Fixing a Broken System
The compliance industry built a £50 billion solution for the wrong people.
90% of risk and compliance work is executed by operations teams. Yet every major GRC tool was designed for risk teams who review their work.
Our mission: Fix this fundamental misalignment.
Origin Story
As a policy advisor at the Prudential Regulatory Authority (PRA), Waleed interviewed boards at Tier 1 insurers to assess their Solvency 2 preparedness.
He always asked three questions:
What policies do you own as an exec?
Executives came prepared with impressive policy lists, rattling off document names confidently.
How is policy adherence ensured?
Cue the stammering about "some controls" and "business activities" with lots of umm'ing and ahh'ing.
When did you last check it was done?
That's when it all unravelled completely. The uncomfortable silence said everything about reality.
...but the smoking gun came outside those boardrooms.
Compliance teams complained about regulations being 'Very high-level, lots of cross-references, doesn't tell you much' while Operations teams complained about policies being 'Very high-level, lots of cross-references, doesn't tell you much.'
Identical complaints, word for word.
Evidence of a fundamentally broken approach that everyone just accepts as normal. Having seen this dysfunction from every angle - as an auditor, risk professional, consultant, and regulator - I couldn't unsee it.
That's when I decided to rebuild risk and compliance from first principles, for the teams who actually execute the work.
Our Differentiator
Traditional tools digitize broken processes. We rebuilt risk management from first principles - for the people who actually do the work.
Traditional GRC Tools
Built for risk teams who review operational work
High-level, abstract frameworks that operations teams struggle to implement
Separate compliance processes creating duplicate work for operational teams
Reviewer language focused on risks rather than operational performance
Document-heavy approaches that create shelf-ware instead of actionable guidance
Quarterly reporting cycles that discover problems months later
CoVi's Operations-First Approach
Built for operations teams who execute the actual work
Clear, actionable building blocks expressed in business language for ops teams
Unified workflows where compliance happens naturally within existing operational activities
Real-time visibility that prevents issues through continuous monitoring
Business language focused on operational outcomes and performance improvement
Business language focused on operational outcomes and performance improvement
Meet The Team
The regulatory insiders who discovered the industry's fundamental flaw and built the operations-first solution to fix it.
Waleed
SARWAR
CEO & Founder
Steve
GIBBONS
SALES DIRCETOR
Mauro
SEBASTIANELLI
HEAD OF ENGINNERING
Our Mission-Driven Values
Transform every operations team from compliance burden-bearers into efficiency champions, one embedded workflow at a time.
Operations teams execute compliance, they deserve tools built for them
Question broken norms instead of accepting "how it's always been done"
Speak business outcomes, not risk & compliance jargon
Embed into existing workflows instead of creating new overhead
Industry-wide problems need ground-up solutions, not band-aids
