The evidence chain your
regulator expects to see.
InvestiScript was built for investigative journalists, where a wrong claim ends careers and closes newsrooms. The same primitives — hashed evidence, hash-chained audit log, source-protection by design — are what compliance and fraud teams need when an examiner asks “show me your file.”
The problem
Your evidence lives in a screenshot folder
and an e-mail thread.
The case file is on a shared drive. Some of it is in PDF, some in Excel, some in Outlook. The audit trail is a folder name and a timestamp the file system controls. Three people have full edit rights. The regulator wants to see the file in two weeks.
You can defend it. It will take a senior analyst two weeks of full-time work to assemble, narrate and cross-reference. Half of that work is provenance reconstruction that should never have needed reconstructing.
The platform
Four primitives. Audit-grade by default.
Evidence that stands up to a regulator
Every document is fingerprinted with SHA-256 at ingestion. Every action against it is written to a hash-chained audit log. If a file or a log entry is altered after the fact, the chain breaks and the next export flags it. This is the file an FCA, PRA, FSCA or DFSA examiner expects to see.
Chain-of-custody export, one click
DOCX export of the full evidence inventory, provenance, and audit timeline. Cover page carries a verification QR code your examiner can scan in real time to confirm the audit chain is still intact. This replaces the screenshot folder and the e-mail thread.
Source-protection by design
28-point anonymisation runs on ingest, before any model call. Whistleblower identifiers, personal data and counterparty details are stripped before the file reaches the analyst. Organisation-scoped multi-tenancy keeps casework isolated by team.
One pipeline, not six tools
Intake, evidence hub, entity extraction, timeline assembly, source graph, case dossier export. Replaces a shared drive, an e-mail thread, a spreadsheet, a screenshot folder, and the lawyer's read-only inbox. Procurement-ready: ICO-registered, ISO 27001 alignment in progress, multi-region hosting.
Where it fits
Built for the teams whose files have to hold up.
AML & financial-crime teams
Build an SAR file or a STR pack the regulator can verify. Every transaction screenshot, KYC document, counterparty filing and analyst note carries a fingerprint and a place in the audit chain. The SAR you submit is the SAR you can defend.
Internal fraud investigations
For HR, ethics or special-investigations units handling suspected internal misconduct. Tamper-evident records protect the investigator as much as the subject. When the file ends up in employment tribunal or civil court, the chain holds.
Litigation support & e-discovery
Hash-locked exhibits for outside counsel. Bundle a packet of source documents, derived analysis and a chain-of-custody DOCX in one export. Verifiable provenance from the day the document landed in your tenant.
Regulatory submissions
Building a response to an FCA s.166, an SFO inquiry, a procurement audit, or a Section 235 statutory request? The platform gives you a structured evidence bundle and an auditable trail of who touched what, when, and from where.
Procurement
Built to clear the security desk.
We supply the artefacts your information-security and procurement teams ask for, in the order they ask for them.
- Data Processing Agreement & GDPR posture (ICO-registered controller)
- Information Security Management System (ISMS) policy pack
- ISO 27001 alignment evidence; certification in progress
- Penetration-test summary & vulnerability-disclosure policy
- Architecture diagram, sub-processor list & data-flow map
- Multi-region hosting; configurable data residency on enterprise
- SSO (SAML / Google Workspace) & SCIM provisioning roadmap
Want to see what an examiner-ready file looks like?
Our public Steinhoff walk-through reconstructs the paper trail of a R200 billion corporate-fraud case using only public-record sources. The artefacts — hashed evidence inventory, source graph, timeline, chain-of-custody DOCX — are the same artefacts a regulator would receive in a real case.
Bring your hardest file.
We will reconstruct one closed investigation as a private reference build, free of charge. You keep the artefacts. We learn whether the platform fits your workflow before either side commits to a contract.