RegAlign® + RiskAlign™ · roadmap pairing
Compliance and risk have always pulled from the same well. They've just never shared a bucket. RegAlign® and RiskAlign™ are designed so that — once both are live — they will. RegAlign is pilot-stage today; RiskAlign is in active development.
Start with the regulator's words. End with defensible evidence.
Start with what could hurt the firm. End with appetite, controls and KRIs.
One shared control reference. RegAlign records the obligations a control satisfies. RiskAlign records the risks a control mitigates. Update once, both views move.
| Capability | RegAlign only | RiskAlign only | Together |
|---|---|---|---|
| Regulatory change tracking | ✓ | — | ✓ |
| Obligations register | ✓ | — | ✓ |
| Enterprise risk register | — | ✓ | ✓ |
| Risk appetite & KRIs | — | ✓ | ✓ |
| Shared control reference | ✓ | ✓ | ✓ (one slug, two views) |
| Board pack | Compliance pack | Risk pack | Combined pack |
| Audit trail | Per obligation | Per risk | End-to-end |
Today the bridge is a CSV obligation export from RegAlign that RiskAlign imports as read-only links. A tenant-scoped REST endpoint is on the v1.1 roadmap.
Terminology note — BRA vs ERM
RegAlign ships the BRA (Business Risk Assessment) — the AML/CFT/CPF firm-wide risk assessment required by JFSC AML/CFT/CPF Handbook §2 / UK MLR2017 reg 18. Equivalent to BWRA (UK) and "EWRA" (industry synonym in AML practice). Per the three-lines model: prepared by the business / senior management (1LoD), reviewed and challenged by the MLRO/MLCO (2LoD), and approved by the board.
RiskAlign ships ERM (Enterprise Risk Management — COSO ERM 2017 / ISO 31000:2018). A different artefact for a different buyer (the ERM register is prepared by the CRO / Risk function aggregating business-owner inputs and approved by the Board Risk Committee), covering strategic, operational, financial, technology, people, reputational risk. The two products are complementary, not duplicative.