Financial Crime — RegTechPRO - Modular Compliance Software

The Problem

When the regulator arrives, this won't hold up.

Spreadsheets, Outlook folders and a consultant's inbox — one supervisory letter away from a very bad month. Where most small regulated firms are stuck.

BWRA in 11 spreadsheets. PEPs in a fourth.

Customer risk, PEP register, UBO list, sanctions hits, SAR log, G&H, third-party DD. Every MLR 2017 obligation scattered across workbooks nobody version-controls. When the regulator asks for your 5-year evidence trail, you're flicking between FINAL_v7 and an email thread.

BWRA_2026_v11_FINAL.xlsx

PEP_Register_Q3.xlsx

Sanctions_Hits_LIVE.xlsx

Outsourced MLRO. Still your accountability.

You can outsource the work. You can't outsource SMF17. You still sign the MLRO Annual, you still carry the personal regulatory risk, and the consultant still hands you back a Word doc every December that's half template and half last year's version.

Outsourced MLRO retainer Annual

AML Gap Analysis One-off

BWRA Refresh + Policies Ad hoc

OFSI notification clock: 24 hours.

SAMLA 2018 is strict liability. A confirmed sanctions match means OFSI within 24 hours, a detailed report in 21 days, and a frozen-funds report inside a month. If you're still emailing the sanctions screener asking “is this a true hit?”, you're already late.

24 hrs

OFSI breach notification deadline.

MLRO Annual Report: 5 days of the MLRO's year.

The 14-section MLRO Annual Report under JMLSG takes an experienced MLRO 3–5 days to write from scratch each year. REP-CRIM. Board quarterly. Audit findings. Training matrices. The regulatory reports never stop arriving, and they're all due at once.

MLRO Annual (JMLSG)

REP-CRIM (SUP 16.23)

Board FC Quarterly

If your MLRO workflow currently lives in spreadsheets, a consultant's inbox and the fortnight before the supervisory visit, the Financial Crime Suite is for you.

Features

The operating system already running when the regulator arrives.

Three things make it different. Nine capabilities turn it into the system the SMF17 holder runs the firm from. One module covering every UK financial-crime regime — live, evidenced, locked, the day the visit lands. Modular monthly pricing.

Three ideas no AML template store can match.

Most financial-crime tools ship templates and generic chatbots. RegTechPRO is built on three load-bearing principles that produce regulator-grade output your supervisor can read.

Otto drafts from your data. Not a template.

Six regulator-grade reports — 14-section JMLSG Annual, REP-CRIM, Board Quarterly, Executive Summary, Comprehensive Hybrid, Supervisor Readiness dry-run — all grounded in your live registers. PEPs by name. Sanctions hits as tables. SARs from your log.

✗ ChatGPT: generic prose, placeholder examples, no audit trail
✓ RegTechPRO: your firm's data, your attestors, signable PDF

6 report formats · Live-grounded

The £15k AML gap consultancy. Always running.

132 structured questions across 14 chapters. Every one Otto-remediable with a Critical/High/Medium/Low action plan citing MLR 2017, POCA, SAMLA, Bribery Act, CFA 2017, UK MAR, FCG or JMLSG by regulation. Tracked. Evidenced. Always live.

✗ A point-in-time PDF: snapshot only, £10k-£20k, stale by month two
✓ RegTechPRO: always current, attestor-named, included

132 questions · 14 chapters

Nine regimes. One workflow.

AML, CDD/EDD, TM, Sanctions, ABC, SAR/STOR, Market Abuse, Tax Evasion, Anti-Fraud — every UK obligation in one module. A pillar-weighted Health score the Board can read at a glance and click through to the work. Not a status view. A routing system.

✗ Spreadsheet stack: nine systems, nothing ties together
✓ RegTechPRO: one Health score, one click to the gap

SYSC 6.3 · SAMLA 2018 · POCA

Nine capabilities turn this into the system the MLRO runs from.

Built for the regulator visit. Built to stand up.

1 Audit & sign-off When the regulator asks "who, when, why" — you click once.

Year-on-year locked records

Every closed year auto-locks into a permanent read-only snapshot on 1 January. The 2026 report you signed still looks identical in 2029 when the regulator asks.

Audit-grade · Calendar-locked

Named-attestor audit trail

Every field change carries the email and role of who attested it. SMF17 accountability stops being a claim and becomes a click-through history — cited by name into Otto's reports.

SM&CR-ready

Central Evidence register

Every document attached anywhere — section, gap question, register — collated into one filterable view. Files live in your own Drive, open in one click. "Show me the evidence" stops being a 4-hour spreadsheet hunt.

Drive-native

2 Reports & readiness From data to signable PDF in under a minute.

Supervisor Readiness dry-run

Otto sits as regulator and runs a 12-question desk-based exam — verbatim regulatory anchors, evidence cited from your registers, GREEN/AMBER/RED grade with remediations. Signable PDF in 30 seconds.

RAG-graded · Signable

Data readiness pre-flight

Otto won't draft a thin report. Before generation, every section is graded GREEN/AMBER/RED — and a single "Fix this" button takes you straight to the missing fields. No more half-drafted reports the MLRO has to bin.

QA-gated

One-click Full FC Pack export

Regulator letter lands. 14-day window. Click once: ZIP with all 6 Otto reports, Disclosures Log CSV, Gap Analysis CSV, every register CSV, MLRO Calendar as .ics. Everything they could ask for, packed in seconds.

Built for SUP 15

3 Daily operations The work the MLRO actually does, without the spreadsheets.

MLRO operating calendar

13 recurring obligations seeded out of the box — REP-CRIM, OFSI Annual Frozen Funds, FATF reviews, BWRA refresh, sanctions checks. Mark complete and the next due date auto-advances. Export to Outlook or Google in one click.

SUP 16.23 · MLR reg 24

Unified Disclosures Log

Internal SARs, external SARs, DAML requests, STORs, sanctions hits, tipping-off events — every disclosure-class event in one cross-cutting view. Filter, search, export. True MLRO oversight in one click.

POCA · UK MAR · OFSI

Live in 30 minutes

Getting Started Wizard imports your customer-risk and PEP registers from CSV, attaches your last MLRO Annual and BWRA, opens the 132-question Gap Analysis. Permanently on the dashboard for every refresh.

CSV import · Always available

Every UK financial-crime obligation. One module.

Nine regimes, 25 live registers, 30 regulator-minimum controls and a 132-question Gap Analysis — all feeding Otto's six regulator-grade report formats.

UK FC regimes

Live registers

132

Gap-analysis questions

Regulator-minimum controls

Otto report formats

Anti-Money Laundering MLR 2017

CDD & EDD MLR Reg 28

Transaction Monitoring JMLSG 5.7

Sanctions SAMLA 2018

SAR / STOR POCA ss 330–336

Anti-Bribery & Corruption Bribery Act 2010

Anti-Fraud Fraud Act 2006

Market Abuse UK MAR

Tax Evasion Facilitation CFA 2017

Plus: 10-policy governance library · 27 pre-seeded high-risk jurisdictions · tiered ABC gift & hospitality approvals (£50/£250/£500/>£500) · 4 sanctions list updates with 24-hour SLA (OFSI · UN · EU · OFAC) · 30-control ↔ 132-question cross-mapping with auto-suggest.

Enterprise quality. SME pricing.

Affordable, modular monthly pricing · No tier gate. No add-ons. No setup fee.

See it in your firm

The Solution

Your MLRO function. Always on. Always evidenced.

A glimpse of the operating system the MLRO works in every day — many more screens sit behind these. Click any tab to look inside.

The MLRO's morning glance. Health score, 10-pillar RAG breakdown, key statutory dates and the 30-control checklist on one screen. Every weakness sits one click from the work that fixes it.

Tune the model to your firm's risk profile. Weight CDD, transactions, geography, products and channels independently — the score moves with your judgement, not the regulator's average.

30 regulator-minimum controls. Mapped to statute. Attested by name. Every check carries a rule reference, a named owner and a full audit trail. Pass or fail. No grey zone.

132 questions. Mapped to JMLSG and MLR 2017. A live, signed-off gap register that turns weaknesses into tracked actions with named owners, deadlines and Drive-attached evidence — supervisor-ready.

Every control, every check, evidenced. Drive-attached documents tagged to the source rule, year-locked at sign-off and instantly searchable for the regulator visit you weren't expecting.

Every CDD, EDD and PEP file in one register. Risk-rated, review-tracked, evidence attached. SLA timer on the dashboard so a stale review never reaches the regulator's eye first.

Every alert, every disposition, evidenced. Threshold breaches, peer comparisons, ML/TF typologies — investigated, dispositioned and tied to the SAR or false-positive note that closed it.

OFSI, OFAC, EU, UN — screened, recorded, defended. Every match, every clearance, every false-positive logged with a named reviewer and the rationale the regulator wants to see.

Every SAR, DAML, STOR and tipping-off event in one view. Filter, search, export. The cross-cutting MLRO oversight your spreadsheet stack pretends to deliver — and never has.

Every gift, every hospitality, every conflict — logged. Pre-approval workflow, threshold rules, named approver, year-end declaration. The bribery-defence the regulator expects.

UK MAR — captured the moment it happens. STOR triggers, suspicious-trading reviews and insider lists in one screen. Documented, dated, defensible — without the email-chain archaeology.

13 statutory obligations, seeded out of the box. REP-CRIM, OFSI Annual Frozen Funds, FATF reviews, BWRA refresh. Mark complete — the next date auto-advances. Export to Outlook or Google in one click.

Every country, scored. FATF lists, EU high-risk jurisdictions, OFSI sanctions and regulator priority themes — synced to your CDD register so a high-risk customer flags before they board.

The Supervisor Readiness dry-run. 12 questions the supervisor will ask, your evidence-backed answer, your gap, your fix. Walk in prepared, not surprised.

Every regulator-grade report, ready when the regulator asks. REP-CRIM, MLRO Annual, JMLSG, BWRA, Sanctions Self-Audit — status, owner, last-refreshed, one-click open.

14 sections. JMLSG-aligned. Drafted in 60 seconds. Otto pulls from your live registers — PEPs by name, sanctions hits as tables, SARs from the log. Three days of MLRO drafting collapsed to a click.

Long compliance days, gentler on the eyes. A full dark mode across every Financial Crime screen — same WCAG-compliant contrast, same audit accuracy, just easier to live in.

The 14-Section MLRO Annual Report

Drafted by Otto. Attested by your MLRO.

The JMLSG-aligned annual report your regulator asks for under SYSC 6.3 — drawn from your live BWRA, CDD registers, TM alerts, sanctions hits and SAR log. Three days of MLRO drafting compressed into one SMF17 review cycle.

Every section. Every UK financial-crime anchor.

Otto drafts all 14 sections of the JMLSG MLRO Annual from your live registers — BWRA ratings, customer risk, PEPs, TM alerts, sanctions hits, SARs and DAML outcomes — each claim cited to MLR 2017, POCA, SAMLA, the Bribery Act, CFA 2017, UK MAR, JMLSG or the FCG, traceable to source.

Sections drafted

132

Gap-analysis questions

Regulator-minimum controls tested

~30s

To full draft

Executive Summary & MLRO Confirmation

SYSC 6.3

The MLRO Function & Resources

MLR 21

Financial Crime Governance

SYSC 4 / 6.3

Business-Wide Risk Assessment

MLR 18

Customer Due Diligence & EDD

MLR 27–37

Transaction Monitoring

JMLSG 5.7

Sanctions Compliance

SAMLA s11

SAR Statistics & DAML

POCA s330

Anti-Bribery & Corruption

Bribery Act s7

Fraud, Market Abuse & Tax Evasion

CFA 2017 s45

Training & Competence

MLR 24

Policies, Audit & Assurance

JMLSG 5.2

Regulatory Engagement

SUP 15.3

Conclusions & Forward Plan

FCG Ch.2

FCG · live disclosures register

Every internal SAR. Every sanctions hit. Timestamped.

The NCA and your regulator both ask the same question on every supervisory visit: show us your disclosures log. Here it is. MLRO-decisioned within 72 hours, cross-referenced to the customer file, and preserved beyond the five-year MLR retention floor.

Raised by	Disclosure / alert	Date raised	Status
Amina Okonkwo Onboarding Analyst · 1LoD	Internal SAR: UBO on corporate onboarding declined source-of-wealth question twice; PEP proximity flagged on OFSI rescreen.	Mar 24, 2026	DAML filed
Rajesh Iyer TM Analyst · 2LoD	Structuring pattern on MID-risk SME: 14 sub-£10k inbound faster payments in 7 days against a £38k historic monthly average.	Mar 12, 2026	MLRO review
Helena Brandt Sanctions Officer · 2LoD	OFSI 94% fuzzy match on beneficiary account. Name variant on Russia SSI list. Payment quarantined; OFSI notified within 24 hrs.	Feb 27, 2026	Cleared
Daniel Acheampong Deputy MLRO · SMF17 cover	Tipping-off risk escalation: relationship manager asked about account freeze reason; POCA s333A briefing re-delivered firm-wide.	Feb 14, 2026	Resolved
Priya Narayanan Head of Compliance · 2LoD	External SAR to NCA: politically exposed client instructed third-country transfer inconsistent with stated wealth source.	Jan 30, 2026	NCA acknowledged

Three named attestors. One SM&CR audit trail.

MLR 2017 reg 21 and SYSC 6.3 demand personal accountability, not a committee. The MLRO (SMF17) confirms adequacy, the senior manager responsible for financial crime (SMF2) counter-signs, and the CEO (SMF1) attests. Once locked, the report is immutable and reproducible across the NCA’s five-year MLR retention window.

SMF17 · MLRO

Priya Narayanan

Money Laundering Reporting Officer

Signed Mar 27, 2026

SMF2 · Chief Compliance

Jennifer Okafor

Chief Compliance Officer

Signed Mar 28, 2026

SMF1 · Chief Executive

Shivani Patel

Chief Executive Officer

Signed Mar 29, 2026

Report locked · Mar 29, 2026 · 17:08 GMT Read-only and source-matched to your live registers. Reproducible across the full MLR 2017 five-year retention window.

Otto AI for Financial Crime

Your MLRO Report and REP-CRIM Return in 60 seconds.

Click once. Otto drafts the 14-section JMLSG MLRO Annual and the REP-CRIM return from your live registers — a signable PDF in a minute, not the usual 3–5 days. Same for the Board Quarterly, Executive Summary, Comprehensive Hybrid and Supervisor Readiness dry-run.

MLRO-GRADE · MLR 2017 · POCA · SAMLA TRAINED

Your MLRO’s AML research desk and 14-section report author, in one.

Two jobs. She answers any AML, CDD/EDD, PEP, sanctions, SAR or market-abuse question — cited to MLR 2017, POCA, SAMLA, the Bribery Act, CFA 2017, UK MAR, JMLSG or FCG. And she drafts the 14-section MLRO Annual (plus five more formats) from your live registers — your actual PEPs, sanctions hits and SARs.

Answers MLR 2017, POCA, SAMLA, Bribery Act, CFA 2017 & UK MAR queries with statutory citations
Drafts the 14-section MLRO Annual Report (JMLSG) in minutes, not days
Grounded in your 25 registers: PEPs, UBOs, EDD cases, TM alerts, SARs, G&H, fraud incidents
Never reports for you. MLRO keeps SMF17 accountability at input and sign-off

Your MLRO research desk

Ask Otto any financial-crime question. Get a statute-cited answer.

“When does EDD trigger under MLR 2017 reg 33?” “Is this OFSI hit a true match, and what do we do in 24 hours?” Otto answers from MLR 2017, POCA, SAMLA, the Bribery Act and JMLSG — and your live Financial Crime data — in seconds, with citations.

MLR 2017, POCA, SAMLA, Bribery Act, CFA 2017, UK MAR grounded
Cites statute, regulation & your own registers
Reads your 25 live registers (PEP, UBO, sanctions, SAR…)
Available across every FC tab

Otto AI

Online · AI Compliance Advisor

OFSI screening just flagged a 92% match on a new onboarding customer. What do we do in the next 24 hours?

Treat as a live sanctions incident. SAMLA 2018 is strict liability. Four immediate steps:

Freeze, don’t proceed. Suspend onboarding and any payment flows (SAMLA 2018 s 11). Do not tip off the customer.
Confirm the match. Run secondary checks (DOB, nationality, UBO) and document the disposition in the Sanctions Hit Log
OFSI within 24 hrs. If confirmed, report via OFSI compliance reporting form; detailed report within 21 days (s 34)
Frozen-funds report. Within 1 month if any funds fall under the freeze; supervisor notification in parallel

Your OFSI Licence Register has no active licence for this name, so don’t rely on a general licence without checking. I’ve drafted the notification email for your review.

Drawn from: SAMLA 2018 s 11 / 21C / 34 · FCG Ch 7 · Your Sanctions Hit Log

Ask Otto anything about AML, sanctions or SARs…

→

Audit-ready the moment the regulator calls.

Otto writes the MLRO Annual, REP-CRIM and Board Quarterly from your live registers, and answers any AML, sanctions or SAR question — cited to statute. See her draft your MLRO Annual in a live demo.

Book a live demo See everything Otto produces

FAQs

Financial Crime Suite, questions answered

Everything you need to know about the MLRO workflow, Otto’s 14-section report, the Gap Analysis, and how the module sits inside MLR 2017, POCA and SAMLA.

Does Otto really draft the whole 14-section MLRO Annual Report?

Yes — all 14 sections, drafted from your live data across governance, BWRA, CDD/EDD, TM, sanctions, SARs, ABC, fraud, market abuse, tax and training. She names your actual PEPs, sanctions hits and SAR references — never placeholders. You review, edit, sign and export. Usually 3–5 days of MLRO work; minutes with Otto.

Which other regulator-grade reports can Otto produce?

Six formats from the same dataset: MLRO Annual (JMLSG), REP-CRIM (SUP 16.23), Board Quarterly Pack, Executive Summary, Comprehensive Hybrid, and the Supervisor Readiness dry-run. Per-section regenerate means you can refine just the Sanctions section if OFSI changes a listing, without rewriting the whole report. Every generation is constrained to your data — Otto never invents examples or fills gaps with generic content.

Is it mapped to MLR 2017, POCA, SAMLA and JMLSG?

Every section, explicitly. Governance maps to MLR 2017 reg 21 & SYSC 6.3; BWRA to MLR 2017 reg 18 & FCG Ch 2; CDD/EDD to MLR 2017 regs 27–37; Sanctions to SAMLA 2018 s 11/21C/34 & FCG Ch 7; SAR/STOR to POCA ss 330–336 & UK MAR Art 16; ABC to Bribery Act 2010 s 7 & the MoJ Six Principles; Tax Evasion to CFA 2017 s 45/46; Fraud to Fraud Act 2006 & FCG Ch 8. Each accordion field carries its own regulatory reference tag.

Can we edit the draft before the MLRO signs it off?

Yes. Every section is editable, and Otto can regenerate any individual section if your underlying data changes. The 14-section structure stays; your content is yours to refine. Changes save on a per-section Save with a full change history, and the MLRO attests at export. SMF17 accountability never leaves the human.

What does the Financial Crime Suite actually cover?

Every UK financial-crime regime in one workflow — AML, CDD & EDD, Transaction Monitoring, Sanctions, SAR/STOR, ABC & G&H, Fraud, Market Abuse and Tax Evasion. Governance adds MLRO oversight, the MLRO operating calendar, the BWRA, a 10-policy library, independent audit, whistleblowing and horizon scanning.

How does the 132-question Gap Analysis work?

132 structured questions across 14 chapters — governance, MLRO function, training, CDD/EDD, BWRA, TM, sanctions, SAR/STOR, ABC, fraud, market abuse, tax, record-keeping and third parties. Each has a Met / Partial / Not Met / N/A answer, a regulatory tag and an evidence field. Otto’s “+ Generate remediation plan” returns a prioritised table — owner, action, target date — cited to UK statute.

Are high-risk jurisdictions pre-loaded?

Yes — 27 countries, pre-seeded across three categories: FATF Call for Action (DPRK, Iran, Myanmar), comprehensive UK sanctions (Russia, Belarus) and the 22-country FATF Grey List. Three carry both Grey-list status and UK sanctions exposure. The kind of data firms usually buy separately — shipped in the module.

Can I customise the FC Health score weights?

Yes — a genuine differentiator. “+ Customise weights” opens 10 sliders (regulator-priority defaults) so a PI/EMI can weight Sanctions up, a wealth manager can push CDD up, and an IFA can drop TM. The Health score recomputes live, and the 60/40 pillar-plus-checklist composite means a firm can’t tick its way to green without meeting the hard regulator minimums.

How does it integrate with the rest of RegTechPRO?

Live cross-module flows — evidence surfaces in the Document Library, horizon items pre-populate the FC horizon tab, training completions feed the Training Matrix, the 10 FC policies sit in the Policy Library, and FC breaches flow into the platform-wide breach register. One platform, one set of data, one source of truth.

How much does the Financial Crime Suite cost?

Affordable, modular monthly pricing. Every regulated firm has financial crime obligations under MLR 2017, POCA, SAMLA and the Bribery Act, regardless of size or permissions. See regtechpro.co.uk/pricing for the full modular calculator.

Who is this module for?

Any regulated firm with meaningful financial-crime exposure — payments & e-money, crypto, wealth, insurance & broking, consumer credit, claims, fund/investment firms, estate agents, accountants and other HMRC-supervised firms. If you have an MLRO, a BWRA and a REP-CRIM due, it’s built for you. Consultants running an MLRO book use it too — each client gets its own workspace.

How long does setup take?

Under a day for a small firm. It ships pre-seeded — 30 regulator-minimum controls, the 132-question Gap Analysis, 27 high-risk jurisdictions, a 10-policy library, the UK MAR surveillance schema and regulator-priority pillar weights. Add your MLRO and Deputy, turn off Demo data, and start attesting. No migration project, and the framework is already built.

I’m a compliance consultant. Can I run this across my MLRO clients?

Yes. It’s one of the module’s strongest use cases. Each client has its own workspace with its own BWRA, its own PEP/UBO registers, its own sanctions log and its own MLRO Annual. You run the production line; the firm’s MLRO retains SMF17 accountability. The “All Workflows” aggregated view is read-only by design (cross-client data is never overwritten), and historical data locks so a 2026 MLRO Annual stays reproducible when someone asks for it in 2028.

Does Otto ever file reports on my behalf?

No — Otto drafts; she never files. Human accountability at the input, Otto’s efficiency in the middle, human sign-off and submission at the output. The MLRO keeps SMF17 accountability throughout — exactly the split JMLSG and supervisor guidance expect.

What does Otto actually cite when she writes?

Every relevant UK source — MLR 2017, POCA, SAMLA, Terrorism Act 2000, Bribery Act 2010 + MoJ Principles, CFA 2017, UK MAR, FCA SYSC/COBS, FCG, JMLSG and FATF/OFSI publications. Plus your own data: the specific PEP, sanctions hit or SAR behind each paragraph.

How is Otto’s output grounded in our actual data (not hallucinated)?

Every Otto generation draws only from your live Financial Crime data — your registers, checklist, Gap Analysis answers and pillar scores — so the output is grounded in what’s actually recorded, never generic guesswork. Embedded tables are built from your own register entries, and when your data changes, the next generated section reflects it. Generic AI tools (ChatGPT, Gemini, Copilot) can’t do this without access to your live compliance data.

What audit trail do inspectors see?

Every register row, section-status change, Gap Analysis answer and form field is timestamped with user and date — and all 25 registers carry their own evidence trail. A 2026 MLRO Annual stays reproducible in 2028, with source data still matching the sentence.

Your Financial Crime operating system.Built for the regulator visit you haven't had yet.