The audit-trail export
A self-contained, hash-verifiable bundle of everything Frayme observed and did, scoped to whatever the regulator (or internal audit) is asking for.Scope the query
By
decision_id, by date range, by submission code, by client (main_account), by rule. Multi-dimension combinations supported.Generate the bundle
GET /api/audit/exports?… produces a ZIP with:manifest.json— what’s included, what’s excluded, why.decisions/— one JSON per decision with the full evidence pack.workflows/— workflow definitions at the versions that originally executed.audit_log.ndjson— chain-hashed entries for the scoped events.signature.sig— cryptographic signature over the bundle.
Verify
The bundle includes a
verify.sh script that reads signature.sig and re-hashes the chain to confirm no tampering.What’s in the bundle for any regulator
The bundle is regulator-agnostic by design. The same export shape covers:- COAF communications under Brazil’s Circular BCB 3.978/2020.
- SAR filings under the US Bank Secrecy Act.
- STR filings under FATF Recommendation 20 in any jurisdiction.
- Internal-audit and Subject-Access-Request responses.
Decision-level PDF
In parallel with the bundle, individual decisions can be exported as standalone hash-stamped PDFs from the Decision Console. Useful for one-off regulator interviews, internal review packets, or sharing a specific case with an external counsel without handing over the full bundle.Retention guardrails
Frayme applies retention windows automatically per decision class — the longest default is 7 years for regulator-filed decisions, exceeding the typical 5-year regulatory floor by 2 years for buffer. Active-store vs offsite-mirror tiers are transparent to the export —GET /api/audit/exports resolves both.