Every worklist this product ships

Draft Compass recommendations awaiting your review across every source

Legacy role-aware queue — now redirects to My Tasks

Upload regulator guidance, policy drafts, minutes and correspondence — Compass returns draft impact analysis for human review

Personal scorecard — closures, SLA hit rate, Compass acceptance, audit-trail discipline

Consolidated personal inbox across every module — your default landing

Six curated slots — overdue, ratifications, coming due, owner silence, arrivals, Compass

Periodic inherent / residual risk cycle with approval workflow

Three-level compliance risk taxonomy and populated test-script library — generic seed content

no trigger sentence registered

no trigger sentence registered

Methodology, question bank, themes and sample test scripts — preview only, content still being authored

no trigger sentence registered

no trigger sentence registered

no trigger sentence registered

Bilateral regulator communications — dear-CEO letters, s32 notices, thematic reviews

Board-approved appetite thresholds — monitored on cadence, breaches raised on entry and fed to findings.

One register for every regulator artefact analysed — version, location, hash, analysis status. Compass cites from here.

Third-line assurance engagements and findings — IA, external audit and thematic reviews

no trigger sentence registered

no trigger sentence registered

JFSC/GDPR notifiable breaches with notification SLA, separate from operational incidents

no trigger sentence registered

no trigger sentence registered

no trigger sentence registered

Hashed population snapshots and the deterministic sample selections drawn from them — the audit-chain backbone for tests

no trigger sentence registered

All open issues — use the saved-view chips to focus the list

Findings → Issues → Decisions → Validations → Audit trail, one unified loop

Every saved query over the issues backlog — overdue, unassigned, quiet, plan-slip and 100+ more

Open high/critical issues bucketed by age — the fastest read on whether the serious pile is digesting or accumulating

Open issues bucketed by age, ranked by severity-weighted staleness

Open-issue survival curve by ISO creation week — how each cohort is digesting over time

Open issues with ≥75% of remediation steps done — finish-line stragglers and cheap wins for closure rate

Open issues with a thick audit trail but no resolution — thrashing that needs adjudication or simplification

Open issues with zero audit-trail entries — nothing recorded since they were raised, the starkest defensibility miss

Issues (open or closed) with an unusually small audit trail — where the paper would be lightest under a regulator's sample

Open issues grouped by originating authority — where regulator attention is concentrating in the open pile

Open issues with no originating authority recorded — invisible to any regulator-scoped rollup

Open issues still carrying the [auto:…] intake prefix — machine titles nobody has triaged

Issues or active steps marked blocked — the 'what's stuck and needs unblocking' steering view

Open issues formally blocked at issue- or step-level, ranked by how long the block has been sitting — paperwork blocks that won't move

Open issues flagged as blocked yet never escalated — the gap between 'we're stuck' and 'leadership knows'

Single-page printable roll-up: open / overdue / severe, closure mix, defensibility flag counts, top owners and jurisdictions — the quarterly board / MLRO surface

Projected clear date based on 30/60/90-day net velocity

Open issues with no due date on any remediation step — the defensibility gap behind every SLA report

Open issues with an impact class but no classifier model recorded — labelling without provenance

Closed issues with zero audit-trail entries — closed without a single recorded event

Closed issues with no root cause recorded — signed off without a diagnosis, invisible to root-cluster analytics

Evidence-mode closures whose remediation plan has zero step-level evidence — defensibly thin on a regulator sample

Closed issues with no target date on the record — counted as done with no commitment to have hit

Closed issues whose remediation plan still has unfinished steps — the gap between what we said and what we did

Closures with half or more of the original SLA window unused — possible premature sign-off

Closures landed in the last 7 days with inline defensibility flags — the weekly QA pairing for new arrivals

Closed issues whose remediation plan had no owner on any step — closed work no one was on the hook for

Calendar days with five or more closures — bulk-close patterns that look like cleanup rather than steady-state remediation

Evidence-mode closures with no evidence reference attached — closures pointing at nothing

Evidence-mode closures pointing at the same evidence record across multiple issues — one artefact doing the work for a queue

Evidence-mode closures whose last completed step is ≥60 days before sign-off — the evidence aged between work and close

Same finding with closure rigor changing between occurrences — evidence→waiver is a defensibility regression; all-waiver means never proved

Long closure notes composed mostly of stock phrases — present, but nothing for a regulator to read

Closure rationales reused verbatim across three or more issues — copy-paste sign-off pasted across a queue

Closed issues whose closure record carries no rationale note — procedurally complete but undefended on a sample

Closed issues whose rationale note is shorter than 40 chars — present but functionally empty under a regulator sample

Open issues whose remediation plan is fully done but the issue itself hasn't been signed off — the last-mile gap

Evidence vs waiver, waiver ratification rate, time-to-ratify — the defensibility view

Closures where one person owned every remediation step and is also the issue owner — single-hand closures with no second pair of eyes

Step-level deadline radar — every open remediation step past due or due in the next 14 days

Deterministic maturity self-assessment across six dimensions

Bus-factor analysis: owner share, jurisdiction share, SPOF owners

Open high/critical issues with no issue-level target close date — severity present, commitment missing

Open issues touching two or more jurisdictions — per-issue coordination complexity

Open issues spanning 2+ jurisdictions — the ones most likely to be mis-owned or escalated late, and where remediation must satisfy every regulator on the list

Same finding raised across multiple jurisdictions — the difference between a local incident and a systemic one

How long fixes are holding before the same finding comes back — shrinking gaps mean each remediation wears off faster

One-page printable summary of the last 24 hours and the next 7 days

One waiver decision cited to close multiple issues — blanket-sign-off risk; mixed-finding groups mean unrelated risk accepted under one signature

Open issues with done remediation steps that carry no evidence reference — completion claimed, receipt missing

Clusters of issues raised against the same source finding — double-counted in metrics, fragmented in remediation

Open issues escalated on paper but with no recipient assigned — the clock started, nobody's inbox owns them

Open issues escalated to leadership with no target close date — loud signal, no clock

Open issues escalated more than 14 days ago — the loudest signal in the workflow has gone quiet

Open issues that have been escalated but remain unresolved beyond a 7-day grace — escalation stopped producing movement

Escalation register: open escalations, oldest open, reactive-escalation rate, median resolution after escalation

Evidence-mode closures with no evidence reference on the closure or any step — closed-by-evidence in name only

Every persisted field on Issue / Closure / RemediationStep mapped to the worklists that defend it — blind-spot audit and structural counterpart to /tile-catalogue

One originating finding spawning multiple issues — flagged when siblings split (some open, some closed) or scored/closed inconsistently

Open issues with no findingId — remediation with no trace back to the originating finding

no trigger sentence registered

Open issues whose plans spread owned steps across three or more people — the opposite failure mode to solo-owned

Open issues with six or more remediation steps — ambitious plans that mask stalled threads and resist visible progress

Top open issues ranked by composite priority score — the single 'what now?' view

Open issues bucketed by auto-classified impact — significant, material, minor, informational, unclassified

Open issues with an origin but no impact class — provenance recorded, taxonomy mapping missing

Discovery hub for operational dashboards — queue, workload, wins, aging, forecast, time-to-close, concentration, maturity

Open issues with no target close date on the issue record — invisible to every SLA, aging and at-risk view

Open issues bucketed by jurisdiction — where the regulator-facing load is concentrated and where overdue debt is pooling

Open pile split by jurisdiction with severity mix and severity-weighted exposure index

Owners responsible for an outsized share of closures in the last 365 days — bus-factor risk on the closing side

Open issues older than 180 days — the perennial backlog drifting past the half-year horizon

Open plans spanning three or more owners — highest coordination cost, easiest to stall on handovers

Personal worklist: open actions, escalations to me, closed by me today

Issues created in the last 7 days — week-on-week delta, severity split, source mix

Issues created in the last 7 days by severity and origin authority, with a delta vs the prior week

Open issues with no finding summary recorded — the register entry exists with no description

Open issues with no jurisdiction tag — invisible to regulator-routing, board scoping and cross-border rollups

no trigger sentence registered

Headline programme metrics — throughput, SLA, closure mix, defensibility

Open issues with origin and authority recorded but no link to the source record — provenance in words without a receipt

Open issues with no origin tag — invisible to regulator vs internal source rollups

Issues with no linked finding record — structurally untraceable back to source

Individual remediation steps past due and still open — the slip behind tomorrow's overdue issue

Per-owner share of weekday closures finalised outside 07:00–19:00 UTC — defensibility proxy for solo, after-cover sign-off, with severe after-hours as the audit callout

Per-owner scorecard combining weekend, same-day, thin-note, evidence-missing and waiver-unratified rates — closure defensibility with a name on it

Per-owner share of evidence-mode closures with no evidenceId attached — the closer-side defensibility signal, with severe-missing as the audit callout

Open issues that look staffed but have at least one open step with no owner — the quiet single points of neglect

Per-owner jurisdiction breadth and bus-factor jurisdictions where one owner has ≥70% of closures — specialist vs generalist posture plus single-owner regimes

Per-owner carrying load — open-issue count, severity-weighted total and oldest open issue, attributed to every named step owner

Owners ranked by past-due open issues — SLA debt with a name on it, so leadership can rebalance before it becomes personal conduct

Whose closures don't stick? Per-owner share of attributed closures whose finding re-raised within 90 days

Per-owner share of attributed closures whose issue status has flipped back from resolved — closures that didn't hold, with severe-reopen as the audit callout

Per-owner share of closures finalised within 24h of issue creation — proxy for pre-baked or rubber-stamp closures, with severe same-day as the audit callout

Per-owner high/critical closure share vs portfolio baseline — surfaces workload-fairness and burnout signal when one owner absorbs disproportionate severe work

Owners whose attributed open issues disproportionately go quiet or stalled — silence with a name on it, ranked vs portfolio baseline

Days-overdue (raw + severity-weighted) attributed to every named step owner — SLA debt with a name on it, ranked by weighted debt

Per-owner SLA hit rate over the last 365 days against severity-based targets, with currently-overdue live exposure

Per-owner share of closures with no co-owner anywhere in the workflow — single-point-of-failure plus un-peer-reviewed sign-off, with severe-solo as the audit callout

Per-owner median time-to-close vs portfolio — rushing owners may be rubber-stamping, dragging owners are the bottleneck, rushed+recurred is the strongest shallow-work signal

Per-owner waiver vs evidence closure mix — biased owners reach for waiver as the default rather than the exception

Per-owner share of closures finalised on Saturdays/Sundays UTC — after-hours sign-off proxy, with severe-weekend as the audit callout

Who's carrying open issues and escalations across the team

Open issues already past SLA with no named owner on any remediation step — the governance vacuum behind every regulator finding

Shape of remediation plans: empty / thin / lean / typical / deep — surfaces missing or under-scoped plans

Open issues with no remediation steps recorded — no plan, no owner, nothing to sample

Open issues whose remediation steps are scheduled past their own target close date — plans that on paper cannot meet the deadline

High/critical issues whose priority level lands at normal or muted — the queue is under-rating them

Period-over-period comparison: closures, opens, escalations, clean-closure rate

Single deterministic 0-100 score with six weighted sub-scores

Open issues missing origin or originating-authority metadata — the defensibility gap behind ad-hoc-looking findings

Closures landed within seven days — the healthy fast-digestion view, counterpart to SLA miss and aging

Open plans that started progress then went silent — last step completion was 14+ days ago

Closed issues — clean-closure rate, top closers, recent closures

Open issues whose remediation steps are all done — the work is finished, the closure hasn't been recorded

30-day closure register: every issue shut, with mode, days open, waiver ratification — QA / sign-off review surface

Findings re-raised within 90 days of a previous closure — the strongest 'fix didn't stick' signal in the suite

Open issues passing all four defensibility checks — root cause, target date, owners, audit trail; the positive composite

Pick a random closed issue and see which worklists would flag it — behavioural stop-condition for the defensibility suite

Issues with a recorded closure whose status is no longer resolved — closures that didn't stick, the worst pattern on a regulator sample

Closed issues whose findingId is also on an open issue — the fix may not have taken

Owner continuity across recurrences — stuck-with-one is accountability concentration; handed-around is no institutional memory

Open issues grouped by shared root cause — each cluster is a candidate for a single structural fix

Closed issues missing a recorded root cause or evidence reference — the closures that won't survive an audit sample

Open issues with no root cause recorded — the governance hygiene gap that disables pattern detection

Open issues with no root cause recorded — remediation working without a documented cause

Same finding, different rootCause statements over time — the diagnosis itself keeps changing

Issues closed within 24 hours of being raised — drive-by sign-off or back-dated imports made to look like remediation

Recurring findings whose severity is trending worse on each re-raise — the issue is metastasizing, not just repeating

Open pile by severity, 90-day net change and median time-to-close per severity

Open issues with no severity recorded — invisible to triage, SLA and risk-ranked queues

Open high/critical issues that have never been escalated — the 'we knew but nobody raised it' defensibility miss

Forward-looking deadlines: past due, due in 7/14/30 days, plus open issues with no target date

Sum of days overdue across every open issue, plus a severity-weighted burden index

Closed issues that landed after their target date — the late-but-landed pile, with miss rate and severity of slip

Issues closed under 24 hours after creation — fast enough to suggest no real investigation took place

Open issues whose plan has owners but every owned step belongs to one person — per-issue bus factor

Open issues grouped by originating authority and ranked by age — whose regulator backlog is going stale fastest

Open pile by originating source — regulator vs internal, severity mix, and a severity-weighted exposure index

Waiver-mode closures unratified beyond a 14-day grace — undocumented exceptions accumulating as governance debt

Open issues whose plan started but went quiet — at least one step done, none completed for 21+ days

Same artefact ticking off remediation steps across multiple issues — silent reuse one layer before closure

Open issues with remediation steps that have no due date — invisible to SLA dashboards until somebody asks

Open issues with remediation steps that have no owner — actions on the plan with nobody on the hook

Open remediation steps whose committed due date has passed — promises the plan made and missed

Open issues whose target close date has already passed — broken close-date commitments at the issue level

Open high/critical issues whose remediation plan has at most one step — the planning gap behind every avoidable finding

Every registered worklist, generated from route-classes.ts — single source of truth for which tiles exist, with self-audit for duplicates and missing trigger sentences

Closed-issue distribution by severity with SLA hit rate

Open issues failing two or more independent risk dimensions at once — composite emergency list

Open issues with no named owner on any remediation step — the silent governance gap

Open issues at least a week old with at most one audit entry — nobody has actually worked on them

Cumulative time and effort the platform has saved this tenant — defensible operational ROI

12-week opens vs closures with weekly net change and a pace KPI — are we keeping up?

Waiver-mode closures with no decision reference attached — closures pointing at nothing

Waiver-mode closures whose rationale references an expiry that has already passed — exceptions running past their own justification

Waiver-mode closures whose rationale mentions no expiry, sunset or review point — indefinite waivers that drift past every governance review

Every waiver-mode closure with ratification status, time-to-ratify and stale flags

Waiver-mode closures landed within 7 days of intake — too fast for the normal decision path

Issues closed under a waiver that was never ratified — unilateral closures on paper

Insights metrics that got worse since last week — diffed against a daily snapshot, with improvements shown underneath

Closures stamped on Saturday or Sunday — after-hours sign-off, batch imports, or backdated closes that won't survive a regulator sample

Open issues with a plan where not a single step is done — the quiet failure of plans that never start

Open Compass in a full page — embedded panels remain inside Findings, Issues and Tests

Cross-team consultation threads — Compass, MLRO, board, external counsel

Post-MVP — AI advisory recommendations with certainty rating, decision and override trail. Stub view in preview.

no trigger sentence registered

no trigger sentence registered

no trigger sentence registered

no trigger sentence registered

Sample artefacts, investor pack, value model

Post-MVP — full EWRA build-out is not in MVP scope.

no trigger sentence registered

no trigger sentence registered

no trigger sentence registered

Read-only snapshot of SLA, silence, AI budget, role and audit calibration.

Cross-entity rollup across the entity group

Memo, deck, one-pager, founder economics

RSS-driven auto-ingestion that feeds the Source Library

no trigger sentence registered

no trigger sentence registered

Tenant-wide compliance health snapshot (read-only KPIs)

no trigger sentence registered

no trigger sentence registered

Post-MVP — only Compliance Risk is in MVP scope.

Post-MVP — live residual heat by activity / business line. Stub view in preview.

no trigger sentence registered

no trigger sentence registered

no trigger sentence registered

no trigger sentence registered

no trigger sentence registered

Reconstruct any register's state at a past timestamp from the hash-chained audit trail

Role-based onboarding paths and reference material

no trigger sentence registered

no trigger sentence registered

What it is, plus the live value calculator