Logo
Platform Guide

Compliance Vault

How Verifia's Compliance Vault stores, protects, and manages your compliance records with 7-year retention.

The Compliance Vault is Verifia's secure document storage and audit trail system. It automatically archives all compliance-related documents and maintains a tamper-evident record of every compliance action taken in the system.

Under the AML/CTF Act, you must retain compliance records for 7 years after the end of the business relationship or the date of the transaction. The Vault manages this requirement automatically.

What is stored

The Vault automatically captures and archives:

  • CDD records — identity documents, verification results (DVS), risk assessments, and screening outcomes
  • KYC case files — complete case history including all decisions, approvals, and escalations
  • Risk assessments — all versions with change history and the factors that prompted each review
  • AML/CTF program versions — every published version with staff acknowledgment records
  • Reports — SMRs, TTRs, annual compliance reports, and CBM reports (with submission timestamps)
  • Transaction records — all recorded transactions, monitoring alerts, and their resolutions
  • Training records — staff training completions, quiz results, and upcoming due dates
  • Personnel due diligence — suitability assessments, review outcomes, and departure records
  • Audit logs — every significant system action with timestamp, user identity, and details

Retention management

Verifia manages the 7-year retention requirement automatically:

  • Records are tagged with their retention period based on the type of record and the relevant business relationship
  • The system prevents premature deletion of records that are still within their mandatory retention period
  • Expiry notifications alert you when records are approaching the end of their retention period
  • Expired records can be reviewed before deletion — you may choose to retain them beyond the mandatory period if needed

You do not need to manually manage retention periods — the system handles this based on the record type and the status of the associated business relationship.

Integrity verification

Verifia uses cryptographic chain-hashing to ensure that audit logs and archived records cannot be tampered with after creation:

  • Each audit log entry is cryptographically linked to the previous entry in the chain
  • Any modification to a historical record would break the hash chain, making tampering detectable
  • Integrity can be verified at any time through the Vault dashboard — click Verify Integrity to run a chain validation

This means that if AUSTRAC or another authority audits your records, you can demonstrate with cryptographic certainty that your compliance records have not been altered since they were created.

Searching the Vault

Use the Vault search to find documents by:

  • Document type — CDD records, reports, program versions, training records, etc.
  • Date range — when the document was created or archived
  • Customer — all documents related to a specific customer or their KYC case
  • Transaction — documents related to a specific transaction or alert
  • Full-text search — search within document content and metadata

Search results show the document type, date, associated customer/transaction, and retention status.

Access controls

Vault access is controlled by user role to protect sensitive information:

RoleAccess level
Compliance OfficerFull access to all documents, including SMR-related records
ManagerAccess to customer records, transaction records, and training records; no access to SMR records
StaffAccess to records for their own assigned customers only; no access to SMR records or other users' cases

SMR confidentiality: SMR-related documents have additional access restrictions. Only the Compliance Officer and specifically authorised personnel can view them. This enforces the tipping-off prohibition — preventing unauthorised staff from learning that an SMR has been filed about a customer.

Exporting records

For AUSTRAC audits, independent reviews, or legal proceedings:

  1. Navigate to Vault > Export
  2. Select the records to include in the export
  3. Choose the format: PDF bundle (formatted documents) or ZIP archive (original files with metadata)
  4. Verifia generates a complete evidence package including:
    • The selected records
    • An integrity verification certificate confirming the chain-hash is intact
    • A manifest listing all included documents with dates and hash values

The export package is designed to satisfy evidentiary requirements and demonstrate the integrity of your compliance records.

Transaction Monitoring

How to use Verifia's transaction monitoring engine to record transactions, detect suspicious activity, and manage alerts.

Staff Management

How to manage your team in Verifia — inviting members, assigning roles, tracking training, and conducting personnel due diligence.

On this page

What is stored
Retention management
Integrity verification
Searching the Vault
Access controls
Exporting records
Compliance Vault