See live demo →

The compliance engine for every regime you answer to.

>>> SHIPPING THE SAR PACKET

Ship the artifact your regulator will actually read — SAR · STR · breach packet · audit-pack · resilience submission. Every decision a sha256-signed trace your auditor can verify in seconds. Across trust, privacy, financial crime, and operational resilience regimes.

See live demo → About the engine ↗
10x
FASTER THAN MANUAL REVIEWAcross 4 regime families · 20+ frameworks
SOC 2 TYPE II ISO 27001 GDPR FATF-ALIGNED
002 / 4,217 EVENTS PROCESSED // LIVE
EVERY DECISION SIGNED
IDENTITY BANKING SANCTIONS KLETRAQ ENGINE SAR / STR AUDIT-PACK BREACH PKT PROCESSING
PROGRESS >>> STR FILING IN FLIGHT 78%
INC-2026-014SAR FiledFinCEN4.1h
INC-2026-015KYB ApprovedEnhanced5.8s
INC-2026-016BREACH DraftingGDPR 72h11h
INC-2026-017AUDIT ReadySOC 25.4MB
01

Ingest

Stream events from any source — webhooks, transaction rails, identity providers, vendor attestations, document drops. No paste-into-spreadsheet step.

02

Evaluate

Controls-as-data — every clause is a typed rule with a reason code, not a checkbox. Adding a new framework is a content release, not an engineering project.

03

Sign

Every sign-off is an HMAC-signed decision trace. Every override is logged with rationale and rule. The audit trail writes itself.

04

File

Auto-formatted to the regulator's accepted schema. SAR / STR packets, breach notices, audit-packs, resilience submissions — re-export on demand, no engineering ticket.

POWERED BY THE KLETRAQ ENGINE™

Workflow
Orchestration

Encode policies, controls, and sign-off chains into a series of agent-augmented decisional steps that run on demand, on schedule, or on event. Programmatically via API, or visually via the operator console.

About the engine →
// FLOW · incident-intake-2026-q2 · v3.1
COMPLETEINTAKE_INCIDENT [ event_id ]0.4s
COMPLETESCREEN_SUBJECT [ sanctions + pep + adverse ]1.8s
COMPLETESCORE_TYPOLOGY [ structuring · 0.92 ]0.6s
IN FLIGHTROUTE_FOR_SIGNOFF [ compliance officer · sla ]2.1h
NEXTFILE_TO_REGULATOR [ regulator-specific schema ]
// AGENTIC SEARCH

Search every
artifact at scale.

Index millions of policy documents, transaction records, evidence files, and audit trails — and cite each result back to the specific page, row, and clause.

001 / 14,892 ARTIFACTS >>>
ALL STRs WITHIN 24H WINDOW
SEARCH RESULTS >>> INDEXED EVIDENCE LINKED NEEDS REVIEW
// CONTROLS-DOC · ISO 27001 A.5.7 · review
ACCESS CONTROL POLICY [REVIEW]
REVIEW BOT
Maps to ISO 27001 A.5.7 — control evidenced.
SECURITY LEAD
Signed-off on quarterly review.
·DATA PROTECTION OFFICER
Awaiting GDPR Art. 32 cross-check.
·REVIEW BOT
Processing next clause...

Evidence,
collaboratively.

Route reviews, redactions, and policy checks across teams and jurisdictions — every action threaded against the control it touches, every comment addressable, every sign-off cryptographically traceable to the signer.

About evidence routing →

Security.

Built on a microservice architecture for deployment into the most sensitive environments — including isolated networks, regional residency, hardened images, and bring-your-own-LLM.

About security →
[ ALL SYSTEMS SECURE ]
[ ISOLATED NETWORK ]
PUBLICINTERNET
SECURE BOUNDARY
ACCESS
RESTRICTED
// KLETRAQ ENGINE — SECURE BOUNDARY ● SECURE
AGENT REVIEW · POLICY VALIDATION · EVIDENCE STORE
ACCESS
RESTRICTED
SECURE BOUNDARY
THIRD-PARTYSYSTEM
// REGIME COVERAGE

Four regime families.
Twenty-plus frameworks.

Every Kletraq control maps to a named framework, and every framework maps to a primary regulatory source — read the regime as the regulator wrote it, not our paraphrase. Coverage extends across NG, US, UK, EU, and the rest of Africa.

01

Trust & Security

SOC 2 Type II · ISO/IEC 27001 · Cyber Essentials Plus · CBN Risk-Based Cyber
Universal procurement trust signals · 220+ controls mapped
 02

Privacy & Data Protection

GDPR · UK DPA 2018 · NDPA / GAID 2025 · CCPA / CPRA · POPIA
EU · UK · NG · US · ZA · 160+ controls mapped
 03

Financial Crime

FATF Recommendations · BSA / FinCEN SAR · NFIU STR · EU 6AMLD · FCA
Global STR / SAR backbone · 24-hour to 30-day filing windows
 04

Operational Resilience

EU DORA · NIS2 · CBN Cyber (SFI) · APRA CPS 234 · OSFI B-13
Pan-regional resilience packs · incident clocks · third-party risk
// USE CASES

From signal to filed packet.

Four cycles the Engine runs continuously across every customer — each ending in a signed artifact a regulator or correspondent bank can verify.

INC-2026-014 · SAR · filed INC-2026-015 · STR · filed INC-2026-016 · DORA · in flight INC-2026-017 · ESG · filed
01

Regulatory Filings

SAR · STR · DORA incident · ESG submission · lawful intercept
Every signal triaged, scored, signed, and filed inside the regulator's window. The Engine ingests events from your rails, scores against a typology library, routes for officer sign-off with the policy citation attached, and submits to the regulator's accepted schema — FinCEN, NFIU, FCA, EBA, NDPC — median latency well under SLA, every step in a re-exportable signed trace. "The decision-trace artifact alone justified the spend. Our auditors got the same trail we did, and the questions stopped."HEAD OF FINANCIAL CRIME · MULTINATIONAL BANK See it in the Fintech demo →
72H DRAFT NOTICE DPO SIGN-OFF REGULATOR PACKET
02

Incident & Breach Response

GDPR 72h · NIS2 24h · state breach laws · operational incidents
From finding to regulator notice — the data-subject letter drafted, the DPO sign-off captured, the packet filed. The Engine assembles the breach packet from the moment a finding lands, walks the controls, and routes for sign-off so nothing waits in someone's inbox. Same flow for GDPR Art. 33, NIS2, state breach laws, and operational-resilience incidents under DORA. "We onboarded in two weeks and stood up the incident-response flow across three jurisdictions. The first real incident filed itself."CISO · REGULATED SAAS See it in the SaaS demo →
2026-Q2-v1 5.4 MB · sha256 ──────────── controls.pdf manifest.csv traces.json README.txt
03

Audit-pack

SOC 2 · internal audit · correspondent DD · ESG attestation
One URL. Sha256-signed. Framework-attested. The artifact an auditor, a correspondent bank, or a procurement team can read without a 30-minute call. Cover page, controls evidence, manifest CSV, HITL decision history, reader instructions — bundled, signed, re-exportable on demand without an engineering ticket. "Our last enterprise procurement DD took six weeks of scrambling. With Kletraq the next one took three days — and the audit-pack was already what the buyer's security team asked for."CHIEF COMPLIANCE OFFICER See it in the SaaS demo →
A.O. T1 T2 T3
04

Counterparty & Identity Verification

KYC · KYB · vendor onboarding · third-party risk
Identity, sanctions, PEP, adverse media, vendor-security posture — in one signed call. Risk-tier transitions with the policy citation attached to every grant. The Engine wraps multiple identity and screening vendors behind a single API and produces a signed decision trace for each tier change — every grant defensible to the regulator, every override logged with rationale. "Three vendors and a spreadsheet became one call and a trace ID. Procurement closed in days, not weeks."VP THIRD-PARTY RISK · ENTERPRISE See it in the Fintech demo →
See live demo →
// BUILT ON
IDENTITY
Smile IDPersonaOnfido
OPEN BANKING
MonoPlaidTrueLayer
SANCTIONS / ADVERSE
ComplyAdvantageDow Jones Risk
INFRASTRUCTURE
AWSGCP
WE PLUG INTO THE RAILS YOU ALREADY TRUST — ACROSS EVERY REGION YOU OPERATE IN. EVERY INTEGRATION ATTESTED + VERSIONED.
// VS THE ALTERNATIVES

We produce the artifact, not just the controls tree.

Continuous-controls platforms tell your auditor what you have. The Kletraq Engine produces what the regulator, the auditor, and the procurement team actually want to read — the filed packet, the signed trace, the audit-pack.

KLETRAQ ENGINE Vanta / Drata In-house spreadsheets
Continuous controls evidence (SOC 2, ISO 27001)NativeNativemanual
Multi-regime regulatory filings (SAR · STR · breach · ESG · resilience)Nativemanual
Regulator-shaped output (filed packet, not just dashboard)Nativevariable
Cross-regional packs (NG · US · UK · EU · Africa)NativeUS / EU-centricmanual
Audit-pack for procurement & correspondent DDNative○ Partialmanual
Sha256-signed decision traces · re-export on demandNative
Bring-your-own-LLM for in-product agentsEnterprise

Talk to compliance engineering.

Walk through a live decision trace. See how the Kletraq Engine evaluates a real incident, signs the trace, and packages the artifact — in under fifteen minutes.

Open the live demo → Or email compliance engineering ↗