Screening that never sleeps
BASTION is continuous KYC, KYB & AML. It onboards an entity, fixes a clean baseline, then watches it for the rest of the relationship — re-screening against sanctions, PEP, adverse media and ownership change, and raising an alert the moment the picture moves.
A clean check goes stale the moment it's filed
Drag across the relationship. The file you signed off at onboarding never changes — but the entity behind it does. Watch the gap open.
The signal is real. It's just scattered.
Everything you need to judge this entity already exists — in five places that don't talk to each other. Tap each source to pull it into one resolved profile.
Onboard once. Watch for the life of the relationship.
BASTION turns due diligence from a one-off file into a standing loop. Four moves, each owned by a module, each written to an immutable record.
One entity · one evidence trail · one verdict that stays current. The module screens follow.
Continuous intelligence. Not a checkbox.
Most KYC tooling answers one question once. BASTION holds the answer current — and is built to the standard a regulator actually reads.
- Continuous — re-screens for the life of the relationship, not once at onboarding
- Evidence-grade — every verdict cites its source, list version and timestamp
- Deterministic & explainable — the risk decision is a rule a regulator can read
- Human-gated — an analyst signs off every decision; nothing auto-approves
- Not a one-off check that ages out the day it is filed
- Not a credit bureau or an opaque score you cannot explain
- Not a black box — ML may raise a flag, but never decides a case
- Not a data broker — a firm's data never leaves its own instance
Four checks, one verdict, at the door
Sanctions, PEP, adverse media and ownership run together and resolve to a single, evidenced verdict. Run it on the case entity.
Risk usually sits one hop away
Click a node to expand its connections. The subject is clean on its own — the exposure is in who it's connected to.
Keep drilling until you hit a human
Corporate layers and nominees exist to blur control. BASTION looks through every one to the natural-person beneficial owners.
Nobody was watching. BASTION was.
After onboarding, the entity stays under watch. Press play and let time run — the moment the world changes, the alert raises itself.
The machine recommends. A human decides.
Every alert lands in a queue with a deterministic recommendation and its evidence. Nothing clears, escalates or blocks until an analyst signs it off.
Prove what you knew, without hoarding the data
The audit trail records hashes and outcomes, never the sensitive documents themselves — so BASTION can prove a check happened without becoming the breach.
- Hashes & pointers — a fingerprint of each document, not the document
- Verdicts & evidence — the decision, the matched list and its version
- Timestamps & actor — who screened, who signed off, exactly when
- Structured findings — UBO %, screening hits, alert dispositions
- Raw ID documents in the clear, beyond a defined retention window
- Plaintext PII in the data lake — sensitive fields are encrypted at rest
- Anything outside the firm's own instance — no data leaves
- Records sold, shared or pooled with third parties
Seven modules. Every risk has an owner.
Each module owns one specific way a counterparty turns into a problem. Tap one to see what it does and the risk it carries.
Written once. Never rewritten.
The whole case — onboarding, the alert, the analyst's call — is one append-only record a regulator can read. Try to alter a row.
Built for the teams who can't be wrong
For anyone who has to keep knowing who they're dealing with — continuous, evidence-grade, and current for the life of the relationship.