The platform, in detail
One system for the whole compliance job.
Six modules on one case record: collection, screening, risk, decisions, registers, audit. Each one exists because a real MLRO got tired of doing it by hand. Here is what each module does and the problem it removes.
Collection that runs itself
Send one magic link. The counterparty answers the questionnaire, declares ownership to natural persons, and uploads documents, on a portal carrying your logo and colours. Your case file assembles itself from their answers.
- Branded portal: your logo, your colour, your name. Delegation hands any section to a colleague; every named person can get a personal link for just their ID and proof of address.
- A funnel view shows where every request stalls; the chase queue writes the reminder for you and emails it when configured.
- After review, one click sends a corrections link listing only what was rejected or missing. Nothing accepted is ever asked for twice.
- Analysts preview the entire form per entity type before anything is sent.
Screening that never sleeps
We ingest the official lists ourselves (sanctions, export controls, debarments, wanted lists, and the global PEP set) and screen your whole book every night. No per-check meter; the cost of screening one more name is zero.
- Every entity, director and UBO joins the monitored book automatically; list updates delta-screen the book the moment they land.
- AI pre-assesses every new hit: obvious false positives are discounted with a written rationale on the record; anything plausible is flagged with the reasoning attached. A true match is never confirmed by AI.
- An adjudicated false positive is whitelisted for that exact list entry and never nags again, unless the entry itself changes.
- Grounded adverse-media research on any party, with sources listed; your analyst records the verdict.
Risk you can defend. Decisions with rules.
Every rating shows its arithmetic: geography, entity type, ownership complexity, screening findings, flagged answers. The weights are your policy, edited in settings, not our constants.
- The MLRO can override any rating, with a rationale that goes on the record and is flagged on the dashboard.
- Four-eyes is policy by risk level: where it applies, analysts propose and the MLRO signs; where it does not, one full seat decides.
- Approval is gated: open documents, unresolved hits or structural gaps physically block the approve button, for everyone.
- Periodic reviews schedule themselves by risk band (for example high 12 / medium 24 / low 36 months) and surface on the calendar and alerts when due.
AI where it helps. A human where it counts.
Five assistants read, check and draft; every output carries its reasoning and lands on the record. None of them can decide. On a high-risk book, "the model decided" is not an answer you want to give an inspector, so it is an answer this system cannot produce.
Re-screens the whole book nightly and delta-screens every list update. New findings always queue for a human.
Assesses every new hit on arrival; discounts obvious false positives with the rationale on the record, flags the rest. Never confirms a true match.
Grounded adverse-media and business research per party, sources attached. The analyst records the verdict.
Drafts the case assessment from the file itself. The MLRO edits and signs; drafts are never the record.
Reads corporate documents on arrival and flags disagreements with the declared record. Personal ID documents never touch AI.
Reviews the evidence and makes every decision that matters, with everything the assistants prepared laid out in front of them.
The department, not just the onboarding
Verification tools stop at the case. amlr.io carries the rest of the MLRO's job: the register pack, the calendar, the attestations, the board pack, the regulator pack.
- Fourteen purpose-built AML registers (SARs, PEPs, training, conflicts, wallet decisions and more), each with owners, cycles and gated sign-off.
- One compliance calendar: case reviews, register cycles, attestation windows, deadlines.
- Every action on an append-only, hash-chained audit trail; exports carry per-file SHA-256 so nobody can quietly edit history.
- The regulator pack: one click, one zip, the whole defensible file: report, every document version, decision trail, screening history, audit slice, manifest.
See it on your own book.
A 30-minute walkthrough: onboard a counterparty, screen the UBOs, and export the audit file at the end.