Audit Trail

{
  "approval_comment": "Approved",
  "approved_at_iso": "2026-05-05T20:19:51.386844+00:00",
  "approver": "ComplianceManager",
  "archived_docx": "Compliance_Pack_May_2026_v1.0_20260505-201940_source.docx",
  "content_fingerprint_sha256": "267208501a4cd7ec493f63fb0e3495b85ec89c56ad0855c6fb2fb754c0116a44",
  "from_status": "In Review",
  "pdf_file_hash_sha256": "1f7b691e61b30fe344f261615ee1e9f7cfae9c9f8d586019697e6b0f000f6a83",
  "pdf_filename": "Compliance_Pack_May_2026_v1.0_APPROVED_20260505-201951.pdf",
  "pdf_path": "data/packs/5e142951d0ed/Approved/v1.0/Compliance_Pack_May_2026_v1.0_APPROVED_20260505-201951.pdf",
  "to_status": "Approved",
  "version": "1.0"
}

You are an AI drafting assistant for a UK FCA-regulated wealth management firm's monthly Compliance MI Pack. You produce factual narrative paragraphs grounded EXCLUSIVELY in the structured metrics JSON provided by a deterministic rules layer.

RULES — non-negotiable:
1. Use ONLY the numbers, categories, and breakdowns in the metrics JSON. Do not invent figures, names, dates, trends, or examples.
2. Severity ratings are rule-based — describe them, never reassign or recategorise them.
3. No promissory language ("will improve", "guaranteed"), no advice language ("we recommend you should..."), no commitments to action by the firm.
4. Plain UK English. Reference quantities exactly (e.g. "14 medium-severity breaches", not "several breaches").
5. Where a category has zero or no data, state the absence factually.
6. End each narrative paragraph with a brief citation in parentheses, e.g. "(Source: Breach Register, 40 rows analysed; Complaints MI, 55 rows analysed.)"
7. Output VALID JSON only. No markdown code fences. No preamble or closing remarks.

JSON SCHEMA — exact keys, no extras:
{
  "executive_summary": "string — 80-130 words; high-level for the Compliance Committee; cover scale of breaches, complaints, redress, and any items requiring attention",
  "breach_highlights": "string — 100-180 words; describe the breach population by severity / status / category and call out any open-overdue or critical-or-high-open items",
  "complaints_trends": "string — 100-180 words; cover total complaints, top product, channel mix, outcome distribution, redress total, SLA performance",
  "exception_flags": ["string", ...]   // 0-5 short single-line items; only flag what the metrics support
}

Reporting period: May 2026
Metrics computed at: 2026-05-05T20:19:32.751339+00:00

Metrics JSON (deterministic output of the rules layer):
{
  "reporting_month": "May 2026",
  "computed_at": "2026-05-05T20:19:32.751339+00:00",
  "breach": {
    "total": 40,
    "by_severity": {
      "Low": 19,
      "Medium": 14,
      "High": 6,
      "Critical": 1
    },
    "by_status": {
      "Open": 19,
      "In Review": 10,
      "Closed": 6,
      "Remediated": 5
    },
    "by_category": {
      "Operational": 10,
      "Conduct": 8,
      "Client Money (CASS)": 7,
      "Trading": 6,
      "Data Protection": 5,
      "Cyber/Security": 4
    },
    "by_business_unit": {
      "Risk": 11,
      "IT": 10,
      "Wealth Planning": 7,
      "Compliance": 5,
      "Operations": 4,
      "Client Services": 3
    },
    "open_count": 29,
    "open_overdue": 23,
    "avg_time_to_report_days": 17.1,
    "requires_regulatory_notification": 2,
    "critical_or_high_open": 5,
    "period_start": "2025-12-14",
    "period_end": "2026-04-14",
    "file_used": "Breach_Register.xlsx"
  },
  "complaint": {
    "total": 55,
    "by_status": {
      "Closed": 32,
      "Open": 23
    },
    "by_product": {
      "Trust": 13,
      "ISA": 9,
      "Discretionary Portfolio": 9,
      "GIA": 9,
      "Advisory": 8,
      "SIPP": 7
    },
    "by_channel": {
      "Phone": 16,
      "Email": 13,
      "Letter": 10,
      "Web": 9,
      "In-person": 7
    },
    "by_outcome": {
      "Pending": 23,
      "Partially upheld": 11,
      "Resolved informally": 8,
      "Not upheld": 7,
      "Upheld": 6
    },
    "total_redress_gbp": 6679.47,
    "upheld_or_partial": 17,
    "avg_days_to_close": 33.6,
    "sla_breaches": 2,
    "period_start": "2026-01-05",
    "period_end": "2026-04-18",
    "file_used": "Complaints_MI.xlsx"
  },
  "linkage": {
    "breaches_with_linked_complaint": 11,
    "complaints_with_linked_breach": 17
  },
  "warnings": []
}

Draft the narrative per the schema. Reply with valid JSON only.

{
  "executive_summary": "In May 2026, the firm recorded a total of 40 breaches, with 19 classified as low severity, 14 as medium, 6 as high, and 1 as critical. Breach status shows 29 open, of which 23 are overdue. There were 5 critical or high-severity open breaches. The average time to report breaches was 17.1 days, and 2 breaches required regulatory notification. The complaints MI recorded 55 complaints, with Trust being the top product with 13 complaints. The channel mix was dominated by phone and email, with 16 and 13 complaints respectively. The outcome distribution showed 23 pending, 11 partially upheld, and 6 fully upheld. Total redress paid was £6,679.47, with an average closure time of 33.6 days. There were 2 SLA breaches.", 
  "breach_highlights": "The breach population in May 2026 consisted of 40 breaches, with 19 low-severity, 14 medium-severity, 6 high-severity, and 1 critical-severity breach. The status of breaches shows 19 open, 10 in review, 6 closed, and 5 remediated. The open count stands at 29, with 23 overdue. The critical or high-open breaches total 5. Breaches are categorized as Operational (10), Conduct (8), Client Money (CASS) (7), Trading (6), Data Protection (5), and Cyber/Security (4). Business units with the highest breach counts include Risk (11), IT (10), Wealth Planning (7), Compliance (5), Operations (4), and Client Services (3).", 
  "complaints_trends": "In May 2026, the firm received a total of 55 complaints, with 32 closed and 23 open. The top product for complaints was Trust with 13, followed by ISA and Discretionary Portfolio with 9 each. The channel mix was dominated by phone (16) and email (13). The outcome distribution was 23 pending, 11 partially upheld, 8 resolved informally, 7 not upheld, and 6 fully upheld. Total redress paid was £6,679.47, with an average of 33.6 days to close complaints. There were 2 SLA breaches during the period.", 
  "exception_flags": [
    "23 breaches are overdue.",
    "5 critical or high-severity breaches are open.",
    "2 SLA breaches occurred in complaints handling."
  ]
}

{
  "draft": {
    "breach_highlights": "The breach population in May 2026 consisted of 40 breaches, with 19 low-severity, 14 medium-severity, 6 high-severity, and 1 critical-severity breach. The status of breaches shows 19 open, 10 in review, 6 closed, and 5 remediated. The open count stands at 29, with 23 overdue. The critical or high-open breaches total 5. Breaches are categorized as Operational (10), Conduct (8), Client Money (CASS) (7), Trading (6), Data Protection (5), and Cyber/Security (4). Business units with the highest breach counts include Risk (11), IT (10), Wealth Planning (7), Compliance (5), Operations (4), and Client Services (3).",
    "complaints_trends": "In May 2026, the firm received a total of 55 complaints, with 32 closed and 23 open. The top product for complaints was Trust with 13, followed by ISA and Discretionary Portfolio with 9 each. The channel mix was dominated by phone (16) and email (13). The outcome distribution was 23 pending, 11 partially upheld, 8 resolved informally, 7 not upheld, and 6 fully upheld. Total redress paid was \u00a36,679.47, with an average of 33.6 days to close complaints. There were 2 SLA breaches during the period.",
    "completion_tokens": 573,
    "exception_flags": [
      "23 breaches are overdue.",
      "5 critical or high-severity breaches are open.",
      "2 SLA breaches occurred in complaints handling."
    ],
    "executive_summary": "In May 2026, the firm recorded a total of 40 breaches, with 19 classified as low severity, 14 as medium, 6 as high, and 1 as critical. Breach status shows 29 open, of which 23 are overdue. There were 5 critical or high-severity open breaches. The average time to report breaches was 17.1 days, and 2 breaches required regulatory notification. The complaints MI recorded 55 complaints, with Trust being the top product with 13 complaints. The channel mix was dominated by phone and email, with 16 and 13 complaints respectively. The outcome distribution showed 23 pending, 11 partially upheld, and 6 fully upheld. Total redress paid was \u00a36,679.47, with an average closure time of 33.6 days. There were 2 SLA breaches.",
    "generated_at": "2026-05-05T20:19:40.153998+00:00",
    "latency_ms": 7402,
    "llm_error": null,
    "model": "moonshot-v1-32k",
    "parse_error": null,
    "prompt_tokens": 1207,
    "provider": "kimi",
    "raw_response": "{\n  \"executive_summary\": \"In May 2026, the firm recorded a total of 40 breaches, with 19 classified as low severity, 14 as medium, 6 as high, and 1 as critical. Breach status shows 29 open, of which 23 are overdue. There were 5 critical or high-severity open breaches. The average time to report breaches was 17.1 days, and 2 breaches required regulatory notification. The complaints MI recorded 55 complaints, with Trust being the top product with 13 complaints. The channel mix was dominated by phone and email, with 16 and 13 complaints respectively. The outcome distribution showed 23 pending, 11 partially upheld, and 6 fully upheld. Total redress paid was \u00a36,679.47, with an average closure time of 33.6 days. There were 2 SLA breaches.\", \n  \"breach_highlights\": \"The breach population in May 2026 consisted of 40 breaches, with 19 low-severity, 14 medium-severity, 6 high-severity, and 1 critical-severity breach. The status of breaches shows 19 open, 10 in review, 6 closed, and 5 remediated. The open count stands at 29, with 23 overdue. The critical or high-open breaches total 5. Breaches are categorized as Operational (10), Conduct (8), Client Money (CASS) (7), Trading (6), Data Protection (5), and Cyber/Security (4). Business units with the highest breach counts include Risk (11), IT (10), Wealth Planning (7), Compliance (5), Operations (4), and Client Services (3).\", \n  \"complaints_trends\": \"In May 2026, the firm received a total of 55 complaints, with 32 closed and 23 open. The top product for complaints was Trust with 13, followed by ISA and Discretionary Portfolio with 9 each. The channel mix was dominated by phone (16) and email (13). The outcome distribution was 23 pending, 11 partially upheld, 8 resolved informally, 7 not upheld, and 6 fully upheld. Total redress paid was \u00a36,679.47, with an average of 33.6 days to close complaints. There were 2 SLA breaches during the period.\", \n  \"exception_flags\": [\n    \"23 breaches are overdue.\",\n    \"5 critical or high-severity breaches are open.\",\n    \"2 SLA breaches occurred in complaints handling.\"\n  ]\n}",
    "system_prompt": "You are an AI drafting assistant for a UK FCA-regulated wealth management firm\u0027s monthly Compliance MI Pack. You produce factual narrative paragraphs grounded EXCLUSIVELY in the structured metrics JSON provided by a deterministic rules layer.\n\nRULES \u2014 non-negotiable:\n1. Use ONLY the numbers, categories, and breakdowns in the metrics JSON. Do not invent figures, names, dates, trends, or examples.\n2. Severity ratings are rule-based \u2014 describe them, never reassign or recategorise them.\n3. No promissory language (\"will improve\", \"guaranteed\"), no advice language (\"we recommend you should...\"), no commitments to action by the firm.\n4. Plain UK English. Reference quantities exactly (e.g. \"14 medium-severity breaches\", not \"several breaches\").\n5. Where a category has zero or no data, state the absence factually.\n6. End each narrative paragraph with a brief citation in parentheses, e.g. \"(Source: Breach Register, 40 rows analysed; Complaints MI, 55 rows analysed.)\"\n7. Output VALID JSON only. No markdown code fences. No preamble or closing remarks.\n\nJSON SCHEMA \u2014 exact keys, no extras:\n{\n  \"executive_summary\": \"string \u2014 80-130 words; high-level for the Compliance Committee; cover scale of breaches, complaints, redress, and any items requiring attention\",\n  \"breach_highlights\": \"string \u2014 100-180 words; describe the breach population by severity / status / category and call out any open-overdue or critical-or-high-open items\",\n  \"complaints_trends\": \"string \u2014 100-180 words; cover total complaints, top product, channel mix, outcome distribution, redress total, SLA performance\",\n  \"exception_flags\": [\"string\", ...]   // 0-5 short single-line items; only flag what the metrics support\n}",
    "total_tokens": 1780,
    "user_prompt": "Reporting period: May 2026\nMetrics computed at: 2026-05-05T20:19:32.751339+00:00\n\nMetrics JSON (deterministic output of the rules layer):\n{\n  \"reporting_month\": \"May 2026\",\n  \"computed_at\": \"2026-05-05T20:19:32.751339+00:00\",\n  \"breach\": {\n    \"total\": 40,\n    \"by_severity\": {\n      \"Low\": 19,\n      \"Medium\": 14,\n      \"High\": 6,\n      \"Critical\": 1\n    },\n    \"by_status\": {\n      \"Open\": 19,\n      \"In Review\": 10,\n      \"Closed\": 6,\n      \"Remediated\": 5\n    },\n    \"by_category\": {\n      \"Operational\": 10,\n      \"Conduct\": 8,\n      \"Client Money (CASS)\": 7,\n      \"Trading\": 6,\n      \"Data Protection\": 5,\n      \"Cyber/Security\": 4\n    },\n    \"by_business_unit\": {\n      \"Risk\": 11,\n      \"IT\": 10,\n      \"Wealth Planning\": 7,\n      \"Compliance\": 5,\n      \"Operations\": 4,\n      \"Client Services\": 3\n    },\n    \"open_count\": 29,\n    \"open_overdue\": 23,\n    \"avg_time_to_report_days\": 17.1,\n    \"requires_regulatory_notification\": 2,\n    \"critical_or_high_open\": 5,\n    \"period_start\": \"2025-12-14\",\n    \"period_end\": \"2026-04-14\",\n    \"file_used\": \"Breach_Register.xlsx\"\n  },\n  \"complaint\": {\n    \"total\": 55,\n    \"by_status\": {\n      \"Closed\": 32,\n      \"Open\": 23\n    },\n    \"by_product\": {\n      \"Trust\": 13,\n      \"ISA\": 9,\n      \"Discretionary Portfolio\": 9,\n      \"GIA\": 9,\n      \"Advisory\": 8,\n      \"SIPP\": 7\n    },\n    \"by_channel\": {\n      \"Phone\": 16,\n      \"Email\": 13,\n      \"Letter\": 10,\n      \"Web\": 9,\n      \"In-person\": 7\n    },\n    \"by_outcome\": {\n      \"Pending\": 23,\n      \"Partially upheld\": 11,\n      \"Resolved informally\": 8,\n      \"Not upheld\": 7,\n      \"Upheld\": 6\n    },\n    \"total_redress_gbp\": 6679.47,\n    \"upheld_or_partial\": 17,\n    \"avg_days_to_close\": 33.6,\n    \"sla_breaches\": 2,\n    \"period_start\": \"2026-01-05\",\n    \"period_end\": \"2026-04-18\",\n    \"file_used\": \"Complaints_MI.xlsx\"\n  },\n  \"linkage\": {\n    \"breaches_with_linked_complaint\": 11,\n    \"complaints_with_linked_breach\": 17\n  },\n  \"warnings\": []\n}\n\nDraft the narrative per the schema. Reply with valid JSON only."
  },
  "filename": "Compliance_Pack_May_2026_v1.0_20260505-201940.docx",
  "metrics": {
    "breach": {
      "avg_time_to_report_days": 17.1,
      "by_business_unit": {
        "Client Services": 3,
        "Compliance": 5,
        "IT": 10,
        "Operations": 4,
        "Risk": 11,
        "Wealth Planning": 7
      },
      "by_category": {
        "Client Money (CASS)": 7,
        "Conduct": 8,
        "Cyber/Security": 4,
        "Data Protection": 5,
        "Operational": 10,
        "Trading": 6
      },
      "by_severity": {
        "Critical": 1,
        "High": 6,
        "Low": 19,
        "Medium": 14
      },
      "by_status": {
        "Closed": 6,
        "In Review": 10,
        "Open": 19,
        "Remediated": 5
      },
      "critical_or_high_open": 5,
      "file_used": "Breach_Register.xlsx",
      "open_count": 29,
      "open_overdue": 23,
      "period_end": "2026-04-14",
      "period_start": "2025-12-14",
      "requires_regulatory_notification": 2,
      "total": 40
    },
    "complaint": {
      "avg_days_to_close": 33.6,
      "by_channel": {
        "Email": 13,
        "In-person": 7,
        "Letter": 10,
        "Phone": 16,
        "Web": 9
      },
      "by_outcome": {
        "Not upheld": 7,
        "Partially upheld": 11,
        "Pending": 23,
        "Resolved informally": 8,
        "Upheld": 6
      },
      "by_product": {
        "Advisory": 8,
        "Discretionary Portfolio": 9,
        "GIA": 9,
        "ISA": 9,
        "SIPP": 7,
        "Trust": 13
      },
      "by_status": {
        "Closed": 32,
        "Open": 23
      },
      "file_used": "Complaints_MI.xlsx",
      "period_end": "2026-04-18",
      "period_start": "2026-01-05",
      "sla_breaches": 2,
      "total": 55,
      "total_redress_gbp": 6679.47,
      "upheld_or_partial": 17
    },
    "computed_at": "2026-05-05T20:19:32.751339+00:00",
    "linkage": {
      "breaches_with_linked_complaint": 11,
      "complaints_with_linked_breach": 17
    },
    "reporting_month": "May 2026",
    "warnings": []
  },
  "sections": [
    "Cover",
    "Executive Summary",
    "Breach Snapshot",
    "Complaints Snapshot",
    "Exception Flags"
  ]
}

You are an AI drafting assistant for a UK FCA-regulated wealth management firm's monthly Compliance MI Pack. You produce factual narrative paragraphs grounded EXCLUSIVELY in the structured metrics JSON provided by a deterministic rules layer.

RULES — non-negotiable:
1. Use ONLY the numbers, categories, and breakdowns in the metrics JSON. Do not invent figures, names, dates, trends, or examples.
2. Severity ratings are rule-based — describe them, never reassign or recategorise them.
3. No promissory language ("will improve", "guaranteed"), no advice language ("we recommend you should..."), no commitments to action by the firm.
4. Plain UK English. Reference quantities exactly (e.g. "14 medium-severity breaches", not "several breaches").
5. Where a category has zero or no data, state the absence factually.
6. End each narrative paragraph with a brief citation in parentheses, e.g. "(Source: Breach Register, 40 rows analysed; Complaints MI, 55 rows analysed.)"
7. Output VALID JSON only. No markdown code fences. No preamble or closing remarks.

JSON SCHEMA — exact keys, no extras:
{
  "executive_summary": "string — 80-130 words; high-level for the Compliance Committee; cover scale of breaches, complaints, redress, and any items requiring attention",
  "breach_highlights": "string — 100-180 words; describe the breach population by severity / status / category and call out any open-overdue or critical-or-high-open items",
  "complaints_trends": "string — 100-180 words; cover total complaints, top product, channel mix, outcome distribution, redress total, SLA performance",
  "exception_flags": ["string", ...]   // 0-5 short single-line items; only flag what the metrics support
}

Reporting period: May 2026
Metrics computed at: 2026-05-05T20:19:06.368513+00:00

Metrics JSON (deterministic output of the rules layer):
{
  "reporting_month": "May 2026",
  "computed_at": "2026-05-05T20:19:06.368513+00:00",
  "breach": {
    "total": 40,
    "by_severity": {
      "Low": 19,
      "Medium": 14,
      "High": 6,
      "Critical": 1
    },
    "by_status": {
      "Open": 19,
      "In Review": 10,
      "Closed": 6,
      "Remediated": 5
    },
    "by_category": {
      "Operational": 10,
      "Conduct": 8,
      "Client Money (CASS)": 7,
      "Trading": 6,
      "Data Protection": 5,
      "Cyber/Security": 4
    },
    "by_business_unit": {
      "Risk": 11,
      "IT": 10,
      "Wealth Planning": 7,
      "Compliance": 5,
      "Operations": 4,
      "Client Services": 3
    },
    "open_count": 29,
    "open_overdue": 23,
    "avg_time_to_report_days": 17.1,
    "requires_regulatory_notification": 2,
    "critical_or_high_open": 5,
    "period_start": "2025-12-14",
    "period_end": "2026-04-14",
    "file_used": "Breach_Register.xlsx"
  },
  "complaint": {
    "total": 55,
    "by_status": {
      "Closed": 32,
      "Open": 23
    },
    "by_product": {
      "Trust": 13,
      "ISA": 9,
      "Discretionary Portfolio": 9,
      "GIA": 9,
      "Advisory": 8,
      "SIPP": 7
    },
    "by_channel": {
      "Phone": 16,
      "Email": 13,
      "Letter": 10,
      "Web": 9,
      "In-person": 7
    },
    "by_outcome": {
      "Pending": 23,
      "Partially upheld": 11,
      "Resolved informally": 8,
      "Not upheld": 7,
      "Upheld": 6
    },
    "total_redress_gbp": 6679.47,
    "upheld_or_partial": 17,
    "avg_days_to_close": 33.6,
    "sla_breaches": 2,
    "period_start": "2026-01-05",
    "period_end": "2026-04-18",
    "file_used": "Complaints_MI.xlsx"
  },
  "linkage": {
    "breaches_with_linked_complaint": 11,
    "complaints_with_linked_breach": 17
  },
  "warnings": []
}

Draft the narrative per the schema. Reply with valid JSON only.

{
  "executive_summary": "In May 2026, we recorded a total of 40 breaches, with 29 remaining open, including 5 critical or high-severity items. Breach categories were led by Operational (10), Conduct (8), and Client Money (CASS) (7). Compliance had 5 open breaches, with an average time to report of 17.1 days. We received 55 complaints, with Trust being the top product affected. Total redress paid was £6,679.47, and the average time to close a complaint was 33.6 days. Two complaints breached service level agreements.",
  
  "breach_highlights": "During the reporting period, there were 40 total breaches, with 19 low, 14 medium, 6 high, and 1 critical severity. The status distribution was 19 open, 10 in review, 6 closed, and 5 remediated. Breaches were categorized as Operational (10), Conduct (8), Client Money (CASS) (7), Trading (6), Data Protection (5), and Cyber/Security (4). The business units with the highest breach counts were Risk (11) and IT (10). There were 29 open breaches, with 23 overdue. Two breaches required regulatory notification. There were 5 critical or high-severity open breaches.",
  
  "complaints_trends": "We received a total of 55 complaints, with 32 closed and 23 open. The top product for complaints was Trust (13), followed by ISA (9), Discretionary Portfolio (9), GIA (9), Advisory (8), and SIPP (7). The channel mix was Phone (16), Email (13), Letter (10), Web (9), and In-person (7). The outcome distribution was Pending (23), Partially upheld (11), Resolved informally (8), Not upheld (7), and Upheld (6). Total redress paid was £6,679.47, with 17 upheld or partially upheld complaints. The average days to close a complaint was 33.6, and there were 2 service level agreement breaches.",
  
  "exception_flags": [
    "29 open breaches, including 23 overdue and 5 critical or high-severity open items.",
    "2 service level agreement breaches for complaints."
  ]
}

{
  "draft": {
    "breach_highlights": "During the reporting period, there were 40 total breaches, with 19 low, 14 medium, 6 high, and 1 critical severity. The status distribution was 19 open, 10 in review, 6 closed, and 5 remediated. Breaches were categorized as Operational (10), Conduct (8), Client Money (CASS) (7), Trading (6), Data Protection (5), and Cyber/Security (4). The business units with the highest breach counts were Risk (11) and IT (10). There were 29 open breaches, with 23 overdue. Two breaches required regulatory notification. There were 5 critical or high-severity open breaches.",
    "complaints_trends": "We received a total of 55 complaints, with 32 closed and 23 open. The top product for complaints was Trust (13), followed by ISA (9), Discretionary Portfolio (9), GIA (9), Advisory (8), and SIPP (7). The channel mix was Phone (16), Email (13), Letter (10), Web (9), and In-person (7). The outcome distribution was Pending (23), Partially upheld (11), Resolved informally (8), Not upheld (7), and Upheld (6). Total redress paid was \u00a36,679.47, with 17 upheld or partially upheld complaints. The average days to close a complaint was 33.6, and there were 2 service level agreement breaches.",
    "completion_tokens": 538,
    "exception_flags": [
      "29 open breaches, including 23 overdue and 5 critical or high-severity open items.",
      "2 service level agreement breaches for complaints."
    ],
    "executive_summary": "In May 2026, we recorded a total of 40 breaches, with 29 remaining open, including 5 critical or high-severity items. Breach categories were led by Operational (10), Conduct (8), and Client Money (CASS) (7). Compliance had 5 open breaches, with an average time to report of 17.1 days. We received 55 complaints, with Trust being the top product affected. Total redress paid was \u00a36,679.47, and the average time to close a complaint was 33.6 days. Two complaints breached service level agreements.",
    "generated_at": "2026-05-05T20:19:14.406386+00:00",
    "latency_ms": 8007,
    "llm_error": null,
    "model": "moonshot-v1-32k",
    "parse_error": null,
    "prompt_tokens": 1209,
    "provider": "kimi",
    "raw_response": "{\n  \"executive_summary\": \"In May 2026, we recorded a total of 40 breaches, with 29 remaining open, including 5 critical or high-severity items. Breach categories were led by Operational (10), Conduct (8), and Client Money (CASS) (7). Compliance had 5 open breaches, with an average time to report of 17.1 days. We received 55 complaints, with Trust being the top product affected. Total redress paid was \u00a36,679.47, and the average time to close a complaint was 33.6 days. Two complaints breached service level agreements.\",\n  \n  \"breach_highlights\": \"During the reporting period, there were 40 total breaches, with 19 low, 14 medium, 6 high, and 1 critical severity. The status distribution was 19 open, 10 in review, 6 closed, and 5 remediated. Breaches were categorized as Operational (10), Conduct (8), Client Money (CASS) (7), Trading (6), Data Protection (5), and Cyber/Security (4). The business units with the highest breach counts were Risk (11) and IT (10). There were 29 open breaches, with 23 overdue. Two breaches required regulatory notification. There were 5 critical or high-severity open breaches.\",\n  \n  \"complaints_trends\": \"We received a total of 55 complaints, with 32 closed and 23 open. The top product for complaints was Trust (13), followed by ISA (9), Discretionary Portfolio (9), GIA (9), Advisory (8), and SIPP (7). The channel mix was Phone (16), Email (13), Letter (10), Web (9), and In-person (7). The outcome distribution was Pending (23), Partially upheld (11), Resolved informally (8), Not upheld (7), and Upheld (6). Total redress paid was \u00a36,679.47, with 17 upheld or partially upheld complaints. The average days to close a complaint was 33.6, and there were 2 service level agreement breaches.\",\n  \n  \"exception_flags\": [\n    \"29 open breaches, including 23 overdue and 5 critical or high-severity open items.\",\n    \"2 service level agreement breaches for complaints.\"\n  ]\n}",
    "system_prompt": "You are an AI drafting assistant for a UK FCA-regulated wealth management firm\u0027s monthly Compliance MI Pack. You produce factual narrative paragraphs grounded EXCLUSIVELY in the structured metrics JSON provided by a deterministic rules layer.\n\nRULES \u2014 non-negotiable:\n1. Use ONLY the numbers, categories, and breakdowns in the metrics JSON. Do not invent figures, names, dates, trends, or examples.\n2. Severity ratings are rule-based \u2014 describe them, never reassign or recategorise them.\n3. No promissory language (\"will improve\", \"guaranteed\"), no advice language (\"we recommend you should...\"), no commitments to action by the firm.\n4. Plain UK English. Reference quantities exactly (e.g. \"14 medium-severity breaches\", not \"several breaches\").\n5. Where a category has zero or no data, state the absence factually.\n6. End each narrative paragraph with a brief citation in parentheses, e.g. \"(Source: Breach Register, 40 rows analysed; Complaints MI, 55 rows analysed.)\"\n7. Output VALID JSON only. No markdown code fences. No preamble or closing remarks.\n\nJSON SCHEMA \u2014 exact keys, no extras:\n{\n  \"executive_summary\": \"string \u2014 80-130 words; high-level for the Compliance Committee; cover scale of breaches, complaints, redress, and any items requiring attention\",\n  \"breach_highlights\": \"string \u2014 100-180 words; describe the breach population by severity / status / category and call out any open-overdue or critical-or-high-open items\",\n  \"complaints_trends\": \"string \u2014 100-180 words; cover total complaints, top product, channel mix, outcome distribution, redress total, SLA performance\",\n  \"exception_flags\": [\"string\", ...]   // 0-5 short single-line items; only flag what the metrics support\n}",
    "total_tokens": 1747,
    "user_prompt": "Reporting period: May 2026\nMetrics computed at: 2026-05-05T20:19:06.368513+00:00\n\nMetrics JSON (deterministic output of the rules layer):\n{\n  \"reporting_month\": \"May 2026\",\n  \"computed_at\": \"2026-05-05T20:19:06.368513+00:00\",\n  \"breach\": {\n    \"total\": 40,\n    \"by_severity\": {\n      \"Low\": 19,\n      \"Medium\": 14,\n      \"High\": 6,\n      \"Critical\": 1\n    },\n    \"by_status\": {\n      \"Open\": 19,\n      \"In Review\": 10,\n      \"Closed\": 6,\n      \"Remediated\": 5\n    },\n    \"by_category\": {\n      \"Operational\": 10,\n      \"Conduct\": 8,\n      \"Client Money (CASS)\": 7,\n      \"Trading\": 6,\n      \"Data Protection\": 5,\n      \"Cyber/Security\": 4\n    },\n    \"by_business_unit\": {\n      \"Risk\": 11,\n      \"IT\": 10,\n      \"Wealth Planning\": 7,\n      \"Compliance\": 5,\n      \"Operations\": 4,\n      \"Client Services\": 3\n    },\n    \"open_count\": 29,\n    \"open_overdue\": 23,\n    \"avg_time_to_report_days\": 17.1,\n    \"requires_regulatory_notification\": 2,\n    \"critical_or_high_open\": 5,\n    \"period_start\": \"2025-12-14\",\n    \"period_end\": \"2026-04-14\",\n    \"file_used\": \"Breach_Register.xlsx\"\n  },\n  \"complaint\": {\n    \"total\": 55,\n    \"by_status\": {\n      \"Closed\": 32,\n      \"Open\": 23\n    },\n    \"by_product\": {\n      \"Trust\": 13,\n      \"ISA\": 9,\n      \"Discretionary Portfolio\": 9,\n      \"GIA\": 9,\n      \"Advisory\": 8,\n      \"SIPP\": 7\n    },\n    \"by_channel\": {\n      \"Phone\": 16,\n      \"Email\": 13,\n      \"Letter\": 10,\n      \"Web\": 9,\n      \"In-person\": 7\n    },\n    \"by_outcome\": {\n      \"Pending\": 23,\n      \"Partially upheld\": 11,\n      \"Resolved informally\": 8,\n      \"Not upheld\": 7,\n      \"Upheld\": 6\n    },\n    \"total_redress_gbp\": 6679.47,\n    \"upheld_or_partial\": 17,\n    \"avg_days_to_close\": 33.6,\n    \"sla_breaches\": 2,\n    \"period_start\": \"2026-01-05\",\n    \"period_end\": \"2026-04-18\",\n    \"file_used\": \"Complaints_MI.xlsx\"\n  },\n  \"linkage\": {\n    \"breaches_with_linked_complaint\": 11,\n    \"complaints_with_linked_breach\": 17\n  },\n  \"warnings\": []\n}\n\nDraft the narrative per the schema. Reply with valid JSON only."
  },
  "metrics": {
    "breach": {
      "avg_time_to_report_days": 17.1,
      "by_business_unit": {
        "Client Services": 3,
        "Compliance": 5,
        "IT": 10,
        "Operations": 4,
        "Risk": 11,
        "Wealth Planning": 7
      },
      "by_category": {
        "Client Money (CASS)": 7,
        "Conduct": 8,
        "Cyber/Security": 4,
        "Data Protection": 5,
        "Operational": 10,
        "Trading": 6
      },
      "by_severity": {
        "Critical": 1,
        "High": 6,
        "Low": 19,
        "Medium": 14
      },
      "by_status": {
        "Closed": 6,
        "In Review": 10,
        "Open": 19,
        "Remediated": 5
      },
      "critical_or_high_open": 5,
      "file_used": "Breach_Register.xlsx",
      "open_count": 29,
      "open_overdue": 23,
      "period_end": "2026-04-14",
      "period_start": "2025-12-14",
      "requires_regulatory_notification": 2,
      "total": 40
    },
    "complaint": {
      "avg_days_to_close": 33.6,
      "by_channel": {
        "Email": 13,
        "In-person": 7,
        "Letter": 10,
        "Phone": 16,
        "Web": 9
      },
      "by_outcome": {
        "Not upheld": 7,
        "Partially upheld": 11,
        "Pending": 23,
        "Resolved informally": 8,
        "Upheld": 6
      },
      "by_product": {
        "Advisory": 8,
        "Discretionary Portfolio": 9,
        "GIA": 9,
        "ISA": 9,
        "SIPP": 7,
        "Trust": 13
      },
      "by_status": {
        "Closed": 32,
        "Open": 23
      },
      "file_used": "Complaints_MI.xlsx",
      "period_end": "2026-04-18",
      "period_start": "2026-01-05",
      "sla_breaches": 2,
      "total": 55,
      "total_redress_gbp": 6679.47,
      "upheld_or_partial": 17
    },
    "computed_at": "2026-05-05T20:19:06.368513+00:00",
    "linkage": {
      "breaches_with_linked_complaint": 11,
      "complaints_with_linked_breach": 17
    },
    "reporting_month": "May 2026",
    "warnings": []
  }
}

{
  "breach": {
    "avg_time_to_report_days": 17.1,
    "by_business_unit": {
      "Client Services": 3,
      "Compliance": 5,
      "IT": 10,
      "Operations": 4,
      "Risk": 11,
      "Wealth Planning": 7
    },
    "by_category": {
      "Client Money (CASS)": 7,
      "Conduct": 8,
      "Cyber/Security": 4,
      "Data Protection": 5,
      "Operational": 10,
      "Trading": 6
    },
    "by_severity": {
      "Critical": 1,
      "High": 6,
      "Low": 19,
      "Medium": 14
    },
    "by_status": {
      "Closed": 6,
      "In Review": 10,
      "Open": 19,
      "Remediated": 5
    },
    "critical_or_high_open": 5,
    "file_used": "Breach_Register.xlsx",
    "open_count": 29,
    "open_overdue": 23,
    "period_end": "2026-04-14",
    "period_start": "2025-12-14",
    "requires_regulatory_notification": 2,
    "total": 40
  },
  "complaint": {
    "avg_days_to_close": 33.6,
    "by_channel": {
      "Email": 13,
      "In-person": 7,
      "Letter": 10,
      "Phone": 16,
      "Web": 9
    },
    "by_outcome": {
      "Not upheld": 7,
      "Partially upheld": 11,
      "Pending": 23,
      "Resolved informally": 8,
      "Upheld": 6
    },
    "by_product": {
      "Advisory": 8,
      "Discretionary Portfolio": 9,
      "GIA": 9,
      "ISA": 9,
      "SIPP": 7,
      "Trust": 13
    },
    "by_status": {
      "Closed": 32,
      "Open": 23
    },
    "file_used": "Complaints_MI.xlsx",
    "period_end": "2026-04-18",
    "period_start": "2026-01-05",
    "sla_breaches": 2,
    "total": 55,
    "total_redress_gbp": 6679.47,
    "upheld_or_partial": 17
  },
  "computed_at": "2026-05-05T20:19:04.782382+00:00",
  "linkage": {
    "breaches_with_linked_complaint": 11,
    "complaints_with_linked_breach": 17
  },
  "reporting_month": "May 2026",
  "warnings": []
}

{
  "counts": {
    "MISSING": 0,
    "OK": 4,
    "PARTIAL": 0
  },
  "results": [
    {
      "description": "Monthly extract listing all breaches recorded in the reporting period.",
      "issues": [],
      "item_id": "breach_register",
      "label": "Breach Register",
      "matched_filename": "Breach_Register.xlsx",
      "severity": "critical",
      "status": "OK"
    },
    {
      "description": "Monthly complaints management information including status, outcomes, and redress.",
      "issues": [],
      "item_id": "complaints_mi",
      "label": "Complaints MI",
      "matched_filename": "Complaints_MI.xlsx",
      "severity": "critical",
      "status": "OK"
    },
    {
      "description": "Monthly call monitoring summary from each client-facing team.",
      "issues": [],
      "item_id": "call_monitoring",
      "label": "Call Monitoring Summary",
      "matched_filename": "Call_Monitoring_Summary_Sample.pdf",
      "severity": "important",
      "status": "OK"
    },
    {
      "description": "Sample of policy attestations confirming staff have read and understood key policies.",
      "issues": [],
      "item_id": "policy_attestation",
      "label": "Policy Attestation(s)",
      "matched_filename": "Policy_Attestation_Sample.pdf",
      "severity": "important",
      "status": "OK"
    }
  ]
}

{
  "breach": {
    "avg_time_to_report_days": 17.1,
    "by_business_unit": {
      "Client Services": 3,
      "Compliance": 5,
      "IT": 10,
      "Operations": 4,
      "Risk": 11,
      "Wealth Planning": 7
    },
    "by_category": {
      "Client Money (CASS)": 7,
      "Conduct": 8,
      "Cyber/Security": 4,
      "Data Protection": 5,
      "Operational": 10,
      "Trading": 6
    },
    "by_severity": {
      "Critical": 1,
      "High": 6,
      "Low": 19,
      "Medium": 14
    },
    "by_status": {
      "Closed": 6,
      "In Review": 10,
      "Open": 19,
      "Remediated": 5
    },
    "critical_or_high_open": 5,
    "file_used": "Breach_Register.xlsx",
    "open_count": 29,
    "open_overdue": 23,
    "period_end": "2026-04-14",
    "period_start": "2025-12-14",
    "requires_regulatory_notification": 2,
    "total": 40
  },
  "complaint": {
    "avg_days_to_close": 33.6,
    "by_channel": {
      "Email": 13,
      "In-person": 7,
      "Letter": 10,
      "Phone": 16,
      "Web": 9
    },
    "by_outcome": {
      "Not upheld": 7,
      "Partially upheld": 11,
      "Pending": 23,
      "Resolved informally": 8,
      "Upheld": 6
    },
    "by_product": {
      "Advisory": 8,
      "Discretionary Portfolio": 9,
      "GIA": 9,
      "ISA": 9,
      "SIPP": 7,
      "Trust": 13
    },
    "by_status": {
      "Closed": 32,
      "Open": 23
    },
    "file_used": "Complaints_MI.xlsx",
    "period_end": "2026-04-18",
    "period_start": "2026-01-05",
    "sla_breaches": 2,
    "total": 55,
    "total_redress_gbp": 6679.47,
    "upheld_or_partial": 17
  },
  "computed_at": "2026-05-05T20:12:06.195644+00:00",
  "linkage": {
    "breaches_with_linked_complaint": 11,
    "complaints_with_linked_breach": 17
  },
  "reporting_month": "May 2026",
  "warnings": []
}

{
  "counts": {
    "MISSING": 0,
    "OK": 4,
    "PARTIAL": 0
  },
  "results": [
    {
      "description": "Monthly extract listing all breaches recorded in the reporting period.",
      "issues": [],
      "item_id": "breach_register",
      "label": "Breach Register",
      "matched_filename": "Breach_Register.xlsx",
      "severity": "critical",
      "status": "OK"
    },
    {
      "description": "Monthly complaints management information including status, outcomes, and redress.",
      "issues": [],
      "item_id": "complaints_mi",
      "label": "Complaints MI",
      "matched_filename": "Complaints_MI.xlsx",
      "severity": "critical",
      "status": "OK"
    },
    {
      "description": "Monthly call monitoring summary from each client-facing team.",
      "issues": [],
      "item_id": "call_monitoring",
      "label": "Call Monitoring Summary",
      "matched_filename": "Call_Monitoring_Summary_Sample.pdf",
      "severity": "important",
      "status": "OK"
    },
    {
      "description": "Sample of policy attestations confirming staff have read and understood key policies.",
      "issues": [],
      "item_id": "policy_attestation",
      "label": "Policy Attestation(s)",
      "matched_filename": "Policy_Attestation_Sample.pdf",
      "severity": "important",
      "status": "OK"
    }
  ]
}

{
  "from_status": "Draft",
  "submitted_by": "ComplianceOfficer",
  "to_status": "In Review"
}

{
  "files": [
    "Breach_Register.xlsx",
    "Complaints_MI.xlsx",
    "Call_Monitoring_Summary_Sample.pdf",
    "Policy_Attestation_Sample.pdf"
  ],
  "missing": [],
  "source": "sample_data"
}

{
  "due_date": "2026-05-15",
  "owner": "ComplianceOfficer",
  "pack_id": "5e142951d0ed",
  "reporting_month": "May 2026",
  "version": "1.0"
}