← All Case Studies
Compliance & RegTech

Compliance Screening System

by Aryan Arora

Sanctions matching, document analysis, and immutable audit trail. Compliance automation for regulated industries.

FastAPI PostgreSQL asyncpg Jinja2 OpenAI
Impact

Compliance automation platform with sanctions screening, document intelligence, and immutable audit trail

The Problem

Compliance teams in regulated industries perform the same manual checks repeatedly: screen entities against sanctions lists, review documents for regulatory flags, maintain audit trails for every decision. Each check is time-sensitive, error-prone, and legally consequential.

The existing workflow was spreadsheet-based — analysts would manually search sanctions databases, copy results into documents, and file them. No centralized audit trail, no automated re-screening when lists update, no way to prove the check was done correctly when regulators asked.

What I Built

A compliance screening system with three core capabilities: sanctions matching (fuzzy entity matching against OFAC, UN, EU, and UK sanctions lists), document analysis (AI-powered regulatory document review with structured findings), and immutable audit trail (every action logged with timestamp, user, and decision rationale).

The system treats compliance as a data pipeline, not a manual process. Entities flow through screening automatically, documents are analyzed on upload, and the audit trail builds itself.

Architecture

Why FastAPI over Django: Compliance screening is I/O-bound — each sanctions check hits multiple external APIs concurrently. FastAPI's async-first design handles 50+ concurrent screening requests without thread pool exhaustion. Django would require Celery for the same concurrency, adding operational complexity for a compliance system that must stay simple and auditable.

Why PostgreSQL with asyncpg: Audit trail immutability requires append-only INSERT patterns with no UPDATE or DELETE. Raw asyncpg gives us direct control over transaction isolation levels — SERIALIZABLE for audit writes, READ COMMITTED for screening reads. SQLAlchemy's session management obscures these guarantees.

Why Jinja2 SSR over React SPA: Compliance officers need a system that works on any browser, any device, without JavaScript framework dependencies. Server-side rendering with Jinja2 means the compliance dashboard works on locked-down corporate machines where SPAs often break.

  • Screening Engine — Fuzzy entity matching with configurable thresholds, batch screening for bulk entity checks, automatic re-screening on list updates
  • Document Analyzer — AI-powered document review extracting structured compliance findings with confidence scores and page references
  • Audit Trail — Append-only audit log with cryptographic integrity. Every screening result, every document review, every manual decision logged with user, timestamp, and rationale
  • Dashboard — Real-time compliance scores, heatmap visualization, risk distribution charts

Key Decisions

Fuzzy matching with configurable thresholds over exact matching — sanctions lists contain transliterations, abbreviations, and name variations. Exact matching misses 30-40% of true positives. Fuzzy matching with tunable similarity thresholds catches variations while letting compliance teams adjust sensitivity per use case.

Append-only audit design over mutable records — compliance audit trails must be immutable for regulatory inspection. The audit_log table has no UPDATE or DELETE permissions. Every change creates a new record.

Server-side rendering for compliance UI — regulated environments often restrict browser capabilities. SSR with Jinja2 works everywhere, renders instantly, and is trivially auditable (view source shows exactly what the user sees).

Impact

  • Sanctions screening across OFAC, UN, EU, and UK lists with fuzzy entity matching
  • Document analysis pipeline processing regulatory documents with structured, citable findings
  • Immutable audit trail satisfying regulatory inspection requirements
  • Batch screening capability for bulk entity verification
  • Mobile-responsive dashboard for compliance officers working across devices

Trade-offs

Fuzzy matching generates false positives that require human review — the system augments compliance officers rather than replacing them. Server-side rendering limits interactivity compared to a React SPA, but the reliability tradeoff is correct for a compliance tool. The audit trail's append-only design means storage grows linearly — acceptable at current scale, would need archival at enterprise volumes.

← All Case Studies Get in touch →
Part of Cortex