Compliance you can stop thinking about.

Every client, every review, every document.
Kept against the FCA rule that applies.

Show me the audit trail See COBS 9.5 in action

Or book a 30-minute demo

Compliance Dashboard

Live · demo firm

Missing Docs

↑ Action required

Active Clients

247

All monitored

Overdue Reviews

COBS 9.5 breach

RMAR Due

20d

3 gaps in Sec B

Compliance Health

Docs61%

Reviews74%

Consumer Duty91%

Priority Flags

CLI-0047 Caroline Henderson · Review 14mo overdue

CRITICAL

CLI-0089 Robert Chen · Vulnerable, SOA missing

HIGH

CLI-0132 Priya Singh · Pension transfer, no suitability report

HIGH

AI Compliance Assistant

Which clients should I prioritise this week?

Amaea AI · RAG

Caroline Henderson is your most urgent case. 14 months overdue is an active COBS 9.5 breach. Robert Chen is next: vulnerable client, overdue review, and missing Consumer Duty documentation is the highest-risk combination under PS22/9.

Sound familiar?

The work was done.
The record wasn't.

01 4pm · Thursday

The FCA is requesting documentation. By Friday.

You pull up the annual review log. 247 clients. One flagged. You click through to see what's missing.

02 Robert Chen · Annual review

Blank.

You ask the admin team. They think it was booked for the 3rd of June, six weeks ago. You call the adviser and find out that booking was cancelled, moved to the 23rd of June. The review happened - but what was the outcome? Is the suitability report on file?

Nothing in the system to show it ever happened, let alone the suitability report.

03 Searching for the record

It's in here. Somewhere.

IntellifloSharePointEmailLocal drive

Four systems. Three files named "Robert Chen". No timestamps. No reference numbers. Nothing you could hand to a regulator and feel confident about.

04 Two hours later

Found. Buried in four folders.

You have now spoken to the admin team, the adviser, and the paraplanning team. You find the outcome buried across four folders on two different drives. You enter everything into the manual Excel sheet and click save.

05 Robert Chen · Wait.

There are two Robert Chens.

You go back to double-check the suitability report. It mentions Robert's wife, Mia. Robert is not married. There are two Robert Chens in the system. You have spent two hours on the wrong one. You start the whole process again from scratch. When you finally open the Excel sheet to update it, the row below already has a review date logged: 04/31/3036.

"Have you felt that pain?"

Every firm. Every week. Amaea was built for this.

Amaea was built to close this gap. Every client. Every deadline. Every document.

See how Amaea works

How Amaea is built: the parts a compliance officer actually checks.

Specific, technical, audit-trail-first. Not a feature list. The work the product does on your behalf, with the FCA rule each piece is grounded in.

Client journey

Initial engagement, ad-hoc work, annual reviews. Each stage carries its own document requirements: fact find, suitability report, attitude-to-risk, Consumer Duty outcome, vulnerability assessment, AML CDD; 17 doc types in total. The system knows which are missing, which are expired, and which expire in the next 90 days.

Consumer Duty (PS22/9)

Outcome assessments tracked per client per year. Vulnerability re-assessments raised automatically when a client's last assessment crosses the 12-month FG21/1 threshold. Fair-value gaps surface as risk flags with the specific PS22/9 outcome cited.

Annual review sweep

A nightly cron evaluates every overdue review against COBS 9.5. No reason recorded → flag raised. Reason recorded → an FCA-trained AI assesses against COBS 9.5's actual sufficiency test (bereavement, illness, documented unavailability) and either resolves the flag or escalates it, with the reasoning attached to the audit trail.

AI assistant with hash-verifiable audit trail

Claude Sonnet 4.6 grounded in your firm's live data + an 11,645-chunk FCA Handbook corpus (Handbook + Final Notices + Dear CEO letters + Policy Statements + Thematic Reviews). Per-firm RLS isolation on the vector table; your data is never used for model training. Every response writes prompt + response SHA-256s to the audit log alongside model version and timestamp. Marked as decision support, not regulated advice; "I don't have a confident answer" is a wired-in response path.

RMAR auto-population

Sections B, D, E, G, and H pre-filled from your live data. Complaints checked against DISP 1.6 (FOS rights communicated, 5-day acknowledgement, 8-week final response). PII renewal status pulled from your policy schedule. Adviser roster from your live roster table. Each section exports as CSV ready for GABRIEL.

Integrations

SharePoint and Intelliflo sync nightly. OAuth-authenticated, tokens encrypted with AES-256-GCM at the application layer (key isolated in a Vercel env var, not stored in the database). New documents arrive in the right client's record; new flags appear on your dashboard the next morning. Salesforce, Curo, Assureweb on the same pattern.

Built. Counted. Indexed. Audited.

11,645 FCA Handbook + publications indexed for retrieval

17 IFA compliance document types auto-extracted

50 FCA scenarios in our continuous evaluation suite

100% Client data hosted in EU-West (Ireland) · UK GDPR

An assistant the FCA could audit.

Claude Sonnet 4.6, retrieval-grounded against your firm's live data and an 11,645-chunk FCA corpus. Every response is hashed and logged so you can reproduce, byte-for-byte, what the model actually said on the day. Decision support, not regulated advice.

What sits behind every answer

Retrieval-augmented against your firm's records + 11,645 chunks across 150 FCA sources (Handbook, Final Notices, Dear CEO, Policy Statements, Thematic Reviews)
Per-firm RLS isolation on the pgvector table. The database, not application code, refuses cross-firm reads.
Prompt + response SHA-256s written to the audit log on every call, with model version and request ID for replay
Special-category client data (Article 9 UK GDPR: vulnerability, health, ethnicity) is redacted before reaching the LLM.
Your data trains nothing. Anthropic API is called per request only, with Zero Data Retention in progress.
"I don't have a confident answer" is a first-class response. The model is prompted to refuse rather than fabricate.
50-scenario gold set runs against every model release; current best is documented internally before cutover

Amaea AI

Audit log · last response SYSC 9 retained

Model: claude-sonnet-4-6
Prompt SHA-256: 8f3a · b2e1 · 7c4d
Response SHA-256: a91f · 2e0c · 6b58
Citations: COBS 9.5 · PS22/9 · SUP 16.12
Latency: 1,847ms
Event ID: evt_2026-05-21_a8f3c2

The posture an FCA-regulated firm can trust.

Six questions every compliance officer asks. The full questionnaire is one click away.

Data residency: EU-West (Ireland). Supabase + Vercel EU regions. No US transfer of personal data.
Tenant isolation: Row Level Security enforced at the database layer. The database, not application code, refuses cross-firm reads.
Encryption: TLS 1.3 in transit, AES-256 at rest. Document storage uses signed URLs with short expiry; adviser auth via JWT with firm-scoped claims.
Training: Your data trains nothing. Claude is API-called per request only. Voyage AI embeddings stay in your firm's isolated table.
Audit trail: Append-only event log, 7-year retention aligned to SYSC 9. Every flag, review, and upload is timestamped and immutable.
UK GDPR & DPA 2018: Sub-processor list, DPIA, and Data Processing Agreement in preparation for launch. Right-to-erasure pipelines built into the product.

Themes from 27 compliance officers we interviewed in 2025.

Anonymised verbatim quotes: same firm size we're building for, same regulatory regime, same software stack. The problems below were the most-repeated three across all 27 interviews.

"Our annual reviews exist in three places: Intelliflo, a SharePoint folder the adviser manages, and an Excel sheet from 2019. None of them match each other."

Compliance Officer

Boutique IFA firm, South East England

"Consumer Duty documentation is the thing that keeps me up at night. The FCA wants evidence we assessed fair outcomes for every client. Right now I can't prove that."

Compliance Director

Multi-adviser practice, Midlands

"RMAR filing is a two-week project. Two weeks of chasing advisers for data that should already be in the system. It happens every year and every year it's the same chaos."

Managing Director

Network AR firm, Yorkshire

Reads the systems your audit trail already lives in.

OAuth in. AES-256-GCM at rest. Nightly sync. No data migration, no new workflows.

System	Status	Integration depth
Intelliflo	Live	Two-way · daily sync · all plans
Microsoft SharePoint	Live	Document read · daily sync · Professional & Scale
Salesforce	Live	Bi-directional · client records + compliance flags · Professional & Scale
Manual / CSV import	Live	For firms without a CRM · all plans

If you're on a platform that exposes documents over OAuth or REST, we can integrate it. Tell us what you use and we'll tell you whether it's a week's work or three. Get in touch

Network IFA / AR firm? Group rollouts scope on the same call as a single-firm demo. Cross-network adviser visibility, network-level admin, single licence covering all member firms.