O
Oliver

Compliance API

The Compliance API provides comprehensive monitoring, reporting, and audit capabilities to ensure that all interactions with Oliver meet regulatory requirements. This is essential for financial services firms subject to regulations from FINRA, SEC, and other financial authorities.

Regulatory Compliance: All chat messages, file uploads, and AI responses are automatically scanned for compliance violations. Flagged content is immediately reported to designated compliance officers.

Compliance Features

🔍 Real-time Monitoring

Continuous scanning of all messages for compliance issues including inappropriate language, regulatory violations, and policy breaches.

📊 Comprehensive Reporting

Detailed compliance reports with analytics, trends, and violation summaries for regulatory submissions.

🚨 Alert System

Immediate notifications to compliance officers when violations are detected, with configurable alert thresholds.

📋 Audit Trails

Complete audit logs of all user activities, AI responses, and compliance actions for regulatory examination.

List Compliance Flags

Retrieve a list of compliance flags raised by the system's automated monitoring.

GET /api/v1/compliance/flags
Authentication: Required
Required Permissions: view_compliance_flags

Query Parameters

Parameter Type Required Description
page integer No Page number (default: 1)
per_page integer No Items per page (default: 20, max: 100)
severity string No Filter by severity (low, medium, high, critical)
status string No Filter by status (active, resolved, dismissed)
category string No Filter by violation category
user_id integer No Filter by specific user ID
date_from string No Start date filter (ISO 8601 format)
date_to string No End date filter (ISO 8601 format)

Example Response

{
    "success": true,
    "data": {
        "flags": [
            {
                "id": 12345,
                "message_id": "msg_987654321",
                "chat_id": "chat_123456789",
                "user_id": 456,
                "user_name": "John Smith",
                "violation_type": "inappropriate_language",
                "category": "communication_standards",
                "severity": "medium",
                "status": "active",
                "flagged_content": "This investment will definitely make you rich quickly",
                "violation_reason": "Misleading investment promise - violates FINRA Rule 2210",
                "automated_flag": true,
                "reviewer_id": null,
                "resolution_notes": null,
                "flagged_at": "2025-03-11T09:15:00Z",
                "reviewed_at": null,
                "resolved_at": null,
                "metadata": {
                    "confidence_score": 0.89,
                    "rule_references": ["FINRA 2210", "SEC Rule 10b-5"],
                    "keywords_matched": ["definitely", "rich quickly"]
                }
            },
            {
                "id": 12346,
                "message_id": "msg_987654322",
                "chat_id": "chat_123456790",
                "user_id": 789,
                "user_name": "Jane Doe",
                "violation_type": "client_data_exposure",
                "category": "data_privacy",
                "severity": "high",
                "status": "resolved",
                "flagged_content": "Client SSN: 123-45-6789 needs portfolio review",
                "violation_reason": "Potential PII exposure in chat message",
                "automated_flag": true,
                "reviewer_id": 12,
                "resolution_notes": "Client data masked, user trained on PII handling",
                "flagged_at": "2025-03-10T14:30:00Z",
                "reviewed_at": "2025-03-10T15:45:00Z",
                "resolved_at": "2025-03-10T16:00:00Z",
                "metadata": {
                    "confidence_score": 0.95,
                    "data_types_detected": ["ssn"],
                    "auto_masked": true
                }
            }
        ],
        "pagination": {
            "current_page": 1,
            "per_page": 20,
            "total": 2,
            "total_pages": 1
        },
        "summary": {
            "total_flags": 2,
            "active_flags": 1,
            "resolved_flags": 1,
            "high_severity": 1,
            "medium_severity": 1
        }
    },
    "message": "Compliance flags retrieved successfully"
}

Get Compliance Flag

Get detailed information about a specific compliance flag.

GET /api/v1/compliance/flags/{flag_id}
Authentication: Required
Required Permissions: view_compliance_flags

Path Parameters

Parameter Type Required Description
flag_id integer Yes ID of the compliance flag

Example Response

{
    "success": true,
    "data": {
        "flag": {
            "id": 12345,
            "message_id": "msg_987654321",
            "chat_id": "chat_123456789",
            "user": {
                "id": 456,
                "name": "John Smith",
                "email": "jsmith@advisorsassetmanagement.com",
                "role": "Financial Advisor",
                "supervisor": {
                    "id": 12,
                    "name": "Mary Johnson",
                    "email": "mjohnson@advisorsassetmanagement.com"
                }
            },
            "violation_details": {
                "type": "inappropriate_language",
                "category": "communication_standards",
                "severity": "medium",
                "rule_violations": [
                    {
                        "rule": "FINRA Rule 2210",
                        "description": "Communications with Public",
                        "section": "Content Standards"
                    }
                ]
            },
            "content": {
                "original_message": "This investment will definitely make you rich quickly",
                "flagged_portions": ["definitely make you rich quickly"],
                "context_messages": [
                    {
                        "role": "user",
                        "content": "What's the best investment for quick returns?",
                        "timestamp": "2025-03-11T09:14:30Z"
                    },
                    {
                        "role": "assistant",
                        "content": "This investment will definitely make you rich quickly",
                        "timestamp": "2025-03-11T09:15:00Z"
                    }
                ]
            },
            "review_status": {
                "status": "active",
                "reviewer_id": null,
                "reviewer_name": null,
                "review_notes": null,
                "resolution_action": null
            },
            "audit_trail": [
                {
                    "action": "flag_created",
                    "user_id": "system",
                    "timestamp": "2025-03-11T09:15:05Z",
                    "details": "Automated compliance scan detected violation"
                },
                {
                    "action": "notification_sent",
                    "user_id": "system", 
                    "timestamp": "2025-03-11T09:15:10Z",
                    "details": "Alert sent to compliance team"
                }
            ],
            "metadata": {
                "detection_algorithm": "nlp_rule_engine_v2.1",
                "confidence_score": 0.89,
                "false_positive_probability": 0.11,
                "similar_violations_count": 3,
                "escalation_required": false
            },
            "created_at": "2025-03-11T09:15:00Z",
            "updated_at": "2025-03-11T09:15:00Z"
        }
    },
    "message": "Compliance flag retrieved successfully"
}

Update Compliance Flag

Update the status or add review notes to a compliance flag.

PUT /api/v1/compliance/flags/{flag_id}
Authentication: Required
Required Permissions: manage_compliance_flags

Path Parameters

Parameter Type Required Description
flag_id integer Yes ID of the compliance flag

Request Parameters

Parameter Type Required Description
status string No New status (active, under_review, resolved, dismissed)
resolution_notes string No Notes about the resolution or review
resolution_action string No Action taken (training_provided, policy_updated, false_positive, etc.)
severity string No Update severity level (low, medium, high, critical)

Example Request

{
    "status": "resolved",
    "resolution_notes": "Reviewed with advisor. Content updated to comply with FINRA guidelines. Additional training provided on appropriate language for investment communications.",
    "resolution_action": "training_provided"
}

Example Response

{
    "success": true,
    "data": {
        "flag": {
            "id": 12345,
            "status": "resolved",
            "resolution_notes": "Reviewed with advisor. Content updated to comply with FINRA guidelines. Additional training provided on appropriate language for investment communications.",
            "resolution_action": "training_provided",
            "reviewer_id": 15,
            "reviewer_name": "Sarah Wilson",
            "reviewed_at": "2025-03-11T14:30:00Z",
            "resolved_at": "2025-03-11T14:30:00Z",
            "updated_at": "2025-03-11T14:30:00Z"
        }
    },
    "message": "Compliance flag updated successfully"
}

Generate Compliance Report

Generate comprehensive compliance reports for regulatory submissions or internal audits.

POST /api/v1/compliance/reports
Authentication: Required
Required Permissions: generate_compliance_reports

Request Parameters

Parameter Type Required Description
report_type string Yes Type of report (summary, detailed, regulatory, audit)
date_from string Yes Start date for report period (ISO 8601 format)
date_to string Yes End date for report period (ISO 8601 format)
include_resolved boolean No Include resolved violations (default: true)
severity_filter array No Filter by severity levels
user_ids array No Filter by specific user IDs
format string No Report format (pdf, excel, json)

Example Request

{
    "report_type": "regulatory",
    "date_from": "2025-02-01T00:00:00Z",
    "date_to": "2025-02-28T23:59:59Z",
    "include_resolved": true,
    "severity_filter": ["medium", "high", "critical"],
    "format": "pdf"
}

Example Response

{
    "success": true,
    "data": {
        "report": {
            "id": "report_123456789",
            "type": "regulatory",
            "period": {
                "from": "2025-02-01T00:00:00Z",
                "to": "2025-02-28T23:59:59Z"
            },
            "summary": {
                "total_flags": 47,
                "resolved_flags": 42,
                "active_flags": 5,
                "severity_breakdown": {
                    "critical": 2,
                    "high": 8,
                    "medium": 23,
                    "low": 14
                },
                "category_breakdown": {
                    "communication_standards": 28,
                    "data_privacy": 12,
                    "investment_advice": 7
                }
            },
            "download_url": "https://oliverchat.com/storage/compliance-reports/report_123456789.pdf",
            "expires_at": "2025-03-18T11:45:00Z",
            "generated_at": "2025-03-11T11:45:00Z",
            "generated_by": {
                "id": 15,
                "name": "Sarah Wilson",
                "role": "Compliance Officer"
            }
        }
    },
    "message": "Compliance report generated successfully"
}

List Compliance Categories

Get a list of all compliance violation categories configured in the system.

GET /api/v1/compliance/categories
Authentication: Required
Required Permissions: view_compliance_config

Example Response

{
    "success": true,
    "data": {
        "categories": [
            {
                "id": 1,
                "name": "Communication Standards",
                "key": "communication_standards",
                "description": "Violations related to inappropriate language or misleading statements",
                "severity_default": "medium",
                "active": true,
                "rule_references": ["FINRA Rule 2210", "FINRA Rule 2111"],
                "detection_patterns": [
                    "guaranteed returns",
                    "risk-free investment",
                    "definitely profitable"
                ]
            },
            {
                "id": 2,
                "name": "Data Privacy",
                "key": "data_privacy",
                "description": "Violations related to client data exposure or privacy breaches",
                "severity_default": "high",
                "active": true,
                "rule_references": ["Regulation S-P", "GDPR Article 32"],
                "detection_patterns": [
                    "SSN patterns",
                    "Credit card numbers",
                    "Account numbers"
                ]
            },
            {
                "id": 3,
                "name": "Investment Advice",
                "key": "investment_advice",
                "description": "Violations related to unsuitable investment recommendations",
                "severity_default": "high",
                "active": true,
                "rule_references": ["FINRA Rule 2111", "Investment Advisers Act"],
                "detection_patterns": [
                    "specific investment recommendations without suitability analysis",
                    "high-risk suggestions without proper disclosure"
                ]
            }
        ]
    },
    "message": "Compliance categories retrieved successfully"
}

Get Audit Log

Retrieve detailed audit logs for compliance and regulatory review purposes.

GET /api/v1/compliance/audit-log
Authentication: Required
Required Permissions: view_audit_logs

Query Parameters

Parameter Type Required Description
page integer No Page number (default: 1)
per_page integer No Items per page (default: 50, max: 500)
action string No Filter by action type
user_id integer No Filter by user ID
date_from string No Start date filter (ISO 8601 format)
date_to string No End date filter (ISO 8601 format)

Example Response

{
    "success": true,
    "data": {
        "audit_entries": [
            {
                "id": 789123,
                "user_id": 456,
                "user_name": "John Smith",
                "action": "message_sent",
                "resource_type": "chat_message",
                "resource_id": "msg_987654321",
                "details": {
                    "chat_id": "chat_123456789",
                    "message_length": 150,
                    "contains_attachments": false,
                    "compliance_scan_result": "flagged"
                },
                "ip_address": "192.168.1.100",
                "user_agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64)",
                "timestamp": "2025-03-11T09:15:00Z"
            },
            {
                "id": 789124,
                "user_id": 15,
                "user_name": "Sarah Wilson",
                "action": "compliance_flag_resolved",
                "resource_type": "compliance_flag",
                "resource_id": "12345",
                "details": {
                    "flag_severity": "medium",
                    "resolution_action": "training_provided",
                    "original_violation": "communication_standards"
                },
                "ip_address": "192.168.1.105",
                "user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7)",
                "timestamp": "2025-03-11T14:30:00Z"
            }
        ],
        "pagination": {
            "current_page": 1,
            "per_page": 50,
            "total": 2,
            "total_pages": 1
        }
    },
    "message": "Audit log retrieved successfully"
}

Compliance Alerts

The system automatically sends alerts to designated compliance officers when violations are detected.

Alert Configuration: Compliance alerts can be configured per violation type and severity level. Notifications are sent via email, in-app notifications, and can integrate with external compliance management systems.

Integration with External Systems

The Compliance API supports integration with popular compliance management platforms:

  • Smarsh: Automatic export of flagged communications for archival and review
  • Global Relay: Real-time compliance data synchronization
  • Microsoft Compliance Center: Integration with existing Microsoft 365 compliance workflows
  • Custom Webhooks: Send compliance events to your existing systems

API Tester

Test the Compliance API endpoints directly from this documentation.