Help Center/Per-company Compliance Pack

Per-company Compliance Pack

In brief: Audit-defence ZIP for one specific company client, including linked-BO evidence.

The audit-defence ZIP for one specific company client, including the evidence for any beneficial owner who's also linked to one of your firm's individual clients.

Where you do it

Open the company profile → above the tab row, click Company pack.

Hidden on individual profiles (they're not the unit of audit defence for KYB).

What goes in the ZIP

Certivus-Company-Pack-{Name}-{YYYY-MM-DD}.zip
├── README.txt                           — manifest + summary
├── company-info.json                    — name, no., parent, full subsidiary tree
├── bo-register/
│   └── summary.json                     — every BO with linked-client markers
├── evidence/
│   ├── company-bos/                     — BO identification uploads
│   └── company-sof/                     — company's SoF / SoW evidence
├── linked-bos/
│   └── {Linked Person Name}/
│       ├── summary.json                 — link metadata
│       ├── summary.pdf                  — Phase 60: branded BO audit summary
│       ├── bo-uploads/                  — that person's BO uploads
│       └── sof/                         — that person's SoF / SoW evidence
├── subsidiaries/                        — Phase 58 group structure roll-up
│   └── {Subsidiary Name}-{id8}/
│       ├── bo-register/summary.json     — subsidiary's BOs
│       ├── evidence/company-bos/        — subsidiary's BO uploads
│       ├── evidence/company-sof/        — subsidiary's SoF
│       └── linked-bos/{name}/...        — subsidiary's linked-individual evidence
└── audit-logs/                          — Phase 58 audit slice
    ├── audit-log.json                   — structured rows (scope + truncation flag)
    └── audit-log.csv                    — flat view for spreadsheet review

Subsidiary roll-up scope

The pack walks parent_company_id downward from the root company up to 3 levels deep (the typical limit for a UK group structure inspector review). The full tree (including any nodes that were skipped because of depth cap, cycle protection, or the safety-net node limit) is recorded in company-info.json under subsidiary_tree.

Audit-log slice scope

audit-logs/audit-log.json contains every row in client_audit_logs keyed to the root company, every bundled subsidiary, and every linked BO individual — sorted newest first, capped at 5,000 rows. If the cap is hit, truncated: true is set in the JSON and noted in the README.

How it differs from the firm-wide Compliance Pack

Firm-wide packCompany pack (this one)
WhereSettings → AML ComplianceCompany profile header
ScopeThe firm's AML programmeOne specific company client
Includes the firm's PCP / Annual MLRO / FWRA PDFs❌ (those are firm-level)
Includes BO register for the company
Includes linked-individual KYC evidence

The two are complementary — an inspector might ask for both ("show me your firm's programme" + "show me how you onboarded this specific client").

When the linked-BO evidence is empty

If a beneficial owner is not linked to an individual client record (Phase 50 linking), nothing appears under linked-bos/ for them. The BO still appears in bo-register/summary.json with linked_client_id: null so the inspector can see they exist but their KYC evidence is held elsewhere.

To pull the most out of the pack, link each BO who's also one of your individual clients via the Link to client button on the BO row (see Linking beneficial owners to clients).

Failures + what they mean

The README.txt lists every artefact that was attempted but failed to download (e.g. expired signed URL, deleted file). These are non-fatal — the rest of the pack still builds. Re-run the pack download to retry the failures.

Per-linked-BO PDF (Phase 60)

For every linked BO, the pack now includes a consolidated linked-bos/{name}/summary.pdf (2-3 pages, fully branded):

  • Cover — BO name, parent company, overall status badge (CLEAR / IN PROGRESS / ATTENTION REQUIRED).
  • Page 2 — beneficial-owner relationship (ownership %, PSC, nature of control, recorded date), identity verification status (provider, method, completed date, case id), AML/PEP/Sanctions screening (status, total hits, dispositioned hits, last screened), source-of-funds entries (declaration type, declared source, evidence-on-file flag), and a provenance note.

The PDF is auto-generated from live data each time you download the pack — no manual step. If any per-BO PDF fails to generate (e.g. network blip, missing case data), the rest of the pack still builds and the failure is logged in the README.txt [skipped] list.

The raw uploads + JSON manifests stay alongside the PDF — the PDF is the summary, not a replacement for the underlying evidence.

Related

Didn't find what you needed?

Contact support