Gallantree

compliance

PricingAbout
Contact usLog inSign up
Module

Risk Register

Every risk, breach, and decision — in one place.

The registers fund managers and financial services providers actually maintain — risk, breaches, incidents, PEPs & sanctions, audit findings, gifts & benefits — with items, owners, priority, status, escalation, and a full audit trail.

Start free trialBook a demo

Capabilities

Built for the way compliance teams actually operate.

Not a generic ticket tracker. Registers and items behave the way an AFSL compliance officer, fund manager, or compliance committee expects them to.

Create any register, in seconds

Spin up registers for risk, breaches, incidents, PEPs & sanctions, audit findings, gifts & benefits, conflicts of interest, and more — each with its own schema, owners, and review cycle.

Owner, priority, status

Every item gets a subject, description, named owner, priority, and status. Items live in a structured table — searchable, filterable, exportable.

Escalation on a click

Escalate an item up the chain and the change is timestamped, attributed, and reflected on the committee dashboard. No more lost email threads.

Immutable history per item

Every status change, comment, owner reassignment, evidence upload, and waiver is captured. Roll back to a prior state to see exactly what was known when.

Cross-linked across the platform

Link risk items to mitigating policies, related obligations, and supporting training. Evidence files are re-usable across registers.

Committee-ready exports

One-click export of a register or a filtered slice — PDF, CSV, or full evidence ZIP — ready to drop into a board pack or hand to an auditor.

Register templates

The registers your compliance plan already references.

Activate the registers that apply to your licence and operating model. Each ships with sensible defaults, suggested owners, and review cadences — customise as you go.

Risk Register

Inherent and residual scoring on a 5×5 matrix, mitigating controls, treatments with owners and due dates, periodic review cycles.

Breaches Register

Breach assessment workflow — RG 78 reportable / non-reportable, root-cause, remediation, ASIC lodgement evidence.

PEPs & Sanctions

Politically exposed person and sanctions screening results, ongoing-monitoring outcomes, and dispositions.

Audit Findings

Internal and external audit findings — observation, recommendation, owner, target close date, follow-up evidence.

Regulatory Correspondence

ASIC, APRA, AUSTRAC, AFCA correspondence — inbound notices, outbound responses, with deadlines and supporting files.

Gifts & Benefits

Disclosures above materiality threshold, approval workflow, manager sign-off, and quarterly committee review.

Incidents

Operational incidents — impact assessment, immediate actions, root-cause analysis, lessons-learned register entries.

Cyber & Data Incidents

Notifiable data breach assessments, security incident logs, vendor incidents, and OAIC engagement records.

Items

Items behave the way compliance committees expect.

Every register item is a structured record with a subject, description, owner, status, and priority. Add a comment, attach evidence, escalate to the next reviewer, or close it out — every change is timestamped, attributed, and surfaced in the audit log.

Subject + description + due date

Owner (with escalation chain)

Priority — low / medium / high / critical

Status — open / in progress / under review / closed / waived

Evidence files with SHA-256 hashes

Per-item audit history with full diff

PEPs & Sanctions Register

Sample items

3 items
SubjectStatusPriorityAssigned to

Andreas Moser

PEPs list hit. Nothing major.

Open
Low

David Nichols

Q1 portfolio breach

Concentration limit exceeded for 6 days.

Under review
Medium

Sarah Lin

Audit finding A-2026-04

Vendor onboarding evidence gap.

In progress
High

James Park

The lifecycle

From open to evidenced close, in four steps.

1

Pick or create a register

Start from the template library — Risk, Breaches, Incidents, PEPs & Sanctions, Audit Findings, and more — or define a custom register with your own fields.

2

Add an item

Subject, description, owner, priority, status, due date. Attach evidence files. Link to related policies, obligations, or training.

3

Assign and escalate

Hand the item to an owner. Escalate to the next reviewer when needed — the change is logged with actor, timestamp, and reason.

4

Close, evidence, and review

Close items with evidence attached and a closing comment. Quarterly committee reviews pull a filtered slice into the meeting pack automatically.

Built for fund managers & FSPs

Designed against a real licensee's real workload.

Gallantree runs its own AFSL compliance function on this platform. The registers, escalation flows, and evidence patterns are the ones we use every day — not a translation of a US enterprise GRC product.

Designed against the obligations of an Australian Financial Services Licensee

Defaults aligned to ASIC RG 78 (breach reporting), RG 271 (IDR), and AUSTRAC AML/CTF

Item escalation matches how compliance committees actually run

Evidence and audit log meet the bar an external reviewer expects

Multi-tenant — manage multiple funds, entities, or licensee groups under one workspace

Cross-linked

Calendar, Policies, Training — same spine.

AFSL Calendar →

Link register items to obligations that triggered them, or the ones they unblock.

Policy Library →

Map register items to the policy they breached or the control they evidence.

Training Modules →

Trigger refresher training when a register item indicates a knowledge gap.

Bring every register into one platform.

Start with the templates that match your compliance plan and have a live register in minutes.

Start free trialBook a demo