Skip to content

STD-GOV-132: Compliance Calendar Automation

Field Value
Standard STD-GOV-132
Title Compliance Calendar Automation
Status Draft
Owner CDO
Created 2026-04-03
Review Monthly

Purpose

Centralise and automate tracking of all regulatory compliance deadlines across Simpaisa's operating markets. With active licences and obligations in PK, BD, NP, IQ, EG and AE, missed deadlines risk licence suspension, financial penalties and reputational damage. Manual tracking via spreadsheets is error-prone and does not scale.

Scope

All regulatory obligations across Simpaisa's markets: Pakistan (SBP, PTA, SECP), Bangladesh (Bangladesh Bank), Nepal (NRB), Iraq (CBI) and UAE (CBUAE, ADGM/DIFC as applicable). Covers licence renewals, audit submissions, regulatory reports, certifications and periodic assessments.

Current State

  • Compliance deadlines tracked in a shared spreadsheet — no automation.
  • Reminders depend on individual calendar entries by compliance team.
  • No single view of all obligations across all markets.
  • Near-misses on deadline compliance have occurred (no actual misses yet).
  • PCI DSS assessment dates tracked separately from regulatory dates.

Gaps

  1. No centralised calendar system — deadlines scattered across spreadsheets, emails, calendars.
  2. No automated reminders — relies on human memory.
  3. No owner assignment enforcement — unclear who is responsible for each deadline.
  4. No integration with Beads for task tracking.
  5. No monthly review cadence for upcoming obligations.

Target State

  • Single source of truth for all compliance deadlines in Beads.
  • Automated reminders at 30, 14, 7 and 1 day before each deadline.
  • Every deadline has an assigned owner.
  • Monthly review at Architecture Review Board.
  • Audit trail of all completed submissions.

Deadline Categories

Category Examples
Licence Renewal PSO/PSP licence (SBP), MFS licence (BB), NRB
Audit Submission Annual audit (SBP), PCI DSS ROC, SOC 2
Regulatory Report Monthly txn report (SBP), quarterly MFS report (BB)
Certification PCI DSS certification, ISO 27001 surveillance
Periodic Assessment Penetration test, vulnerability assessment

Market-Specific Obligations

Market Regulator Key Obligations
PK SBP, PTA, SECP PSO/PSP licence renewal, monthly txn reports, annual audit
BD Bangladesh Bank MFS licence renewal, quarterly MFS report, annual audit
NP NRB PSP licence renewal, quarterly report, annual audit
IQ CBI Licence renewal, quarterly compliance report
AE CBUAE SVF licence (if applicable), annual audit

Beads Integration

Each compliance deadline is tracked as a Beads issue:

bd create "Compliance: [Market] [Obligation] - Due [Date]" --tag compliance-calendar

Issue must include: - Market: PK / BD / NP / IQ / AE - Category: Licence / Audit / Report / Certification / Assessment - Due date: Regulatory deadline - Owner: Individual responsible for submission - Dependencies: Pre-requisite tasks (e.g., audit must complete before submission)

Automated Reminders

Reminder Timing Channel Action Required
R1 30 days before Beads notification + email Confirm preparation begun
R2 14 days before Beads notification + email Status update required
R3 7 days before Beads notification + Slack Escalation if not on track
R4 1 day before Beads notification + Slack Final confirmation

Reminders implemented via Temporal scheduled workflows querying Beads for upcoming deadlines.

Monthly Review

  • Conducted at Architecture Review Board (first agenda item).
  • Review all deadlines due in the next 60 days.
  • Confirm owner and preparation status for each.
  • Escalate any at-risk deadlines to CDO immediately.
  • Review completed submissions from prior month for audit trail completeness.

Audit Trail

  • Every submission recorded in Beads with: submission date, submitted by, confirmation reference, supporting documents.
  • Historical submissions retained for 10 years (regulatory requirement).
  • Quarterly reconciliation: Beads records vs regulator acknowledgements.

Actions

# Action Owner Deadline
1 Catalogue all regulatory obligations across markets Compliance Team 2026-Q2
2 Create Beads issues for all known deadlines Compliance Team 2026-Q2
3 Build Temporal workflow for automated reminders Platform Team 2026-Q2
4 Add compliance review to ARB monthly agenda CDO 2026-Q2
5 Conduct first monthly compliance review at ARB CDO 2026-Q2

References

  • CROSS-BORDER-COMPLIANCE-FRAMEWORK.md
  • STD-GOV-124-ARCHITECTURE-REVIEW-BOARD-CHARTER.md
  • SECURITY-ARCHITECTURE.md