Regulatory Compliance

Regulatory Compliance Management, Built Into Every Vendor and Contract Workflow

Regulations keep arriving. CPS 230. DORA. Modern Slavery. Each demands proof of vendor oversight.

Gatekeeper generates that proof as a byproduct of how you already manage contracts, vendors, and spend.

It’s regulatory compliance software that works because your team is already using it.

Book a demo

Screenshot 2026-03-25 at 21.14.48

Companies Trust Gatekeeper across 23 countries

How Gatekeeper Turns Vendor and Contract Management Into Regulatory Compliance

What If Compliance Evidence Was a Byproduct, Not a Project? Gatekeeper is the unified platform for contracting vendor compliance and spend . When a contract is signed, it's extracted and indexed. When a vendor is onboarded, they're screened and scored. When an SLA is tracked, performance is logged. The evidence regulators need is created automatically as part of those activities..

Screen Before You Engage

Gatekeeper does risk-first vendor onboarding . Every vendor is screened against due diligence criteria, financial stability, cyber posture, and sanctions before a contract is signed. The regulation defines what to screen for. Gatekeeper enforces it and logs the result.

Manage Contracts with Full Extraction

Gatekeeper AI extracts contract metadata at upload: dates, parties, obligations, mandatory clauses. Approval workflows enforce compliance before signature. Every version, every approval, every change is logged as an audit trail.

Monitor Vendors Continuously

Smart Forms track vendor SLA performance. Market IQ monitors financial and cyber risk continuously. When a vendor's status changes or a certification expires, the platform flags it before it surfaces in an audit.

Trusted by 300+ companies in 23 countries. Recognised by Gartner, G2, and Capterra.

ContractManagement_Leader_Leader

SpendManagement_BestSupport_Mid-Market_QualityOfSupport

VendorManagement_EasiestToDoBusinessWith_Small-Business_EaseOfDoingBusinessWith

Governance,Risk&Compliance_HighPerformer_HighPerformer

“CPS 230 is really asking the question of making sure you're effectively managing your vendors. Gatekeeper removed all that friction.”

Bradley Dollin, Procurement Lead, Police Bank

PoliceBank_Logo-2

The Challenge

Why Does Every New Regulation Mean Starting From Scratch?

Every new regulation triggers the same scramble: map requirements, chase evidence, build a register, prove oversight. Then the next regulation lands and it starts again. 61% of organisations expect regulatory change to increase (Thomson Reuters, 2025).

CPS 230 . DORA. Modern Slavery. Different in detail. Identical in what they demand: a documented record of who your vendors are, what you've agreed, and whether they're performing.

GK_Dashboard_ThirdPartyRiskManagement_2

The Challenge

Five Systems to Prove One Thing?

When contracts, vendor records, and spend data live contracts, vendor records, and spend data live in separate systems, assembling compliance evidence means pulling from five places to prove one thing. That's not a compliance process. That's an audit prep crisis. A unified compliance management platform eliminates the assembly work by connecting vendor risk, contract obligations, and spend data in a single auditable record.

A unified compliance management platform eliminates the assembly work by connecting vendor risk, contract obligations, and spend data in a single auditable record.

GK_Dashboard_VendorIntelligence

Which Regulation Is Driving Your Compliance Deadline?

Gatekeeper's vendor and contract controls map to multiple regulatory frameworks simultaneously. Choose your regulation to see how.

APRA CPS 230

Operational Risk Management. Australia's prudential standard requiring material service provider registers, continuous vendor oversight, and audit-ready evidence. Pre-existing contracts must comply by 1 July 2026. Police Bank uses Gatekeeper for CPS 230.

Find out more

Modern Slavery Act

Supply Chain Transparency. Requires organisations with $100M+ consolidated revenue to report on modern slavery risks in supply chains. Vendor due diligence, supplier questionnaires, and ongoing monitoring are the practical obligations.

Find out more

DORA

Digital Operational Resilience (EU). The EU's Digital Operational Resilience Act mandates ICT vendor risk management, contract governance, and third-party oversight for financial entities operating in Europe.

Find out more

“We now have a central place where we can see every renewal coming up across the entire year, which means no more surprises, no more last-minute reviews, and no more accidental auto-renewals.”

Chelsea Simmons Legal Counsel, Canstar Pty Ltd

Canstar

Your Free Resource

APRA CPS 230 Compliance Checklist

A practical checklist for Procurement, Legal, and Finance teams at APRA-regulated entities. Maps CPS 230 requirements to the vendor-facing processes you need in place: material service provider identification, mandatory contract clauses, SLA monitoring, fourth-party oversight, and audit trail evidence.

Use it to assess your current gaps and prioritise what needs to change before the 1 July 2026 deadline for pre-existing service provider contracts. Download your Checklist

cps230-checklist

Gatekeeper Impact in Numbers

100%

Audit Read

90%

Faster Onboarding

$1.3m

Average Saving from unwanted renewals

Zero

Unwanted renewals

Your Free Resource

Dora Compliance Checklist

A practical checklist for Procurement, Legal, and IT teams at financial entities operating in the EU. Maps DORA requirements to the vendor-facing processes you need in place: ICT vendor risk assessment, mandatory contract provisions, incident reporting, concentration risk monitoring, and ongoing oversight evidence. Use it to assess your current gaps and strengthen your ICT vendor governance.

Your Compliance Checklist

dora-compliance-cover (3)

Regulatory Compliance Questions About Gatekeeper

Which regulations does Gatekeeper cover?

Any regulation that requires evidence of vendor oversight, contract governance, or spend control. Gatekeeper has dedicated platform capabilities for APRA CPS 230 , DORA, GDPR (vendor data processing compliance), and the Australian Modern Slavery Act. For APRA CPS 234, Gatekeeper covers the vendor-facing obligations: security screening, contract-level security clauses, and incident reporting. Gatekeeper AI also validates vendor ISO 27001 and SOC 2 certifications automatically.

How does Gatekeeper handle multiple regulations at once?

The platform controls for vendor screening , contract governance, and SLA monitoring serve all regulations simultaneously. A vendor onboarded with CPS 230 screening also satisfies Modern Slavery due diligence. A DORA risk assessment also feeds your GDPR vendor compliance. One process, multiple regulatory outputs.

This is what separates regulatory compliance software built into the vendor and contract lifecycle from assembling evidence across disconnected spreadsheets, shared drives, and point solutions

We already have compliance processes in place. Why change?

If your current process generates audit-ready evidence automatically without manual assembly, you may not need to. If your team spends weeks before each audit chasing vendor documents, building registers from spreadsheets, and assembling evidence across disconnected systems, Gatekeeper replaces that work with continuous, automated evidence generation.

What does CPS 230 require for vendor management?

APRA CPS 230 requires regulated entities to maintain a register of material service providers, conduct pre-engagement due diligence, embed mandatory contract clauses covering audit rights and termination, monitor SLA performance continuously, and track fourth-party dependencies. Pre-existing service provider arrangements must comply by 1 July 2026. Gatekeeper automates each of these requirements: vendor onboarding workflows enforce screening before contracts are signed, Smart Forms track SLA performance against agreed thresholds, and fourth-party relationships are mapped within each vendor record to flag concentration risk. The result is a live, audit-ready register rather than a spreadsheet assembled before each review.

What vendor compliance evidence does the Modern Slavery Act require?

The Australian Modern Slavery Act requires reporting entities with $100M+ consolidated revenue to submit annual statements describing the modern slavery risks in their operations and supply chains, and the actions taken to assess and address those risks. In practice, this means conducting supplier due diligence, distributing and collecting supplier questionnaires on labour practices, and monitoring vendor risk profiles on an ongoing basis. Gatekeeper automates questionnaire distribution and evidence collection during onboarding, captures modern slavery risk data as part of the standard vendor intake process, and logs all responses, certifications, and remediation actions with full audit trails to support your annual statement.

How does Gatekeeper support DORA compliance for ICT vendors?

DORA requires financial entities to identify and classify ICT third-party providers, enforce specific contract provisions around audit rights, exit strategies, and incident reporting, and maintain ongoing oversight of ICT vendor risk. Gatekeeper’s workflow engine applies DORA-specific contract clauses automatically during negotiation and blocks signature until mandatory provisions are confirmed. Market IQ provides continuous financial and cybersecurity monitoring of ICT vendors, and Gatekeeper AI reviews due diligence questionnaire responses