Compliance

1 · Overview

Mortartec is built for UK mortgage brokers operating under FCA supervision. The platform automates case admin — Fact-Finds, sourcing, suitability documentation and submission prep — while keeping a clear record of what was done, by whom, and on what basis.

This page explains how Mortartec supports your compliance obligations. It does not replace your firm's own policies, training or regulatory advice. You remain responsible for the advice you give clients and for ensuring your use of Mortartec meets your permissions and internal controls.

Mortartec Ltd provides software tooling. We are not an FCA-authorised firm and we do not provide regulated financial advice. Where we refer to "FCA-aligned" or "FCA-grade" features, we mean the platform is designed to support workflows and record-keeping that regulated brokers typically need — not that Mortartec itself holds FCA permissions.

2 · Regulatory context

Mortgage brokers must comply with FCA rules on treating customers fairly, suitability, disclosure, data protection and financial crime. Common rule areas Mortartec is designed to support include:

• MCOB & CONC (as applicable): accurate case records, suitable product selection and clear client documentation.
• SYSC / governance:systems and controls appropriate to the firm's activities, including oversight of outsourced and technology functions.
• Financial crime (FC): identity verification, sanctions screening and suspicious activity processes — supported in part by Gandalf compliance checks and integrated credit data.
• UK GDPR / Data Protection Act 2018: lawful processing of applicant data — see our Privacy Policyfor Mortartec's role as a processor or controller depending on context.

You should map Mortartec to your firm's own compliance framework, including any network or principal requirements. Enterprise customers can request documentation to support SMCR and outsourcing due diligence.

3 · Audit trails & record-keeping

Every material action on a case in Mortartec is logged: document uploads, field changes, agent runs, sourcing results, compliance checks and user approvals. Logs include a timestamp, user identity and the action performed.

This supports the FCA expectation that firms can demonstrate what happened on a file — not just the final submission pack. When Gandalf runs a pre-submission check, the outcome and the rules evaluated are retained against the case so you can explain a decision to a compliance reviewer or auditor.

• Logs are tamper-evident within the platform — users cannot delete audit history for submitted or locked cases.
• Retention periods follow your subscription terms and applicable law; export options are available for enterprise and network accounts.
• Internal Mortartec staff access to case data for support is itself logged and restricted.

4 · Pre-flight scores & suitability documentation

Mortartec's pre-flight mortgage score combines two signals: Target Data Integrity (paperwork and compliance readiness via Gandalf) and Target Placement Probability (likelihood of lender acceptance using live criteria and credit data).

These scores are decision-support tools. They do not replace your professional judgement, client conversations or obligation to recommend a suitable product. You must review agent-generated outputs — including Fact-Find population, suitability letters from Scribe and sourcing results from Cupid — before they are sent to clients or lenders.

The platform is designed so that automated outputs are clearly labelled, versioned and attributable. Where an agent drafts a suitability letter from a meeting transcript, the source transcript and edit history remain linked to the final document.

5 · Data sources & third-party APIs

Mortartec sources lender criteria through Twenty7Tec and credit / affordability data through TransUnion under commercial API agreements. We do not rely on unofficial scrapes or stale criteria sheets.

When you use these integrations, your firm's existing agreements with those providers may apply in addition to your Mortartec terms. You are responsible for ensuring your use of credit and criteria data complies with each provider's licence and with data protection law for your applicants.

For security measures protecting this data in transit and at rest, see our Security page.

6 · Your responsibilities as a broker

When using Mortartec, your firm should ensure:

• Staff are trained on what the agents do — and what they do not do automatically.
• A human reviews all client-facing and lender-facing outputs before issue.
• Client consent and privacy notices cover processing through Mortartec and connected APIs where required.
• Access is limited to appropriate roles and revoked when staff leave.
• Your complaints, financial crime and data breach procedures cover platform-related incidents and name a contact for Mortartec escalation.
• Networks and principals are notified where your agreement requires approval of new systems handling client data.

Mortartec is currently in closed beta. Features marked "On the roadmap" on our website are not yet generally available; do not rely on them for live regulated activity until they are released and documented in your environment.

7 · Audit packs & exports

For each case, Mortartec can generate an audit pack summarising: case timeline, agent actions, compliance check results, sourcing rationale, document versions and user sign-offs. This is intended to speed up internal file reviews and network audits — not to substitute for your own file checking.

Enterprise and network tiers include enhanced reporting: firm-wide activity summaries, export to your document management or CRM systems, and dedicated support for periodic compliance reviews.

To request a sample audit pack or compliance documentation for vendor onboarding, contact compliance@mortartec.co.uk.