The platform

Governed semantic middleware. Built on observed reality.

TruWyn sits beneath your GRC stack as the layer that observes how work actually happens — then generates the governed BPMN and PRCI documentation downstream tools were built to consume.

Five stages, one pipeline, one source of truth. No screen recording, no cloud round-trip, no manual interview cycle.

Book a demo See the pipeline
Patent-pending middleware Stays on-premBPMN 2.0 native
truwyn · operations LIVE PROCESS · LOAN ORIGINATION OFAC BSA Reg Z HMDA ECOA CIP Loan origination GOVERNED OUTPUT BPMN 2.0 PRCI Controls CONTROL COVERAGE Governed PRCI · BPMN · current artifacts refreshed from runtime EVENTS · LAST HOUR 1,284 activity events observed DRIFT FLAGGED 3 2 critical CIP — actor mismatch
How it works

One pipeline. Five steps. From real execution to examiner-ready evidence.

Each step has a job. Together they replace the annual interview cycle with a continuous, governed flow.

01

Observe

Capture real work across systems and applications — no screen recording, no keystroke logging.

Engine details
02

Transform

Refine raw activity into structured process knowledge — events, actors, artifacts, intent.

Knowledge graph
03

Govern

Auto-generate BPMN, PRCI rows, and controls with provenance and review baked in.

Control library
04

Assure

Validate, reconcile and surface drift between declared policy and observed execution.

Mappings
05

Prove

Produce examiner-ready evidence and audit artifacts in formats your GRC stack already speaks.

Governed export
01 · Observe

The observation engine, engineered to clear examiner scrutiny.

Window, application, and web-context capture only — no screens, no keystrokes, no content. Engineered from day one to survive both employee-relations review and regulator inspection.

  • Activity events: app focus, window title, URL host, transition time
  • No screen recording, no keystroke logging, no content capture
  • Local-first: events stay inside your firewall, never leave
  • 90-minute calibration covers the workflows you point us at; calibration is the product
EVENT STREAM desktop agent · local LIVE LAST 60 MIN activity volume 1,284 live LO core-banking · LoanOrigination 09:14:22 · focus · 12m 04s · actor.svc=u421 APP policy.intranet · /aml/cip-overrides 09:26:30 · web · 02m 11s · → CIP control WEB vendor-portal · OFAC-screen 09:28:41 · web · 00m 48s · → OFAC control WEB Activity only · No screens · No keystrokes ON-PREM Every event carries provenance back to a control row
PROCESS KNOWLEDGE GRAPH 12 nodes · 24 edges CIP OFAC BSA Reg Z HMDA ECOA Loan origination Each edge is a regulatory checkpoint this process touches QUERYABLE
02 · Transform

A Process Knowledge Graph, not a flat log.

Raw events become a typed, queryable graph: processes, actors, systems, artifacts, and the regulatory checkpoints that connect them. The graph is what makes the rest of the pipeline possible — and what every downstream artifact is reconciled against.

  • Typed nodes: processes, sub-processes, actors, systems, regulatory checkpoints
  • Versioned, queryable, and reconciled against declared policy
  • One semantic layer that feeds BPMN, PRCI, control mappings, and exports
03 · Govern

A pre-built control library, calibrated to your institution.

TruWyn ships with a regulator-grade library of controls for community banks and credit unions — not a blank canvas. We calibrate it to your processes; you don't author from scratch.

Pre-built library

Controls mapped to BSA/AML, NCUA, Fair Lending, TRID, Reg E/DD/Z, HMDA and FFIEC — covering the regulatory surface examiners actually check.

  • Hundreds of pre-mapped control activities
  • Tied to specific reg cites and FFIEC manual sections

Provenance baked in

Every generated artifact carries lineage back to the events that produced it. Examiners and internal reviewers can trace any row to its source observation.

  • Event-level lineage on every PRCI row
  • Reviewer sign-off and version history

Drift & anti-patterns

Surface gaps between your written policy and how work actually runs — including anti-patterns the process owner never saw.

  • Policy vs. observed reconciliation
  • Pattern alerts: skipped checks, unauthorized actors, sequence breaks
04 · Assure · 05 · Prove

What it produces — formats your GRC stack already speaks.

TruWyn doesn't replace AuditBoard, Ncontracts, Workiva, or MetricStream. It produces the governed BPMN and PRCI that those tools were built to consume — and that today are written by hand.

BPMN 2.0 · governed

Process maps a reviewer trusts.

Generated diagrams that aren't "AI-drawn" — they reflect what your people actually did, with provenance and reviewer sign-off attached at the node level.

  • BPMN 2.0 XML, importable to your modeling tool of choice
  • Swimlanes by actor, system, and regulatory checkpoint
  • Versioned alongside the events that produced each node
PRCI · multi-profile

Process · Risk · Control · Inventory rows that update themselves.

The control inventory your GRC tool wants — generated, attributed, and continuously refreshed against observed execution rather than annual interviews.

  • Multi-profile PRCI: AuditBoard, Ncontracts, Workiva, MetricStream
  • CSV, JSON, and direct connector exports
  • Continuous refresh — no annual rewrite cycle
Standards & integrations

Native to the tools your team already uses.

No lock-in. TruWyn outputs into the standards and platforms your stack is built around.

BPMN 2.0
OMG standard
Camunda
workflow engine
Signavio
SAP process
ARIS
Software AG
iGrafx
process mining
Bizagi
BPM suite
Nintex
workflow
AuditBoard
GRC
Ncontracts
GRC
Workiva
GRC
MetricStream
GRC
CSV · JSON · XML
portable
Local / on-prem

Your data never leaves your environment.

For credit unions and community banks, trust is the product. Every TruWyn engineering decision starts there.

Stays local

Sensitive process data is observed and processed inside your firewall. No phone-home, no remote wipe, no time-bombs.

Honest licensing

Signed local license files with graceful degradation. We never delete your data — your records are always yours.

No screen recording

Window, activity, and web-context capture only — engineered to clear employee-relations and examiner scrutiny.

Examiner-ready output

Provenance attached to every artifact. Reviewers can trace any control row to the underlying observations.

See it on your own process

Walk the pipeline on a real workflow of yours.

A 90-minute calibration is enough to show you how observed execution becomes governed evidence — in your environment, on a process you choose.

Book a demo See use cases