Book a Consultation
POLICY STUDIO · 74 EXPERT TEMPLATES · OPERATIONALISED ON A PAGE REFERENCE

Drafts. Reviews.
Operationalises.

Otto drafts a 30-page FCA-grade policy from 74 expert-authored templates, reviews it for completeness with a quality score and three specific fixes, then operationalises every commitment — turning each into a page-referenced task and tracking it to completion with due dates, a calendar, reminders and evidence. The closed loop between document and operation, start to finish. No competitor at any price does this.

Trusted by 250+ UK-regulated firms · Built by compliance professionals to make your life easier.

Book a Consultation
74 Expert Templates
10 Regulatory Categories
Page-Referenced Tasks
Quality Score & 3 Fixes
FCA-Ready Policy Register PDF
Upload Your Own Templates
The Governance Problem

A policy nobody acts on is paperwork, not compliance.

Every regulated firm owes the FCA a library of live policies — approved, acted on, evidenced. In practice: Word files on a shared drive, commitments nobody tracks, fresh consultant invoices every time the rules change. The gap between “written commitment” and “tracked action” is where most compliance programmes quietly fail.

30 Policies. No Version Control.

AML, Consumer Duty, SM&CR, Data Protection, Operational Resilience: dozens of Word files on a shared drive, nobody sure which is the live version. The approval record? An email thread from 2023. The FCA asks for the register; you open a spreadsheet.

AML_Policy_FINAL_v7.docx
AML_Policy_FINAL_FINAL.docx
AML_use_this_one.docx

£5,000 Per Policy. Per Consultant.

Consultant engagements to draft, review and update policies add up quickly when you run AML, Consumer Duty, SM&CR, Data Protection and Op Res. Otto drafts regulator-aligned policies in minutes, so consultant time stays reserved for edge-case judgement.

AML Policy Draft £4,500
Consumer Duty Suite £8,200
Annual Review Round £6,800

Approved. Then Forgotten.

A policy commits your firm to act: train staff, review customers, report incidents. But nobody converts those commitments into tracked tasks. The policy is approved; the operational work never happens. That's the gap the FCA looks for.

0 tasks
Commitments tracked.

No Sign-Off. No Audit Trail.

Who approved the policy? When? What was the Board challenge? No approver name, no role, no date, no rationale captured against the document. When a skilled-person review asks "who signed this off and why", the answer is a missing email.

Approver: unknown
Approval date: unknown
Rationale: not recorded

If your policies live in Word files, consultant invoices, and missing approval threads, Policy Studio is for you.

Built around your starting point

From a template, or from your own. Same Otto.

Every regulated firm starts from somewhere. Some start from a blank page; others have a stack of policies they don’t want to throw away. Policy Studio treats both equally — the same Otto review, the same Operationalise stage, the same approval workflow.

Start from an expert template

74 FCA-grade templates across 10 regulatory categories.

Pick from Consumer Duty (10), Financial Crime (10), Data Protection (15), SM&CR (3), Client Money / CASS (3), Investments / COBS (3), Consumer Credit (2), HR (8), General (19) and Handbook Guides (1). Otto drafts a 30-page policy with your firm’s name, FRN and regulated activities baked in — minimum 4,000 words, 15 mandatory structural sections, FCA citations throughout.

  • Setup-stage Otto call: “what should this policy cover?” — tick five to eight elements that shape the draft
  • Editor-stage Otto actions: Add Sections (with duplicate-detection), Review Content (/10 score + three specific fixes), Rewrite Document (TOC reviewed first)
  • Save your refined version back to the template library — the next policy of that type starts from your firm’s own version
Upload your own

Bring the policies you already have. Get the same treatment.

Upload your existing Word or PDF policies via the Upload Your Own button. They land in Google Drive, appear in the same template picker alongside the 74 vendor-authored templates, and get exactly the same Otto treatment — same review, same Operationalise flow, same approval workflow, same Policy Register. Your existing policies aren’t second-class citizens.

  • Once a document is in the system, its origin stops mattering — same lifecycle, same operationalisation
  • Google Docs round-trip: write in GDocs, sync back, Otto re-reads fresh content via two-sided cache invalidation
  • Approved policies auto-cross-post to the Document Library under Compliance Policies — no separate upload step
The Policy Studio Edge

Three ideas that separate an operationalised policy
from a PDF sat on a shared drive.

Most policy tools stop at "document approved." Policy Studio carries a policy from blank page to live operation on three principles: page-referenced tasks tracked to completion, a 25-year FCA drafting prompt, and a proper SMF sign-off workflow.

Step 1
Draft
Otto-authored, FCA-cited, 4,000 words
Step 2
Operationalise
Every commitment → tracked task, page-cited
Step 3
Approve & Register
Named-SMF sign-off, regulator-ready PDF

One pipeline. Not three separate products. No other UK RegTech platform we’ve audited runs the full chain in one place. Most stop at “document approved.”

Every commitment becomes a tracked task.

The Operationalise stage reads the approved policy and turns every actionable commitment into a page-referenced task, auto-tagged with a frequency (One-time / Daily / Weekly / Monthly / Quarterly / Annual) and a category (Review / Training / Monitoring / Reporting / Governance). Then Policy Studio tracks each to completion — a task register, a due-date calendar, reminders, and findings and evidence against every task. Annual policy reviews schedule themselves the day the policy goes live.

Page-referenced · Audit-defensible

A 4,000-word draft. 15 mandated sections.

Otto's policy-generation prompt is 900 words of carefully developed expertise: 25-year FCA persona, 4,000-word minimum, 12–15 mandatory sections, British English, named roles, SYSC 6.3.1R / MLR reg 28 / PRIN 2.1 citation discipline, and dark-blue-headered tables. That's what makes the output read like Big 4 work — the depth behind it, not just the model. On Rewrite, Otto proposes the chapter structure first. You review and edit the architecture before it writes a word of prose.

SYSC 6.3.1R · MLR 2017 · Architecture-first

Approver, role, date, rationale. All captured.

Approval is a proper workflow, not a checkbox. Approver Name, Approver Role, Approval Date and Approval Rationale are all captured, with explicit Approve/Reject decisions and status chips (Draft / Pending / Live / Approved) flowing through. The output is a regulator-ready multi-page Policy Register PDF: cover page, stats tiles, schedule table, per-policy document-control summaries.

SM&CR-aligned · FCA-ready register PDF
The Solution

Draft. Review. Operationalise. Approve. Register.

A five-stage wizard carries every policy from blank page to FCA-ready artefact. Otto drafts 4,000-word policies citing MLR, SYSC, COBS, ICOBS and PRIN; quality-scores every draft out of /10; and, the feature no competing policy tool ships, operationalises every commitment the policy makes into a tracked task with a page reference back to the source document — then keeps every task on a due-date calendar with reminders, findings and evidence. 74 FCA-grade templates across 10 regulatory categories. Google Docs round-trip. Named-SMF approval workflow with audit trail. Regulator-ready Policy Register PDF on the other side.

Policy Studio Template Suite — 74 FCA-grade templates across 10 categories, extensible via Upload Your Own

74 FCA-grade templates across 10 colour-coded categories: AML, Consumer Duty (10), Data Protection (15), SM&CR, CASS, Financial Crime (10), plus a second 21-code subject-matter taxonomy. Fully extensible: upload your own via "Upload Your Own" in Setup and it surfaces in the picker like any vendor template.

Otto Editor — three AI actions: Add Sections, Review Content, Rewrite Document

Three distinct Otto actions at the top of every document: Add Sections (with 2-step coverage check to avoid duplication), Review Content (numeric score /10 with 3 actionable improvement suggestions) and Rewrite Document (chapter-list first, body prose after). Publication-grade 4,000-word drafts, regulation-cited, British English.

Policy Operationalisation — Otto-extracted tasks with page references, frequency, category and status

The signature feature: Otto reads the approved policy, extracts every actionable commitment and suggests tasks with a page reference back to the source paragraph, a frequency (One-time / Daily / Weekly / Monthly / Quarterly / Annual) and a category (Review / Training / Monitoring / Reporting / Governance / Other). Accept, reject or edit — then track each task to completion right here: a task register, a calendar of what’s due, due-date reminders, and findings and evidence logged against every task.

The Policy Register PDF

Drafted by Otto. Signed by the Board.

The multi-page register the FCA asks to see when they turn up: every live policy, every approver, every operationalised task, and a complete audit trail from author to 2LoD to SMF sign-off. One click from the documents list. No spreadsheets, no manual tracking.

Every policy. Every operationalised commitment.

The Register is not a cover sheet. It is the full audit-grade artefact: cover page, policy schedule, then per-policy Document Control, Operationalised Tasks, and Approval Information blocks. Drawn from the 74-template library across 10 categories, with every draft-to-live status chip, review-date and operationalised task surfaced in one PDF.

74
Otto-ready templates
10
Categories covered
5
Lifecycle stages
<3s
From click to PDF
1
Cover & Compliance Overview
SYSC 4.1
2
Policy Schedule & Status Chips
SYSC 6.1
3
Document Control Block
SYSC 4.1.3R
4
Consumer Duty Policy Suite
PRIN 2A
5
Financial Crime Policy Suite
MLR 19
6
Data Protection & Cyber
UK GDPR
7
Operationalised Task Register
SYSC 6.1.1R
8
Approval Information Block
SM&CR DR1
9
Author & Review Audit Log
2LoD
10
Policy Change History
SYSC 9
11
Next Review Schedule
Annual
12
SMF Attestation & Lock
SM&CR
Authored · 2LoD reviewed · Board approved

Named authors. Dated reviews. Logged decisions.

Every policy in the register carries the same evidenced chain: who drafted it, which 2LoD function challenged it, what Otto’s quality score was, what the approver decided, and when the record locked. The same structure the FCA’s skilled-person reviewers ask for.

Reviewer Policy & challenge Raised Decision
Aarti Venkataraman
Head of 2LoD Compliance
 Fair Value Assessment Policy. Otto scored 7/10, flagged truncated Section 1.2 and missing retention periods. Iterative Apply Feedback applied three improvements. Mar 21, 2026 Rescored 9/10
Marcus Clarke
NED · Risk Committee
 Outsourcing Policy. Challenged third-party DD clauses against SYSC 8.1.8R; requested explicit sub-outsourcing consent language. Mar 09, 2026 Revision in Editor
Shola Ademola
Policy Owner · 1LoD
 AML Policy rewrite. Otto generated 27-page draft from live BWRA + PEP register. Operationalise stage surfaced 14 tracked commitments. Feb 26, 2026 Live
Benedict Harrington-Shaw
Chair · Risk & Audit
 Conflicts of Interest Policy. Rejected v2 citing absence of SYSC 10.1.6R staff attestation procedure. Bounced back to Editor with rationale logged. Feb 14, 2026 Rejected

Three named attestors. One policy lifecycle.

Policy Studio enforces what most firms skip: a proper sign-off workflow. The policy owner in the 1LoD drafts; the senior compliance officer in the 2LoD challenges; the CEO under SM&CR attests. Rejections capture name, role, date and rationale. The document is bounced back to Editor, not quietly deleted.

Policy Owner · 1LoD
Shola Ademola
Head of Customer Operations
Drafted Mar 22, 2026
SMF2 · Chief Compliance
Aarti Venkataraman
Chief Compliance Officer
Reviewed Mar 25, 2026
SMF1 · Chief Executive
Ethan Whitfield
Chief Executive Officer
Approved Mar 29, 2026
Register locked · Mar 29, 2026 · 15:52 GMT Read-only. Backed up, version-locked and cross-posted to your Document Library. Reproducible across the full SYSC record-retention period.
Otto AI for Policy Studio

Otto drafts the policy. Otto reviews it.
Otto rewrites it on demand.

Otto is the platform's 25-year FCA compliance assistant, trained on SYSC, MLR 2017, PRIN, COBS, ICOBS, CASS, SM&CR, GDPR, PROD and the Consumer Duty, and backed by 1,500+ expert documents. It drafts a 4,000-word policy in minutes, scores it /10, applies its own fixes, and answers any policy-related regulatory question your team asks, with rule-level citations.

25+ YEARS FCA EXPERTISE · PROMPT-ENCODED

Your policy draftsperson, reviewer and regulatory answer-desk, in one.

Otto does four things for Policy Studio. It drafts a 4,000-word policy with 12–15 mandatory sections from a single brief. It reviews any policy, scoring it 1–10 with exactly three specific actionable fixes. It rewrites a policy from scratch or as an improvement of the existing draft, proposing a chapter list first. And it answers any policy-related regulatory question your team asks, cited to rule and paragraph.

  • Drafts 4,000-word policies in 2–5 seconds (down from 60–90 pre-Feb 2025)
  • Numeric quality score /10 across 5 axes, with 3 specific actionable fixes
  • Cites SYSC, MLR 2017, PRIN 2A, COBS, ICOBS, CASS, SM&CR, GDPR at rule level
  • Never approves on your behalf. Human sign-off at the output
Your policy drafting & review desk

Ask Otto anything about your policies. Get a cited answer.

“Draft me an Anti-Bribery policy, 20 pages.” “What does MLR 2017 Reg 28 require in an EDD section?” “Review this Whistleblowing Policy and score it.” Otto answers from the handbook and drafts, reviews or rewrites your document live. Cited, British English, FCA-grade prose.

  • SYSC, MLR, PRIN, COBS, ICOBS, CASS, SM&CR grounded
  • Cites rules, paragraphs & your own document
  • Three editor actions: Add Sections, Review, Rewrite
  • Works on vendor templates and your own uploads
Otto AI
Online · AI Compliance Advisor
Review my Anti-Money Laundering Policy and score it.

Score: 7/10. Strong coverage of CDD, SARs and MLRO responsibilities. Three specific fixes:

  • Expand EDD triggers. Add PEPs, high-risk jurisdictions and correspondent banking per MLR 2017 Reg 33
  • Add record retention. 5-year minimum per MLR Reg 40; you omit this
  • Specify training frequency. Annual AML refresher plus role-based modules per SYSC 6.3.1R

Click Apply Feedback. I'll append all three as 300+ word sections. One click.

Drawn from: MLR 2017 Reg 28/33/40 · SYSC 6.3 · Your draft (4,180 words)
Ask Otto to draft, review or rewrite a policy…

Otto handles the drafting work, so consultant time stays reserved for judgement.

Otto handles the production work across AML, Consumer Duty, SM&CR, Data Protection and Op Res, so your consultant time stays reserved for edge-case judgement. See it draft a live policy in a demo.

Book a live demo See everything Otto produces
What Our Clients Say

Policies that actually work.

From MLROs to consultants, how firms are replacing Word files on shared drives with live, operationalised policies.

5.0

We had 28 policies across AML, Consumer Duty, SM&CR and Op Res. All Word files, no approval record, commitments nobody was tracking. Policy Studio re-drafted the lot in a fortnight. Otto's quality scores gave our board something tangible to sign off against. But the killer feature is Operationalise: every policy now has a live task list with page references. Auditors love it.

Sophie Dubois
Sophie Dubois MLRO (SMF17), Wealth Management Firm
4.7

I run compliance consultancy for 14 firms. We used to charge for every policy drafted and reviewed: a genuinely large chunk of my P&L, but tedious production work. Policy Studio has unbundled that. My clients get better drafts in minutes; my team focuses on edge-case judgement. Honestly? It's made my service offering stronger, not weaker. The Register PDF we hand to each firm's board is the cleanest thing I've produced in 20 years.

Victoria Ashworth
Victoria Ashworth Director, Compliance Consultancy
FAQs

Policy Studio. Questions Answered.

Everything you need to know about the 74 expert templates, Otto’s drafting and review, the page-referenced Operationalise stage, and the FCA-ready Policy Register PDF.

Does Otto really draft a full 4,000-word policy in minutes?
Yes. The Rewrite Document flow runs a 900-word hand-tuned prompt with a 25-year FCA persona, a 4,000-word minimum mandate, and a spine of 12–15 mandatory sections (Introduction, Scope, Regulatory Framework, Definitions, Core Requirements, 5 procedural sections, Roles & Responsibilities, Training, Record Keeping, Governance/Monitoring, Policy Review). You give Otto a brief; it proposes a chapter list first for you to review; then generates flowing prose (not bullets), British English, with specific FCA citations (SYSC 6.3.1R, MLR Reg 28, PRIN 2.1). Response time: 2–5 seconds per block, down from 60–90 in the Feb 2025 release.
What does Review Content actually produce?
A numeric score 1–10 across five axes (completeness, regulatory accuracy, practical guidance, clarity, structure); a narrative summary of what's strong and what's weak; and if score ≤8, exactly three specific actionable suggestions (never vague, e.g. “Add record retention requirements per MLR Reg 40”, not “Improve content”). Click Apply Feedback and Otto iterates through each suggestion independently, appending a 300+ word improvement section per fix. Credits charged: 50 per document total, ~17 per suggestion.
Does Add Sections duplicate content already in the document?
No. This is a deliberately smart 2-step flow. Otto first runs a coverage check over the first 6,000 chars, classifying each suggested topic as found or missing. It then generates new sections only for missing topics, and marks the rest as Already Found. The toast confirms the split: “5 added, 3 already in document”. Duplicate avoidance is a subtle but important feature: you can re-run Add Sections on an already-refined document without bloating it.
Can Otto rewrite an existing policy, or only generate from scratch?
Both. The Rewrite Document modal gives you two radio options: Use existing document as template (default) or Rebuild from scratch. Either way, Otto proposes a chapter list first so you can edit the structural spine before it commits tokens to long-form prose. Smart UX for AI governance: you approve the shape before the content.
What do the 74 templates actually cover?
Ten FCA-grade categories: Client Money (3, incl. CASS 10 Resolution Packs); Consumer Credit (2); Consumer Duty (10); Data Protection (15), incl. Breach Procedures, DPO Responsibilities, SAR Manual; Financial Crime (10), incl. AML, Anti-Bribery, Sanctions, Market Abuse; General (19), incl. Compliance Monitoring Plan, Outsourcing, Whistleblowing; HR (8); Handbook Guide (1, ICOBS); Investments (3, incl. ICARA); SM&CR (3). Each template is Otto-generated at FCA-grade depth. Customer Outcome Monitoring Policy alone is 30+ pages structured across 7 chapters with full PRIN 2A citation.
Can I upload our existing policies instead of using a template?
Yes. Via the Upload Your Own button in Setup. Uploads accept .doc and .docx, up to 10MB, with bulk upload supported. The uploaded file lands in Google Drive and surfaces in the template picker alongside the 74 vendor templates. Crucially, uploads are first-class citizens: the same Google Docs round-trip, the same three Otto actions (Add Sections, Review Content, Rewrite Document), the same Operationalise-to-tasks flow, the same Approval workflow. Once a document is in the system, its origin stops mattering.
Does it work with Google Docs, or is the editor platform-native?
Every document opens in authentic Google Docs. Filename convention: [Title]_[Platform]_[user.email]_YYYY-MM-DD. You edit collaboratively in Google Docs; Sync Changes refreshes the in-platform preview and clears Otto's working copy, so its next Review or Rewrite always runs against your latest draft. The in-platform view is read-only by design — the canonical edit path is always the Google Docs tab.
How does Policy Studio integrate with the rest of RegTechPRO?
Three live cross-module flows: (1) every approved policy auto-appears in the Document Library under category Compliance Policies. No separate upload. (2) Operationalised tasks are tracked inside Policy Studio — a task register, a due-date calendar and reminders — and, if you run the Compliance Monitoring Hub, they surface there too, page references preserved. (3) Every policy is tagged with one of 21 subject-matter codes (AML, GDPR, SM&CR, CASS, etc.) used for downstream filtering across the platform. One platform, one set of data.
Can I save a refined document as a firm template?
Yes. The Save as New Template button at the foot of the Editor lets you add your refined document to your firm's template library for reuse. The library isn't read-only. Every firm that uses Policy Studio effectively builds its own second library alongside the 74 vendor templates at no extra cost.
How much does Policy Studio cost?
Affordable, modular monthly pricing. An AI that drafts regulator-aligned policies in minutes. See regtechpro.co.uk/pricing for the full modular calculator.
How do AI credits work?
Deliberately transparent. Read-and-advise actions (Review Content, Add Sections coverage check, Operationalise task extraction) are free: creditCost: 0. Credits are only consumed by the actions that actually write: Policy Generation 300, Rewrite Document 500, Section Refinement 50 (split across suggestions), Control Mapping 100. The commercial frame: you only spend when Otto produces. Reading your own document doesn't cost anything.
How long does setup take?
Under a day for a small firm. The module ships pre-seeded with all 74 templates, the 10 category taxonomy, the 21-code subject-matter set, the 5-stage wizard, the Operationalise tasks (6 frequencies × 6 categories), and the Approval workflow. You pick your firm's first policy, run Otto, review, sign, export. No migration project; the framework ships built in.
I'm a compliance consultant. Can I run this across my client book?
Yes. It's one of the module's strongest use cases. Each client's policies stay walled off in their own workspace, so a consultant running 14 firms never sees another firm's policies. You run the production line; each client retains accountability through their own Approval workflow.
What happens in the Approval workflow?
It's a proper workflow, not a checkbox. Approver name, approver role, approval date, approval rationale/comments and an explicit Approve/Reject decision are all captured against the document. Once approved, the document status flips from Draft (amber) to Live (green); the completion ring shows 100%, 5 of 5. The approval record becomes permanent and flows into the Policy Register PDF. Policies that shouldn't need formal sign-off (manuals, forms) can use the Approval not required toggle in Setup to skip this stage.
What happens if the approver rejects a policy?
Reject is a proper workflow move, not a destructive delete. A confirmation dialog captures rejectedBy, rejectedByRole, rejectionDate and rejectionComments. The document's status flips to Rejected (red), the stage bounces back to Editor (Stage 4) for revision, and the full history is preserved. The author now has explicit written feedback to act on, and any later skilled-person review asking “why did the Board refuse to sign this off?” gets a complete audit trail.
What's in the Policy Register PDF?
A multi-page (5+ page) regulator-ready deliverable with: a cover page (firm name, FRN, three stat tiles: Total Policies, Live, Draft); a Policy Schedule (every policy with Owner, Status, Last Updated, Next Review); and one structured section per policy with Document Control (10 fields), Operationalised Tasks table (# / Task / Frequency / Category / Status) and Approval Information. Every page carries the RegTechPRO wordmark, firm breadcrumb, date, page number and CONFIDENTIAL pill. This is what you hand to the FCA. Not an export afterthought, the whole point.
How does the Operationalise stage actually work?
Otto reads the approved policy and extracts every actionable commitment (must / shall / will / required to / responsible for clauses) and produces a Suggested Tasks table (typically around 10 per policy). Each task has a page reference back to the source paragraph, a frequency (One-time, Daily, Weekly, Monthly, Quarterly or Annual) and a category (Review, Training, Monitoring, Reporting, Governance or Other). You then accept (Task Created), reject (Task Not Required) or leave pending (Task Not Created) each suggestion. Accepted tasks are tracked inside Policy Studio — with due dates, a calendar, reminders, and findings and evidence against each one. Page references make every task defensible.

Book a consultation

See how RegTechPRO can transform how you draft and maintain your policies.

Book a Consultation

Message Us

Thank you!

We've received your enquiry and will be in touch shortly.