Cat-2 · Compliance, Consent & Regulatory · 14 Tools

Regulatory Compliance & Consent Hub

14 free browser-based tools covering the full regulatory compliance lifecycle — from GDPR data subject rights and FCA Consumer Duty outcome testing to institutional sanctions programme governance, operational resilience (FCA PS21/3), MiFID II transaction reporting readiness, LEI lifecycle validation, BCBS 239 / SR 11-7 model risk, and a 2025–2027 regulatory change horizon scanner. All client-side. Zero PII.

GDPR / UK GDPR FCA Consumer Duty Sanctions MiFID II BCBS 239 Policy Mandate Export Zero PII · Client-Side
🔒 All inputs are processed locally in your browser. No data is transmitted. Do not enter real personal data — use synthetic or anonymised inputs only.
Tool Library

14 Regulatory Compliance & Consent Tools

Follow the 8-stage compliance journey below or jump directly to any tool. All tools run entirely in your browser — no account required, no data transmission.

  1. 1

    Know Your Regulatory Horizon

    Generate a prioritised regulatory change calendar for the 2025–2027 horizon, customised by institution type, jurisdiction, and product scope.

    T318 Regulatory Change
  2. 2

    Manage Data Subject Rights

    Generate jurisdiction-specific DSR response workflows for all seven GDPR/UK GDPR rights plus CCPA equivalents.

    T311 GDPR DSR
  3. 3

    Assess Sanctions Programme Health

    Assess institutional sanctions programme governance against OFAC's Five Essential Components Framework, UK OFSI General Guidance, and EU Art. 8 due diligence.

    T316 Sanctions
  4. 4

    Score Operational Resilience

    Map Important Business Services, set impact tolerances, and score programme maturity against FCA PS21/3 testing phase, PRA SS1/21, and FFIEC BCP.

    T314 Op Resilience
  5. 5

    Monitor Consumer Duty Outcomes

    Score outcomes against the four FCA Consumer Duty outcome areas. RAG scorecard, MI monitoring framework, evidencing checklist, and board annual assessment template.

    T315 Consumer Duty
  6. 6

    Validate LEI Health

    Validate LEIs against ISO 17442 check digit, detect ISSUED/LAPSED/RETIRED status, batch validate up to 100 LEIs, and map to ISO 20022 CBPR+, MiFID II, and EMIR.

    T317 LEI Lifecycle
  7. 7

    MiFID II Reporting Readiness

    Assess readiness for MiFID II Article 26 / MiFIR transaction reporting across 65 mandatory RTS 22 fields, ESMA validation rules, ARM connectivity, and T+1 deadline compliance.

    T313 MiFID II
  8. 8

    Score Model Risk Governance

    Score readiness against all 14 BCBS 239 principles across 4 domains and SR 11-7 model risk governance. RAG scorecard, gap table, and board Risk Committee pack.

    T312 BCBS 239
Group A · New Tools (T311–T318)
T311 ⚓ Anchor
GDPR Art.15–22Policy Mandate

Data Subject Rights Workflow Generator

Generate jurisdiction-specific DSR response workflows for all seven GDPR/UK GDPR rights (Art. 15–22) plus CCPA equivalents. Compliance clock, identity verification, exemption analysis, and response letter templates. Client-side. Zero PII.

Open Tool
T315
FCA PS22/9Policy Mandate

Consumer Duty Outcome Testing Dashboard

Score outcomes against the four FCA Consumer Duty outcome areas (PRIN 2A.3–2A.6). RAG scorecard, MI monitoring framework, evidencing checklist, and board annual assessment template. Mandatory for ~50,000 FCA-authorised firms. Client-side. Zero PII.

Open Tool
T316
OFAC VSP 2019Policy Mandate

Sanctions Programme Health Checker

Assess institutional sanctions programme governance against OFAC's Five Essential Components Framework (2019), UK OFSI General Guidance (2024), and EU Art. 8 due diligence. Programme health score, gap analysis, and VSD readiness checklist. Client-side. Zero PII.

Open Tool
T314
FCA PS21/3Policy Mandate

Operational Resilience Self-Assessment Tool

Map Important Business Services, set impact tolerances, and score programme maturity against FCA PS21/3 (testing phase active March 2025), PRA SS1/21, and FFIEC BCP. IBS register, scenario testing agenda, and board summary. Client-side. Zero PII.

Open Tool
T318
2025–2027Policy Mandate

Regulatory Change Impact Assessor

Generate a prioritised regulatory change calendar for the 2025–2027 horizon, customised by institution type, jurisdiction, and product scope. Embedded database of 22 upcoming regulatory changes — effort/impact scoring, 12-month roadmap, and tool cross-reference map. Client-side. Zero PII.

Open Tool
T317
ISO 17442GLEIF

LEI Lifecycle & GLEIF Validation Tool

Validate LEIs against ISO 17442 check digit (MOD 97-10). Detect ISSUED, LAPSED, RETIRED, and FORMAT ERROR. Batch validate up to 100 LEIs. Map LEI fields to ISO 20022 CBPR+, MiFID II RTS 22, EMIR, and SFTR. Client-side. Zero PII.

Open Tool
T313
MiFID II Art.26ESMA RTS 22

MiFID II / MiFIR Transaction Reporting Readiness Checker

Assess readiness for MiFID II Article 26 / MiFIR transaction reporting across 65 mandatory RTS 22 fields, ESMA validation rules, ARM connectivity, LEI population audit, and T+1 deadline compliance. EU and UK regimes. Client-side. Zero PII.

Open Tool
T312
BCBS 239SR 11-7

BCBS 239 / SR 11-7 Model Risk & Data Governance Readiness Scorer

Score readiness against all 14 BCBS 239 principles across 4 domains and SR 11-7 model risk governance. Full 47-question or quick 14-question mode. RAG scorecard, gap table, priority remediation roadmap, and board Risk Committee pack. Client-side. Zero PII.

Open Tool
Group B · Existing Cat-2 Tools
Tool 03
GDPR Art.7ePrivacy

Consent Simulator + Compliance Auditor

Design and audit consent capture flows at point of data collection. Tests GDPR Art. 7, ePrivacy, CCPA, and TCF v2.2 consent mechanisms — pre-collection compliance, not post-collection rights. Client-side. Zero PII.

Open Tool
Tool 43
OFAC SDNOFSI

Batch Sanctions Screening Engine

Screen names, entities, and identifiers against OFAC SDN, OFSI, UN, and EU consolidated sanctions lists using fuzzy-match algorithms. Batch processing up to 500 records. False-positive triage workflow. Client-side. Zero PII.

Open Tool
Tool 88
PSD3MiCA

Compliance Readiness Assessor

Multi-jurisdiction compliance posture assessment for product launches: PSD3, MiCA, UK PSR, FinCEN/BSA, and VASP registration readiness. Gap scoring by jurisdiction and product type. Client-side. Zero PII.

Open Tool
Tool 94
GDPR Art.35DPIA

Privacy Impact Assessment Builder

Structure and document Data Protection Impact Assessments (DPIA) per GDPR Article 35 / EDPB Guidelines 09/2022. Risk scoring matrix, likelihood × severity, DPA pre-consultation triggers, and DPIA register export. Client-side. Zero PII.

Open Tool
Tool 71
FATF R.10CDD/EDD

AML / KYC Customer Risk Scorer

Score customer AML risk across FATF risk factors: jurisdiction, product type, entity structure, PEP/RCA status, transaction behaviour, and delivery channel. CDD / EDD threshold guidance per risk band. Client-side. Zero PII.

Open Tool
Tool 98
ISO 20022CBPR+

ISO 20022 Message Validator

Validate ISO 20022 payment messages (pacs.008, pain.001, camt.056) against CBPR+ SR2025 structural rules. Field completeness, structured address compliance, and mandatory element checks. Client-side. Zero PII.

Open Tool

Last reviewed: May 2026 · 14 tools · Cat-2 · Regulatory Compliance & Consent

Audience

Who Uses These Tools

Data Protection Officers

Use T311 to generate step-by-step DSR response workflows with compliance clocks, exemption analysis, and ready-to-send letter templates. Covers all 7 GDPR rights and CCPA equivalents.

Consumer Duty Leads

Use T315 to score all four outcome areas, generate evidencing checklists, build MI monitoring frameworks, and produce the annual board attestation template required by FCA.

Sanctions Compliance Officers

Use T316 to score the institutional programme against OFAC's Five Essential Components, identify gaps, and prepare a Voluntary Self-Disclosure readiness checklist before any regulatory engagement.

Operational Resilience Leads

Use T314 to build the IBS register, set time-based impact tolerances, and generate a 6-scenario testing agenda. Testing phase is active — FCA expects end-to-end scenario tests per IBS from March 2025.

Transaction Reporting Teams

Use T313 to assess field population readiness across 65 mandatory fields, review ESMA validation rules, and audit LEI population rates before the next ARM submission cycle or supervisory review.

Payments & Clearing Operations

Use T317 to batch-validate up to 100 counterparty LEIs, detect LAPSED/RETIRED status before CBPR+ submission, and generate field population maps for pacs.008, pain.001, MiFID II, and EMIR.

CROs & Model Risk Committees

Use T312 to score all 14 BCBS 239 principles and SR 11-7 model risk governance dimensions, produce a gap table with remediation priorities, and generate the board Risk Committee pack.

Regulatory Change Managers

Use T318 to filter the 22-change regulatory database by institution type and jurisdiction, score by effort and risk, generate a 12-month roadmap, and cross-reference every change to the specific AINumbers tool that addresses it.

Quick Start

Get Started in 4 Steps

  1. 1

    Respond to Your First GDPR Data Subject Request

    Open T311 Data Subject Rights Workflow Generator. Select your jurisdiction (EU GDPR / UK GDPR / CCPA) and right type. Enter the request date — the compliance clock auto-calculates your primary deadline. Click Run Analysis for step-by-step workflow, exemptions, and draft response letters. Export Policy Mandate for your DPO audit trail.

  2. 2

    Prepare Your FCA Consumer Duty Board Sign-Off

    Open T315 Consumer Duty Outcome Testing Dashboard. Select firm type and product category. Rate each of the 16 implementation dimensions across all four outcome areas (PRIN 2A.3–2A.6). The RAG scorecard shows which areas are RED/AMBER/GREEN. Use the board report template — pre-populated with your scores — for your annual attestation.

  3. 3

    Run a Sanctions Programme Health Assessment

    Open T316 Sanctions Programme Health Checker. Select your institution type and applicable regimes (OFAC, OFSI, EU). Rate each of the 25 OFAC Five Essential Components dimensions. Review the gap analysis with specific remediation actions. Work through the VSD readiness checklist if needed. Export Policy Mandate before engaging legal counsel.

  4. 4

    Build Your 2025–2027 Regulatory Change Programme

    Open T318 Regulatory Change Impact Assessor. Select institution type, jurisdictions in scope, and product scope. The tool filters all 22 changes in the embedded database to those applicable to your profile, sorted by status and risk. Review the effort/impact 2×2 matrix and use the tool cross-reference map — every regulatory change links directly to the specific AINumbers.co tool that addresses it.

Related Hubs

Explore Adjacent Suites

DORA & Operational Resilience Hub

ICT risk management, incident classification, TLPT, third-party ICT risk, and NCA submission tracking under EU Regulation 2022/2554. Active from January 2025.

Open Hub →

AML / KYC Compliance Hub

Customer risk scoring, CDD/EDD workflows, PEP/RCA screening, FATF methodology, beneficial ownership, and transaction monitoring calibration tools.

Open Hub →

Payments & Settlement Hub

ISO 20022 message validation, CBPR+ migration tools, cross-border payment cost calculators, FPS/SEPA/Fedwire rail comparators, and settlement finality assessors.

Open Hub →

Open Banking Integration Hub

PSD2/CDR API compliance, consent management, TPP onboarding tools, and open finance regulatory mapping.

Open Hub →
MCP Integration

Agentic Access via MCP

All 14 tools expose structured outputs compatible with the AINumbers MCP manifest. Use the tool IDs below with any MCP-capable agent.

Tool IDMCP NameInput SchemaOutput
T311generate_gdpr_dsr_workflowjurisdiction, right_type, data_category, requestor_type, request_dateworkflow_steps[], deadlines{}, exemptions[], response_letters{}, policy_mandate_json
T312score_bcbs239_model_riskinstitution_type, mode, domain_scores{}rag_scorecard{}, gap_table[], remediation_roadmap[], board_pack{}, policy_mandate_json
T313check_mifid2_reporting_readinessentity_type, regime, field_population{}, arm_connectivityfield_readiness_matrix{}, esma_validation_gaps[], t1_compliance, lei_audit{}
T314assess_operational_resilienceibs_register[], impact_tolerances{}, maturity_scores{}ibs_map{}, scenario_agenda[], board_summary{}, policy_mandate_json
T315score_consumer_duty_outcomesfirm_type, product_category, outcome_scores{}, vulnerable_customersrag_scorecard{}, evidencing_checklist[], mi_framework{}, board_report{}, policy_mandate_json
T316check_sanctions_programme_healthinstitution_type, regimes[], component_scores{}health_score, gap_analysis[], vsd_checklist[], screening_coverage{}, policy_mandate_json
T317validate_lei_lifecycleleis[], target_frameworks[]validation_results[], status_map{}, field_population_map{}, errors[]
T318assess_regulatory_change_impactinstitution_type, jurisdictions[], product_scope[]change_calendar[], effort_impact_matrix{}, roadmap{}, tool_xref_map{}, policy_mandate_json
Tool 03simulate_consent_flowjurisdiction, data_category, consent_mechanismcompliance_assessment{}, gap_flags[], recommendations[]
Tool 43screen_sanctions_batchentities[], regimes[], fuzzy_thresholdmatch_results[], false_positive_triage[], disposition_records[]
Tool 88assess_compliance_readinessjurisdiction, product_type, entity_typereadiness_score, gap_matrix{}, priority_items[]
Tool 94build_privacy_impact_assessmentprocessing_type, data_categories[], risk_factors{}risk_score, likelihood_severity_matrix{}, consultation_triggers[], dpia_register{}
Tool 71score_aml_riskjurisdiction, product_type, entity_structure, pep_status, tx_behaviourrisk_score, risk_band, cdd_edd_guidance{}
Tool 98validate_iso20022_messagemessage_type, message_xml, scheme_versionvalidation_result, field_errors[], completeness_score, structured_address_check