Features Why Regulyst Frameworks Pilot Program Blog Get Early Access →
Pilot Program Now Open

Third-party risk, built to run inside Salesforce

Salesforce-native third-party and ICT risk management, built for regulated financial services. Manage vendors, assessments and monitoring inside the org you already run.

Our story

Why we're here.

Third-party and ICT risk management still runs on spreadsheets, questionnaires and shared drives — sitting outside the systems a firm actually operates on. For regulated financial services teams, that gap is where oversight breaks down.

S

Fragmented tools.

Teams end up stitching together spreadsheets, screenshots, emails, and point solutions — because compliance lives outside their core systems.

Disconnected, unreliable data.

Regulyst brings third-party risk, compliance and controls directly into Salesforce — so oversight lives where your data, workflows and users already are.

?

No line of sight.

Unclear ownership makes it hard to trace a vendor to the risks, controls and obligations it touches — leaving leaders without a real-time view when a regulator asks.

Built for regulated financial services teams.

Your third-party risk programme doesn't need a heavy enterprise tool, or months of implementation.

It needs a Salesforce-native platform that delivers value fast.

Regulyst is designed for:

  • Heads of Compliance, CROs and risk leaders at regulated financial firms
  • Fund administrators, asset and fund managers, MiFID firms, EMIs, payment institutions and crypto-asset service providers
  • Firms managing their obligations under DORA and UK operational resilience rules
  • Teams already running Salesforce that want risk and compliance to live there too
  • Firms that need structure and audit-readiness without enterprise overhead
Our approach

Not another bolt-on tool.

Your third-party risk and compliance programme, run inside Salesforce.

Salesforce-native by design

Regulyst installs as a managed package inside the Salesforce org you already own. No separate platform, no data leaving your security perimeter.

Fast implementation

Start with working frameworks and workflows. See value in days, not quarters.

One connected operating layer

Vendors, risks, controls, policies and evidence — all linked in one system of record, next to the data your business already runs on.

Our platform

Third-party risk, compliance and controls — run inside the Salesforce org you already own.

Move your programme off manual spreadsheets and into connected workflows, inside the system your teams already use every day.

Features

Everything you need — inside Salesforce

Below are real screens from the product as it exists today — not mockups.

Vendor Risk

Every vendor reviewed. Every exception tracked. Without the extra SaaS.

Vendor onboarding, security reviews, and fourth-party exposure — all inside Salesforce.

  • The vendor does the work in a portal, uploads evidence themselves
  • See your vendors' vendors, the indirect exposure DORA asks about
  • Go from "add vendor" to "review issued" in an afternoon
Vendor Risk Workspace TPRM Vendor Intelligence
Risk Management

Every risk connected. Every line of sight intact.

Every risk linked to the vendor, control, and regulation it touches.

  • Answer "are we inside appetite right now" in the room
  • Flag the moment a risk moves outside appetite
  • Walk into any audit with the full chain on one screen
Risk Management Workspace Risk Lifecycle 7-Step
Executive Summary

Your risk and compliance posture — one screen

Live risk posture, framework completion, and third-party trust on one screen.

  • Live risk posture score with 30-day trend
  • Framework completion across all active programmes
  • Third-party trust status and open exceptions
Executive Summary Dashboard
Regulatory Traceability

One straight line from regulation to evidence

When the Central Bank walks in, you open one screen.

  • Every regulation mapped from framework to article
  • Every risk traced to the obligation that created it
  • Every answer to "show me" in one click, evidence attached
Regulatory Traceability Regulation Overview
Compliance Hierarchy

Your whole compliance org, live on one screen

Every business unit, risk, control, and owner mapped and updating in real time.

  • See your full RACI across compliance, risk, and controls
  • Click any business unit to drill into its live position
  • Board-ready monitoring reports in one click
Compliance Hierarchy Org Chart Org Chart Explore AI Summary
Evidence

Evidence already in Salesforce

Link live Salesforce data directly to controls, risks, and vendors. No exports.

  • Monitoring activities backed by live Salesforce data
  • No exports. No duplicate entry. No separate evidence tool.
Live Operational Salesforce Data
AI Evidence Review

Catch weak evidence before your auditor does

Every file scored against the actual requirement and flagged if it won't hold up.

  • Sufficiency and conformity scored the moment evidence is uploaded
  • Weak or mismatched evidence surfaced before sign-off
  • A plain-English fix for every gap
AI Evidence Review Control Panel AI Review Modal
Policy Management

Policies that connect to everything

Write, approve, and map policies to controls, risks, and evidence inside Salesforce.

  • Policy-to-control mappings
  • Evidence & document linking
  • Versioned and audited inside Salesforce
Policy Management
Framework Agnostic

One control. Every framework. Map once.

DORA
UKOp. Resilience
ISO27001
GDPR
NIS2
Join Us Early

Shape the platform before launch

What pilot partners get:

  • Early access to the platform
  • Direct access to Salesforce developers and risk and compliance experts
  • Influence over roadmap and features
  • Preferential pricing at launch

Apply for early access

✓ Application received! We'll be in touch shortly.