COMPLYNT

Inspiration

Every financial advisor in America faces the same impossible choice: grow fast or stay compliant. One wrong sentence in an outreach email — a guarantee of returns, a promise of tax savings, a product recommendation to a stranger — can trigger FINRA enforcement, SEC scrutiny, and career-ending consequences.

We watched Bobby describe how his team walks this tightrope daily. They can't say "we'll help you save on taxes" because they're not CPAs. They can't recommend specific products to cold prospects. They can't make promissory claims. Yet they need to reach high-net-worth individuals who genuinely need their services. The technology exists to automate outreach at scale — but no one has cracked doing it compliantly at scale.

That gap inspired COMPLYNT.

What it does

COMPLYNT is a compliance-first outreach orchestration platform for financial advisory firms, powered by three coordinated AI agents:

• SCOUT — Scores and qualifies every prospect across five normalized categories (financial complexity, life event triggers, net worth tier, engagement accessibility, and compliance clearance). A prospect who just made partner at a law firm scores differently than someone with no recent life event — and SCOUT explains exactly why.

• BEACON — Drafts personalized outreach using enrichment data from LinkedIn, Exa, and firm records. But BEACON never sends autonomously by default, and the moment a prospect replies, it enters standby mode — the human advisor takes over because this is a relationship business.

• SHIELD — Reviews every single email (outbound drafts, manual compositions, and incoming replies) against 15+ compliance rules including FINRA 2210, FINRA 2111, SEC 206, the SEC Marketing Rule, CAN-SPAM, GLBA, CCPA, and the critical tax-advice boundary. Every rule check produces a detailed verdict with the specific text flagged, the rule violated, severity level, and a one-click fix that BEACON applies inline.

The platform serves the entire advisory team: Financial Advisors, Compliance Officers, CPAs, Branch Managers, and Operations staff — each with role-based access and permissions. A Super Admin layer manages platform-wide AI model configuration, user administration, and operational oversight.

How we built it

We started with the compliance problem, not the technology. We mapped every FINRA and SEC rule that governs advisor-to-prospect communications, then designed the agent architecture so that nothing can leave the outbox without passing every critical rule. Compliance isn't a feature — it's the foundation the entire system is built on.

Architecture decisions:

• Google Gemini API powers all three agents, with model selection configurable per-agent by the Super Admin (e.g., gemini-2.0-flash for SCOUT's high-volume scoring, gemini-2.0-pro for BEACON's writing quality and SHIELD's compliance precision)
• Gmail OAuth integration for real email send/receive from the advisor's own address
• Resend.dev for transactional emails (invites, notifications, compliance alerts) from noreply@complynt.app
• Next.js 14+ App Router with TypeScript and Tailwind CSS
• SCOUT's scoring system uses deterministic point ranges (not subjective prompts) across five categories totaling 100 points, ensuring identical data always produces identical scores
• SHIELD's compliance engine checks every email against a structured ruleset where each rule has a unique ID, severity level, auto-fix capability, and human-readable explanation

Design philosophy: Pure black and white, zero rounded corners anywhere, editorial typography (Instrument Serif + Satoshi), generous whitespace. The landing page features animated geometric line fields with glassmorphic overlays — intentionally not looking like a SaaS template.

Challenges we faced

The tax advice boundary was the hardest compliance rule to get right. Bobby explained that advisors can reference "tax-efficient strategies" but cannot say "we'll help you save on taxes." The line between those two phrases is linguistically subtle but regulatorily critical. Getting SHIELD to consistently detect and rewrite across that boundary required careful prompt engineering with concrete examples of compliant vs. non-compliant phrasing.

Scoring normalization was deceptively hard. We needed SCOUT to give the same prospect the same score every time, regardless of when it ran. This meant eliminating all subjective language from the scoring prompt and mapping every data signal to an exact point range. Missing data defaults to the lowest bracket, never mid-range — a deliberate choice to avoid false qualification.

Human-in-the-loop design required balancing automation with trust. Most advisors won't trust a fully automated system on day one (and they shouldn't). We built two independent toggle layers — advisor auto-send and compliance auto-approve — both defaulting to OFF. The system is maximally cautious by default and progressively automatable as trust builds.

Making compliance explainable, not just reliable. It's not enough for the system to be compliant. The Compliance Officer needs to understand why something passed or failed. Every SHIELD verdict includes the rule ID, the flagged text, the severity, the reasoning, and the suggested fix. The audit trail is exportable for regulatory examination.

What we learned

The financial advisory industry doesn't need more automation — it needs trustworthy automation. The firms that will adopt AI outreach aren't the ones looking for speed. They're the ones looking for confidence that every email is safe to send. Building compliance-first, not compliance-later, changes every product decision from the data model to the UI.

Built With

• canvas-api
• exa
• gmail-api
• google-gemini-api
• next.js
• node.js
• oauth-2.0
• react
• resend
• supabase
• tailwind-css
• typescript
• vercel