Friam builds focused regulatory products for one UK industry at a time — but every one of them runs on the same proven engine: ingest the public registers, scan the real world, generate the documents, train the people, and publish a trust mark a customer can click. Build the engine once; point it at the next regulated sector.
The hard part of compliance software isn't the app — it's knowing every business that's in scope before they've ever heard of you. We've built that. A continuously-refreshed UK compliance-data universe, resolved from public registers and the businesses' own websites, that lets us reach a whole sector on day one.
Sources include the HMRC AML supervised-business register, the property redress schemes (TPO, PRS), Propertymark, Safeagent, the Guild, the ICO register, Companies House, the Scottish Letting Register and UKALA — reconciled into one canonical record per business, then enriched from each firm's own public site. The same playbook now points at hospitality, community premises and employers.
Every Friam product is the same six-stage pipeline with a different regulator's rulebook plugged in. The engine is built, in production, and proven across two live products. Each new "Guard" is a thin, branded front-end over it.
Mirror the public registers; resolve them into one record per business.
Read each firm's public site and check whether the required disclosures are there.
A scope-aware engine decides which duties actually apply to this firm.
Produce the tailored policies, risk assessments and documents, e-signed.
Short, quiz-checked modules with completion tracking and certificates.
Publish a public, embeddable trust mark — and re-verify it monthly.
The moat is the data plus the engine. Outreach, billing, multi-tenancy, AI scanning, document generation, identity verification and training are all built once and shared. Adding HallGuard or GymGuard is a configuration of the regulator's rules and a coat of paint — not a new company.
One platform per industry, built against the actual regulator — not a watered-down checklist. Two live, one launching, five in build.
Our most complete product. Continuous AML-compliance scanning against HMRC supervision, redress (TPO/PRS), client-money protection and the consumer-protection rules — plus a full customer due-diligence suite: sanctions & PEP screening, a server-side biometric identity-verification flow, a 12-module AML training pathway, auto-generated policies, and a public Trust page. The whole engine, proven.
The 2026 CMA pricing-transparency rules, a complaints route with VCMS escalation, ownership disclosure and the RCVS prescription notice — delivered as a finished, hosted practice website we build from public data and the practice simply claims. A "done-for-you compliant website" wedge into 4,800+ UK practices.
Fire safety, water-systems (L8), food hygiene, allergens, accessibility and guest-data GDPR — plus an HR layer and a mystery-call revenue audit. Marketing site, prospect database, scanner, document generator and training are built; in launch.
Martyn's Law (the Terrorism (Protection of Premises) Act 2025) catches any venue that holds 200+ people at once — which most halls do at a fête or a wedding. A free self-assessment, the public-protection procedures pack, fire risk assessment and a hirer's agreement, written for volunteer committees with no compliance staff.
The same Martyn's Law duty, for the venues it was most fought over — carol services and festivals routinely cross 200. Free self-assessment and procedures pack, weighted toward the safeguarding documents that sit at the heart of faith-venue compliance. Multi-faith from day one.
For employers who hire people. Applicant tracking with video screening, right-to-work and onboarding records, AI-generated contracts and policies, the Employment Rights Act 2025 guaranteed-hours engine, an incident logbook that evidences harassment-prevention "reasonable steps", and staff training — for SMEs with no in-house HR.
The HR engine pointed at a sector built on casual, shift and member-facing staff. Guaranteed-hours tracking that flags who's owed a contract offer, a dictate-it-at-the-desk incident logbook for the Worker Protection Act 2023 harassment duty, and short awareness training — for independent gyms and studios.
Food Hygiene Rating readiness, Natasha's Law allergen disclosure, HACCP records, licensing and EHO inspection prep — for independent operators who'd rather not employ a compliance manager just for paperwork.
Martyn's Law (2025) pulls hundreds of thousands of venues into scope. The Employment Rights Act 2025 rewrites zero-hours working. The Worker Protection Act 2023 makes harassment prevention a proactive duty. AML supervision, CMA pricing rules and consumer-protection law keep tightening. Every new rule is a vertical.
A letting agent, a village-hall committee, an independent gym — none of them have a compliance department. They are anxious, under-resourced, and exactly the customer a simple, finished, affordable tool is built for.
Every product ends in a trust mark a consumer can click. Compliance you can't show is compliance you can't sell — and showable trust is what every one of these regulators was trying to protect.
Two live products fund the engine that makes the third cheap. The data universe built for one sector seeds the next. The cost of the eighth vertical is a fraction of the first.
From a standing start, here's the ground covered — built lean, in production, and earning its keep.
Scanner, scope-aware compliance engine, sanctions & PEP screening, a server-side biometric customer-verification flow (with an iOS passport-NFC read in TestFlight), 12-module AML training, document generation and signing, public Trust pages, and a multi-touch outreach engine to the prospect database.
We generate a CMA-2026-compliant website from public data; the practice claims it. An admin cockpit scores, enriches and builds across 4,800+ mapped practices.
Positioning, prospect data, exposure scanner, document/policy generator, HR tools, mystery-call revenue audit, billing and a marketing site — built and moving into launch.
HallGuard & ChurchGuard (Martyn's Law), HireGuard & GymGuard (employment-law HR), and CafeGuard (food) — each a documented plan over the shared engine, with domains secured.
460,000+ records ingested and resolved from 11 public registers; 31,000+ live agent sites scanned; 22,000+ compliance scans run.