AdapttoAI

Confidential

Compliance Operations Platform

Proposal · June 2026

Overview

What we're building.

A compliance automation platform that connects your existing systems, eliminates manual re-entry across them, and gives your team one place to see the full picture on any counterparty.

We're proposing it in three layers, so you can commit incrementally and see value early:

Layer 1 — Automation: your six systems, connected so changes propagate automatically.
Layer 2 — Unified Dashboard + Slack: one view of every counterparty, with the Slack decision trail built in.
Layer 3 — Actionable Dashboard: edit and reconcile records directly from the dashboard (scoped later).

Today the status quo costs the team 5+ hours a day and risks the same client data diverging across six systems — a compliance exposure in a regulated environment, not just an inefficiency (full picture in Appendix A).

A deliberate design choice: for Layers 1 and 2, the live system runs on deterministic, rule-based code — not AI making decisions on your data.

Everything in this proposal — scope, technical approach, privacy architecture, and pricing — is our recommended starting point, and remains subject to the design phase, where it is confirmed and refined with your team before any build commitment.

Scope

Three layers.

Layer 1 · the foundation

Automation

deterministic — no AI in the running system

The six systems (Sumsub, Elliptic, Asana, Fireblocks, Google Drive, Google Sheets) connected so status changes, KYC updates, and KYT alerts propagate automatically.

6 core workflows
audit log
Google SSO + role-based access
operator / compliance-lead tiers
Elliptic whitelist (per client + wallet)

Layer 2 · reuses Layer 1's connectors

Unified Dashboard + Slack

deterministic by default

Search any counterparty, see current status across all systems, and view a chronological timeline of every action, alert, review, and decision — including decisions documented in Slack, built in here because the dashboard is incomplete without it.

status-cards + timeline dashboard
outbound Slack notifications
inbound Slack decision capture
structured search
CSV / JSON export

Layer 3 · future, scoped during design

Actionable Dashboard

optional — approved separately

Fix mismatches (e.g. Asana vs. Sumsub) directly from the dashboard, and optional AI-assisted enhancements (auto-extracting decisions from free-text Slack, natural-language search, alert summarization), approved separately when you're ready.

bidirectional record editing
full multi-role RBAC
new data sources (e.g. Settlana)
optional AI layer under explicit privacy terms

Privacy & Data

How we treat your data.

You operate in a regulated environment, so we treat data handling as a core design decision, not an afterthought. Our position for the committed build (Layers 1 + 2) — to be confirmed and finalized in the design phase:

Deterministic by design

For Layers 1 and 2, the running system uses only deterministic, rule-based code — no AI makes decisions in production. Your counterparty data is not processed by an AI model in the live system.

A conduit by default

Status and workflow data leaves your existing systems only to transit our platform in memory, and is written back to your own systems. We do not replicate your client database.

EU residency

The platform is hosted in an EU region; in the committed build, no data leaves the EU.

Persistence & the timeline

The platform persists only an audit log, the Elliptic whitelist, encrypted API credentials, and — for the dashboard timeline — a lightweight event log. The log and whitelist can be written into storage you control, and the timeline can alternatively be assembled live from your systems. Finalized in the design phase.

Sub-processor & DPA

Our EU hosting provider is the single new sub-processor, disclosed in a GDPR Art. 28 Data Processing Agreement signed before build begins.

Optional AI (Layer 3 only)

If you later choose AI-assisted enhancements, they run only on a redacted, tokenized slice — identifiers replaced with tokens before any text reaches a model — under zero-retention, EU-resident, no-training terms. Opt-in and approved separately.

For your Legal & IT Security teams

Topics we need to understand further.

We'd value early input on these before any commitment — your answers may shape the architecture:

Hosting / cloud — is an EU-hosted, single-sub-processor model acceptable, or do you require on-premise or a specific cloud provider?
Data location — where should the audit log and whitelist live: our (encrypted) store, or inside your own environment?
Residency — any constraints beyond EU?
Retention — confirmation of the 5-year retention obligation and where those records must reside.
DPA — any specific requirements for the Art. 28 Data Processing Agreement we should anticipate?
Future AI (Layer 3) — if/when AI enhancements are considered, what level of review will your teams require?

Design Phase

We design before we build.

3 focused sessions, ~1 hour each, lean on your team's time. Output: a signed-off technical specification and a privacy/security spec covering data flows, retention, residency, and Art. 28 scope. This is where we finalize the right security approach with your Legal and IT teams. Build starts only after sign-off.

Current-state mapping — walk each workflow as it works today.

Future state + privacy/security — data flows, retention, residency, DPA scope.

Spec sign-off — confirm scope, confirm layer choice, begin build.

Data handling during design: we work from documentation and, where needed, redacted samples — never live production records. Any sample shared is deleted within 30 days, with written confirmation.

Investment

Pricing.

Phase

Implementation

Monthly (from go-live)

Design phase3 × 1h sessions → signed spec

€4,000

—

Layer 1 — Automation6 workflows, connectors, whitelist, audit log, SSO + roles

€27,000

€1,400 / mo if you stop here

Layer 2 — Dashboard + Slackunified dashboard, timeline, Slack, export

€17,000

€2,200 / mo full

Committed total (Design + L1 + L2)

€48,000

€2,200 / mo

Layer 3 — Actionablebidirectional editing, full RBAC, optional AI

scoped in design

—

Timeline: approximately 5–6 months from signing to full go-live (1 month design + build); Layer 1 can go live independently, sooner.

A clear basis before you commit: the figures above are indicative. After the design phase we provide a detailed build proposal — scope, milestones, and commercials — so you have a clear, agreed basis before committing to the build.

Billing: you pay across the build months; the monthly subscription begins only when the system goes live — no subscription fee during the build.

This proposal is valid until 15 July 2026.

Next Steps

How to move forward.

Feedback on this proposal, and share the privacy section with your Legal / IT teams.
Sign NDA + Art. 28 DPA.
Book Design Session 1.

Appendix A

The problem.

Systems with no central case manager

5+ hrs

Daily manual update time across the team

~40

Concurrent onboardings; ~10 new per month

The cost isn't only the 5+ hours a day lost to manual re-entry. The same client data, keyed by hand across six systems, can diverge — and a wrong risk rating or a missed periodic review in a GFSC-regulated environment is a compliance exposure, not just an inefficiency. There is no single source of truth and no automatic audit trail, so audit-readiness depends on manual reconstruction; and the process that worked for 2 people hasn't scaled to 7.

What this looks like day to day

The same counterparty data is keyed by hand into 4+ systems per onboarding.
Checking one counterparty's status means opening 4–5 tools.
Already-cleared Elliptic exposures re-alert on every new transaction (no whitelist) — wasted analyst time.
Weekly status reporting across ~40 active cases is fully manual.
The team grew from 2 to 7; the manual process never scaled with it.

Appendix B

How each piece works.

Workflows (Layer 1)

W1 — KYC completion → Asana + Sheets

When Sumsub marks a counterparty KYC-complete, the matching Asana task and Google Sheets row update automatically.

W2 — KYT alert → investigation

An Elliptic alert creates an Asana investigation task with the alert details pre-populated.

W3 — Document upload → Drive filing

Documents submitted in Sumsub are filed to the correct Drive folder automatically.

W4 — Cross-system status sync

A stage change in one system propagates to the others; Sheets stays the consolidated log.

W5 — Follow-up reminders

Pending cases are checked and reminders raised automatically.

W6 — Periodic review auto-creation

A review date in Sheets auto-creates the Asana review project when due.

Dashboard & platform (Layer 2 + foundation)

Status cards

One screen showing a counterparty's current state across all connected systems.

Timeline

Full chronological history of actions, alerts, reviews, and decisions — including Slack — for audits and escalations.

Slack

Outbound notifications to your channels; inbound decision capture into the timeline.

Google SSO + role-based access

Operator / compliance-lead tiers in the committed build (full multi-role RBAC in Layer 3).

Audit log

Append-only record of every action, exportable; can be written to storage you control.

CSV / JSON export

Counterparty snapshots and audit ranges for periodic reporting and external audit.