Compliance & Privacy

Audit-ready every day.

Most firms' compliance program lives in spreadsheets, calendar reminders and one person's memory — exam prep is archaeology. Here it's an operating system: your domains, your rules, monitored against live data, with every sign-off already documented.

For the CCO

Your program, not a vendor template.

A domain is a named container — Investor KYC, Regulatory Filings, Code of Ethics, Fund Mandates, whatever you actually run — that turns on any mix of five modules: onboarding, obligations, attestations, registers, monitoring. Nothing about the regulatory content ships hardcoded.

  • Any mix of five modules — onboarding, obligations, attestations, registers and monitoring, enabled independently per domain.
  • Three-tier permissions, per domain — view, approve and manage scope cleanly to the people who actually run that program.
  • Zero hardcoded regulation — statuses, risk factors, checklists and frameworks are schema, not vendor content.
Compliance · Domains
Investor KYConboarding + monitoring
Regulatory Filingsobligations
Code of Ethicsattestations + registers
Fund Mandatesmonitoring
For onboarding teams

Screen once. Clear with a second signature.

Open a dossier on any subject object — an investor, a borrower, a counterparty — and score it against risk factors and tiers you defined. Screening, UBO trees, FATCA/CRS classification and checklists live on the same record; clearing it routes through a real approval, maker-checker enforced, self-approval blocked.

  • Works on any object — investors, borrowers or any subject you onboard, not a hardcoded "client" type.
  • Built-in blocks, your risk model — screening, UBO, FATCA/CRS and checklists toggle on per domain; tiers and factors are yours.
  • Clearance is an approval — a second person signs off before onboarding completes, and the system won't let you sign your own.
Dossier · Meridian Endowment — Investor KYC
Identity & UBO verified
Sanctions / PEP screening — no hits
FATCA / CRS classification
Risk scored · Tier 2 — clearance pending approvalPending
For whoever owns the filings

Every filing has a date — and an owner.

Define a framework — SEC, AIFMD, or one you wrote yourself — with recurring obligation templates, and the calendar builds itself: concrete deadlines with lead-time reminders, materialized from the recurrence rule, not from someone remembering to add it to Outlook.

  • Recurrence, not reminders — annual, quarterly or custom cadences generate the next concrete deadline automatically.
  • Lead-time nudges — reminders fire ahead of the date, scoped to whoever owns the filing.
  • Frameworks are yours — model SEC, AIFMD or an entirely internal policy the same way.
Obligations · Next 90 days
Jul 15Form ADV annual amendmentSECPrepared
Jul 31AIFMD Annex IVAIFMDIn review
Aug 29Form PFSECAssigned
Sep 30Custody auditSECScheduled
For everyone who signs

Certifications and disclosures, filed by everyone, missed by no one.

Run a certification — code of ethics, personal trading, an annual disclosure — as a campaign: assignments go out, signing is self-serve, and reminders chase the stragglers. Registers are the other half — user-defined intake logs for gifts & entertainment, PA dealing, complaints — filed by anyone, optionally approval-gated.

  • Campaigns, not spreadsheets — assignments, self-serve signing and automatic reminders for every certification cycle.
  • Registers are schema — define the fields once; anyone can file an entry, no form-builder detour.
  • Approval-gating is a toggle — some registers post straight through, others wait for a sign-off — your call, per register.
Code of Ethics · Q3 campaign
Q3 Code of Ethics · 24 of 31 signedCampaign
7 reminders scheduled
G&EGift received — Vantage board dinnerFiled by R. ChenLogged
PAPA trade request — AAPLFiled by M. SouzaAwaiting approval
For the mandate owner

Limits that watch themselves.

A limit — single-issuer concentration, a sector cap, a leverage covenant — becomes a computed restriction bound to a live query. The moment the data crosses the line, a breach opens itself; closing it out takes a second signature, same as clearing a dossier. Agreement terms — side letters, generalized — live alongside, ready to embed in any document.

  • Computed, not remembered — restrictions evaluate against live records; nobody has to notice the drift.
  • Breaches open themselves — the instant a query crosses its threshold, idempotently — no duplicate breach for the same violation.
  • Terms as data — side letters and mandate terms are structured fields you can drop straight into a document template.
Monitoring · Fund Mandates
8.2%Single issuer concentrationLimit ≤ 10%OK
28.7%Sector concentrationLimit ≤ 30%Watch
2.1×LeverageLimit ≤ 2.0×Breach opened · closeout pending
For the DPO / GC

Right-to-erasure, actually erased.

A data-subject request is a workflow, not a project: one click runs discovery and exports everything. Erasure anonymizes the record everywhere it appears — including the audit trail's own copies — behind a second approver. Retention rules apply keep-longest logic across every rule that touches a record, and a legal hold vetoes all of it.

  • Discovery and export, one click — DSAR requests resolve across every collection that touches personal data.
  • Erasure is thorough — anonymized everywhere, audit trail included, behind a second approval.
  • Retention with a veto — keep-longest across every rule that applies, and a legal hold stops erasure cold.
Privacy · Requests
DSAR export · L. Park — delivered
Erasure request · ex-employee — awaiting 2nd approval
Retention sweep · nightly — 0 overdueLegal hold active · 2 records
One approvals spine

Every sign-off, one queue.

Unified approvals

KYC clearances, waived obligations, register filings, breach closeouts and privacy erasures all route through the same approvals module — maker-checker everywhere, self-approval blocked.

Immutable audit

Every transition lands in the same audit trail as the rest of the firm — exam questions become export questions.

AI-assisted setup

Describe your compliance manual and the AI drafts the domains, frameworks and checklists for review — you commit, nothing installs itself.

Leverage per head

Where the hours come back.

CCO

The exam binder writes itself

Every domain, every sign-off and every breach closeout already lives in one audit trail — an exam request becomes an export, not a scramble.

GC / DPO

DSARs and erasure on rails

Discovery, export and erasure route through the same approval-gated workflow, with retention rules and legal hold enforced automatically.

COO

Mandates watched by the system, not a spreadsheet

Concentration limits and leverage covenants evaluate against live records continuously — a breach opens itself the moment the data crosses the line.

Onboarding team

KYC that doesn't bottleneck a closing

Dossiers, screening and clearance live on the record itself, so onboarding moves at the deal's pace, not the compliance queue's.

Get started

Bring your
compliance manual.

In 30 minutes we'll model one of your real domains — obligations, an attestation campaign and a mandate limit — and show the breach → approval → audit loop end to end.