About RegLens

Regulatory readiness for the financial institutions that need it most.

RegLens is built for organisations operating under real regulatory obligations — without the budget for enterprise GRC software or the staff for an in‑house compliance team. Built for the underserved middle of financial services.

The pain usually arrives suddenly: a banking partner sends a vendor risk questionnaire and wants it back in three weeks. A payment processor asks for a SOC 2 or equivalent. A regulator opens an inquiry. Whatever the trigger, the response cycle is the same — weeks of pulling together policies, evidence, and answers from scattered Drive folders, often paying a consultant $200/hour to do work that should take minutes if the data was already structured.

RegLens structures it. Profile your business once — incorporation jurisdiction, operating regions, customer locations, entity type, regulatory licences — and we determine which of 14 regulations apply across Canada, the US, the Caribbean, and the EU. A structured assessment maps to controls shared across multiple regulations (answer one question about MFA, satisfy six frameworks at once). The output is a clear readiness picture, an evidence inventory, and an actionable remediation roadmap.

01

Why RegLens exists

RegLens exists for the organizations that need to be ready for a regulatory examination, a customer due-diligence inquiry, or a vendor-risk review — but don't have a full GRC team to run the readiness program internally.

Until now the choices have been two extremes. At one end: free downloadable templates that mention controls in the abstract, never cite a specific regulator, and leave the work of translation entirely to you. At the other end: enterprise GRC platforms that start at $50,000 to $150,000 a year and assume you've already hired a team to operate them. In between sits the actual cost of finding out where you stand — typically $30,000 to $150,000 paid to a consultant or auditor to come in, look at your program, and tell you what you should have known going in.

RegLens is the readiness check that didn't exist for the organizations that fall between those extremes. We tell you, for the regulations that apply to you, where you stand and what evidence you need to produce — before you commit the consulting or audit budget.

02

What we do

RegLens identifies which financial-services regulations apply to your business based on where you're incorporated, where you operate, and who your customers are. We then score your readiness against all of them — and tell you exactly what evidence to gather to prove it — in one assessment, deduplicated across regulations, with regulator-specific references in the output.

What you get

  • A board-ready PDF assessment report, with evidence requirements documented per control.
  • A one-page summary suitable for your Risk Committee.
  • A Customer Due Diligence Report you can share directly with bank vendor risk teams, customer security reviews, or any external due diligence inquiry.
  • Pre-populated Microsoft Word policy templates aligned to the gaps the assessment surfaces.
  • Evidence guidance per control — example evidence types, freshness expectations, mandatory vs nice-to-have — so you know exactly what to gather and produce.

How we work with you

For self-serve customers, no sales call or long implementation is required. For procurement, security, or design-partner use cases, a short readiness walkthrough is available on request.

Request a walkthrough →

No hidden enterprise pricing tiers. No six-month implementation.

Where we fit alongside other tools

SOC 2 automation platforms get you certified against general security frameworks. Enterprise GRC platforms manage many frameworks at once but require a team to operate. Cloud security tools scan your infrastructure for misconfigurations. None of these are the same job RegLens does: telling you, for the financial-services regulations that apply to you, what's required and where you stand.

If you already use a SOC 2 automation platform, RegLens complements it — we focus on the frameworks that platform doesn't cover. If you're considering a consultant for a regulatory readiness assessment, RegLens is the step you run first. If you're evaluating an enterprise GRC platform but your org doesn't have a GRC team to operate one, RegLens is the lighter alternative for the assessment work specifically.

03

Who's behind it

RegLens is currently being developed independently by professionals with experience across technology risk, cybersecurity, cloud governance, and regulatory readiness within financial-services environments.

The platform is informed by real-world operational experience and ongoing feedback across multi-jurisdiction regulatory use cases.

04

How we work

A few principles guide what RegLens does — and, more often, what it deliberately doesn't.

  1. 01

    We don't claim to be an audit or a regulatory determination.

    Every assessment in RegLens is a structured self-disclosure. Findings depend on the accuracy of the inputs and the version of regulatory content at the time of assessment. We say this clearly in every report we produce and in every disclaimer that appears on every page.

  2. 02

    We don't pretend to be larger than we are.

    RegLens is currently in pilot, operated by a small team. Pilot customers work directly with the RegLens team, not a sales development representative.

  3. 03

    We don't compete on framework breadth.

    Vanta and Drata are excellent for SOC 2 and ISO 27001 readiness. RegLens covers financial-services-specific regulations that the bigger platforms don't — OSFI, CIMA, BMA, NYDFS, DORA, and the long tail of regional and national rules. If your compliance need is SOC 2, we're the wrong tool. If it's CIMA Statement of Guidance on Cybersecurity, we're built for you.

  4. 04

    We don't sell what we can't deliver.

    When a customer asks whether we cover a specific regulation, we answer honestly — sometimes that means saying "we identify it as applicable but the full assessment content is still in development." We'd rather lose a deal than misrepresent coverage.

  5. 05

    We commit to keeping content current.

    Regulations change. Amendments get issued. Supervisory expectations evolve. Customers paying for RegLens are paying not just for the assessment but for the regulatory content staying current behind it. We treat that as an operational commitment, not a marketing promise.

  6. 06

    We design our outputs to be circulated.

    The PDF report. The board one-pager. The policy templates. These are the artefacts customers take into their organisations — to their Risk Committee, to their auditor, to their CISO. We invest in making them genuinely board-ready because that's where the customer actually gets value.

05

Where we are now

RegLens is in pilot release. That means a few specific things.

All current users are pilot users. They get full access to the product at no cost and will be grandfathered into our paid tier when billing launches.

We're actively expanding regulatory coverage. The current live and in-development list is published at reglens.io/coverage — that page is generated live from our regulation catalog, so it stays accurate as content evolves. At time of writing we have full assessable content live for nine regulations across Canada, the Caribbean, the US, and the EU, with additional regulations identified as applicable and in active build. Specific live regulations span OSFI guidance (B-13 and B-10), Canadian privacy law (PIPEDA, Quebec Law 25), Canadian securities (CSA NI 31-103), Caribbean cybersecurity guidance (CIMA, BMA), and US/EU privacy and cybersecurity (GDPR, NYDFS Part 500).

We're building in public, with caveats. The product is real and working. The regulatory content is high-quality and current. But we're early stage, and that means: we don't yet have a SOC 2 attestation (we're starting the process), we don't have published customer case studies (we will when pilot customers consent to being named), and we don't have a 24/7 support team (you'll talk to the founder).

If that profile fits what you need at this stage, we'd love to hear from you. If you need an established vendor with five years of certifications, we're not the right fit yet — and we'll tell you that directly rather than waste your procurement team's time.

06

How to reach us

The fastest way to reach us is by email. If you're a financial institution, fund administrator, captive insurer, fintech, or consultant interested in becoming a design partner during the pilot phase, get in touch — we're actively expanding the pilot cohort.

support@reglens.io

Based in Toronto, Canada · Canadian federal corporation

Reviewing RegLens for procurement? See our Trust & Security page for the full security posture.