Built for the regulator's question, before they ask it.
Per-tenant data residency. Hash-chained audit. Signed evidence exports. Jurisdictional CDD/EDD packs. Modir is the system you can hand to a regulator with a straight face.
Five regulators, one platform.
Modir ships with locale and policy packs for each jurisdiction. Adding a new one is a Rego policy, a questionnaire JSON, and a calendar/numeral configuration.
| Jurisdiction | Regulator | Data residency | Key requirements |
|---|---|---|---|
| Saudi Arabia (KSA) | SAMA · CMA | me-central-1 region pinning · KSA stays in KSA | SAR currency · Hijri calendar · Arabic UI · CDD per SAMA AML rulebook · Source-of-funds documentation · PEP screening · NCB integration optional |
| United Arab Emirates | SCA · DFSA · FSRA | me-central-1 · DIFC option | AED currency · Gregorian calendar · Arabic UI optional · DFSA suitability rules · Investor classification · Cross-border CDD |
| Iran | SEO · CBI | On-premise · sovereign deployment | IRR currency · Jalali calendar · Persian UI · CBI AML guidance · Sanctions-screen integration · KYC vendor sovereign-only |
| United States | SEC · FINRA | us-east-1 · us-west-2 (DR) | USD currency · Gregorian · Reg BI suitability · Form CRS delivery · OFAC screening · CIP records |
| United Kingdom | FCA | eu-west-2 | GBP currency · Gregorian · COBS suitability · Consumer Duty evidence · MiFID II inducement disclosures |
Per-tenant region pinning. No accidental cross-border traffic.
Each tenant is provisioned with a primary region. Postgres, MinIO, Redis, OpenSearch, Redpanda, Vault all run inside that region. Cross-region replication is opt-in per tenant; off by default.
Cross-border data egress is blocked by network policy. Vendor APIs (KYC, market data, e-signature) are routed via a regional gateway that allowlists destinations and logs every call to the audit chain.
For sovereign deployments (KSA, Iran, government), Modir runs entirely inside the customer’s K8s cluster. No outbound dependency except those the customer pre-approves and routes through their own egress controls.
Signed exports the regulator can verify.
For any audit window — a calendar quarter, an investigation period, a single account — Modir generates a regulator-ready evidence pack:
- Full audit chain segment (CSV) with content hashes and chain-link signatures
- Signed manifest (SHA-256 of every file) with Vault transit signature
- Content-addressed evidence files (PDFs, e-signed contracts, suitability questionnaires)
- Verification script (zero dependencies — Python 3 stdlib) regulators can run themselves
The export is reproducible and idempotent. Two regulators running the same export get byte-identical artifacts.
# Verify a regulator-issued export
$ python3 verify-export.py modir-export-2024Q4.tar.gz
✓ 1,824,331 events verified
✓ Chain hash matches manifest
✓ Vault signature valid
✓ Content addresses match
EXPORT INTEGRITY: PASSWhat we keep. What we redact. For how long.
| Category | Default retention | Override | PII redaction |
|---|---|---|---|
| Audit events | 10 years (SAMA / FCA aligned) | Per tenant, longer permitted | PII fields are pre-redacted in metadata; full PII lives in the resource record under RLS |
| Client KYC documents | 7 years from account close | Per jurisdiction | Full retention; access via signed URLs (24-h expiry); object-lock |
| Suitability questionnaires | 7 years | Per jurisdiction | Full retention; OPA data_access filters reads per role |
| Service requests | 5 years from close | Per tenant | PII redacted in archived snapshots |
| AI interactions | 3 years | Configurable | Inputs redacted of PII before LangFuse capture |
| System logs | 90 days hot, 1 year cold | Configurable | Pino allowlist redaction at write |
GDPR. KSA PDPL. Iran data protection.
GDPR (EU / UK)
Lawful basis tracking (legitimate interest, contract, consent), right of access via signed export, right to erasure with audit-chain redaction (the chain stays intact; PII is replaced with content-addressed tombstones), DPIA-ready data flow diagrams.
KSA PDPL
Data residency in KSA region; consent capture in Arabic; processor agreements aligned with the SDAIA executive regulations; 72-hour breach notification workflow.
Iran data protection
On-premise sovereign deployment; no outbound data transfer; processor model unsupported (controller-only); CBI-aligned AML data handling.
Walk through Modir with your compliance team.
A two-hour session: jurisdiction mapping, residency, audit evidence, retention. Output is a compliance readiness summary tailored to your regulators.