Legacy demo — future jurisdiction example (EU GDPR).The Regis AI MVP is currently focused on UK workplace compliance scenarios and policy-risk review. See the current UK sample scenario →
Regulatory Gap Analysis · 30 April 2026
UK Workplace · FCA Rules · UK AML · UK GDPR · SM&CR
Northwind Payments Ltd, a UK FCA-authorised payment institution, submitted its compliance manual for a gap analysis against all 19 UK regulatory requirements spanning SM&CR, FCA Conduct Rules, UK AML, UK GDPR, and FCA Operational Resilience obligations. The manual establishes a baseline — a suitability framework is in place, conflict-of-interest disclosures exist, and AML training records are maintained — but 12 gaps remain, 5 of them High risk. The most serious deficiencies concern Senior Manager accountability under SM&CR, Consumer Duty implementation, AML policies and Customer Due Diligence procedures, and the Compliance Function governance. Overall compliance posture is assessed at 40%.
31 of 31 UK requirements assessed · 19 met · 12 gaps
Bribery Act 2010 s.1, s.7 / corporate policy standard
Gifts & Hospitality Thresholds and Approval Limits
Bribery Act 2010 s.7 adequate procedures / MoJ Guidance Principle 5
Gifts & Hospitality Register and Recording
Bribery Act 2010 s.7 / MoJ Guidance — Adequate Procedures
Anti-Bribery Policy and Adequate Procedures
Bribery Act 2010 s.6 / MoJ Guidance
Facilitation Payments Prohibition
Common-law fiduciary duties / corporate governance standard
Conflicts of Interest Declaration and Management
Bribery Act 2010 / Procurement Act 2023 principles
Procurement and Pitch-Process Fairness
Bribery Act 2010 s.7 / MoJ Guidance Principle 4
Third-Party Due Diligence
Sanctions and Anti-Money Laundering Act 2018 / OFSI guidance
Sanctions and Restricted-Party Screening
UK GDPR / Data Protection Act 2018
Data Protection Basics
PIDA 1998 / corporate governance standard
Escalation and Incident Reporting (incl. Whistleblowing)
Corporate governance standard
Policy Ownership and Review Frequency
Bribery Act 2010 s.7 / MoJ Guidance Principles 5–6
Training, Attestation, and Audit Trail
FCA SYSC 2.1 / SM&CR
Senior Management Arrangements
FSMA 2000 s64A / SM&CR SOF
Senior Manager Responsibilities and Statements of Responsibilities
FSMA 2000 s63F / FCA SYSC 27
Certification Regime
FCA PRIN 2A / PS22/9
Consumer Duty — Four Consumer Outcomes
FCA COBS 2.1.1R
Client's Best Interests Rule
FCA COBS 9A.2
Suitability Assessment
FCA COBS 14.3 / COBS 4
Product Information and Financial Promotions
FCA SYSC 6.1
Compliance Function
FCA SYSC 7.1
Risk Assessment and Control
FCA SYSC 10.1
Conflicts of Interest Policy
MLR 2017 Regulation 18
AML Policies, Controls and Procedures
MLR 2017 Regulation 28
Customer Due Diligence
MLR 2017 Regulation 35
Enhanced Due Diligence — PEPs and High Risk
MLR 2017 Regulation 24
AML Training Programme
UK GDPR Article 5 / DPA 2018
Data Processing Principles and Lawful Basis
UK GDPR Article 32 / DPA 2018 s66
Security of Processing
DPA 2018 s137 / UK GDPR Art 37
ICO Registration and Data Protection Officer
FCA PS21/3 / SS1/21
Important Business Services and Impact Tolerances
FCA PS21/3 / SS1/21
Operational Resilience Testing and Self-Assessment
Produce a management responsibilities map and file updated Statements of Responsibilities for all FCA-approved Senior Managers under SM&CR
Implement a Consumer Duty framework — conduct a fair value assessment, review customer support adequacy, and assess all communications for clarity
Establish written AML policies and procedures approved by senior management, covering internal controls, risk appetite, CDD, and suspicious activity reporting
Appoint a dedicated Compliance Officer with a formal mandate, adequate resources, and a direct reporting line to the board
Implement Customer Due Diligence procedures with documented identity verification, beneficial owner identification, and ongoing monitoring standards
FCA SYSC 2.1 / SM&CR
Senior Management Arrangements
FCA PRIN 2A / PS22/9
Consumer Duty — Four Consumer Outcomes
FCA SYSC 6.1
Compliance Function
MLR 2017 Regulation 18
AML Policies, Controls and Procedures
MLR 2017 Regulation 28
Customer Due Diligence
FSMA 2000 s64A / SM&CR SOF
Senior Manager Responsibilities and Statements of Responsibilities
FCA COBS 2.1.1R
Client Best Interests Rule
FCA SYSC 7.1
Risk Assessment and Control
MLR 2017 Regulation 35
Enhanced Due Diligence — PEPs and High Risk
UK GDPR Article 5 / DPA 2018
Data Processing Principles and Lawful Basis
UK GDPR Article 32 / DPA 2018 s66
Security of Processing
DPA 2018 s137 / UK GDPR Art 37
ICO Registration and Data Protection Officer
Suitability assessment framework documented with clear client categorisation and risk tolerance questionnaire at onboarding
Conflicts of interest policy published, covering remuneration structures and third-party relationships
AML training records maintained with completion tracking for all relevant employees
Important business services identified with draft impact tolerances documented
Product disclosure documents comply with the FCA fair, clear and not misleading standard
Annual customer communications review process established
Segregation of duties between client-facing and operations functions is documented
Human review required
Regis AI provides structured compliance risk information for review. It does not provide legal advice or make final compliance decisions. Escalate high-risk matters to qualified legal, compliance, HR, or governance professionals.
Prepared by Regis · High-risk findings should be escalated before further action is taken.