Skip to main content
Download free report
Softblues
Softblues

Financial services · AI business automation

About forty checks a file. Every file. Every month. All by hand.

AI compliance file review

A regulated financial-advice firm reviews every client advice file each month: dozens of mechanical checks plus a judgement call on whether the advice suited the client, all under a regulator's eye. We proposed a four-stage multi-agent pipeline that does the mechanical work and drafts the review, with a compliance reviewer keeping the final sign-off. It is designed to run entirely inside the firm's own Microsoft tenant, in the EU.

Regulated financial-advice firm (anonymised)Financial servicesCompliance reviewProposed · pre-discovery
Book a case walkthrough
~40 checks
Per file, each cited to its source
A stack of advice files checked against a rulebook, each finding cited to its source, with a human reviewer signing off

The problem

Mechanical work, with a regulator watching

Every month, the compliance team opens each client advice file and checks it: the fact find and the statement of suitability against dozens of requirements, whether the recommendation matched the client's needs, and a record of all of it in case a regulator asks.

Most of the work is mechanical, but the volume makes the monthly review slow, and the firm is accountable for getting every file right. It is a steady drain on senior compliance time, and a mistake carries regulatory weight.

Why it can't just be scripted away

01

Forty checks, every file

Each file needs around forty yes/no checks against documentation and suitability requirements, repeated across the whole book of advice.

02

Mechanical, plus judgement

The work mixes mechanical checks with a real call on whether the advice suited the client, so a simple script cannot do it.

03

Everything must be evidenced

If a regulator inspects, the firm has to show exactly what was checked and where each finding came from.

04

Regulated and data-sensitive

Client data has to stay inside the firm's own controlled systems, so any tooling has to come to the data, not the other way around.

The checks are mechanical. The accountability for getting them right is not.

What we proposed

A four-stage pipeline, with the human kept in charge

We proposed a multi-agent pipeline that does the mechanical heavy lifting and drafts the review, while a compliance reviewer keeps the final sign-off. An extraction agent reads each file and maps its sections. A checks agent runs the roughly forty yes/no checks, each cited to the page it came from. A suitability agent compares the client's needs against the recommendation and the firm's consumer-protection obligations. A final stage assembles a one-page review pack in the firm's existing Power BI.

The reviewer reads the pack, sees every finding cited to its source, and signs off. It is designed to run inside the firm's own Microsoft tenant in an EU region, so no client data leaves their environment. This is the approach we proposed; the firm is at the pre-discovery stage.

How it would work

Four stages, then a human signs off

Compliance review pipeline: an extraction agent reads each advice file, a checks agent runs about forty cited checks, a suitability agent assesses the advice, a review pack is generated in Power BI, and a compliance reviewer signs off
  1. 1

    Extraction agent

    Parses each advice file, the fact find, statement of suitability and supporting documents, and maps the sections so the right content reaches the right check.

  2. 2

    Mechanical-checks agent

    Runs around forty yes/no checks per file against documentation and compliance requirements, each one cited to the page it came from.

  3. 3

    Suitability agent

    Compares the client's stated needs and objectives against the recommendation and the firm's consumer-protection obligations, the part that needs judgement.

  4. 4

    Review pack generator

    Assembles a one-page summary of every finding and writes it to the firm's existing Power BI dashboard.

  5. 5

    Human sign-off

    A compliance reviewer reads the pack, checks the cited findings and signs off. The agents prepare the review; the person makes the call.

The proposed stack

AI

Claude SonnetClaude OpusGPT-5.5

Agent platform

Microsoft Foundry Agent ServiceMicrosoft Agent Framework (Python)LangGraph

Firm's Microsoft tenant (EU)

Microsoft Azure (EU region)SharePoint OnlinePower BIMicrosoft Entra ID

Documents

Azure AI Document Intelligence

By design

What the proposed pipeline is built around

~40

Mechanical checks per file, each cited to source

4

Pipeline stages before a human signs off

100%

Findings cited to their source page

Human

Final sign-off, kept with a reviewer

Inspection-ready by design

Every finding is cited to its source page and timestamped with a full audit trail, so a reviewer or an inspector can trace any check back to where it came from.

Built for regulated data

Designed to run inside the firm's own Microsoft tenant in the EU, with role-based access and no customer data used to train any model.

Where else this works

The pattern is general: extract a document set, run a rulebook of checks with citations, assess the part that needs judgement, and hand a cited summary to a person. It fits any regulated review, from insurance underwriting and lending or KYC to audit and quality assurance. The same agent approach runs across our other builds.

Frequently asked questions

A four-stage multi-agent pipeline to automate their monthly compliance file review: an extraction agent reads each advice file, a checks agent runs around forty mechanical yes/no checks, a suitability agent assesses whether the advice fit the client, and a final stage produces a one-page review pack. A compliance reviewer keeps the final sign-off. This is the proposed approach; the firm is at the pre-discovery stage.

No. The agents do the mechanical checking and draft the review, and a qualified compliance reviewer makes the final call and signs off. The point is to remove the repetitive checking, not the human judgement.

Every finding is cited to the exact source page, and every assessment is timestamped with a full audit trail. A reviewer, or an inspector, can trace any check back to where it came from, which is what makes the output inspection-ready.

It is designed to run entirely inside the firm's own Microsoft tenant in an EU region, using their existing SharePoint and Power BI. No client data leaves their environment, and no customer data is used to train any model.

It compares the client's recorded needs and objectives against the recommendation that was made and the firm's consumer-protection obligations. That is the part of file review that needs reasoning rather than a simple yes/no, so it is drafted for the reviewer rather than decided automatically.

No. The pattern, extract a document set, run a rulebook of checks with citations, assess the judgement part, and hand a cited summary to a human, applies to any regulated review: insurance underwriting files, lending and KYC, audit and quality assurance.

Is monthly file review eating your compliance team's time?

If a regulated review runs on senior people checking documents by hand, this is the work we do. A discovery is where we start: map the checks, design the pipeline, and keep the sign-off with your reviewer. Book a call.

Anthropic Partner Network member50+ AI ProjectsGoogle Cloud PartnerTop-5 UK AI Firm
Success Stories

Explore Other Projects

Discover more AI solutions delivering measurable results across industries