Compliance Training That Regulators Trust

KYC, AML/CTF, suitability, and cybersecurity training with AI simulations. Every session generates auditable evidence for the FCA, BACEN, CVM, and internal audit requirements, in an environment fully isolated from the bank architecture and with native corporate SSO via SAML 2.0 and OIDC, reducing regulatory risk and accelerating team capability at scale.

Request Demo See plans

100%

Audit-ready sessions

SAML / OIDC

Entra ID, Workspace, Okta, all native

4x

Faster compliance training

R$2.2B

AML fines applied in Brazil in 2023

50+

Engagement badges

0

Paper forms needed

Real challenges

What blocks training today

What we hear from training leaders in real conversations. No fluff.

Corporate SSO is non-negotiable

Banks require any SaaS vendor to authenticate against the corporate IdP already in place (Microsoft Entra ID, Google Workspace, Okta, Ping Identity, or equivalent), via SAML 2.0 or OIDC, with MFA, Conditional Access, and logs synced to the SIEM. What Information Security does not accept is social login with a user personal account (Sign in with Google or Facebook against a private @gmail.com account), because there is no corporate policy nor audit there. Roleplays meets the corporate standard from day one: integration with the bank IdP via SAML 2.0 / OIDC, group mapping to internal Permission Sets, automatic SCIM provisioning and deprovisioning, and authentication log export to the corporate SIEM.

Bank data cannot leave the bank architecture

The biggest adoption friction for AI vendors inside banks is the (justified) fear that customer data or internal conversations leak to third-party servers. Roleplays supports bring your own AI credentials (BYOK), meaning the bank uses its own Azure OpenAI or Anthropic credentials in its own cloud account. Every AI call runs through the bank infrastructure, never shared. Combined with a dedicated database per bank, the result is an environment fully isolated from the bank architecture.

Bias review committee must approve every prompt

Banks with mature AI governance set up bias review committees (compliance + ethics + legal) that must approve every system prompt before production. Roleplays exposes all prompts editable in a dedicated UI, with append-only versioning, visual diff between versions, and an approval workflow. The committee can reject a version and require rework, with a complete audit trail of who approved what and when.

Compliance training is ignored, and regulators know it

Industry surveys indicate that up to 65% of bank employees consider annual compliance e-learning as "not very relevant". Retention of passive content (slides and videos) stays around 20% after 30 days, according to Ebbinghaus-based studies applied to corporate training. BACEN has cited training deficiencies in more than 40% of recent administrative sanctioning processes, and FCA Thematic Reviews echo the same.

AML/CTF fines reach hundreds of millions

In 2023 alone, COAF and BACEN applied more than R$ 2.2 billion in penalties related to AML/CTF in the Brazilian financial system. Globally, AML fines exceeded US$ 6.6 billion in a single year (Fenergo, 2023). In the UK alone the FCA fined firms over £215m in 2023 for AML failures. A single unreported suspicious transaction can trigger fines of millions per occurrence, plus personal liability for directors.

The goal is to develop the employee, not to fail them

The stated purpose from bank Human Development areas is clear: training is developmental, not punitive. Roleplays is calibrated for that model. Manager reports highlight competency gaps by roleplay theme (AML, suitability, customer service, cybersecurity), with suggested scenarios to close each gap. No session is "failed"; every session is a targeted coaching opportunity.

Suitability errors trigger losses and lawsuits

FCA and CVM data show that complaints about investor profile mismatch are among the top issues in administrative processes. About 30% of investors have received recommendations that did not match their declared risk profile. Each case can result in indemnities, regulatory fines, and reputational damage that is hard to quantify.

Banking turnover demands constant retraining

The banking sector has 15% to 25% annual turnover in operational roles. In a bank with 10,000 branch employees, up to 2,500 new hires need compliance training per year, at an estimated cost of £2,000 to £6,000 per person in traditional in-person training.

Audit evidence is fragmented across multiple systems

Mid-size and large banks typically keep training records in 3 to 5 different systems (LMS, spreadsheets, emails, HR systems, video platforms). In FCA/BACEN inspections, evidence compilation can take 2 to 6 weeks. Lack of centralisation is cited as a deficiency in internal audit reports of 60% of financial institutions surveyed.

Social engineering attacks cost billions to the sector

UK Finance and FEBRABAN both report that social engineering banking fraud causes billions in losses every year. Generic security awareness training does not simulate the real attack vectors of the sector, such as fake "security centre" calls, manager-targeted phishing, and pretexting to extract passwords and tokens. Without situational practice, employees do not build defence reflexes.

How Roleplays solves it

For every pain, a concrete answer

Segment-specific features mapped to each pain point above.

01

Full white-label with logo and primary colour

Banks require the training platform to display the institution brand, not the vendor brand. Roleplays is fully white-label: upload the logo, set the primary colour, configure the bank subdomain. Employees access what looks like an internal platform, with the bank aesthetic on every screen. Includes white-label on notification email templates, audit-ready PDF reports, and the login page.

02

your own AI credentials (Bring Your Own Key) for AI

The bank uses its own keys from Azure OpenAI, Anthropic via AWS Bedrock, or Google Vertex AI. Every AI call runs through the bank cloud account, under its own SLAs, its own logs, its own Information Security review. Roleplays never sees nor stores conversation content. Combine with a dedicated database per bank and the result is an environment fully isolated from the bank architecture.

03

Collaborative scenario building from internal materials

AML, suitability, customer service, and cybersecurity scenarios should not be invented by the vendor; they should reflect the bank internal manuals, circulars, product flows, and real cases. Roleplays offers a workflow where the bank training team uploads internal materials (PDFs, circulars, manuals), and the AI proposes draft scenarios and criteria, reviewed and approved by the Content Committee and the bias review committee before becoming a published template.

04

Manager reports by roleplay theme

Instead of a single aggregate score per employee, the manager receives a report with competency gaps by roleplay theme (AML/CTF, CVM 539 suitability, cybersecurity, fraud handling, social engineering defence). Each gap comes with suggested scenarios for targeted coaching. Exportable to PDF and emailable for audit, with the bank branding applied.

05

KYC/AML scenario simulation

AI customers present realistic suspicious patterns, such as structuring of deposits, PEP connections, unusual cross-account transactions, profile inconsistencies. Agents must identify red flags, ask appropriate questions, and record SAR/COAF communications correctly.

06

CVM 539 / FCA Suitability training

Simulated clients with detailed risk profiles (conservative, moderate, aggressive, qualified professional). Agents practise Investor Profile Analysis, recommend suitable products, and handle objections like "I want higher returns" from conservative clients.

07

Social engineering and fraud defence

AI personas execute realistic attacks, such as calls impersonating the security centre, contextualised phishing emails, pretexting to obtain customer data, emotional coercion attempts. Employees build defence reflexes in a safe environment.

08

Audit-ready compliance reports

Every session generates exportable evidence automatically: employee identity, regulation trained, scenario completed, score per criterion, timestamp, and full transcript. Format compatible with FCA/BACEN inspections and internal audit reports. Export in PDF, CSV, and via API.

09

Accelerated onboarding by role and branch

Pre-configured onboarding paths by role (teller, relationship manager, branch manager, trading desk). New employees complete initial certification in 3 to 5 days instead of 2 to 4 weeks, with practical simulations from day one.

10

Open Banking and Pix scenario training

Train teams on consent management, cross-institution data sharing, Pix disputes, and customer education about open banking rights and processes. Scenarios simulate confused or resistant customers.

11

Voice simulation with tone and language analysis

Beyond chat, Roleplays supports voice simulations where the agent practises phone-based service. The simulation uses real-time voice infrastructure, and the AI analyses tone, pace, use of technical language, and adherence to the regulatory script, essential for banking contact centres and trading desks.

12

Gamification with 50+ badges and branch leaderboards

Gamification system with more than 50 thematic badges (AML Specialist, Data Guardian, Suitability Master), leaderboards by branch, region, and country. Studies show that gamification increases corporate training engagement by up to 60%, reducing abandonment.

See a real session

One conversation.
One rubric.

An example roleplay in this context. Each turn is scored against your tenant competency framework.

Scenario

A business client, owner of a small chain of convenience stores, wants to make multiple cash deposits just below the COAF reporting threshold (R$ 10,000). The pattern suggests possible structuring (smurfing). The agent must identify the fragmentation, apply questioning techniques without alerting the client, and follow internal AML/CTF procedures, including filing the suspicious transaction report.

Rubric criteria

Identification of structuring pattern (smurfing)Non-confrontational questioning techniqueProfessional de-escalation under pushbackAdherence to AML/CTF procedure and internal protocolProper documentation for SAR/COAF reportingCommercial relationship maintenance
RA

Roberto Almeida

Business client, suspicious transaction pattern (possible structuring)

in session
Good afternoon. I need to deposit R$ 9,500 in cash into my business account, Almeida Convenience LTDA. Heads up: I will have three more similar deposits this week, all in cash. Can you process this first one while we talk?
Good afternoon, Mr. Roberto. Of course, I can help you with that deposit. Before we proceed, so I can record everything correctly in the system, could you explain the origin of these funds? Are they from your convenience stores? And is there a specific reason you prefer separate deposits instead of a single consolidated one?
It is just cash from my stores. Each store generates a different amount per week. I prefer separate deposits to make my cash flow tracking easier, each deposit matches one store. Nothing unusual. I have been a client here for 5 years, never had any problems.
I understand perfectly, Mr. Roberto, and I appreciate the explanation. You are a valued client. These questions are part of our standard procedure for cash transactions, we apply them to all clients equally. Just to complete my record: how many stores do you currently operate, and will the deposits be made all at this branch or at different branches?
Look, I have three stores. But honestly, I am finding these questions a bit excessive. I am a merchant, I work with cash. Other banks do not ask so many questions. If this interrogation continues, I may need to rethink where I keep my business account.
Type your reply...

Compliance & framework

Evidence that survives audit

Every session generates exportable evidence with timestamps and per-criterion scores. Audit ready.

FCA SYSC & SMCR

Senior Managers and Certification Regime training, conduct rules, and ongoing competence evidence required by the Financial Conduct Authority.

BACEN Circular 3.978

Anti-money laundering (AML/CTF) training with scenario-based practice for suspicious transaction identification.

CVM Instruction 539

Suitability obligation training, where agents learn to match investment products to client profiles correctly.

BACEN Resolution 85

Cybersecurity and information security policy training for financial institution employees.

UK GDPR / Banking

Customer financial data protection training specific to banking operations and open banking, aligned with the ICO and Data Protection Act 2018.

FAQ

Frequently asked questions

Questions that come up in almost every first conversation.

Do you support corporate SSO (Entra ID, Workspace, Okta)?
Yes, natively, from day one. Integration with the bank corporate IdP via SAML 2.0 or OIDC: Microsoft Entra ID (Azure AD), Google Workspace, Okta, Ping Identity, or any other enterprise IdP. Automatic group mapping to internal Permission Sets, user provisioning and deprovisioning via SCIM, authentication log export to the bank corporate SIEM, and compatibility with Conditional Access, MFA, and identity policies already in place. We distinguish corporate SSO (authentication against the bank IdP with the employee corporate identity) from social login with a personal account, only the former is accepted for corporate access in Roleplays.
How does your own AI credentials (Bring Your Own Key) and data isolation work?
The bank provides its own keys for Azure OpenAI (in its Azure subscription), Anthropic via AWS Bedrock (in its AWS account), or Google Vertex AI. Roleplays uses these credentials for every AI call, meaning all conversation traffic flows through the bank cloud infrastructure, under its own SLAs, logs, and InfoSec review. Combined with a dedicated database per bank, the result is an environment fully isolated from the bank architecture. Roleplays does not store nor retain conversation content on our side.
Can the bank bias review committee approve the AI prompts?
Yes. All system prompts are visible and editable in a dedicated UI, with append-only versioning and visual diff between versions. The standard flow is: the bank team proposes a prompt, the bias review committee (compliance + ethics + legal) reviews and approves or rejects with comments, and only approved versions go to production. Every approval is recorded with identity, timestamp, and justification.
How does Roleplays help with FCA, BACEN audits and inspections?
Every training session automatically generates a detailed record including: employee identity (linked national ID/CPF), specific regulation trained, scenario completed, evaluation score per criterion, timestamp with timezone, and full interaction transcript. These records are exportable to PDF and CSV in the format expected by the FCA/BACEN, with the bank white-label applied. In case of an inspection, the compliance manager can generate consolidated reports by regulation, branch, or period in less than 5 minutes, eliminating weeks of manual compilation.
Are roleplay scenarios built from our internal materials?
Yes. AML, suitability, customer service, and cybersecurity scenarios are not generic; they are built collaboratively from the bank internal manuals, circulars, product flows, and real cases. The training team uploads materials to the company media library, and the AI proposes draft scenarios and criteria. The bank Content Committee and bias review committee review, adjust, and approve before the template goes to production.
Is the focus punitive or developmental?
Strictly developmental. The goal is to develop the employee, not to fail them. Manager reports highlight competency gaps by roleplay theme (AML/CTF, suitability, cybersecurity, fraud handling), with automatic suggestions of additional scenarios to close each gap. No session is marked as "failed"; every session is a targeted coaching opportunity.
Can we create custom scenarios for our products and internal processes?
Yes. The scenario editor lets you create simulations for any banking product, such as investment funds, insurance, credit products, foreign exchange, consortium, pension. Define the client persona (age, risk profile, wealth, history), the situation context, and the specific compliance criteria for evaluation. You can also attach reference documents (circulars, internal manuals, product sheets) to the scenario media library so the AI evaluates based on your internal rules.
How do you handle the FCA / CVM 539 suitability training requirement?
We offer pre-built scenarios where AI clients have documented risk profiles (conservative, moderate, aggressive, qualified professional). Agents must conduct the Investor Profile Analysis, correctly assess the profile, and recommend suitable products. Automated evaluation catches mismatches (e.g., recommending complex structured products to a conservative profile), verifies that the agent communicated risks correctly, and scores the quality of the explanation. The generated report serves as evidence that the employee was trained on the suitability obligation.
Does the platform scale to large banks with thousands of employees across hundreds of branches?
Yes. The Roleplays multi-company architecture was designed for enterprise scale. Support for organisational hierarchy (holding > bank > region > branch > team), scenario assignment by role and location, and consolidated dashboards for regional and national compliance officers. Banks can run simultaneous training campaigns for thousands of employees with no performance degradation. The API enables integration with HR systems (SAP, Workday, TOTVS) for automatic employee sync.
Can employees train on mobile devices at branches?
Yes. Roleplays is fully responsive and optimised for tablets and phones. Branch employees can complete chat simulations during breaks or low-traffic periods. Voice simulations work on any device with a microphone. Offline mode allows chat simulations to start even with unstable connection, with results synced automatically when the connection returns.
How does Roleplays compare to the in-person compliance training we already do?
In-person compliance training costs on average £2,000 to £6,000 per employee per year (factoring in instructor, travel, materials, and lost productive hours), according to industry benchmarks. Roleplays reduces that cost by up to 70% by eliminating the need for classrooms, dedicated instructors, and travel. More importantly: simulation practice generates 75% to 87% knowledge retention after 30 days (vs. 20% to 30% from lecture-based classes), because the employee learns by doing, not by watching. Training can be repeated indefinitely at no additional cost.
Does the platform support multiple languages for banks with international operations?
Yes. Roleplays supports simulations in English, Portuguese, Spanish, and many other languages. For banks with operations in Latin America or international clients, it is possible to build bilingual scenarios where the client alternates between languages, a common situation at border branches or private banking. Evaluation works in any supported language, and reports can be generated in the compliance area preferred language.
How do you keep scenarios up to date with regulatory changes?
Roleplays offers a scenario versioning system: when an FCA Policy Statement, BACEN circular or CVM instruction is updated, your compliance team can edit affected scenarios and republish them instantly to all branches. The system notifies managers about outdated scenarios and lets you schedule refresh campaigns. We also provide periodic updates to the banking scenario library based on the most relevant regulatory changes.
Can we integrate training data with our existing LMS or compliance system?
Yes. Roleplays offers a complete REST API and webhook support for integration with LMS (Moodle, SAP SuccessFactors, Cornerstone), compliance systems (Actus, ICTS), and BI platforms (Power BI, Tableau). Completion data, scores, and certifications can be synced automatically. We also support the xAPI (Tin Can) standard for compatibility with any LMS that follows the protocol. Typical integration takes 2 to 4 weeks with support from our implementation team.
Back to overview

Ready to transform how your team trains?

For organisations with 50+ employees. Book 45 minutes and we'll think the setup through with you.

Request Demo Talk to Sales