Skip to main content

Compliance Workbench

The Compliance Workbench is the operator view used to decide whether a customer, company, session, or transaction can proceed. It is designed for defensible compliance decisions, not only for technical inspection.

What the Analyst Sees First

The customer detail page prioritizes:

  • Current decision state.
  • Whether risk is defensible.
  • Active blocking flags.
  • Next best action.
  • Responsible analyst and SLA.
  • Evidence and audit readiness.

A compliance analyst should quickly answer:

  • Can I decide now?
  • If not, what blocks the decision?
  • What evidence exists?
  • What evidence is missing?
  • What action should I take next?

Defensible Risk

A numeric score is defensible only when PredictaID has enough supporting context:

  • Ruleset and version.
  • Rules that matched.
  • Weights, thresholds, and score composition.
  • Evidence used by each rule.
  • Provider/source metadata when available.
  • Formal audit trail.

If composition is partial, missing, inconsistent, or unknown, the workbench shows the result as non-defensible. The score can still appear as context, but it must not be used alone to approve a customer or transaction.

Active Flags

The workbench displays active compliance flags when a condition requires attention. Typical examples:

FlagOperational meaning
PEP identifiedManual review is required before approval.
Restrictive-list matchAnalyst must confirm, dismiss, or escalate the match.
Name not identifiedIdentity is incomplete and may block decision.
Required document missingThe dossier cannot be completed until evidence is linked or waived with justification.
Score not defensibleRisk exists as context only; composition must be reconciled or manually reviewed.
Audit trail missingRegulatory decisions and audit-ready exports are blocked.
Responsible not assignedA manual review owner should be assigned.
SLA due or overdueThe case needs operational prioritization.

Next Best Action

PredictaID derives a recommended next action from the strongest blocker. Priority usually follows this order:

  1. Repair missing audit trail when a decision is needed.
  2. Review PEP or restrictive-list findings.
  3. Complete canonical identity data.
  4. Request, attach, or link required documents.
  5. Recalculate or reconcile partial risk composition.
  6. Assign a responsible analyst.
  7. Address SLA risk.
  8. Export an audit-ready dossier when all blockers are resolved.

Manual Review and Decisions

Manual decisions require a justification. Depending on tenant configuration and permissions, analysts can:

  • Approve.
  • Reject.
  • Request documentation.
  • Escalate review.
  • Keep the case in review.
  • Confirm PEP.
  • Mark a PEP match as false positive.
  • Attach or link evidence.
  • Register a justified waiver.

Actions that do not have an enabled backend contract for a tenant are shown disabled with the reason instead of pretending to complete successfully.

PEP and Restrictive Lists

PEP or restrictive-list results should never appear as risk reduction. When a PEP match is identified, the workbench treats it as a review requirement until an authorized analyst records the outcome and justification.

Possible review outcomes include:

  • PEP confirmed.
  • False positive.
  • Inconclusive.
  • Escalated for approval.

Identity and BigData/Bureau Data

The Identity tab separates:

  • Canonical data used by PredictaID, such as name, CPF/CNPJ, person type, and primary source.
  • Identity evidence, such as OCR, biometrics, proof of life, bureau validation, and divergences.
  • Exposure and list checks, such as PEP, sanctions, restrictive lists, and negative media.
  • Technical/raw provider data.

Raw bureau data can remain collapsed for readability, but the authenticated Pessoas & Empresas operational UI displays full CPF/CNPJ and identity values for authorized tenant-scoped analysts. Enriched names can be used as a display fallback when canonical input is missing; promotion to canonical identity still requires an audited action.

Sessions, Documents, and Evidence

Flow sessions are verification attempts. The workbench connects sessions to evidence and documents so analysts can understand:

  • Which flow was executed.
  • Which steps were completed.
  • Which artifacts were generated.
  • Whether artifacts were linked to the dossier.
  • Whether OCR, biometrics, proof of life, or document checks failed.

If a session is completed but documents are missing, the analyst should see whether the artifact was not generated, not linked, not required by the flow, blocked by permission, or affected by integration failure.

Audit Readiness

When formal audit logs are missing, PredictaID treats the case as non-defensible for regulatory decisions.

In that state:

  • Approval and rejection can be blocked.
  • Audit-ready dossier export can be disabled.
  • Operational export can still be available when clearly marked as not audit-ready.
  • Analysts can reprocess audit data or open an audit incident if the tenant supports those actions.

Recoverable Dossier Load Gaps

If the customer summary cannot load risk or audit data, or receives an empty result where operational records prove data should exist, the workbench treats the gap as recoverable before handing it to the analyst:

  • Missing risk data triggers a controlled risk recalculation from the latest completed KYC session, then retries the risk load.
  • Missing audit data triggers audit reprocessing, then retries the audit load.
  • Saved risk on the customer, an open manual review, a loaded risk evaluation, sessions, or related review cases can trigger recovery even when the API returned an empty array instead of an HTTP error.
  • If audit reprocessing finds no source data, PredictaID opens an audit incident for follow-up before retrying the audit trail.
  • The system attempts this automatic recovery once per customer and data scope to avoid repeated retries.
  • Until recovery succeeds, regulatory decisions and audit-ready exports remain blocked.

Integration Impact

External systems should not infer approval from a score alone. Use webhook events and dashboard decisions together:

  • Store the PredictaID transaction ID, session ID, customer ID, request ID, correlation ID, and webhook event ID.
  • Treat review states as pending until a final decision is recorded.
  • Keep your internal status mapping aligned with PredictaID decision states.
  • Do not expose full personal identifiers or raw bureau data to unauthorized users.