Compliance Shield
Audit-Ready Bordereaux.
Always.
Eight regulatory frameworks. IFRS 17 CSM calculations. Audit trails that satisfy external auditors — without rebuilding your reporting process.
The compliance condition
You signed the financial statements. The bordereaux was never audited.
You are the CFO. Under IFRS 17, you sign financial statements that include CSM figures derived from bordereaux data. The bordereaux was produced by a manual process. The process has never been formally audited. The external auditor asks you to trace the CSM calculation back to the original policy. The answer is a tour of a shared drive containing files named “Q2_recon_v4_FINAL_actual.xlsx.” You sign anyway.
Six months later, the external auditor finds an error that affects the CSM for the last three quarters. A prior period restatement is required. You personally sign the restatement. Under IFRS 17, this is not a technical matter. It is a career event.
01
IFRS 17 Exposure
CSM figures derived from bordereaux data that has never been formally audited. Error discovered in audit requires prior period restatement. The CFO signs the restatement personally.
IFRS 17 effective Jan 2023 — CFO personal liability for restatements
02
Regulatory Filing Risk
NAICOM quarterly filings reformatted manually. IRA Kenya XML prepared by hand. One format change from one regulator breaks the manual process.
8 frameworks with changing filing requirements
03
Data Residency Violation
POPIA requires South African client data processed in South Africa. SAMA requires Saudi data in-country. Most globally-deployed platforms process on EU/US servers. Non-compliance is a licensing risk.
Data sovereignty violations: licensing risk in 4+ jurisdictions
Frameworks covered
IRA. NAICOM. FSCA. SAMA. SECP. DIFC. IFRS 17. POPIA. All met. Automatically.
East Africa
IRA Kenya
Quarterly XML bordereaux submission generated automatically. Solvency calculations included.
West Africa
NAICOM Nigeria
40% minimum retention calculation checked on every row. Format changes handled at infrastructure level.
Southern Africa
FSCA South Africa
POPIA-compliant data residency. IFRS 17 audit trail with CSM traceability.
Gulf
SAMA Saudi Arabia
In-country data processing. Takaful oversight natively. Wakala/conventional separated at ingestion.
South Asia
SECP Pakistan
Insurance sector oversight. Takaful market compliance. Wakala and Mudaraba handled natively.
Gulf
DIFC UAE
Financial services compliance for Dubai-licensed entities. Reinsurance arrangement documentation.
Global
IFRS 17
CSM and Loss Component calculations require correct bordereaux. Every transformation logged. Restatement risk eliminated.
South Africa
POPIA
South African client data processed in South Africa. In-country by architecture, not configuration.
IFRS 17 compliance
IFRS 17 made bordereaux errors a CFO-level problem.
Built with actuaries and finance executives navigating the IFRS 17 transition in live production environments. The implementation reflects what external auditors actually ask — CSM traceability to source policy, field-level transformation reasoning, and prior period defensibility.
CSM Accuracy
The Contractual Service Margin is calculated from bordereaux data. If the bordereaux is wrong, the CSM is wrong. CedeOS makes correct bordereaux data available to the IFRS 17 calculation in real time.
Prior Period Restatement Prevention
An error discovered in audit requires a prior period restatement. The CFO signs the restatement. The regulatory consequences are personal. CedeOS prevents the underlying error. The restatement never occurs.
Audit Trail
Every transformation logged with input values, output values, and the governing rule. When the external auditor asks, the answer exists. It is a single click, not a tour of shared drives.
Data residency
Your data stays where your risk was written.
Data residency is not optional. POPIA in South Africa, SAMA in Saudi Arabia, and similar frameworks across Nigeria, Kenya, and Pakistan require that client data be processed in the country where the risk was written. Most globally-deployed platforms process data on European or American servers. Non-compliance is a licensing risk.
CedeOS processes data in-country. Not as a configuration option. As the architecture. When a Kenyan insurer runs CedeOS, Kenyan policyholder data is processed in Kenya. Saudi data in Saudi Arabia. This is not a feature. It is the design.
South Africa — POPIA
Client data processed within South African borders. FSCA audit requirements met from compliant infrastructure.Cloud region: af-south-1.
Saudi Arabia — SAMA
Saudi insurance data processed in-country. SAMA data localisation requirements met by architecture.Cloud region: me-central-1.
Kenya — IRA
Kenyan policyholder data remains in Kenya. XML submissions generated locally. No cross-border data transfer required.
Nigeria — NAICOM
Nigerian risk data processed locally. Quarterly filing infrastructure in-country.
Pilot outcome
East African composite insurer, KES 8B GWP: IFRS 17 audit trail implemented. External auditor traced CSM to source policy in single query. Zero prior period restatements since deployment.
Advisory
Former Chief Financial Officer . West African Composite Insurer . Nigeria
Validated metric
8
Regulatory frameworks automated
IRA, NAICOM, FSCA, SAMA, SECP, DIFC, IFRS 17, POPIA
The auditor deserves a better answer than a shared drive.
Start with the Technical Brief. See how CedeOS handles your regulatory requirements.
Your next quarterly close should take 3 hours. Start your pilot assessment