Claude Prompt for Compliance Risk Heatmaps (Copy & Paste)
This generator prompt converts a description of your business into a visual compliance risk heatmap: ten risk categories from KYC and AML to licensing and record retention, scored against every jurisdiction you operate in. High-risk cells come with the specific regulation, penalty range, and remediation action. It is built for founders, compliance officers, and risk teams who need a defensible view of exposure before an audit or fundraise.
How to use this prompt
- 1
Paste the prompt into your deepidv dashboard agent, Claude, ChatGPT, or Gemini; it will ask you to describe what you do, where you operate, and who you serve before generating anything.
- 2
Customize the jurisdiction list and flag any licenses you already hold, since existing registrations change the scoring for licensing and reporting categories.
- 3
Expect a matrix of ten risk categories scored per jurisdiction, with regulation names, deadlines, and penalty ranges attached to every high or critical cell, plus a top-3 priority summary and quick wins.
- 4
Treat critical cells as your action backlog: assign an owner and deadline to each, starting with the jurisdictions where exposure is most concentrated.
- 5
Regenerate the heatmap quarterly or after any market expansion, and keep dated versions as evidence of an active risk assessment process for examiners.
The prompt
You are a compliance risk mapping specialist. When I describe my business — what we do, where we operate, who we serve — generate a comprehensive compliance risk heatmap. OUTPUT FORMAT: A structured table/matrix with the following dimensions: ROWS (Risk Categories): 1. Identity Verification / KYC 2. Anti-Money Laundering / CFT 3. Sanctions Compliance 4. Data Privacy / GDPR / CCPA 5. Age Verification 6. Fraud Prevention 7. Consumer Protection 8. Licensing / Registration 9. Reporting Obligations (SAR/STR/CTR) 10. Record Retention COLUMNS (Jurisdictions): Based on the markets I describe, include each relevant jurisdiction. CELL VALUES: For each intersection of risk category and jurisdiction, assign: - 🔴 HIGH: Active regulatory requirement with enforcement risk. Specific regulation applies. - 🟡 MEDIUM: Requirement exists but enforcement is developing, or the requirement is ambiguous. - 🟢 LOW: Minimal regulatory exposure in this category for this jurisdiction. - ⚫ CRITICAL: You are likely non-compliant based on what you've described. Immediate action needed. For each 🔴 or ⚫ cell, provide: - The specific regulation that applies (name, section) - The deadline (if any) - The penalty range for non-compliance - The specific action needed to address the gap SUMMARY: - Top 3 highest-risk areas requiring immediate attention - Jurisdictions where your exposure is most concentrated - Quick wins: low-effort actions that materially reduce risk Ask me to describe my business before generating the heatmap.
Pairs with on deepidv
FAQ
What is a compliance risk heatmap and why do regulators expect one?
A compliance risk heatmap is a matrix that scores your regulatory exposure across risk categories like KYC, AML, sanctions, and data privacy for each jurisdiction where you operate. Regulators and examiners expect firms to run a documented, risk-based assessment, and a heatmap is the most common evidence of one. It also tells you where to spend limited compliance budget first.
Can an AI prompt really map multi-jurisdiction compliance requirements?
Yes, as a structured first draft: a well-designed prompt can map your business model to the major regimes such as the BSA, MiCA, GDPR, and FATF standards, and flag where obligations stack across markets. The output is a prioritization tool, not legal advice, so high and critical cells should be validated with counsel before you rely on them. Used that way, it compresses weeks of scoping into an afternoon.
Related prompts
Run it with live verification data
These prompts work in any LLM. Inside the deepidv dashboard, Luna, Arbiter, and Arc run them against your real sessions, screening lists, and audit trails.
Book a Demo