# Send Regulatory Compliance Audit to your agent
Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.
## Fast path
- Download the package from Yavira.
- Extract it into a folder your agent can access.
- Paste one of the prompts below and point your agent at the extracted folder.
## Suggested prompts
### New install

```text
I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Then review README.md for any prerequisites, environment setup, or post-install checks. Tell me what you changed and call out any manual steps you could not complete.
```
### Upgrade existing

```text
I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Then review README.md for any prerequisites, environment setup, or post-install checks. Summarize what changed and any follow-up checks I should run.
```
## Machine-readable fields
```json
{
  "schemaVersion": "1.0",
  "item": {
    "slug": "afrexai-regulatory-compliance",
    "name": "Regulatory Compliance Audit",
    "source": "tencent",
    "type": "skill",
    "category": "安全合规",
    "sourceUrl": "https://clawhub.ai/1kalin/afrexai-regulatory-compliance",
    "canonicalUrl": "https://clawhub.ai/1kalin/afrexai-regulatory-compliance",
    "targetPlatform": "OpenClaw"
  },
  "install": {
    "downloadUrl": "/downloads/afrexai-regulatory-compliance",
    "sourceDownloadUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=afrexai-regulatory-compliance",
    "sourcePlatform": "tencent",
    "targetPlatform": "OpenClaw",
    "packageFormat": "ZIP package",
    "primaryDoc": "SKILL.md",
    "includedAssets": [
      "README.md",
      "SKILL.md"
    ],
    "downloadMode": "redirect",
    "sourceHealth": {
      "source": "tencent",
      "slug": "afrexai-regulatory-compliance",
      "status": "healthy",
      "reason": "direct_download_ok",
      "recommendedAction": "download",
      "checkedAt": "2026-04-29T12:26:08.988Z",
      "expiresAt": "2026-05-06T12:26:08.988Z",
      "httpStatus": 200,
      "finalUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=afrexai-regulatory-compliance",
      "contentType": "application/zip",
      "probeMethod": "head",
      "details": {
        "probeUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=afrexai-regulatory-compliance",
        "contentDisposition": "attachment; filename=\"afrexai-regulatory-compliance-1.0.0.zip\"",
        "redirectLocation": null,
        "bodySnippet": null,
        "slug": "afrexai-regulatory-compliance"
      },
      "scope": "item",
      "summary": "Item download looks usable.",
      "detail": "Yavira can redirect you to the upstream package for this item.",
      "primaryActionLabel": "Download for OpenClaw",
      "primaryActionHref": "/downloads/afrexai-regulatory-compliance"
    },
    "validation": {
      "installChecklist": [
        "Use the Yavira download entry.",
        "Review SKILL.md after the package is downloaded.",
        "Confirm the extracted package contains the expected setup assets."
      ],
      "postInstallChecks": [
        "Confirm the extracted package includes the expected docs or setup files.",
        "Validate the skill or prompts are available in your target agent workspace.",
        "Capture any manual follow-up steps the agent could not complete."
      ]
    }
  },
  "links": {
    "detailUrl": "https://openagent3.xyz/skills/afrexai-regulatory-compliance",
    "downloadUrl": "https://openagent3.xyz/downloads/afrexai-regulatory-compliance",
    "agentUrl": "https://openagent3.xyz/skills/afrexai-regulatory-compliance/agent",
    "manifestUrl": "https://openagent3.xyz/skills/afrexai-regulatory-compliance/agent.json",
    "briefUrl": "https://openagent3.xyz/skills/afrexai-regulatory-compliance/agent.md"
  }
}
```
## Documentation

### Regulatory Compliance Audit

Run a full regulatory compliance audit for any business. Covers US, UK, and EU frameworks across 8 compliance domains with gap analysis, risk scoring, and remediation timelines.

### When to Use

Annual or quarterly compliance reviews
Pre-audit preparation (SOC 2, ISO 27001, GDPR, HIPAA, PCI DSS)
New market entry requiring regulatory assessment
Board or investor due diligence on compliance posture
Post-incident compliance gap analysis

### Step 1: Identify Applicable Frameworks

Based on the business profile (industry, geography, data types, revenue), determine which frameworks apply:

FrameworkTriggersSOC 2 Type IIB2B SaaS, handles customer dataGDPRAny EU customer data, EU employeesHIPAAAny PHI (healthcare, benefits, wellness)PCI DSSProcesses, stores, or transmits card dataISO 27001Enterprise clients requesting certificationSOXPublic company or preparing for IPOCCPA/CPRA>$25M revenue OR >50K CA consumersNIST AI RMFDeploying AI/ML in productionUK DPA 2018UK operations or UK customer dataFCA/PRAUK financial services

### Step 2: 8-Domain Compliance Assessment

Score each domain 1-5 (1=non-existent, 5=mature):

Domain 1: Data Governance

Data classification policy (public/internal/confidential/restricted)
 Data retention schedule with legal hold procedures
 Data processing agreements with all vendors
 Cross-border transfer mechanisms (SCCs, adequacy decisions)
 Data subject rights workflow (access, deletion, portability)
 Data breach notification procedure (<72hr GDPR, state-specific US)

Domain 2: Access Control & Identity

Role-based access control (RBAC) implemented
 Multi-factor authentication on all critical systems
 Privileged access management (PAM) for admin accounts
 Quarterly access reviews with evidence retention
 Automated provisioning/deprovisioning tied to HR
 Service account inventory with rotation schedule

Domain 3: Security Operations

Vulnerability management program (scan frequency, SLA by severity)
 Penetration testing (annual minimum, after major changes)
 Security incident response plan (tested within 12 months)
 Log retention meeting regulatory minimums (1yr SOC 2, 6yr SOX)
 Endpoint detection and response (EDR) on all endpoints
 Network segmentation between environments

Domain 4: Business Continuity

Business impact analysis (BIA) current within 12 months
 Disaster recovery plan with defined RTO/RPO by system tier
 Backup testing (restore verified quarterly minimum)
 Pandemic/remote work continuity procedures
 Third-party dependency mapping for critical services
 Communication plan (internal + external + regulatory)

Domain 5: Vendor & Third-Party Risk

Vendor risk assessment questionnaire (SIG Lite or equivalent)
 Tiered vendor classification (critical/high/medium/low)
 Annual vendor reviews for critical and high-tier vendors
 Right-to-audit clauses in critical vendor contracts
 Fourth-party risk assessment for critical vendors
 Vendor offboarding procedure with data return/destruction

Domain 6: HR & Personnel Security

Background check policy (scope appropriate to role)
 Security awareness training (annual + phishing simulations)
 Acceptable use policy signed by all employees
 Code of conduct with reporting mechanisms
 Termination checklist (access removal, device collection, NDA reminder)
 Contractor/temp worker security requirements

Domain 7: AI & Automation Governance

AI model inventory with risk classification
 Bias testing and fairness metrics for decision-making models
 Human-in-the-loop requirements defined per use case
 AI incident response procedures
 Transparency documentation (model cards, impact assessments)
 Training data governance and lineage tracking

Domain 8: Financial & Reporting Controls

Segregation of duties in financial processes
 Change management procedures for financial systems
 Audit trail for all financial transactions
 Revenue recognition controls (ASC 606 / IFRS 15)
 Tax compliance calendar (federal, state, international)
 Internal audit schedule and findings tracking

### Step 3: Risk Scoring Matrix

For each gap identified:

LikelihoodImpactRisk ScoreAction TimelineHighHighCriticalFix within 30 daysHighMediumHighFix within 60 daysMediumHighHighFix within 60 daysMediumMediumMediumFix within 90 daysLowHighMediumFix within 90 daysLowMediumLowNext quarterly reviewLowLowInformationalAnnual review

### Step 4: Remediation Roadmap

Build a 90-day plan:

Days 1-30: Critical Gaps

Address any gaps with Critical or High risk scores
Implement quick wins (policy updates, access reviews)
Engage external counsel for regulatory interpretation if needed

Days 31-60: Systematic Improvements

Deploy technical controls (MFA, EDR, log aggregation)
Complete vendor risk assessments for critical vendors
Update employee training program

Days 61-90: Evidence & Documentation

Build evidence collection system for ongoing compliance
Conduct internal audit of remediated areas
Prepare board-ready compliance dashboard

### Step 5: Compliance Cost Benchmarks (2026)

Company SizeAnnual Compliance BudgetKey Cost Drivers10-50 employees$30K-$80KSOC 2 audit ($15-30K), tools ($10-20K), training ($5-10K)50-200 employees$80K-$250K+ DPO/compliance hire ($80-120K), pen testing ($15-40K)200-1000 employees$250K-$800K+ GRC platform ($50-150K), multiple audits, legal counsel1000+ employees$800K-$3M++ Dedicated compliance team, continuous monitoring, regulatory filings

Cost of non-compliance (real examples):

GDPR fines: up to 4% global annual revenue (Meta: €1.2B, 2023)
HIPAA: $100-$50K per violation, $1.5M annual cap per category
PCI DSS: $5K-$100K/month until compliant + liability for breaches
SOX: Criminal penalties, officer personal liability
Average data breach cost: $4.88M (IBM 2024)

### Step 6: Output Format

Generate a compliance report with:

Executive Summary — Overall maturity score (1-5), top 3 risks, recommended budget
Framework Applicability Matrix — Which frameworks apply and current certification status
Domain Scores — 8 domains with gap counts and risk distribution
Critical Findings — Top 10 gaps ranked by risk score with remediation steps
90-Day Roadmap — Week-by-week action plan with owners and milestones
Budget Estimate — Compliance cost projection for next 12 months
Board Dashboard — One-page visual for board/investor reporting

### Industry-Specific Requirements

IndustryPrimary FrameworksSpecial ConsiderationsSaaS/TechnologySOC 2, GDPR, CCPAAI governance, open source licensingHealthcareHIPAA, HITRUST, FDA (if devices)PHI everywhere, BAAs requiredFinancial ServicesSOX, PCI DSS, GLBA, FCA/PRATransaction monitoring, AML/KYCLegalABA ethics, GDPR, privilege rulesClient confidentiality, conflict checksConstructionOSHA, environmental, bondingSafety records, subcontractor complianceE-commercePCI DSS, CCPA/GDPR, FTCPayment data, consumer protection, returnsManufacturingISO 9001, OSHA, EPA, export controlsSupply chain compliance, ITAR/EARReal EstateFair Housing, AML, state licensingProperty data, transaction complianceRecruitmentEEOC, GDPR (candidate data), ban-the-boxAI hiring bias (NYC Local 144), background checksProfessional ServicesIndustry-specific licensing, SOC 2Client data handling, engagement letters

### 7 Compliance Audit Mistakes That Cost Companies Millions

Treating compliance as annual — It's continuous. Point-in-time audits miss 60% of gaps that develop mid-year.
Ignoring AI governance — NIST AI RMF and EU AI Act are here. Every production model needs documentation.
Vendor risk as checkbox — Your vendor's breach is your breach. Fourth-party risk is real.
No evidence retention system — If you can't prove compliance, you're not compliant. Automate evidence collection.
Security ≠ compliance — You can be secure and non-compliant, or compliant and insecure. Address both.
Underbudgeting remediation — Plan for 2x the estimated remediation cost. Surprises are the norm.
Board reporting as afterthought — Boards that see compliance dashboards quarterly make better risk decisions.

Get the full compliance implementation toolkit for your industry:

Browse all 10 industry context packs → https://afrexai-cto.github.io/context-packs/
Calculate your AI automation ROI → https://afrexai-cto.github.io/ai-revenue-calculator/
Set up your AI agent stack → https://afrexai-cto.github.io/agent-setup/

Bundles: Playbook $27 | Pick 3 $97 | All 10 $197 | Everything $247
## Trust
- Source: tencent
- Verification: Indexed source record
- Publisher: 1kalin
- Version: 1.0.0
## Source health
- Status: healthy
- Item download looks usable.
- Yavira can redirect you to the upstream package for this item.
- Health scope: item
- Reason: direct_download_ok
- Checked at: 2026-04-29T12:26:08.988Z
- Expires at: 2026-05-06T12:26:08.988Z
- Recommended action: Download for OpenClaw
## Links
- [Detail page](https://openagent3.xyz/skills/afrexai-regulatory-compliance)
- [Send to Agent page](https://openagent3.xyz/skills/afrexai-regulatory-compliance/agent)
- [JSON manifest](https://openagent3.xyz/skills/afrexai-regulatory-compliance/agent.json)
- [Markdown brief](https://openagent3.xyz/skills/afrexai-regulatory-compliance/agent.md)
- [Download page](https://openagent3.xyz/downloads/afrexai-regulatory-compliance)