{"api":{"name":"api.sb","description":"Business-as-Code surface for Startups.Studio","home":"https://api.sb","docs":"https://api.sb/docs","version":"1.0.0"},"$context":"https://api.sb/$context","$type":"FoundingHypothesis","$id":"https://api.sb/founding-hypotheses/fh%3Aw2-risk-management-compliance-officer-control-framework%3At-hsa%3Av1","links":{"self":"https://api.sb/v1/founding-hypotheses/fh%3Aw2-risk-management-compliance-officer-control-framework%3At-hsa%3Av1","canonical":"https://api.sb/founding-hypotheses/fh%3Aw2-risk-management-compliance-officer-control-framework%3At-hsa%3Av1","pool":"https://api.sb/v1/founding-hypotheses"},"foundingHypothesis":{"id":"fh:w2-risk-management-compliance-officer-control-framework:t-hsa:v1","lens":"HeadlessSaaS","type":"founding-hypothesis","click":{"rubricScores":{"C8_lensFit":0,"C7_magicLensFit":1,"C4_competitorHonesty":1,"C6_crossSlotCoherence":1,"C1_customerSpecificity":1,"C2_problemFrictionRealism":1,"C9_killCriteriaAttestability":1,"C3_approachEngineCoverability":1,"C5_differentiationLoservilleEscape":1},"upperRightLoserville":true},"cellRef":{"id":"work-contexts.org.ai/w2-risk-management-compliance-officer-control-framework","stableHash":"wcc:compliance-officer:risk-management:control-framework:v1"},"problem":{"slotStatement":"Control owners spend weeks each quarter chasing screenshots, JIRA tickets, and SOX walkthrough notes to prove a control operated as designed, and examiners still return MRAs because the evidence chain between the control narrative, the test step, and the primary artifact cannot be traced end-to-end."},"approach":{"oneSentence":"A headless control-attestation API that binds each RCSA control to its test procedure, pulls primary evidence from the bank's ServiceNow/Archer/Jira/Workday systems, and emits a review-ready control-test packet with per-assertion citations back to the source artifact and timestamp."},"customer":{"icpShape":"Chief Compliance Officer at US regional banks ($10B–$50B assets) operating under OCC Heightened Standards, where the buyer is the CCO (or Chief Risk Officer) who signs the GRC-tooling PO and the daily user is the Risk & Controls Manager maintaining the RCSA and control-testing library","beachheadShape":"EarlyMajorityWorkflow — FRB/OCC-supervised regional banks rebuilding control libraries after MRA/MRIA findings on control-testing evidence"},"archetype":"startup-archetypes.org.ai/HeadlessSaaS-MarketplaceClearing","beachhead":"EarlyMajorityWorkflow — FRB/OCC-supervised regional banks rebuilding control libraries after MRA/MRIA findings on control-testing evidence","competitors":{"substitutes":[{"name":"Archer IRM control-testing module","category":"incumbent"},{"name":"MetricStream GRC","category":"incumbent"},{"name":"AuditBoard CrossComply","category":"adjacent vertical"},{"name":"Big-4 co-sourced control testers (Deloitte/PwC staff aug)","category":"human alternative"},{"name":"Hadrius / Norm Ai horizontal compliance copilots","category":"AI-native horizontal"}]},"studioThesis":"T-HSA","killThreshold":{"K":8,"M":30,"N":7,"rubricItemSet":["C1_customerSpecificity","C2_problemFrictionRealism","C3_approachEngineCoverability","C4_competitorHonesty","C5_differentiationLoservilleEscape","C6_crossSlotCoherence","C7_magicLensFit","C8_lensFit","C9_killCriteriaAttestability"],"verdictPolicy":"all-load-bearing-pass-and-overall-ge-X","loadBearingItemSet":["C1_customerSpecificity","C2_problemFrictionRealism","C3_approachEngineCoverability","C4_competitorHonesty","C5_differentiationLoservilleEscape","C6_crossSlotCoherence","C9_killCriteriaAttestability"],"verdictPolicyVerbatim":"KILL unless every load-bearing rubric item passes per workbook AND overall pass-rate ≥ 7/9 (CASCADE.md §4 Stage 9 commit threshold)."},"lifecycleState":"Active","differentiation":{"twoByTwo":{"xAxis":"Evidence trace depth (narrative assertion → primary source artifact with timestamp & actor)","yAxis":"GRC system-of-record embedding (standalone workspace ↔ writes test results back into Archer/MetricStream control register via API)","winningQuadrant":"per-assertion citations to ServiceNow/Jira/Workday artifacts written back into the bank's existing Archer control register as examiner-review-ready test packets","loservilleEscape":true,"loservilleQuadrant":"Hadrius-style standalone chat copilots that summarize a control narrative without citing the underlying ticket/approval and require the analyst to re-key results into Archer by hand"}},"unmetRequirements":[],"pricingArchitecture":"usage-meter"},"actions":{},"options":{},"relationships":{"runtimeUnit":"https://api.sb/v1/runtime-units?startupRef=startup%3Afh%3Aw2-risk-management-compliance-officer-control-framework%3At-hsa%3Av1","brand":"https://api.sb/v1/brands?startupId=startup%3Afh%3Aw2-risk-management-compliance-officer-control-framework%3At-hsa%3Av1","listing":"https://api.services/listings?foundingHypothesisRef=fh%3Aw2-risk-management-compliance-officer-control-framework%3At-hsa%3Av1","cell":"https://api.sb/v1/cells/work-contexts.org.ai/w2-risk-management-compliance-officer-control-framework","thesis":"https://api.sb/v1/theses/T-HSA"},"meta":{"level":"L0","scopes":[]},"user":{"requestId":"a0575afb187790ce","edgeLocation":"a0575afb187790ce","geo":{"country":"US"},"ua":{"browser":"Claude"}},"references":{"total":0,"limit":25,"page":1,"links":{"self":"https://api.sb/v1/founding-hypotheses/fh%3Aw2-risk-management-compliance-officer-control-framework%3At-hsa%3Av1/references"},"items":[]}}