Compliance monitoring cycle

Obligations are risk-rated through the CRA. Residual risk drives where controls, monitoring tests, findings and board reporting focus their effort. The cycle closes when test results feed back into the next reassessment.

H1 2026 (Sample)

Obligation × Control — first-line ratings

AI assistanceSupervised

A. Renouf

Head of Compliance

Obligation × Control — first-line ratings

H1 2026 (Sample)

Each row is one control mapped to one obligation. The control owner rates design (is the control set up to work?) and operating (is it working in practice?) on a 1–4 scale, with commentary and an evidence pointer. Compliance then accepts or challenges each rating. Accepted ratings flow through to the CRA as control-effectiveness inputs.

Assessments

Submitted

1/1

Accepted (2LoD)

Under challenge

Challenge notes

Self-assessments · 1

8c7cae47-807e-45b0-8496-3e6c452064be
SEED-CDD-007 · SEED-CTL-0019
Customer Due Diligence · Reliance on Third Parties: Onboarding CDD checklist completed
Design
3/4
Operating
3/4
Self rating
3/4
Review
pending

AI activity

Agent actions

In progress

Preparing Q4 AML/CFT pack draft

Drafting Q4 AML/CFT Monitoring and Remediation Update…

Prepared for sign-off

·494597h
·494598h
·494598h

Awaiting your decision

Your sign-off

yours
due today·MLRO · Risk Committee · Board
yours
due 3 days·MLRO co-sign · post-Committee
Q4 board report — ready for circulation
yours
due 8 days·A. Renouf · Compliance Oversight

Your check · four-eyes

yours
prepared by M. Chen · 1st-line owner
due this week·Your check · post 1st-line sign-off
yours
prepared by S. Le Quesne · 2nd-line
due this week·Your check · 5 items

Acting under Delegated Authority
preset · Supervised