SIDE PROJECT · WORKING MVP

LexGuard

A Regulation-to-Execution engine for Indian BFSI.

Compliance teams don't just need to know that a regulation changed. They need to know what to implement, who owns it, by when, what evidence to keep, and what to tell the board. LexGuard turns a regulatory circular into that plan, in minutes.

A side project I built solo, nights and weekends, to prove I can take an AI product end to end — problem, PRD, working MVP, and my own QA. It's a skills demo, not a company I'm raising for.

STACKFastAPI · Streamlit · GPT-4o-mini
STAGEWorking MVP, end-to-end on real RBI / SEBI / IRDAI circulars
EVAL93.8% across synthetic test cases; caught and fixed a hallucination edge case
PRD33 pages · TAM/SAM/SOM · 11 epics · 4 personas · weighted confidence-engine formula
MARKET₹150–250 Cr near-term serviceable · ~₹1,250 Cr TAM
ROLESolo: strategy, PRD, prompt engineering, build, and QA

The problem

Reading the circular is the easy part. Executing it is the pain.

A compliance officer facing a new RBI or SEBI circular has to read 50 to 100 pages of legal language, decide whether it even applies, extract every obligation and deadline, ask product whether customer journeys are affected, ask engineering what systems must change, draft a board note, update policies and SOPs, and maintain audit evidence for all of it. It's slow, expensive, and inconsistent, and the handoff to product and engineering is usually a vague email.

Existing tools track workflows and send alerts. Almost none of them do the hard part: translating an unstructured regulation into implementation-ready actions across compliance, product, engineering, and the board. That's the whitespace.

What it does

One PDF in. Four teams' worth of work out.

Upload a circular and LexGuard returns a structured, board-ready to engineering-ready execution plan, with a source reference and a confidence signal on every output.

Board-ready

A board impact note: risks framed as financial, regulatory, operational, and reputational, plus the specific decisions leadership must make.

Compliance-ready

Applicability analysis and obligations, each with owner, deadline, risk-if-missed, implementation steps, and the evidence to retain.

Product-ready

User-flow impact plus product requirements and Jira-ready tickets, with acceptance criteria and no invented customer-facing changes when the impact is internal.

Engineering-ready

System impact, API / database / logging changes, and Jira-ready engineering tickets mapped back to the exact obligation.

How the MVP works

Upload PDF Extract text + page markers AI analysis engine Structured JSON Confidence signal Review + convert to tasks

The strategy behind it

A 33-page PRD I can defend, not a demo script.

The MVP proves one hypothesis: a regulatory PDF can become board, compliance, product, and engineering output in minutes. I also wrote the PRD as a PM exercise — to practise sizing and scoping a product bet the way I would on the job. It's product thinking, not a business plan I'm executing.

Market (sizing exercise)
Sized it as I would any bet: TAM ~₹1,250 Cr across ~2,500 regulated BFSI orgs; SAM ~300–500 digital-first firms; SOM 30–50 in the first 2–3 years — with a rough tiered-pricing hypothesis to sanity-check it.
Beachhead
Mid-sized digital NBFC lenders: bank-like regulatory complexity, startup-like velocity, low compliance-automation budget. Expand outward to brokers, PA/PG, AA participants, insurers, and AMCs.
Scope
11 epics from Regulatory Document Intelligence to a future Evidence Vault and Compliance Chatbot, each with user stories and testable acceptance criteria. Four personas: Head of Compliance, PM, Engineering, and Board / CXO.
Confidence engine
A weighted formula (source-reference quality 30%, obligation completeness 25%, deadline clarity 20%, cross-chunk consistency 15%, schema completeness 10%) routes output to auto-use, compliance review, or manual validation.
Positioning
Not another compliance tracker. "We don't just track compliance. We translate regulation into execution."

How I pressure-tested it

I ran QA on my own model, and it failed a test I'm glad it failed.

I evaluated the engine on synthetic test cases scored across schema completeness, content quality, context accuracy, actionability, and hallucination risk.

93.8%
Overall score (183/195) structuring complex regulatory data into actionable JSON.
100%
Actionability on real RBI KYC and SEBI cybersecurity circulars: usable Jira tickets and implementation steps.
33%
The failing case, and the most useful finding of the whole exercise.
⚠ TC-4 · THE "YES-MAN" FAILURE
I fed it a restaurant menu. The model didn't reject it. It set applies: true, invented a "Menu Knowledge Audit" compliance priority, generated fake engineering tasks, and returned a confidence score of 85 for a hallucinated compliance plan.

That's the exact trust-breaking failure a compliance buyer can't tolerate, so I built the fix: a strict classification gate that runs before the analysis, decides is this even a regulation?, and returns {"is_regulatory": false} to stop the pipeline if not. The restaurant menu now gets rejected cleanly. I also tightened citation rules so exact sections and penalty amounts (Section 35A, Rs. 1 crore) are copied verbatim instead of generalised.

The point isn't the 93.8%. It's that I built the thing, then tried to break it, found the failure that mattered, and knew how to close it.

Where I'd take it

If it were a company, here's the roadmap I'd run.

A thought exercise in sequencing, not a plan I'm executing. It shows how I'd stage an AI product from a working analyzer to an embedded compliance layer.

Phase 1 · nowDemoable MVP — PDF upload, AI analysis, board note, obligations, product + engineering actions, Jira tickets, audit readiness.
Phase 2SOP upload, gap detection, RAG Q&A, stronger confidence scoring, source validation.
Phase 3Watchtower — automated monitoring of RBI, SEBI, IRDAI, NPCI, and Sahamati, with classification and alerts.
Phase 4Enterprise workflow — multi-tenant, role-based access, evidence vault, Jira integration, board-pack export.
Phase 5Embedded compliance — a /check-compliance API validating KYC, onboarding, eSign, lending, and grievance flows inline.

Want the working demo or the full PRD?