Technology that verifies. Services that defend.
BriteBase is built in two halves. An automated technology core verifies the human, the document, and the risk profile at onboarding and beyond. A Canadian compliance services bench designs, runs, and defends the program around it: AI governance, financial crime, managed services, a Fractional CAMLO, and fixed-fee special projects.
Everything it takes to catch what AI now generates.
Identity, documents, and risk verified in one automated pass, with every decision recorded as defensible evidence. The detail on each module follows below.
Passive Liveness
No blinks, no head turns, no user friction. A single selfie frame is analysed for presentation attacks, screen replays, masks, and injected video, so genuine customers pass in seconds and synthetic ones never get an account.
Face Matching
Selfie-to-document face matching engineered against the public benchmarks set by NIST's face recognition evaluation program, with match confidence scored and recorded on every verification.
Deepfake Detection
Generative-AI face swaps and synthetic video are screened at capture, before they ever reach onboarding. Every detection is logged with the evidence behind the call.
Proprietary OCR
Optical character recognition built for identity documents: passports, permanent resident cards, and provincial licences read, parsed, and cross-checked against the selfie and the application data.
PEP, Sanctions & Adverse Media
Every verified identity is screened against politically exposed persons lists, Canadian and international sanctions lists, and adverse media, at onboarding and on an ongoing basis, with disposition rationale recorded.
Audit Trail & Explainability
Every automated decision is recorded, explainable, and attributable, with a human accountable for every regulated call. The file that clears your fraud team is the file that satisfies a FINTRAC examiner.
Five modules, from capture to a defensible decision.
Identity Verification & KYC, Document Verification, Screening, Customer Due Diligence, and Customer Risk Rating run as one automated pass at onboarding and keep watching afterwards. Every decision is explainable, recorded, and attributable, so the file that satisfies your fraud team also satisfies a FINTRAC examiner.
Identity Verification & KYC
The front door of the program. A single selfie verifies the customer is a live, present human and matches them to their identity document, with the strongest defences aimed at the fastest-growing attack: AI-generated faces.
Go deeper: identity verification software and the FINTRAC-accepted methods of identity verification.
Facial Recognition
Passive liveness from a single frame (no blinks, no head turns) and selfie-to-document face matching engineered against the public benchmarks set by NIST's face recognition evaluation program, with confidence scored on every match.
Deepfake Detection
Generative face swaps, synthetic video, and camera-injection attacks are screened at capture, before they reach onboarding. Every detection is logged with the evidence behind the call.
Document Verification
The document has to be as real as the face. Identity documents are read, parsed, and cross-checked in seconds, with tamper signals surfaced before the account opens.
Go deeper: document verification software for Canada.
Optical Character Recognition (OCR)
Proprietary OCR built for identity documents: passports, permanent resident cards, and provincial licences, with MRZ parsing and field extraction cross-checked against the selfie and the application data.
Authenticity & tamper signals
Font, layout, and security-feature inconsistencies are flagged at capture, and every accepted or rejected document keeps its full evidence record for the audit trail.
Screening
A verified identity still has to be a permissible one. Every customer is screened at onboarding and on an ongoing basis, with clear match rationale and a full record of every disposition.
Go deeper: sanctions and PEP screening software.
PEP
Politically exposed persons and heads of international organisations identified at onboarding and through ongoing list refreshes, with the enhanced-measures trail FINTRAC expects.
Sanctions
Canadian and international sanctions lists screened in real time, with match rationale, disposition, and escalation recorded for every alert.
Adverse Media
Negative-news screening that separates signal from noise, feeding risk-relevant findings into the customer file with the source recorded.
Customer Due Diligence
Verification and screening produce the facts; due diligence turns them into a defensible decision. CDD and enhanced due diligence run as a structured, documented workflow, with the depth scaled to the risk the customer presents.
Standard & enhanced CDD
Tiered workflows that capture identity, purpose, and source of funds, and step up to enhanced measures where risk or a PEP match requires it.
Beneficial ownership
Identification and verification of the humans behind a corporate customer, with the discrepancy checks FINTRAC expects, captured in the file.
Customer Risk Rating
Every customer carries a risk score the firm can defend. A configurable, weighted model rates each customer on consistent methodology, replacing spreadsheet guesswork with a documented, examiner-ready rationale.
Weighted risk model
Risk scored across product, customer, geography, and channel factors, with the weighting transparent and tunable to the firm's risk appetite.
Dynamic re-rating
Scores refreshed as behaviour, screening results, and exposure change, so the rating reflects the customer today, not only at onboarding.
Five services. One accountable Canadian bench.
FINTRAC requires every reporting entity to maintain a documented, effective compliance program, and Bill C-12 raised that bar to "reasonably designed, risk-based and effective." BriteBase's bench of senior Canadian practitioners delivers the program end to end, from AI governance to the examination response.
AI Governance
As Canada's AI Strategy reshapes supervisory expectations, firms deploying AI in regulated decisions need governance to match: model documentation, explainability standards, AI risk assessments, and vendor AI due diligence. BriteBase builds the framework and keeps it current.
Financial Crimes
Anti-money laundering and sanctions, run end to end by practitioners: customer due diligence, investigation and escalation of unusual activity, sanctions and PEP alert disposition, blocked-property reporting, STR and LVCTR drafting and FINTRAC submission, and the metrics that keep leadership informed.
Managed Services
The whole program, operated year-round by a named Canadian bench: pillar maintenance, regulatory change management, alert and case work, regulatory reporting, and examination readiness, inside one subscription.
Fractional CAMLO
A qualified Chief Anti-Money Laundering Officer, formally appointed and accountable: the compliance officer of record with a defined reporting line, board reporting, and the authority FINTRAC expects, at a fraction of a full-time hire.
Special Projects, scoped and fixed-fee.
Some compliance work doesn't fit a yearly subscription: a FINTRAC examination, a backlog cleanup, a new licence application. BriteBase delivers these as scoped, time-boxed projects at a fixed fee, with the same practitioner bench that runs the managed tiers.
FINTRAC examination support
Lead practitioner on the response: evidence pack, examiner Q&A, findings rebuttals, and program remediation through closure.
Issue remediation & backlog
Closing the gap on overdue STRs, untriaged alerts, KYC backlog, missing risk assessments, or stale policies and procedures.
Initial AML program set up
The five PCMLTFA pillars from scratch: officer appointment, risk assessment, policies and procedures, training program, and effectiveness review.
Systems implementation
Deploying the BriteBase verification and screening stack and integrating it with your CRM, payments stack, and identity providers. Includes data migration.
Systems tuning and calibration
Re-thresholding screening logic and verification settings after a model drift, false-positive surge, or product change.
External audit & licensing support
FINTRAC registration, provincial licensing, partner-bank due-diligence packs, and external AML audit response.
Everything above, on one predictable annual cost.
The technology core and the services bench are packaged into four ascending tiers, from self-serve software to a fully managed, assurance-backed program. We scope the right tier and a price to your firm on a quick demo. No retainers. No hourly rates.
Not sure where you'd start? That's what the demo is for.
We'll look at your onboarding flow and your program as it stands, recommend a tier, and give you a price scaled to your firm. No retainers. No hourly rates.