One Platform. Every Regulator. Complete Compliance.
Enterprise risk, AML/CFTP sanctions screening, control assessments and regulatory reporting — wired together for the way Zambia’s regulators actually work.
100+ integrated modules. 15 regulators wired. 17 compliance frameworks. Built for teams that have to move quickly.
DP000394
Infratel Tier III hosting
FATF & BoZ AML/CFT aligned
On-prem AI-powered
One Platform for Every Industry
ERMAML automates each department’s compliance work while giving the board and the regulator a unified source of truth — regardless of your sector.
Banking
BoZ prudential returns, FIC AML filings, Basel III alignment, and continuous sanctions screening in one operational view.
Prudential
AML / CFT
IT & Cyber
Operations
Risk
Internal Audit
How AML-Ready Is Your Institution?
Answer six quick questions to gauge your AML/CFT & compliance maturity. Takes 90 seconds.
100+ Compliance Modules
Everything your compliance, risk and audit teams need — seamlessly integrated into one platform.
KYC & CDD
Onboarding workflows, risk-tier scoring, periodic re-screening.
Beneficial Ownership
UBO walk-through with thresholds and verification evidence.
Transaction Monitoring
7 default rules, ML scoring, suppression engine, alert lifecycle.
Alert Triage
Alert → case → STR with maker-checker disposition.
Customer 360
Single view of customer risk, transactions, screening and cases.
Anomaly Detection
Isolation-forest anomaly model on every txn at ingest.
Cash & Velocity
Structuring, velocity and threshold rules tunable in the UI.
Source-of-Funds
SoF tracking with evidence vault and dispositions.
Complete Compliance Automation
From obligation to evidence to filing — one operating system for every framework you carry.
Live Obligation Register
Every framework you carry, mapped to the controls that satisfy it — with the deadline you owe the regulator.
Control ↔ Evidence Linkage
Auto-collected evidence stored, versioned and linked to the control test that consumes it. No more scavenger hunts before the audit.
Regulator-grade Reports
Filed in the format each regulator actually wants — BoZ returns, FIC STR/CTR, PIA solvency, NAPSA contributions.
Your Compliance Journey
How fast your institution can be audit-ready on ERMAML. Pick a size to see realistic timelines.
Map your data — core banking, KYC vendor, ledger, mobile-money switch — and wire read-only connectors.
- Source-of-record audit
- AML-RO database role
- Watermark-based delta sync
Run a one-off back-load to populate risk tiers and PEP/sanctions baseline.
- FIC PEP list import
- Customer back-load
- Tier baseline
Tune monitoring rules against historic data; calibrate false-positive rates.
- 7 default rules
- False-positive backtest
- Rule UI per analyst
Collect existing control evidence and policies into the vault.
- Policy + attestation
- Control library mapping
- Audit-log baseline
Switch on real-time sanctions and adverse-media screening.
- Screening gate active
- Case workflow live
- STR-to-FIC ready
Train Compliance Officers, analysts and reviewers; sign off on SOPs.
- LMS courses live
- Maker-checker enforced
- Attestation cycle
Walk-through with regulator artefacts; submit first filings.
- First STR filed
- First BoZ return filed
- Audit-pack export
From Setup to Optimized in 3 Phases
The arc every customer follows — from connecting data to closing the audit.
Discover & Assess
Connect your data sources, baseline risk and compliance posture, identify gaps.
- Source-of-record audit + connectors
- Customer back-load & risk-tier baseline
- Gap analysis vs every framework wired
- Heatmap on inherent & residual risk
- Treatment cost in ZMW
Secure & Comply
Switch on monitoring, harden controls, train teams, file with regulators.
- Real-time sanctions & PEP screening
- Transaction-monitoring rules live
- Case workflow with maker-checker
- STR/CTR to goAML schema
- BoZ / FIC / PIA / NAPSA returns
Optimize & Automate
Tune rules from feedback, surface KRI breaches, automate the predictable.
- Continuous-learning ML retrain
- KRI thresholds with auto-escalation
- Filing calendar with SLA breach alerts
- SLA on case closure with auto-escalation
- Exec pack one-click
Manual vs Automated Compliance
The real cost of running AML/CFT on spreadsheets — and what changes when the platform does the work.
- Sanctions screening on the OFAC website, one customer at a time
- KYC docs scattered across shared drives
- Transaction reviews after month-end batch
- STR drafted in Word; mis-keyed names
- PEP lists refreshed quarterly, by hand
- Risk scoring in a brittle Excel workbook
- Real-time OpenSanctions + UN + OFAC + EU feeds
- Document vault with auto-renewal alerts
- Continuous rule engine with 4-eyes review
- goAML-schema STR auto-draft from case data
- Daily FIC PEP + adverse-media delta sync
- Customer 360 with AI risk score
Trusted by Leading Organizations
Compliance, risk and ICT leaders across the region run their day on Ontech — from board-level oversight to the daily filings that keep regulators satisfied.
Enterprise-Grade Security
The platform that holds your compliance evidence has to clear the bar it sets for everyone else.
Data sovereignty
PostgreSQL on Infratel Tier III in Lusaka. PII column encryption. DPA-aligned retention & right-to-erasure.
- Data Protection Act 2021
- Fernet-encrypted secrets
- In-country hosting (Lusaka)
Identity & access
Real RBAC with dynamic role/permission grants, per-user overrides, JWT auth and rate-limited login at the edge.
- Superadmin > Admin > Branch Manager…
- Branch-scoped data access
- 4-eyes maker-checker
Audit & assurance
Hash-chained audit log over case events and screening logs — every decision, every policy change, every screening result.
- Tamper-evident hash chain
- Immutable evidence vault
- One-click audit pack export
Real-Time Pipeline Health
If a sanctions sync stalls or a screening queue ages, you should know before the regulator does.
Sanctions sync
Freshness, last delta, indexed-record count.
Screening latency
Live p50 / p95 / p99 on the screening gate.
Alert queue age
Live aging buckets; breach-predicted alerts highlighted.
Elasticsearch
Cluster health, shard status, ingest rate.
Smart alerting
SLA-aware alerts that escalate as cases age past threshold.
Grafana dashboards
Drill into AML, ERM and ICT-side KPIs from one place.
Containerised
PgBouncer pooling + replica back-ends + ES multi-node config.
On-Prem AI Intelligence
Customer-risk scoring, compliance Q&A, anomaly detection — trained on your data, in your data centre.
Semantic search
Embedding search across policies, regulations, cases and STR archives — find the precedent fast.
Compliance chat
Q&A grounded in BoZ / FIC / PIA / ZICTA source documents. Cites the section, every time.
Customer risk scoring
Calibrated GBT classifier on customer + transaction features with continuous learning.
Anomaly detection
IsolationForest at the ingest path catches outliers in seconds, not weeks.













