Glossary
The regulations, in plain English.
Every term below is a step or a signed checkpoint in a GreatCTO autopilot — not a PDF you read later. Each entry links to the autopilot where it bites.
Every term below is a step or a signed checkpoint in a GreatCTO autopilot — not a PDF you read later. Each entry links to the autopilot where it bites.
US law requiring internal controls over financial reporting for public companies. The IT side (ITGC) covers access control, change management, and segregation of duties. SOX ITGC audit autopilot →
No single person holds end-to-end authority over a sensitive process: whoever requests a change doesn't approve it, whoever approves doesn't deploy it. In an autopilot this maps to distinct human checkpoints held by different named owners. Bookkeeping autopilot →
US GAAP revenue-recognition standard: revenue is recognized when performance obligations are satisfied, not when cash arrives. Misclassification is a restatement risk, which is why a controller signs the close. Bookkeeping autopilot →
Restricts how tax preparers may use or disclose tax-return information — consent is required before data leaves the engagement. A credentialed preparer signs every filing. Tax-prep autopilot →
Protects health information (PHI): minimum-necessary access, audit trails, breach notification, business-associate agreements. Any autopilot touching patient data runs inside these rails. Medical-coding autopilot →
Liability for submitting false claims to government programs — treble damages, per-claim penalties. The core legal risk in coding and billing automation, and the reason a certified coder signs the risky claims. Medical-coding autopilot →
Payer approval required before a treatment or drug is covered. A denial without a physician's signature is a legal landmine — so the denial path always routes through a human. Prior-auth autopilot →
FDA rule for electronic records and signatures: tamper-evident audit trails and validated systems in pharma and clinical workflows. Pharmacovigilance autopilot →
State-law prohibition on non-lawyers giving legal advice. Document automation can draft; the advice that crosses the UPL line carries a licensed attorney's signature. Legal-docs autopilot →
Checking counterparties against the US Treasury's SDN and sanctions lists. Strict liability — which is why screening is a mandatory flow step, not a periodic batch job. KYC/AML autopilot →
Know Your Customer / Anti-Money-Laundering: identity verification, sanctions and PEP screening, suspicious-activity monitoring and SAR filing. A compliance officer signs the escalations. KYC/AML autopilot →
US fair-lending law: credit decisions must not discriminate on protected characteristics and must produce adverse-action notices. Lending autopilots carry disparate-impact testing as a gate. Mortgage autopilot →
Consent rules for calls/texts (TCPA) and caller-ID authentication (STIR/SHAKEN) — the constraints on any outbound voice or collections outreach. Collections autopilot →
A step where a named, qualified human reviews and signs before the flow continues. Every irreversible action — payment, denial, filing — sits behind one.
The cases an autopilot clears end-to-end with no human touch — high-confidence, low-risk, reversible work. Everything else escalates.
The threshold below which the autopilot refuses to act autonomously and routes the case to a person. Tunable per function, audited per decision.
Tamper-evident record of every autonomous decision: who decided, what, on what evidence, at what confidence. The artifact a regulator actually asks for.
A domain's regulations turned into flow steps, reviewers, and gates — attached automatically to the matching autopilot. All packs →