Friam builds focused regulatory products for one UK industry at a time — but every one of them runs on the same proven engine: ingest the public registers, scan the real world, generate the documents, train the people, and publish a trust mark a customer can click. Build the engine once; point it at the next regulated sector.
The hard part of compliance software isn't the app — it's knowing every business that's in scope before they've ever heard of you. We've built that. A continuously-refreshed UK compliance-data universe, resolved from public registers and the businesses' own websites, that lets us reach a whole sector on day one.
Sources include the HMRC AML supervised-business register, the property redress schemes (TPO, PRS), Propertymark, Safeagent, the Guild, the ICO register, Companies House, the Scottish Letting Register and UKALA — reconciled into one canonical record per business, then enriched from each firm's own public site. The same playbook now points at hospitality, community premises and employers.
Every Friam product is the same six-stage pipeline with a different regulator's rulebook plugged in. The engine is built, in production, and proven across two live products. Each new "Guard" is a thin, branded front-end over it.
Mirror the public registers; resolve them into one record per business.
Read each firm's public site and check whether the required disclosures are there.
A scope-aware engine decides which duties actually apply to this firm.
Produce the tailored policies, risk assessments and documents, e-signed.
Short, quiz-checked modules with completion tracking and certificates.
Publish a public, embeddable trust mark — and re-verify it monthly.
The moat is the data plus the engine. Outreach, billing, multi-tenancy, AI scanning, document generation, identity verification and training are all built once and shared. Adding HallGuard or GymGuard is a configuration of the regulator's rules and a coat of paint — not a new company.
One platform per industry, built against the actual regulator — not a watered-down checklist. Two live, one launching, and a fast-expanding family in build and in research.
Our most complete product. Continuous AML-compliance scanning against HMRC supervision, redress (TPO/PRS), client-money protection and the consumer-protection rules — plus a full customer due-diligence suite: sanctions & PEP screening, a server-side biometric identity-verification flow, a 12-module AML training pathway, auto-generated policies, and a public Trust page. The whole engine, proven.
The 2026 CMA pricing-transparency rules, a complaints route with VCMS escalation, ownership disclosure and the RCVS prescription notice — delivered as a finished, hosted practice website we build from public data and the practice simply claims. A "done-for-you compliant website" wedge into 4,800+ UK practices.
Fire safety, water-systems (L8), food hygiene, allergens, accessibility and guest-data GDPR — plus an HR layer and a mystery-call revenue audit. Marketing site, prospect database, scanner, document generator and training are built; in launch.
Martyn's Law (the Terrorism (Protection of Premises) Act 2025) catches any venue that holds 200+ people at once — which most halls do at a fête or a wedding. A free self-assessment, the public-protection procedures pack, fire risk assessment and a hirer's agreement, written for volunteer committees with no compliance staff.
The same Martyn's Law duty, for the venues it was most fought over — carol services and festivals routinely cross 200. Free self-assessment and procedures pack, weighted toward the safeguarding documents that sit at the heart of faith-venue compliance. Multi-faith from day one.
For employers who hire people. Applicant tracking with video screening, right-to-work and onboarding records, AI-generated contracts and policies, the Employment Rights Act 2025 guaranteed-hours engine, an incident logbook that evidences harassment-prevention "reasonable steps", and staff training — for SMEs with no in-house HR.
The HR engine pointed at a sector built on casual, shift and member-facing staff. Guaranteed-hours tracking that flags who's owed a contract offer, a dictate-it-at-the-desk incident logbook for the Worker Protection Act 2023 harassment duty, and short awareness training — for independent gyms and studios.
Food Hygiene Rating readiness, Natasha's Law allergen disclosure, HACCP records, licensing and EHO inspection prep — for independent operators who'd rather not employ a compliance manager just for paperwork.
AML compliance for the ~40,000 UK accountancy and bookkeeping practices — firm-wide risk assessment, client due diligence with sanctions & PEP screening, the policy pack, training and an audit-ready record. The AgentGuard CDD engine, pointed at the profession HMRC and the incoming single FCA supervisor scrutinise most.
For the ~9,500 SRA-regulated firms. A website scan against the SRA Transparency Rules, AML risk assessment and client due diligence, the Legal Sector Affinity Group policy pack, fee-earner training and an inspection-ready file — two public duties, one platform.
The compliance autopilot for the ~50,000 UK convenience stores and off-licences — fire safety, the new tobacco & vape retail licence, age-restricted sales, harassment, guaranteed hours, CCTV and waste duty of care — with a window mark that proves it.
Done-for-you compliance for the ~61,000 hair & beauty businesses and the fast-growing aesthetics clinics — special-treatment licensing, COSHH and dermatitis controls, infection control, and readiness for England's new cosmetic-procedures licence, with a trust mark clients can see.
The compliance command-centre for private-hire operators — a fleet driver-document tracker for DBS, training, badge and insurance renewals, the safeguarding and data-protection policies the DfT Statutory Standards expect, and a first-of-its-kind safeguarding trust mark.
The EYFS and safeguarding compliance layer — not nursery management — for the ~27,500 group childcare settings. Safer-recruitment evidence, the September-2025 policy pack, staff training, and a parent-facing Trust Mark showing your Ofsted registration and safeguarding posture.
Martyn's Law (2025) pulls hundreds of thousands of venues into scope. The Employment Rights Act 2025 rewrites zero-hours working. The Worker Protection Act 2023 makes harassment prevention a proactive duty. AML supervision, CMA pricing rules and consumer-protection law keep tightening. Every new rule is a vertical.
A letting agent, a village-hall committee, an independent gym — none of them have a compliance department. They are anxious, under-resourced, and exactly the customer a simple, finished, affordable tool is built for.
Every product ends in a trust mark a consumer can click. Compliance you can't show is compliance you can't sell — and showable trust is what every one of these regulators was trying to protect.
Two live products fund the engine that makes the third cheap. The data universe built for one sector seeds the next. The cost of the eighth vertical is a fraction of the first.
From a standing start, here's the ground covered — built lean, in production, and earning its keep.
Scanner, scope-aware compliance engine, sanctions & PEP screening, a server-side biometric customer-verification flow (with an iOS passport-NFC read in TestFlight), 12-module AML training, document generation and signing, public Trust pages, and a multi-touch outreach engine to the prospect database.
We generate a CMA-2026-compliant website from public data; the practice claims it. An admin cockpit scores, enriches and builds across 4,800+ mapped practices.
Positioning, prospect data, exposure scanner, document/policy generator, HR tools, mystery-call revenue audit, billing and a marketing site — built and moving into launch.
HallGuard & ChurchGuard (Martyn's Law), HireGuard & GymGuard (employment-law HR), and CafeGuard (food) — each a documented plan over the shared engine, with domains secured.
PracticeGuard & FirmGuard (AML for accountants & law firms), ShopGuard & SalonGuard (retail & personal-care premises), TaxiGuard (private-hire safeguarding) and NurseryGuard (EYFS childcare) — each with a sourced market plan in docs/plans/vertical-expansion, domains live, contactable-universe sources mapped to public registers.
460,000+ records ingested and resolved from 11 public registers; 31,000+ live agent sites scanned; 22,000+ compliance scans run.