Compliance Officer / MLRO
Our in-house regulator. Reviews escalated applications, signs off on suspicious activity reports, runs monitoring on lenders and brokers, and is the human in Gate 3. No transaction powers — they review, decide, and document. Their console is the artefact we hand the regulator on demand.
What the compliance team does
Six recurring jobs, each with its own console surface. None of them touch money or move state on customer flows directly — they decide, and the platform acts.
Gate 3 review
Sign off (or decline) every onboarding file flagged HIGH risk or rule-flagged. Mandatory for sellers and investors regardless of score.
SAR register
File and track suspicious activity reports to the NCA. Hashed party identifiers in every view to prevent tipping-off.
Pre-trade log review
Sample-audit the secondary-market pre-trade checklists; flag any pattern of "yes-on-all" rubber-stamping. Quarterly export to the FCA Sandbox team.
Lender & broker monitoring
Continuous: FCA register deltas, sanctions deltas, defaults YTD per lender, decline patterns per broker.
Decision matrix
The "if X happens, do Y" playbook. Versioned, signed off by Priya, exported as the firm's risk-policy artefact.
Retention & subject access
Track record retention (5 years standard, 6 years for SARs); fulfil DSARs from /admin/users.
The console · /compliance
The landing page for everyone with the compliance_officer role. KPI strip for "is anything on fire", a queue of items needing decision, and shortcuts to every sub-tool.
Compliance console
Tuesday 22 May 2026 · MLRO on duty: Priya Lall
Today's queue · awaiting your decision
Live alerts (Gate 4)
MLRO queue · /compliance/mlro-queue
Where Priya spends most of her day. Each entry is an onboarding file or an in-life subject that the rules say a human must decide on.
Coppergate Joinery Ltd · seller onboarding
FX-APP-77241 · Submitted 22 May 2026 11:02
Subject summary
Coppergate Joinery Ltd · Companies House (CH) 07452983 · Active · 12 years incorporated · 18 staff · ~£3.2M turnover
UBOs: Aisha Mahmood (62%), Daniel Hartley (38%) — both verified · Sumsub GREEN · ComplyAdvantage clear
Risk score
LOW · 14 / 100 · primary positive signals: company age, low UBO count, low-risk Standard Industrial Classification (SIC) industry
Source of funds (declared)
Trading revenue from joinery work, primarily for United Kingdom (UK) retail and education-sector buyers. Largest customer Northwind Retail (38% of revenue).
Provenance & evidence
- CH lookup at 10:42 · status active · view
- Sumsub identity (Aisha Mahmood) · GREEN at 10:54 · view payload
- Sumsub identity (Daniel Hartley) · GREEN at 10:58 · view payload
- ComplyAdvantage screening (entity + UBOs) · all clear at 11:01 · view payload
- Confirmation of Payee (CoP) on bank account · matched at 11:01 · view payload
Your decision
Suspicious Activity Reports · /compliance/sar
When a subject's behaviour is consistent with money laundering or financial crime, the MLRO files a SAR with the National Crime Agency. The console anonymises party names behind hashes — POCA §333A makes "tipping off" the suspect a criminal offence.
SAR register
Filings to the National Crime Agency. Subject names are hashed in this view; full identities visible only on the detail page to MLRO + nominated deputy.
0xa11f…2b070x7c92…ed180xfd44…01a3Pre-trade log · /compliance/pre-trade
Every secondary-market pre-trade check from investor T3 lands here. Priya samples 10% of trades for human audit; the regulator can pull the full log on demand.
Pre-trade compliance log
Required by FCA / Bank of England Digital Securities Sandbox · last 30 days · 1,847 entries
Decision matrix · /compliance/decision-matrix
The "if X happens, do Y" playbook. Priya owns this; engineering implements the rules; the regulator reads it as proof of consistency.
| Trigger | Routes to | Outcome | Customer-facing message |
|---|---|---|---|
| Sumsub RED on a customer-side identity | Auto-decline at Gate 1 | SUBJECT_DECLINED | "We could not approve your application." |
| Sumsub YELLOW · all other gates green | MLRO queue | Manual decision | "Your application is under review — we'll be in touch within 2 business days." |
| ComplyAdvantage match · sanctions list | Auto-decline at Gate 2 + auto-SAR | SUBJECT_DECLINED · SAR opened | "We could not approve your application." |
| ComplyAdvantage match · Politically Exposed Person (PEP) only | MLRO queue | Enhanced due diligence required before approval | "Your application is under review." |
| Risk score HIGH | MLRO queue | Manual decision | "Your application is under review." |
| Buyer rejects an invoice (any subject) | Compliance review | Investigate · open SAR if pattern | "On hold while we check the details with both sides." |
| 3 buyer rejections from same originator in 30d | Auto-SAR + originator freeze | SUBJECT_FROZEN · SAR opened | "We've paused new submissions on your account while we conclude a routine review." |
| Lender FCA permission revoked | Compliance review · auto-freeze | SUBJECT_FROZEN_FCA | Lender notified by direct email. |
| Investor pre-trade fails Q2 (sanctions) | MLRO queue | Investigate · re-screen | "We need to recheck your firm before any new trade." |
| On-chain Chainalysis attribution to a sanctioned wallet | Auto-freeze + MLRO queue + SAR | SUBJECT_FROZEN · SAR opened | (none — POCA tipping-off) |
v3.4 as of writing), every change requires Priya's signed approval, and the previous version remains queryable at /compliance/decision-matrix/v3.3. The active version is exported as part of the firm's quarterly Sandbox return.
Agent proposals · /compliance/ai-decisions
The compliance-ai service attaches a proposed verdict and a SparseScore explanation to every Gate 3 case, Gate 4 alert, and pre-trade entry. The proposal is advisory — Priya and her team remain the decision-makers. Full service spec in AI compliance.
What's new in the queue
The MLRO queue grows an Agent proposal column showing a verdict pill (approve / escalate / decline) and a confidence band. Clicking it opens the SparseScore panel without leaving the queue.
What's new on submission detail
A SparseScore card sits next to the existing risk-score card. It lists top signals with regulatory anchors (MLR 2017 sections, Markets in Financial Instruments Directive II (MiFID II) rules, Financial Action Task Force (FATF) typologies), confidence, and the counterfactual ("if X had been observed, the verdict would have been Y").
What's new on the pre-trade log
The existing "filter: anomalies only" control now defers to the agent's anomaly score. Streaks of "yes-on-all" rubber-stamps, sub-median answer times, and statistically unusual patterns rise to the top automatically.
Override accounting
Every accept / override of an agent proposal is a separate audit entry, with Priya's free-text rationale required. The "accepted vs overridden" rate is a tracked metric and a monthly reading for the MLRO.
Authority during cohort
Advisory only. The agent cannot file a SAR, cannot freeze a subject, cannot approve a gate, cannot move money. Every existing auto-rule (sanctions hit → freeze + SAR, 3 buyer rejections → originator freeze, etc.) is unchanged.
Fails closed
If the agent service is unreachable the queue continues to operate manually with the existing rule-based score. No customer flow is gated on agent availability. Operator console at /admin/compliance-ai shows live health and model version.
Coppergate Joinery Ltd · seller onboarding
FX-APP-77241 · Submitted 22 May 2026 11:02
Risk score (rule-based)
LOW · 14 / 100 · primary positive signals: company age, low UBO count, low-risk SIC industry
Agent proposal · SparseScore
approve · confidence 0.91 · compliance-ai v0.4.2 · policy seller-MLRO-v1
Top signals: company-age 12y (MLR 2017 §28 proportionate CDD) · UBOs both verified (MLR §5) · low-risk SIC (FATF typologies) · CoP matched · ComplyAdvantage clear (MLR §19).
Counterfactual: a PEP match on either UBO would flip verdict to escalate (MLR §35 enhanced due diligence).
Your decision
{action: 'AGENT_PROPOSE_VERDICT', actor: 'compliance-ai', verdict: 'approve', model_version: 'v0.4.2', ...} first, then Priya's {action: 'MLRO_APPROVE', actor: 'sub_priya_lall', accepted_agent_decision_id: '...', rationale_hash: '0x…'}. Acceptance never overwrites the agent's row — "agent was right / MLRO overrode" remains a queryable fact.
Lender & broker monitoring
Continuous (Gate 4) — both lender and broker monitoring run daily, with weekly summaries and alert-driven exceptions.
Lender monitoring · /compliance/lender-monitoring
- FCA register status check (every 24h)
- Sanctions / PEP refresh (monthly)
- Defaults YTD per lender (rate & absolute)
- Concentration breach attempts
- Audit-trail anomalies (e.g. unusual override patterns)
Broker monitoring · /compliance/broker-monitoring
- FCA register status check (every 24h)
- Decline rate per broker (per 30-day rolling window)
- Aggregator-pattern detection (lead spike + low conversion)
- Per-agent activity for KYC review
- Commission claw-back patterns
Retention & subject access · /compliance/retention
Records retention is a regulatory contract: 5 years for general Know Your Customer (KYC) and transaction records (MLR 2017), 6 years for SARs (NCA guidance). UK General Data Protection Regulation (GDPR) adds the duty to action subject access requests within 1 month.
| Record class | Retention | Basis | What's exported on Data Subject Access Request (DSAR) |
|---|---|---|---|
| KYC / Know Your Business (KYB) evidence | 5 years post-relationship-end | MLR 2017 §40 | Identity docs (with hash trail), screening results, MLRO rationale |
| Transaction records | 5 years | MLR 2017 §40 | Invoice records, funding records, settlement records |
| SARs | 6 years | NCA guidance + POCA | Excluded — DSAR cannot reveal a SAR existed (POCA §333A) |
| Audit log | 10 years (sandbox phase) · 6 years (steady state) | FCA Sandbox terms | Per-actor entries relevant to subject |
| Pre-trade log | 5 years | FCA Sandbox terms · MiFID II | Per-investor entries |
| Marketing communications | 2 years | UK GDPR | Email send + open events |
Where it can go wrong
| Branch | What the team sees | Recovery |
|---|---|---|
| MLRO queue Service-Level Agreement (SLA) breach (item > 5 BD age) | Red banner on the queue + email digest to Priya · escalates to deputy after 7 BD | Decision with rationale; SLA breach itself is an audit entry, not a customer-facing event |
| Sanctions match arrives during a live trade | Trade blocks at the chain compliance module; an alert opens; the trade returns "could not settle" to the investor | Investor's funds are returned; subject moves to SUBJECT_FROZEN pending MLRO |
| SAR mistakenly filed | Withdrawal supplement to NCA; audit entry of withdrawal | No customer notification (POCA tipping-off applies even on withdrawal) |
| FCA Sandbox export request mid-month | Generate package on demand from /compliance/specification; package includes pre-trade log, decision matrix version, MLRO queue status, SAR register summary (without identifiers) | Delivered via the Sandbox portal |
{action: 'MLRO_APPROVE', subject: 'sub_cop_g1k…', actor: 'sub_priya_lall', actor_role: 'compliance_officer', rationale_hash: '0x…', evidence_refs: […]}. Rationale is mandatory; the field cannot be empty. Decline path requires a structured reason from the decision matrix dropdown plus free-text; the subject sees only "we could not approve your application".