A professional compliance team,plus the AI platform we built for it.
At a fraction of what the big players spend.
For Hong Kong’s small licensed corporations: you focus on your clients. Our fractional compliance practitioners and our agentic compliance software carry the compliance workload — support and advisory, while accountability stays where the SFC put it: with your firm.
Your Compliance Health
Meridian Peak Asset Management
Handled for you this week
- radarSweep · agentNew SFC circular triaged — firm-specific impact memo drafted
- trainingRollout · agentCPT shortfall spotted and chased — two staff rebooked
- staffDeclarations · agentAnnual declarations distributed — 12 of 14 already returned
- Nexus practitioner · advisoryIncident assessed — self-report recommendation prepared for your MIC's sign-off
The machine does the legwork
Your practitioners make the calls
AI Weekly Briefing: “A quiet week — two items need your eyes on Monday…”
Encodes the rules you’re actually held to
If you run a licensed firm
Compliance feels like a fog.
You are personally responsible for it — but you can’t actually see it.
“How compliant are we?”
There is no clear picture of the firm's overall health. You find out where you stand when something breaks — or when the regulator tells you.
“Where are we exposed?”
High-risk areas stay invisible until an inspection points at them. Nothing ranks your exposures or warns you early.
“What's due, and when?”
Filings, returns, reviews and CPT hours live across mailboxes, spreadsheets and one person's memory.
And the fog isn’t even the worst of it. The worst of it is the grind underneath…
The daily reality
A five-person broker owes the SFC the same rulebook as a five-hundred-person bank.
The obligation set doesn’t scale down with headcount — the same MIC regime, the same AML/CDD standard, the same CPT and licensing obligations. Big firms throw people and six-figure platforms at it. In a small firm, it lands on one overworked person’s desk, next to their day job.
A hundred small tasks
Filings, CPT hours, policy reviews, declarations — none heavy alone, all of them together consuming your best people.
Deadlines that don't wait
Problems surface when a date is already missed, not before. There is no early warning in a spreadsheet.
The regulator calls ad hoc
An RFI, a new circular, an inspection notice, a licensing follow-up — each lands on top of everything else, on the regulator's clock.
The tools are priced for banks
Enterprise GRC platforms need a team to run and a bank's budget to buy. Small firms get the rulebook without the tooling.
This is the pain we built our practice — and our software — to take off your desk.
Our approach · first, the philosophy
Everything a licensed firm must stay on top of — organised.
This is our organised compliance framework: eight elements on a foundation of day-to-day regulatory compliance, capturing everything a licensed firm must stay on top of — so nothing falls between the cracks. It’s how we ran compliance inside global banks. We brought it with us.
Tap any segment — every element is a live, working module in compli.ai.
Nothing falls between the elements — that’s the point of the framework.
The foundation it all stands on
Our approach · then, the machine
And then we built the machine for it.
compli.ai is an AI-powered, agentic compliance software modelled element-for-element on this framework — built to do the legwork, so the framework runs every day without consuming your people. We didn’t license someone else’s tool; we encoded how we actually run compliance.
Why choose us
Man + machine is the whole point.
Practitioners alone
Expensive — and no human can watch every register, deadline and circular daily. You pay senior rates for legwork.
Software alone
Can't exercise judgement, sign off a risk assessment, or stand in front of a regulator when it matters.
We combine both
The software carries the repetitive load; the practitioners carry the judgement. A small firm gets a full compliance function's coverage.
Because the machine does the legwork, the human hours drop — and that saving is passed on to you.
How it works
The machine half, up close.
Three parts carry the repetitive load — a live view of your compliance health, a deterministic KYC risk engine, and the AI advisors and agents that do the legwork. Here’s each one.
01 Your Compliance Health
One live view of your firm’s compliance state.
Overall health, high-risk areas ranked, every deadline listed — kept current by the working modules underneath, each scoring itself from its own real data and calibrated by a practitioner who has actually sat in the Head-of-Compliance seat. So the three fog questions finally have answers:
“How compliant are we?”
One number.
A live firm-wide score on a four-tier scale — and one failing area can never be averaged away.
“Where are we exposed?”
Ranked.
High-risk areas surfaced and ordered in a “Needs your attention” list, deep-linked to the underlying record.
“What's due, and when?”
Listed.
An obligation calendar generated from your licence types, escalating as items approach and pass due.
The four-tier health scale
You can’t average your way out of a failure. Any single red module caps the whole firm at “Needs Attention”; two amber modules block “Exemplary”. A weighted average is never allowed to hide a serious problem.
Score trend, snapshotted daily
Improvement — or drift — is visible before it becomes a finding.
79 → 88 in six weeks
Regulator-Readiness Lens
“If the SFC inspected tomorrow, here are your gaps — ranked by exposure.” Every below-target module reframed as inspection risk, in the language of your actual fear.
AI Weekly Briefing
A board-ready State-of-Compliance memo, streamed live from your actual module data — plus a Reporting Studio that exports the monthly board deck to PowerPoint, Excel and PDF.
02 KYC Risk Engine
Onboarding, handled by rules. Try it right here.
Hong Kong’s AML/KYC rules are deterministic — so we encoded them as auditable logic, not AI guesswork. Flip the case facts and watch the assessment recompute, exactly as it does in the product.
Case facts
Entity type
Risk factors
Deterministic assessment
Documents this case must collect · 3
- Incorporation docs & directors
- UBO identification (≥25%)
- Certificate of incumbency
The AI drafts the memo on top — it never sets the rating.
An illustrative subset — the production engine also weighs FATF lists, screening outcomes, source-of-wealth clarity and professional-investor evidence.
03 AI Advisors & Agentic Workers
The legwork, done while you serve your clients.
A streaming AI Compliance Advisoranswers “do we have an RO shortfall on Type 4?” from your actual register — and five agents run the repetitive-but-important jobs, grounded in your firm’s dossier, licences and live module data.
radarSweep — Sweeps SFC circulars and turns them into firm-specific impact assessments.
obligationSweep — Builds your obligation catalogue from your licence types and financial year-end.
trainingRollout — Deck → library → schedule → distribute → track, end to end.
craAssessment — Runs the annual risk assessment — and never downgrades a signed-off risk.
staffDeclarations — Annual declarations rolled out and chased, per staff member.
radarSweep
Regulatory change agent · Meridian Peak
- Fetching latest circulars from sfc.hk…
- 4 new circulars found · screening against firm profile
- Triaging: 2 relevant to Type 9 / Type 4 activities
- Drafting firm-specific impact assessments…
- 2 action items filed to the Obligation Calendar
The AI drafts — it never decides. Regulated judgements stay deterministic, auditable and human-owned.
All AI is decision support — never legal or regulatory advice, and never the regulated judgement.
Fractional Compliance Support
The human half — the part no software company can copy.
When judgement is needed, real practitioners step in with in-person advisory and support — named people from US, European and Asian investment-bank compliance backgrounds, standing beside your firm in the moments that matter.
Fractional compliance support
Ongoing, named practitioner support and advisory — without the full-time hire.
Inspection & RFI response
The governance and P&P pack assembled — coherent, consistent, fast.
Licensing applications
Handled end-to-end, through every round of regulator follow-up.
Incident & breach reporting
Drafted properly, in the regulator's template, under real time pressure.
Annual CRA, done with you
Conducted together and documented to a defensible standard.
Policies & manuals
Drafted and refreshed — mapped to the obligations you actually have.
The same practitioners who built the framework — and the software — are the ones who answer when the regulator writes in. That’s the half of the offer you can’t download.
Cost comparison
What a healthy compliance function actually costs.
The traditional route
Option 1 · Build an in-house team
HKD 60K–250K /month
A small team of compliance officers — plus recruitment, retention and key-person risk.
Option 2 · Outsource to a traditional consultancy
HKD 80K–160K /month
Delivered as documents and point-in-time reviews that go stale between visits.
Option 3 · The founders do it themselves
No invoice.
The hidden cost is the most expensive of all: partner time, missed deadlines, and personal regulatory exposure.
The way forward
Fractional professional compliance team
+ our AI compliance platform
a fraction of the traditional cost.
Plans from HKD 15,000/month — a fraction of an in-house hire.
The machine does the legwork, so you only pay for human judgement — and we pass the saving on.
Get a number for your firm’s shapeCost ranges are indicative market figures for Hong Kong licensed corporations. Nexus Compliance provides compliance support and advisory services — regulatory responsibility, including Manager-In-Charge accountability, remains with the licensed firm at all times.
You focus on your clients. We’ll carry the compliance workload.
A thirty-minute walkthrough — the platform, the practitioners behind it, and what the combination would cost for your firm’s shape. A fraction of what the big players spend.
The live demo runs entirely on fictional firms and fictional client data.
Questions, answered straight
Compliance buyers are professional sceptics. Good.
Is this a real product or a concept deck?+
Real and running. Nine CRUD-capable modules, deterministic scoring, five AI agents, the onboarding rules engine and the reporting studio are all built and deployed. Today it runs on three richly detailed fictional demo firms; multi-tenant onboarding of real firms is the current roadmap step — the schema has been firm-scoped from day one.
Does the AI make compliance decisions?+
No — and this is a design principle, not a disclaimer. Regulated judgements (risk ratings, CDD levels, approval triggers, scores) are deterministic, auditable rules. The AI drafts on top: memos, briefings, board decks, impact assessments. Decision support, never legal or regulatory advice.
Which firms is it built for?+
Small Hong Kong SFC-licensed firms: boutique asset and hedge fund managers (Type 9/4), licensed family offices, legacy brokers (Type 1/2), PE/VC managers.
What regulatory ground does it actually cover?+
The MIC eight-core-function regime, the two-RO-per-activity rule, CPT tracking, the AMLO CDD/EDD/SDD ladder, HKPI classification thresholds, the client-asset regime, the FRR, and a ~35-item obligation catalogue mapped to specific legal bases across the SFO, Code of Conduct, AMLO, FMCC and more — authored and calibrated by a practitioner.
Why does the scoring use four tiers?+
Because the practitioner running it judged three tiers too blunt. The four-tier scale (Exemplary ≥92, On Track 80–92, Needs Attention 50–80, At Risk <50) makes the top achievable and red rarer and more meaningful — and one red module still caps the whole firm. You can't average your way out of a failure.
Where does our data sit — and does AI train on it?+
Every record is scoped to your firm at the schema level, from day one. AI calls send only the minimum firm context needed to draft the document in front of you, and compli.ai never trains models on your data. The public demo contains no real firm or client data at all — every name and number in it is fictional.
Who's behind compli.ai?+
Nexus Compliance — a Hong Kong team led by a practising compliance executive who runs a fractional compliance consultancy for SFC-licensed firms. compli.ai is the product arm of that practice: we are our own first customer, and the demo firms are drawn from years of real small-firm archetypes.
What does it cost?+
We're onboarding an early cohort of design-partner firms, so pricing is agreed per firm — sized for small-firm budgets, not enterprise GRC contracts. Book a demo and we'll quote for your shape.
How do we get started?+
Book a live demo and we'll walk your team through the product on the three demo firms — then talk about standing up your own firm dossier and obligation catalogue as a design partner.
Free briefing
SFC Radar — a free biweekly briefing on new SFC circulars, translated into action items for small licensed firms.
Biweekly, plain-English, unsubscribe any time. No product pitch — just what changed and what to do about it.