breach90%
Reporter type (anonymous)60%
Evidence weight72%
Policy criticality85%
Regulatory exposure80%
Composite78/100
Production-Grade RegTech

Everything a compliance function needs in one workspace.

A purpose-built workspace for compliance professionals who need speed, clarity, and defensibility in equal measure.

Capture & Reporting|Every breach and disclosure enters through one consistent, validated workflow
diversity_3

Dual-Mode Capture

Log both named and fully anonymous disclosures through a single workflow, with a cryptographically unique reference code issued to every reporter.

public

Embeddable Public Portal

A branded, tokenised reporting portal for your website, email footer, intranet, posters, or QR code - file uploads and extended-period tracking included.

tag

Reference-Code Tracking

Anonymous reporters check the status of their report at any time with no account - satisfying the feedback duty under the EU Whistleblower Directive.

Investigate & Manage|Move every case from report to resolution without leaving the platform
monitoring

Real-Time Dashboard

Status filters, searchable tables, trend graphs, department filtering, overdue indicators, and one-click drill-down into any incident.

assignment_ind

Case Workflow

Assign incidents to specific admins, add public or internal notes, change status, and record the resolution reasoning behind every decision.

notifications_active

Overdue Detection

Scheduled background sweeps flag incidents that breach SLA thresholds - surfacing risk before the regulator or the board ever asks about it.

Evidence & Audit|The artefacts that stand up to a regulator, an auditor, or a court
lock

Immutable Audit Log

Every submission, status change, note, upload, download, and policy check is timestamped and attributed - satisfying FICA §42/43 record-keeping.

folder_shared

Evidence Vault

Secure file storage with signed download URLs, a per-file audit trail, and admin-controlled deletion. Evidence never leaves the platform.

description

Audit-Ready Reports

One-click, self-contained incident report exports for board packs, regulator submissions, and external audit files under ISAE 3000 or IRBA standards.

Administer & Integrate|Enterprise controls that keep reporting defensible as your org evolves
admin_panel_settings

Role-Based Access

Compliance officers, MLROs, admins, and read-only auditors each see only what they should - with full multi-tenant organisation isolation.

corporate_fare

Department Admin

Manage departments, assign managers, and soft-detach retired departments while preserving historical incident context and defensibility.

api

API-First & SSO

Every capability is available through a typed API for your GRC or SIEM stack, with single sign-on across the entire KYCopilot suite.

The Shift

From un-defensible to audit-ready.

Email & Spreadsheets
With Compliance Logger

Breach details scattered across Outlook, Teams, WhatsApp, and notebooks

One system of record - every incident timestamped, attributed, and searchable

Two officers assess the same incident differently, with no policy link

AI triages every case against the same policies, the same way, every time

Whistleblowers email an inbox nobody is required to protect

A branded, anonymous portal with a unique reference code and safe status tracking

Incidents judged against whatever policy version someone remembers

Every case scored against your policies exactly as they exist today

Audit prep means weeks rebuilding timelines from screenshots

The immutable audit trail is the evidence pack - exported in one click

The board sees stale quarterly summaries, already out of date

Live dashboards: overdue cases, trends, and systemic hotspots in real time

See It in Action

See your own policies triage a real breach.

Upload a policy, drop in a scenario, and watch the Compliance Logger produce a defensible, cited assessment in under 60 seconds. Compliance is no longer measured by the existence of policies - but by the evidence that they are known, tested, and remediated on the record.

Also in KYCopilot

Due Diligence

EDD Reports

Comprehensive AI-generated EDD reports in under 5 minutes - every risk area COMFORT scored, source-cited, and audit-ready.

Learn more

Entity Mapping

I2G™ Intelligence

Near-instant screening for persons and companies - sanctions, PEP/PIP, and adverse media across 22 categories - with corporate network mapping on every connected entity.

Learn more

Risk Scoring

COMFORT Score™

A single auditable risk score summarising your full due diligence picture across 22 categories.

Learn more

Jurisdiction Intel

Country Risk

FATF, Basel AML Index, and treaty compliance data across 200+ jurisdictions, continuously updated.

Learn more

More Client Results

Banking
High-Volume KYC Onboarding at Scale
Read case study
Supplier Risk
EDD Turnaround: 3 Days to 10 Minutes
Read case study
ADLA · Sanctions
FinSurv Sanctions Screening: 100% Pass
Read case study