Compliance Training That Regulators Trust

KYC, PLD/FT, suitability, and cybersecurity training with AI simulations. Every session generates auditable evidence for BACEN, CVM, and internal audit requirements, in an environment fully isolated from the bank architecture and with native corporate SSO via SAML 2.0 and OIDC, reducing regulatory risk and accelerating team capability at scale.

Request Demo See plans

100%

Audit-ready sessions

SAML / OIDC

Entra ID, Workspace, Okta, all native

4x

Faster compliance training

R$2.2B

PLD fines applied in Brazil in 2023

50+

Engagement badges

0

Paper forms needed

Real challenges

What blocks training today

What we hear from training leaders in real conversations. No fluff.

Corporate SSO is non-negotiable

Banks require any SaaS vendor to authenticate against the corporate IdP already in place (Microsoft Entra ID, Google Workspace, Okta, Ping Identity, or equivalent), via SAML 2.0 or OIDC, with MFA, Conditional Access, and logs synced to the SIEM. What Information Security does not accept is social login with a user personal account (Sign in with Google or Facebook against a private @gmail.com account), because there is no corporate policy nor audit there. Roleplays meets the corporate standard from day one: integration with the bank IdP via SAML 2.0 / OIDC, group mapping to internal permission sets, automatic SCIM provisioning and deprovisioning, and authentication log export to the corporate SIEM.

Bank data cannot leave the bank architecture

The biggest adoption friction for AI vendors inside banks is the (justified) fear that customer data or internal conversations leak to third-party servers. Roleplays lets the bank bring its own AI credentials, meaning the bank uses its own Azure OpenAI or Anthropic credentials in its own cloud account. Every AI call runs through the bank infrastructure, never shared. Combined with a dedicated database per company, the result is an environment fully isolated from the bank architecture.

Bias review committee must approve every prompt

Banks with mature AI governance set up bias review committees (compliance, ethics, and legal) that must approve every AI instruction before production. Roleplays exposes all instructions editable in a dedicated UI, with versioning that never loses history, visual comparison between versions, and an approval workflow. The committee can reject a version and require rework, with a complete audit trail of who approved what and when.

Compliance training is ignored, and regulators know it

Industry surveys indicate that up to 65% of bank employees consider annual compliance e-learning as "not very relevant". Retention of passive content (slides and videos) stays around 20% after 30 days, according to Ebbinghaus-based studies applied to corporate training. BACEN has cited training deficiencies in more than 40% of recent administrative sanctioning processes.

PLD/FT fines reach hundreds of millions

In 2023 alone, COAF and BACEN applied more than R$ 2.2 billion in penalties related to PLD/FT in the Brazilian financial system. Globally, AML fines exceeded US$ 6.6 billion in a single year (Fenergo, 2023). A single unreported suspicious transaction can trigger fines of R$ 20 million or more per occurrence, plus personal liability for directors.

The goal is to develop the employee, not to fail them

The stated purpose from bank Human Development areas is clear: training is developmental, not punitive. Roleplays is calibrated for that model. Manager reports highlight competency gaps by roleplay theme (PLD, suitability, customer service, cybersecurity), and when an employee scores below the bar the platform can auto-generate a follow-up roleplay aimed at the exact competency they missed. No session is "failed"; every session is a targeted coaching opportunity, and a failed evaluation can be retried.

Suitability errors trigger losses and lawsuits

CVM data shows that complaints about investor profile mismatch are among the top 3 in administrative processes. According to ANBIMA, about 30% of Brazilian investors have received recommendations that did not match their declared risk profile. Each case can result in indemnities, regulatory fines, and reputational damage that is hard to quantify.

Banking turnover demands constant retraining

The Brazilian banking sector has 15% to 25% annual turnover in operational roles, according to CAGED and DIEESE data. In a bank with 10,000 branch employees, up to 2,500 new hires need compliance training per year, at an estimated cost of R$ 3,000 to R$ 8,000 per person in traditional in-person training.

Audit evidence is fragmented across multiple systems

Mid-size and large banks typically keep training records in 3 to 5 different systems (LMS, spreadsheets, emails, HR systems, video platforms). In BACEN inspections, evidence compilation can take 2 to 6 weeks. Lack of centralization is cited as a deficiency in internal audit reports of 60% of financial institutions surveyed by FEBRABAN.

Social engineering attacks cost billions to the sector

FEBRABAN reported that social engineering banking fraud caused R$ 2.5 billion in losses in 2022 in Brazil. Generic security awareness training does not simulate the real attack vectors of the sector, such as fake "security center" calls, manager-targeted phishing, and pretexting to extract passwords and tokens. Without situational practice, employees do not build defense reflexes.

How Roleplays solves it

For every pain, a concrete answer

Segment-specific features mapped to each pain point above.

01

Full white-label with logo and primary color

Banks require the training platform to display the institution brand, not the vendor brand. Roleplays is fully white-label: upload the logo, set the primary color, configure the bank subdomain. Employees access what looks like an internal platform, with the bank aesthetic on every screen. Includes white-label on notification email templates, audit-ready PDF reports, and the login page.

02

Bring your own AI credentials

The bank uses its own keys from Azure OpenAI, Anthropic via AWS Bedrock, or Google Vertex AI. Every AI call runs through the bank cloud account, under its own SLAs, its own logs, and its own Information Security review. Roleplays never sees nor stores conversation content. Combine with a dedicated database per company and the result is an environment fully isolated from the bank architecture.

03

Collaborative scenario building from internal materials

PLD, suitability, customer service, and cybersecurity scenarios should not be invented by the vendor; they should reflect the bank internal manuals, circulars, product flows, and real cases. Roleplays offers a workflow where the bank training team uploads internal materials (PDFs, circulars, manuals), and the AI proposes draft scenarios and criteria, reviewed and approved by the Content Committee and the bias review committee before becoming a published template.

04

Manager reports by roleplay theme

Instead of a single aggregate score per employee, the manager receives a report with competency gaps by roleplay theme (PLD/FT, CVM 539 suitability, cybersecurity, fraud handling, social engineering defense). Each criterion is scored 0 to 100 with a quote from the transcript as evidence, and each gap comes with strengths, gaps, and recommendations. Exportable to PDF and emailable for audit, with the bank branding applied.

05

KYC/PLD scenario simulation

AI customers present realistic suspicious patterns, such as structuring of deposits, PEP connections, unusual cross-account transactions, profile inconsistencies. Agents must identify red flags, ask appropriate questions, and record COAF communications correctly. Failing to file the suspicious transaction report is a critical criterion that fails the session on its own, the same way it would block in real compliance.

06

CVM 539 suitability training

Simulated clients with detailed risk profiles (conservative, moderate, aggressive, qualified professional). Agents practice Investor Profile Analysis, recommend suitable products, and handle objections like "I want higher returns" from conservative clients.

07

Social engineering and fraud defense

AI personas execute realistic attacks, such as calls impersonating the security center, contextualized phishing emails, pretexting to obtain customer data, emotional coercion attempts. Employees build defense reflexes in a safe environment.

08

Audit-ready compliance reports

Every session generates exportable evidence automatically: employee identity, regulation trained, scenario completed, each criterion scored 0 to 100 with the supporting quote from the transcript, critical-criterion compliance result, timestamp, and full transcript. Every AI call is also logged with tokens, cost, and latency for audit. Format compatible with BACEN inspections and internal audit reports. Export in PDF, CSV, and via API.

09

Accelerated onboarding by role and branch

Pre-configured onboarding paths by role (teller, relationship manager, branch manager, trading desk). New employees complete initial certification in 3 to 5 days instead of 2 to 4 weeks, with practical simulations from day one.

10

Open Banking and Pix scenario training

Train teams on consent management, cross-institution data sharing, Pix disputes, and customer education about open banking rights and processes. Scenarios simulate confused or resistant customers.

11

Real-time voice simulation, recorded and transcribed

Beyond chat, Roleplays supports real-time voice simulations where the agent practices phone-based service. The persona emotional state (patience, trust, irritation) shifts turn by turn based on what the agent says, so pushback escalates when handled poorly. Every call is recorded and transcribed, then scored per criterion against the regulatory script, essential for banking contact centers and trading desks.

12

Gamification with 50+ badges and branch leaderboards

Gamification system with more than 50 thematic badges (PLD Specialist, Data Guardian, Suitability Master), leaderboards by branch, region, and country. Studies show that gamification increases corporate training engagement by up to 60%, reducing abandonment.

See a real session

One conversation.
One rubric.

An example roleplay in this context. Each turn is scored against your tenant competency framework.

Scenario

A business client, owner of a small chain of convenience stores, wants to make multiple cash deposits just below the COAF reporting threshold (R$ 10,000). The pattern suggests possible structuring (smurfing). The agent must identify the fragmentation, apply questioning techniques without alerting the client, and follow internal PLD/FT procedures, including filing the suspicious transaction report.

Rubric criteria

Identification of structuring pattern (smurfing)Non-confrontational questioning techniqueProfessional de-escalation under pushbackAdherence to PLD/FT procedure and internal protocolProper documentation for COAF reportingCommercial relationship maintenance
RA

Roberto Almeida

Business client, suspicious transaction pattern (possible structuring)

in session
Good afternoon. I need to deposit R$ 9,500 in cash into my business account, Almeida Convenience LTDA. Heads up: I will have three more similar deposits this week, all in cash. Can you process this first one while we talk?
Good afternoon, Mr. Roberto. Of course, I can help you with that deposit. Before we proceed, so I can record everything correctly in the system, could you explain the origin of these funds? Are they from your convenience stores? And is there a specific reason you prefer separate deposits instead of a single consolidated one?
It is just cash from my stores. Each store generates a different amount per week. I prefer separate deposits to make my cash flow tracking easier, each deposit matches one store. Nothing unusual. I have been a client here for 5 years, never had any problems.
I understand perfectly, Mr. Roberto, and I appreciate the explanation. You are a valued client. These questions are part of our standard procedure for cash transactions, we apply them to all clients equally. Just to complete my record: how many stores do you currently operate, and will the deposits be made all at this branch or at different branches?
Look, I have three stores. But honestly, I am finding these questions a bit excessive. I am a merchant, I work with cash. Other banks do not ask so many questions. If this interrogation continues, I may need to rethink where I keep my business account.
Type your reply...

Compliance & framework

Evidence that survives audit

Every session generates exportable evidence with timestamps and per-criterion scores. Audit ready.

BACEN Circular 3.978

Anti-money laundering (PLD/FT) training with scenario-based practice for suspicious transaction identification.

CVM Instruction 539

Suitability obligation training, where agents learn to match investment products to client profiles correctly.

BACEN Resolution 85

Cybersecurity and information security policy training for financial institution employees.

LGPD / Banking

Customer financial data protection training specific to banking operations and open banking.

FAQ

Frequently asked questions

Questions that come up in almost every first conversation.

Do you support corporate SSO (Entra ID, Workspace, Okta)?
Yes, natively, from day one. Integration with the bank corporate IdP via SAML 2.0 or OIDC: Microsoft Entra ID (Azure AD), Google Workspace, Okta, Ping Identity, or any other enterprise IdP. Automatic group mapping to internal permission sets, user provisioning and deprovisioning via SCIM, authentication log export to the bank corporate SIEM, and compatibility with Conditional Access, MFA, and identity policies already in place. We distinguish corporate SSO (authentication against the bank IdP with the employee corporate identity) from social login with a personal account, only the former is accepted for corporate access in Roleplays.
How does bringing your own AI credentials and data isolation work?
The bank provides its own keys for Azure OpenAI (in its Azure account), Anthropic via AWS Bedrock (in its AWS account), or Google Vertex AI. Roleplays uses these credentials for every AI call, meaning all conversation traffic flows through the bank cloud infrastructure, under its own SLAs, logs, and InfoSec review. Combined with a dedicated database per company (each bank has its own isolated database), the result is an environment fully isolated from the bank architecture. Roleplays does not store nor retain conversation content on our side.
Can the bank bias review committee approve the AI instructions?
Yes. All AI instructions are visible and editable in a dedicated UI, with versioning that never loses history and visual comparison between versions. The standard flow is: the bank team proposes an instruction, the bias review committee (compliance, ethics, and legal) reviews and approves or rejects with comments, and only approved versions go to production. Every approval is recorded with identity, date and time, and justification.
How does Roleplays help with BACEN audits and inspections?
Every training session automatically generates a detailed record including: employee identity (linked CPF), specific regulation trained, scenario completed, evaluation score per criterion, timestamp with timezone, and full interaction transcript. These records are exportable to PDF and CSV in the format expected by BACEN, with the bank white-label applied. In case of an inspection, the compliance manager can generate consolidated reports by regulation, branch, or period in less than 5 minutes, eliminating weeks of manual compilation.
Are roleplay scenarios built from our internal materials?
Yes. PLD, suitability, customer service, and cybersecurity scenarios are not generic; they are built collaboratively from the bank internal manuals, circulars, product flows, and real cases. The training team uploads materials to the company media library, and the AI proposes draft scenarios and criteria. The bank Content Committee and bias review committee review, adjust, and approve before the template goes to production.
Is the focus punitive or developmental?
Strictly developmental. The goal is to develop the employee, not to fail them. Manager reports highlight competency gaps by roleplay theme (PLD/FT, suitability, cybersecurity, fraud handling), and when an employee scores below the bar the platform can auto-generate a follow-up roleplay aimed at the exact competency missed. A failed evaluation can be retried, and a redo creates a new attempt linked to the previous one so people can drill the same moment. No session is marked as "failed"; every session is a targeted coaching opportunity.
Can we create custom scenarios for our products and internal processes?
Yes. The scenario editor lets you create simulations for any banking product, such as investment funds, insurance, credit products, foreign exchange, consortium, pension. Define the client persona (age, risk profile, wealth, history), the situation context, and the specific compliance criteria for evaluation. You can also attach reference documents (circulars, internal manuals, product sheets) to the scenario media library so the AI evaluates based on your internal rules.
How do you handle the CVM 539 suitability training requirement?
We offer pre-built scenarios where AI clients have documented risk profiles (conservative, moderate, aggressive, qualified professional). Agents must conduct the Investor Profile Analysis, correctly assess the profile, and recommend suitable products. Each criterion is scored 0 to 100 with a quote from the transcript as evidence: a profile mismatch (e.g., recommending COE to a conservative profile) can be set as a critical criterion that fails the session on its own, and separate criteria verify that risks were communicated correctly and that the explanation was clear. The generated report serves as evidence that the employee was trained on the suitability obligation.
Does the platform scale to large banks with thousands of employees across hundreds of branches?
Yes. The Roleplays multi-company architecture was designed for enterprise scale. Support for organizational hierarchy (holding, bank, region, branch, team), scenario assignment by role and location, and consolidated dashboards for regional and national compliance officers. Banks can run simultaneous training campaigns for thousands of employees with no performance degradation. The API enables integration with HR systems (SAP, Workday, TOTVS) for automatic employee sync.
Can employees train on mobile devices at branches?
Yes. Roleplays is fully responsive and optimized for tablets and phones. Branch employees can complete chat simulations during breaks or low-traffic periods. Voice simulations work on any device with a microphone. Offline mode allows chat simulations to start even with unstable connection, with results synced automatically when the connection returns.
How does Roleplays compare to the in-person compliance training we already do?
In-person compliance training costs on average R$ 3,000 to R$ 8,000 per employee per year (factoring in instructor, travel, materials, and lost productive hours), according to industry benchmarks. Roleplays reduces that cost by up to 70% by eliminating the need for classrooms, dedicated instructors, and travel. More importantly: simulation practice generates 75% to 87% knowledge retention after 30 days (vs. 20% to 30% from lecture-based classes), because the employee learns by doing, not by watching. Training can be repeated indefinitely at no additional cost.
Does the platform support multiple languages for banks with international operations?
Yes. Roleplays supports simulations in Portuguese, English, Spanish, and other languages. For banks with operations in Latin America or international clients, it is possible to build bilingual scenarios where the client alternates between languages, a common situation at border branches or private banking. Evaluation works in any supported language, and reports can be generated in the compliance area preferred language.
How do you keep scenarios up to date with regulatory changes?
Roleplays offers a scenario versioning system: when a BACEN circular or CVM instruction is updated, your compliance team can edit affected scenarios and republish them instantly to all branches. The system notifies managers about outdated scenarios and lets you schedule refresh campaigns. We also provide periodic updates to the banking scenario library based on the most relevant regulatory changes.
Can we integrate training data with our existing LMS or compliance system?
Yes. Roleplays offers a complete REST API and webhook support for integration with LMS (Moodle, SAP SuccessFactors, Cornerstone), compliance systems (Actus, ICTS), and BI platforms (Power BI, Tableau). Completion data, scores, and certifications can be synced automatically. We also support the xAPI (Tin Can) standard for compatibility with any LMS that follows the protocol. Typical integration takes 2 to 4 weeks with support from our implementation team.
Back to overview

Ready to transform how your team trains?

For organizations with 50+ employees. Book 45 minutes and we'll think the setup through with you.

Request Demo Talk to Sales