1
Profile2
Regulations3
Countries4
ReviewWhat you get
A structured gap analysis in under 5 minutes
You do not need regulatory expertise to use this tool. Answer practical questions about your company — the tool determines which regulations apply and where the gaps are.
Output: compliance score, the 3 most urgent actions, a domain-by-domain RAG matrix, full action plan with owners and timelines, and a phased 3-year remediation roadmap. Exportable as PDF.
01
Company profile — 2 minutes
Industry, treasury structure, ERP, payment volume, known issues.
02
Confirm pre-selected regulations — 1 minute
Based on your profile, relevant frameworks are pre-selected. You adjust and add custom topics.
03
Select countries — 1 minute
Every country where you make or receive payments.
04
Review & run — 30–60 seconds analysis
Confirm your inputs, then the AI produces your full gap report with roadmap.
Step 1 of 4
Company profile
Enter your company details. You do not need to know the regulations — we identify them based on your answers. Fields marked * are required.
✕How to answer — Step 1
Company NameEnter the legal or trading name of the entity being assessed. If assessing the group, use the parent company name.
IndustrySelect the primary business activity. This determines which regulations automatically apply — a bank faces different rules than a chemicals manufacturer.
HQ CountryEnter where the legal entity is registered. This drives EU vs. UK vs. US regulatory scope. For multi-entity groups, use the parent company's jurisdiction.
RevenueUsed to calibrate thresholds — e.g. DORA applies only above certain sizes, BEPS Pillar 2 above €750M global turnover.
Treasury StructureHow payments are organised across your group. Payment Factory / In-House Bank structures face stricter intercompany and netting regulations.
ERP SystemEnables technical recommendations. SAP ECC users will get specific ISO 20022 and end-of-support risk guidance. Include version if known.
💡 The more context you provide, especially in "Known Issues", the more specific and actionable the output will be.
✕Treasury Structure — Which one am I?
Payment FactoryOne central entity makes all payments on behalf of subsidiaries (POBO) or collects on their behalf (COBO). Common in SAP IHC or BCM setups.
In-House BankGroup treasury acts as an internal bank — provides intercompany loans, FX, and pooling. Highest regulatory complexity.
Centralised TreasuryTreasury manages bank relationships and FX centrally, but each entity makes its own payments. No POBO structure.
SSCA shared service centre processes AP/AR payments for multiple entities but is not a legal payment factory.
DecentralisedEach subsidiary or business unit manages its own banking and payments independently. Common in holding companies or early-stage MNCs.
💡 Not sure? If your group has a single SAP system running payments for all entities, you likely have a Payment Factory or SSC.
Entering your ERP improves technical recommendations (e.g. ISO 20022 readiness, SAP migration risk)
✕How to calculate your payment volume
What to countTotal value of all outgoing payment instructions — AP supplier payments, payroll, intercompany transfers, tax payments, dividend payments — across all group entities.
Multi-entityIf you run a Payment Factory, count the consolidated volume processed through the factory. If decentralised, sum all subsidiary volumes.
CurrencyConvert to EUR equivalent if mixed currencies. An approximate figure is fine — we use this to determine SWIFT/ISO 20022 scope and intraday liquidity obligations.
Why it mattersHigher volumes trigger stricter AML transaction monitoring thresholds, SWIFT CSP obligations, Basel BCBS248 intraday liquidity reporting, and more complex sanctions screening requirements.
💡 If uncertain, estimate conservatively. You can always re-run the assessment with a different volume band.
Total outgoing payment value per year — across all entities in scope
Under €10M / year
Primarily domestic payments, limited international
€10M – €100M / year
Multi-bank, growing cross-border payment flows
€100M – €1B / year
Large corporate — payment factory likely, SWIFT connectivity
€1B – €10B / year
Major MNC — In-House Bank, full ISO 20022 / SWIFT scope
Over €10B / year
Top-tier MNC — full global treasury, highest regulatory scope
Please select your annual payment volume to continue.
✕What to put here — examples
Audit findings"Internal audit Q3 2025 flagged incomplete beneficial ownership documentation in 4 APAC entities."
Known gaps"SWIFT CSP self-attestation was submitted but 3 mandatory controls were marked non-compliant."
Upcoming projects"SAP ECC scheduled for decommission in 2027 — S/4HANA migration project not yet started."
Geographic issues"Brazil subsidiary currently processes payments outside the group Payment Factory — no CNAB 240 integration."
Recent changes"Acquired a UK entity in 2024 — UK PSR / FCA obligations not yet assessed."
Focus areas"CFO wants a board update on ISO 20022 readiness and DORA gap status by Q2 2026."
💡 Write naturally — the AI reads this as context and adjusts the severity of findings accordingly. More detail = more targeted output.
Audit findings, known gaps, upcoming projects, or specific concerns. The AI uses this to calibrate severity and focus.
Step 1 of 4
Step 2 of 4
Which regulations apply to you?
✕How to use this step
Pre-selectionFrameworks marked "Recommended for you" have been automatically selected based on your industry, HQ country, ERP system, and payment volume. These are the most likely applicable domains.
Plain languageEach domain has a plain-language explanation of why it might be relevant to you. Read these — they help you decide whether to include or exclude a domain.
Add / removeClick any domain to toggle it on or off. You can use "Select all" per section if you are unsure. It is better to include too many than too few — the AI will mark non-applicable ones as N/A.
Custom topicsAdd any topic not listed — internal policies, country-specific rules, or focus areas from management. The AI assesses these with the same depth and labels them "Custom" in the report.
💡 Not sure whether a regulation applies? Include it. The AI will assess applicability and mark it N/A if it doesn't apply to your situation.
Based on your profile, we have pre-selected the most likely relevant frameworks. Each has a plain-language explanation so you know why it matters. Adjust as needed, and add your own topics at the bottom.
➕ Add your own topics
Any regulation, internal policy, or specific concern not listed above. The AI assesses these with the same depth as standard domains and labels them "Custom" in the report.
Examples: CSRD supply chain payment data · EU e-invoicing B2B obligation · Internal Group Payment Policy · SAP ECC end-of-support risk · Digital Euro / CBDC readiness · Intercompany netting policy
Examples: CSRD supply chain payment data · EU e-invoicing B2B obligation · Internal Group Payment Policy · SAP ECC end-of-support risk · Digital Euro / CBDC readiness · Intercompany netting policy
0 selected
Step 3 of 4
Payment geographies
✕Which countries to include
IncludeEvery country where your group sends or receives payments — including from subsidiaries, even if they are not yet in your Payment Factory scope.
SubsidiariesIf a subsidiary in Brazil or China makes local payments independently, include those countries. Local format and central bank reporting obligations still apply.
IntercompanyCross-border intercompany flows count. If you fund a UK subsidiary from a German treasury centre, include the United Kingdom.
OccasionalIf you make even occasional payments to a country (e.g. a one-off supplier in Japan), include it. The AI will note it as lower-risk but still flag any local obligations.
High-risk countriesRussia, Iran, North Korea — if you have any historical or residual payment flows, include them. This will surface critical sanctions and AML obligations.
💡 If unsure, select "Select all" for the regions where you operate — it is better to over-include. The AI handles non-applicable countries gracefully.
Select all countries where you initiate or receive payments — including subsidiaries and intercompany flows. This drives country-specific obligations in the assessment.
0 countries selected
🇪🇺 EuropeSelect all
🇩🇪Germany
🇫🇷France
🇳🇱Netherlands
🇧🇪Belgium
🇮🇹Italy
🇪🇸Spain
🇦🇹Austria
🇨🇭Switzerland
🇸🇪Sweden
🇩🇰Denmark
🇳🇴Norway
🇫🇮Finland
🇵🇱Poland
🇨🇿Czech Republic
🇭🇺Hungary
🇷🇴Romania
🇵🇹Portugal
🇬🇷Greece
🇬🇧United Kingdom
🇮🇪Ireland
🇱🇺Luxembourg
🇹🇷Turkey
🇷🇺Russia
🇺🇦Ukraine
🌎 AmericasSelect all
🇺🇸United States
🇨🇦Canada
🇧🇷Brazil
🇲🇽Mexico
🇦🇷Argentina
🇨🇴Colombia
🇨🇱Chile
🇵🇪Peru
🌏 Asia PacificSelect all
🇨🇳China
🇯🇵Japan
🇮🇳India
🇰🇷South Korea
🇦🇺Australia
🇸🇬Singapore
🇭🇰Hong Kong
🇹🇼Taiwan
🇮🇩Indonesia
🇲🇾Malaysia
🇹🇭Thailand
🇻🇳Vietnam
🇵🇭Philippines
🇳🇿New Zealand
🌍 Middle East & AfricaSelect all
🇦🇪UAE
🇸🇦Saudi Arabia
🇶🇦Qatar
🇰🇼Kuwait
🇮🇱Israel
🇿🇦South Africa
🇳🇬Nigeria
🇰🇪Kenya
🇪🇬Egypt
🇲🇦Morocco
0 countries
Step 4 of 4 — Review & Launch
Ready to run?
Review your inputs below. The AI will assess every selected domain against your company profile and produce a full gap report. Takes approximately 30–60 seconds.
What you will receive: An overall compliance score (0–100), the 3 most urgent actions, a domain-by-domain RAG matrix (Red/Amber/Green), detailed obligations and gaps per domain, a full prioritised action plan with owners and timelines, and a 3-phase remediation roadmap.
Anthropic API Key*
Required to run the AI assessment. Get your key at console.anthropic.com. The key is used only for this request and never stored.
Analysing compliance profile…
Reviewing selected domains
Deloitte · Payment Compliance Health Check
Compliance Assessment
0
/100
High RiskCompliant
Domain Status Overview
Full Action Plan
All Recommended Actions
All
🔴 High Priority
🟠 Medium
🟢 Lower Priority
Ready to act on these findings?
This assessment shows where to focus. Deloitte's Risk, Regulatory & Forensic team supports companies in designing and implementing compliance programmes — from gap remediation and SAP payment transformation to ongoing regulatory monitoring. Export this report and share it with your Deloitte advisor as the basis for a structured engagement.
Notice: This AI-generated assessment is a structured starting point for professional advisory engagement and does not constitute legal or regulatory compliance advice. Requirements vary by jurisdiction and entity type. Verify all findings with qualified advisors before taking action. For internal Deloitte use only.