Checklists

Every document type has an associated checklist defined by the firm. Reviewers cannot submit a decision until every mandatory item is ticked. Each tick is recorded with timestamp and reviewer identity, and the full checklist state ends up on the certificate.

Why it isn't just UI

A checklist on a screen is only as good as the reviewer's diligence. By making the checklist a hard gate at the API level, Bedrock turns it from a guideline into a precondition. The decision endpoint returns 422 CHECKLIST_INCOMPLETE if any mandatory item is missing.

Checklist anatomy

• Items — short, specific, verifiable
• Mandatory flag — gates submission
• Conditional triggers — items that appear only when certain metadata is present (e.g. vulnerability flags)
• Help text — links to firm policy

Evidence produced

• CHECKLIST_ITEM_CHECKED review action per tick
• Final checklist state embedded in the certificate
• Per-item timing in the activity log

FCA mapping

• COBS 9.2 — Suitability assessment
• SYSC 6.1 — Compliance arrangements

See also

• The Principal
• Explainability