The engagement eliminated 1,700+ hours of annual manual compliance work by replacing fragmented SME workflows with an intelligent, auditable automation platform, without removing human accountability.
A multi-agent pipeline combining semantic regulatory intelligence, provenance-mapped knowledge graphs, and human-in-the-loop governance across 8 jurisdictions, built on KMS and CMS architecture with event-driven change propagation.
The client's compliance operations required SMEs to manually track, interpret, and apply regulatory updates across thousands of forms — costly, inconsistent, and impossible to audit at scale.
The absence of a shared knowledge layer, automated change detection, and structured provenance meant every regulatory update triggered a full manual cycle with no context reuse, no traceability, and no tooling.
~20 hours per form, ~1,700 hours per annual cycle. Effort scaled linearly with regulatory complexity and geographic coverage.
No automated ingestion or diffing of regulatory documents. Each update required a full manual re-analysis cycle with no tooling support.
OperationalThe same regulatory interpretation was re-applied across multiple forms with no shared context or institutional memory between tasks.
No centralised knowledge store meant identical regulatory logic was manually re-derived per form with zero reuse across the SME team.
EfficiencyOutcomes depended heavily on individual judgment and manual discussions, leading to uneven regulatory coverage across jurisdictions.
No single source of truth for regulatory interpretation. Decisions varied by SME, client interaction, and undocumented context, making reproducibility impossible.
QualityImpossible to understand what changed and why. No audit trail for defensible, explainable compliance decisions.
No provenance mapping between regulations, obligations, forms, and questions. Change history was ad-hoc, stored informally, and not queryable.
GovernanceThe solution was built around two interconnected systems: a regulatory knowledge layer (KMS) and a workflow governance layer (CMS), delivered in two phases starting with a single-jurisdiction pilot.
KMS serves as the structured regulatory intelligence layer, ingesting from the regulatory rulebook system and the regulatory intelligence feed, maintaining obligation graphs and provenance. CMS handles form ingestion from the compliance platform, change request lifecycle, SME workflows, and RBAC via Okta.
Change propagation pipeline
Rather than a single AI tool, the platform uses a coordinated pipeline of five agents, each with a distinct role, that together produce review-ready recommendations for SME approval. Click any agent to learn more.
Each agent operates with a bounded scope, receives structured context from the previous stage, and passes validated output downstream. No agent writes directly to production. Click any agent to inspect its role and outputs.
When a regulation changes, this agent understands what it actually means, not just what words changed. It builds the full context that allows every downstream agent to reason accurately about compliance impact, without each SME having to re-interpret the regulatory text from scratch.
No AI output ever reaches production without SME sign-off. Every compliance change is owned by a named human, scoped to a jurisdiction, and logged with full rationale, meeting the explainability standards that regulated industries require.
The governance layer enforces a hard boundary: AI agents write to a staging change-request queue, never directly to production. SME decisions trigger downstream state transitions. Every action is appended to an immutable audit log with ownership metadata.
Agents produce a structured recommendation with rationale, source regulation, and affected form fields. Placed in review queue, never auto-published.
Persistence agent writes a structured Change Request object to the CMS queue. Contains: regulation ref, obligation delta, affected form IDs, proposed question changes, confidence score, and full agent trace.
Okta-managed access ensures each change request routes to the right SME, scoped by jurisdiction and compliance category.
Okta RBAC rules match Change Request jurisdiction and category metadata to the authorised SME pool. Assignment is deterministic with no manual queue management required.
SMEs see the full provenance chain and AI rationale. Three exit paths: approve, modify (edit and re-approve), or reject/escalate.
CMS surfaces the full provenance chain in the review UI: regulation, obligation, form, question. SME actions trigger CMS state transitions. Modify action creates a new Change Request version with the SME edit flagged.
Every decision is logged with ownership, timestamp, and rationale, creating a defensible compliance record for any future audit.
Append-only audit log captures: decision type, SME ID, timestamp, change delta, and regulation ref. Versioning maintained across all Change Request states. Queryable for compliance reporting.
Dashboards give leadership visibility into queue depth, SME throughput, and pending changes by jurisdiction, without needing to touch individual decisions.
Exec dashboards aggregate Change Request metrics: queue depth by jurisdiction, SME throughput, approval rates, average review latency, and pending regulatory exposure. Read-only, role-gated.
In regulated industries, explainability is a legal requirement, not a preference. This design ensures every compliance change traces back to a named human decision-maker, a specific regulation, and a documented rationale.
The hard separation between AI staging queue and production forms is a deliberate architectural constraint, not a UX choice. It ensures AI errors are always catchable before they have compliance consequences and keeps the audit log unambiguous about human versus AI authorship.
The platform shifts the client's compliance posture from firefighting regulatory changes manually to continuously monitoring and intelligently processing them.
The KMS/CMS platform establishes the data and workflow infrastructure needed for continuous, scalable compliance operations, with measurable reductions in manual processing and clear architectural extensibility.
SMEs move from finding and interpreting regulations manually to making judgment calls on AI-prepared, pre-validated recommendations. Cognitive load shifts from research to governance.
The agent pipeline absorbs the unstructured, high-variance work (reading regulations, traversing form graphs, drafting copy) and surfaces only the bounded, high-judgment decisions to SMEs: approve, modify, or reject, with full context already populated.