Broker-Dealer Compliance Platform

Trade surveillance, RIA compliance, FINRA/SEC reporting

View the interactive project page →

Broker-Dealer Compliance Platform

Part of the worlds-biggest-software-project initiative.

An AI-native, open-source compliance platform unifying trade surveillance, communications oversight, marketing review, and FINRA/SEC reporting for broker-dealers and RIAs.

Broker-dealers and registered investment advisers face an expanding regulatory environment under FINRA, the SEC, and Reg BI, yet they rely on fragmented point solutions for communications archiving, trade monitoring, marketing review, and regulatory filings. This project builds a unified compliance platform that uses AI as the first-pass reviewer rather than a bolt-on, designed for compliance officers, supervisors, and registered representatives at small-to-mid firms underserved by enterprise incumbents.


Why Broker-Dealer Compliance Platform?

  • The competitive landscape is entirely proprietary commercial SaaS — no open-source equivalents exist for an integrated BD/RIA compliance platform.
  • Enterprise incumbents (ACA ComplianceAlpha, Nasdaq SMARTS, Eventus) carry heavy implementation footprints and pricing skewed to large firms, leaving a clear gap between workflow-only tools (Skematic) and surveillance-class engines.
  • Many incumbents (Comply, Smarsh, Global Relay) remain primarily lexicon- or rules-driven, producing high false-positive rates that AI-first review can materially reduce.
  • FINRA's 2026 regulatory priorities — cybersecurity, third-party vendor management, and generative-AI risk — are areas where existing compliance platforms offer limited native tooling.
  • In 2024 the SEC imposed combined penalties exceeding $390 million on broker-dealers for inadequate trade surveillance alone, underscoring the cost of fragmented compliance stacks.

Key Features

Communications Oversight

  • E-communications capture across email, Microsoft Teams, and Slack with WORM archive aligned to SEC Rule 17a-4(f)
  • AI-first communications surveillance with reviewer queue and inline citations to firm policy
  • Lexicon and policy-driven flagging tuned for financial-domain jargon
  • Tamper-evident audit log of every compliance action

Marketing & Advertising Review

  • Automated marketing review workflow with FINRA Rule 2210 and Reg BI compliance checks
  • Pre-flight critique with rewrite suggestions
  • Reviewer queue with risk-scored items rather than flat alert lists

Trade Surveillance

  • Trade surveillance engine with starter scenarios for front-running, wash trading, marking the close, churning, and Reg BI suitability violations
  • Real-time and end-of-day pattern detection
  • Firm-level risk dashboard with drill-down to rep, account, or transaction

Supervision & Attestations

  • WSP (Written Supervisory Procedures) library with version history and supervisory sign-off
  • Attestation campaigns with scheduling, reminders, escalation, and audit trail
  • Personal trading oversight with restricted-list and blackout-window enforcement
  • Role-based access control across CCO, supervisor, and registered-rep tiers

Regulatory Filing & Exam Readiness

  • FINRA CAT and TRACE reporting connectors with reconciliation
  • Form ADV, Form U4, and Form U5 workflow
  • Exam preparation module with evidence binder generation
  • Reg-change monitoring mapping FINRA/SEC notices to affected policies and controls

AI-Native Advantage

AI is used as the first-pass reviewer across communications and marketing, with policy-grounded explanations and citations rather than opaque flags. A CCO copilot provides natural-language Q&A grounded in the firm's policies, communications, and trade history. Cross-domain correlation links communications, trade activity, and HR events to surface signals that single-domain incumbents miss, and anomaly detection learns firm-specific normal behaviour rather than relying solely on static rules.


Tech Stack & Deployment

The platform integrates with FINRA TRACE, CAT, and SEC EDGAR APIs for automated regulatory submission, ingests trade data via FIX protocol or prime-broker feeds, and uses documented vendor APIs (Microsoft Graph, Slack Audit, Zoom Compliance API) for communications ingestion to avoid patented capture pipelines. Data retention is engineered for SOC 2 Type II and SEC Rule 17a-4 compliance with 7-year immutable storage. An NLP/LLM pipeline handles financial-domain jargon and code-switching for surveillance.


Market Context

Regulatory enforcement is intensifying: the SEC imposed over $390 million in 2024 penalties for inadequate trade surveillance alone, and FINRA's 2026 Annual Regulatory Oversight Report expands scrutiny across Reg BI, CAT, cybersecurity, and generative-AI use. Primary buyers are CCOs at broker-dealers and RIAs, with a clear underserved segment of small-to-mid firms priced out of enterprise suites like ACA ComplianceAlpha and Nasdaq SMARTS.


Project Status

This project is in the research and specification phase.
Contributions, feedback, and domain expertise are welcome.


Contributing

We welcome contributions from developers, domain experts, and potential users. See CONTRIBUTING.md for guidelines.

Important: All contributions must be your own original work or clearly attributed open-source material with a compatible licence. Copyright infringement and licence violations will not be tolerated and will result in immediate removal of the offending contribution. If you are unsure whether a piece of code, text, or other material is safe to contribute, open an issue and ask before submitting.


Licence

Licence to be determined. See discussion for context.