What Remit is
Remit analyses your own AML and financial-crime control stack to find structural coverage gaps — the gaps that exist between controls, not within any single control, and that single-point audit tools cannot detect. The engine examines how your rules compose as a system, and surfaces combinations where the rule set does not collectively prevent an outcome you would want it to prevent.
Concretely: Remit analyses your AML and sanctions rule set (for example, your UK MLR 2017 / JMLSG implementation, your OFSI financial-sanctions screening, your FCA / PRA compliance posture, your FATF-typology coverage, or your own uploaded rule packs) and identifies coverage gaps that emerge from how controls interact. It is a defender-side structural audit tool for internal AML, financial-crime, and compliance teams. Every finding is paired with a remediation — the purpose is to close the gap, not to take advantage of it.
What Remit is not
To prevent misunderstanding:
- Remit is not a transaction-monitoring system. It does not ingest live transaction streams or generate suspicious-activity alerts; it analyses the structure of the controls the Customer has in place around transaction monitoring.
- It is not a substitute for suspicious-activity reporting (SARs) or any other regulatory reporting obligation. Decisions to file under POCA 2002, the Terrorism Act 2000, or any equivalent regime remain solely the Customer's obligation.
- It is not a KYC or identity-verification service. It analyses the structure of the Customer's own KYC and onboarding controls, but does not itself perform identity checks.
- It is not a due-diligence tool for third-party counterparties. It is not designed for, and must not be used for, analysing the AML posture of entities the Customer does not own, operate, or have express written authorisation to assess.
- It is not a substitute for legal, regulatory, or compliance advice. Findings are structural observations about the rule set as submitted. Decisions about remediation, disclosure, and regulatory engagement remain the responsibility of the Customer and the Customer's qualified advisors.
Who is authorised to use Remit
Remit is licensed for use by the internal AML, financial-crime, compliance, or GRC team of the Customer organisation (as defined in the Terms of Service), and by authorised individuals (employees, contractors, secondees, agency workers) acting on the Customer's behalf.
Remit is not authorised for use by:
- External parties analysing third-party systems without express written authorisation from the system owner (for example: financial-crime consultancies acting on a client engagement outside a written mandate, external auditors analysing an audit target, due-diligence providers analysing counterparties);
- Parties conducting competitive intelligence against entities they do not own or operate;
- Parties conducting analysis of rule sets, controls, or frameworks the Customer does not own or have express authorisation to assess.
Customers acting as financial-crime consultancies or advisors may use Remit on behalf of their own clients only where they have express written authorisation from the client to perform structural analysis of the client's own rule set, and that authorisation is available on request.
Prohibited uses
Use of Remit for any of the following is prohibited and constitutes a material breach of the Terms of Service:
- Unauthorised third-party analysis. Submitting, for structural analysis, rule sets, controls, or frameworks that the Customer does not own, operate, or have express written authorisation to assess.
- Facilitation of financial-crime offences. Using Findings to plan, prepare, or facilitate any act that would constitute an offence under applicable financial-crime law — including, without limitation: money laundering, terrorist financing, or any other offence under the Proceeds of Crime Act 2002, the Terrorism Act 2000, or the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017; breach of financial sanctions administered by OFSI; breach of FCA, PRA, or JMLSG guidance applicable to the Customer's regulated status; or any other financial-crime offence under the laws applicable to the Customer.
- Competitive intelligence. Using Remit to derive structural understanding of a competitor's, supplier's, or counterparty's AML posture for commercial advantage, except where the Customer owns or operates the relevant rule set or has express authorisation to assess it.
- Preparation of third-party system circumvention. Using Remit, or information derived from Remit, to identify coverage gaps in third-party AML systems with the intent of exploiting, circumventing, or otherwise taking advantage of those gaps.
- Circumventing Remit's authorisation controls. Sharing credentials, bypassing the authorisation attestation at rule-set ingestion, creating accounts under false organisational identity, or otherwise defeating the product's identity and scope controls.
- Resale or sublicensing. Making Remit, its Findings, or information derived from Remit available to any third party outside the terms of the Customer's licence.
Misuse reporting
If you believe that a Remit user is using the product in breach of this policy or the Terms of Service, or if you are a third party affected by such use, please report the concern to:
security@ianura.com
Please include, so far as you are able:
- a description of the conduct you believe to be in breach;
- any evidence available (screenshots, timestamps, account identifiers);
- the context in which you became aware of the conduct (for example, as a party affected by it, as an observer of public information, or through another route);
- your identity and contact details (where you are content to provide them), or an indication that you wish to report anonymously.
Response timeline
Ianura commits to the following response timeline for misuse reports:
- Within five (5) business days of receipt: acknowledge the report, confirm the channel of further correspondence, and indicate whether further information is required to proceed.
- Investigation: Ianura will investigate the report in good faith, proportionate to the seriousness of the allegation. The investigation may involve account review, usage-log inspection, and direct correspondence with the reported party.
- Within thirty (30) business days of receipt: respond to the reporter with the outcome of the investigation, including (to the extent consistent with law and with the privacy of the reported party) what action has been taken.
Where the report concerns conduct that may constitute a criminal offence or a serious regulatory breach — including a credible report of money-laundering, terrorist-financing, or financial-sanctions breach — Ianura may extend the investigation timeline where necessary, and may notify the FCA, NCA, OFSI, or any other relevant competent authority, in each case consistent with the reporting-rights provisions of the Terms of Service. Nothing in this policy limits any reporting obligation that the Customer may have under its own regulated status (including SAR filing obligations under POCA 2002).
Consequences of confirmed misuse
Where Ianura confirms that a customer has used Remit in breach of this policy or the Terms of Service, Ianura may, depending on the seriousness of the breach:
- issue a written warning requiring remediation within a specified period;
- suspend the customer's access pending remediation;
- revoke the customer's licence and terminate the subscription (in accordance with the Terms of Service); and
- where the breach involves unlawful activity, notify the relevant competent authority in accordance with the Terms of Service.
Repeat or serious breaches result in immediate licence revocation without refund.
Updates to this policy
This policy may be updated from time to time. The version published on this site at any given time is the operative version. Material updates will be notified to customers by email, in accordance with the variation procedure in the Terms of Service.
A version history of material changes to this policy is maintained at /acceptable-use/history. Previous versions are archived and accessible.
Contact