What it does
Three modes: draft a new policy from a blank page, audit one you already have, or get back tracked-change uplifts on what you’ve written. Below, each mode shown end-to-end — plus the validator behind every output and where Buxten goes next.
Tell it what policy you need, who you are, and any constraints. The drafter retrieves the relevant law and guidance, writes in present-tense firm voice, and inserts verified footnote citations. The output is a Word document ready for MLRO review.
Enhanced Due Diligence is mandatory wherever the Customer Risk Assessment classifies a customer as High Risk.1 The firm does not treat EDD as discretionary.
EDD is applied where the customer, beneficial owner, or any counterparty has a material connection to a country on HM Treasury’s current list of high-risk third countries.2
EDD applies to PEPs and their relatives and close associates by statute.3 UK PEPs are treated as lower risk than foreign PEPs unless additional risk factors are present, in line with FG 25/3.4
Upload an existing policy. The hostile auditor reads it the way an FCA skilled person would. Each finding is mapped to the source behind it — a Final Notice, a Dear CEO letter, a Finalised Guidance paragraph.
The audit findings drive an uplift written in the document’s own voice. You get a Word file back with real tracked changes — accept, reject, or comment using the workflow your reviewers already know.
The firm applies enhanced due diligence to politically exposed persons. A politically exposed person is any individual holding a prominent public positionpolitically exposed person is an individual entrusted with a prominent public function as defined in Regulations 35–38 of the MLR 2017, together with their family members and known close associates.
Reviews are conducted on a regular basisat intervals determined by the customer’s risk tier: at least every 12 months for High Risk, 36 months for Standard Risk, and 60 months for Low Risk.
✎ Buxten · FG 25/3 + Nationwide BS Final Notice (2025).Start with AML and fincrime. Expand into crypto, tax, payments, sanctions, governance, and operational risk — using the same core engine: regulation-aware document review tailored to the firm.
Drafting, audit and enhance against MLR 2017, JMLSG, current FCA Finalised Guidance, and the live enforcement record.
Adjacent regulated domains where the same engine applies — cryptoasset frameworks, tax-reporting obligations, payment-services directives.
Specialised frameworks added as we extend the core engine — sanctions screening & OFSI, SMCR governance, operational resilience.
If any check fires CRITICAL, the draft returns to the model with a structured fix list. No silent retries.
Did the draft actually use the legal text RAG returned? Top five requirements extracted and compared against the output.
LLM · Haiku 4.5Every Reg / Article / Section in the draft is regex-extracted and substring-matched against the retrieved context. Anything unmatched is blocked.
DeterministicWhen the context contains specific periods (“five years”) the draft must use them verbatim. Vague hedges (“as required by applicable regulations”) fail.
DeterministicSchedule 3ZA, numbered MLR amendments, version-dated FATF lists — replaced with stable alternatives or rejected.
DeterministicAn EDD policy can’t contain a standalone Standard CDD section — it should frame EDD as additive to the CDD baseline.
DeterministicSection heading count plus required-keyword check. Catches truncation (a draft that ran out of tokens mid-document) before export.
DeterministicThirty minutes. One of your own documents, AML or EDD or SAR. You watch what it finds. No slides.
The product is built around UK AML, but the team is flexible. We work on legal and regulatory documents across jurisdictions and verticals — if it’s a regulated text, bring it.
One reply · from a real person · NDA on request