QFCDR WatchDog detects all 28 PII categories across three compliance tiers — Article 11, Article 12, and QCB DHPR 2025 — using regional AI models, Vespa-powered pre-detection, and automated enforcement workflows aligned to QFC Data Protection Regulations 2021.
QFC entities operate under a layered framework — QFCDR 2021, QCB DHPR 2025 — yet most compliance tooling was built for GDPR and misses Qatar-specific obligations entirely.
QFCDR Art.11 (standard PII), Art.12 (sensitive PII with 11 lawful conditions), and QCB DHPR 2025 create a compliance matrix that generic tools cannot map. A single KYC document can trigger all three tiers simultaneously.
QCB DHPR introduces financial-specific categories — account numbers, credit scores, transaction data, wealth profiles — absent from GDPR. Institutions using GDPR-tuned scanners miss an entire compliance tier.
QFC requires DPO notification within 72 hours. A separate QCB notification may also apply for regulated financial institutions. Without automated detection pipelines, institutions chronically miss these deadlines.
Qatar's data sovereignty requirements and regional AI ecosystem — G42/Falcon, Saal.ai — mean compliance tooling cannot rely on US-hosted LLM APIs. Document content must never leave the jurisdiction.
QFCDR WatchDog covers the complete QFC compliance lifecycle — not just detection, but enforcement documentation regulators can inspect.
Vespa-powered pre-detection runs deterministic regex patterns across all document repositories. 28 PII pattern families matched before AI inference — fast, zero false-negative architecture.
Vespa · Regex · 28 PII typesRegional LLMs (Claude, Falcon/G42, Saal.ai) classify each PII entity against the three-tier framework. Article 12 sensitive categories receive individual lawful basis evaluation (conditions A through K).
Claude · Falcon · Saal.ai · Art.12 A–KAutomated redaction of high-risk PII, DSR compilation with 30-day tracking, cross-border transfer analysis against QFC adequacy list, and Art.16 processing record generation.
Redact · DSR · Records · Cross-BorderThe Enforcement Analysis Report PDF delivers 8 structured sections — Risk Assessment, Findings Register, Enforcement Matrix, Breach Notification, Cross-Border, DSR Readiness, Processing Records, Action Plan — plus Appendix A with anonymised document evidence.
8-section PDF · Appendix A · QFC DPO-readyDeterministic Vespa pre-detection followed by LLM NER across all 28 PII categories. Article 12 sensitive categories trigger individual lawful-basis evaluation against conditions A–K before any processing decision.
8-section QFC DPO-ready PDF with Risk Assessment, Findings Register, Enforcement Matrix, Breach Analysis, Cross-Border exposure, DSR Readiness, Processing Records, Action Plan, and Appendix A.
PDF · Appendix ASpecialised detection for Know-Your-Customer and Anti-Money Laundering document workflows. Identifies account numbers, IBAN/BIC, credit scores, transaction identifiers, and beneficial ownership data under QCB DHPR 2025.
QCB DHPR 2025Validates data flows against the QFC adequacy country list, flags transfers requiring QFC Standard Contractual Clauses (4 modules), and flags recipients without adequate protection automatically.
QFC SCCs · Adequacy ListAutomated DSR compilation covering Art.17–22 rights (access, rectification, erasure, restriction, portability, objection). Extension tracking for complex requests (+60 days). Full audit trail per request.
Art. 17–22Automated generation of Article 16 processing activity records across all document categories, controller/processor chains, retention schedules, and legal basis documentation — continuously kept current.
Art. 16 · RoPAChoose the AI model that meets your sovereignty requirements. Anthropic Claude via API, G42/AI71 Falcon deployed in UAE/Qatar data centres, or Saal.ai for fully on-premise Qatar-local inference — all provider-switchable at runtime.
Claude · Falcon · Saal.aiAutomated breach severity classification and dual-track notification workflow. QFC DPO notification is mandatory within 72 hours. Separate QCB notification applies for regulated financial institutions under QCB DHPR 2025. Data subject notification is discretionary under QFCDR (unlike mandatory GDPR) — the system flags the risk threshold and documents the decision rationale.
A two-stage detection pipeline — deterministic pre-detection, then AI semantic analysis — ensures every PII entity is caught before it becomes a compliance exposure.
Point QFCDR WatchDog at your document stores — Alfresco, SharePoint, SQL databases, email archives, or local file systems. Vespa indexes content immediately.
28 regex PII pattern families run deterministically across all indexed content. Candidate PII entities are flagged with tier assignment before any AI call — fast, auditable, zero false-negatives.
Your chosen LLM provider (Claude, Falcon/G42, Saal.ai) receives pre-detected candidates for semantic verification and tier classification. Article 12 sensitive categories receive individual lawful-basis assessment against conditions A through K.
High-risk PII is redacted, DSR requests are compiled against the subject's data footprint, cross-border transfers are validated against the QFC adequacy list, and Article 16 processing records are updated.
The 8-section PDF is produced with full finding evidence, enforcement matrix, breach notification analysis, and Appendix A containing the anonymised source document. QFC DPO-ready on demand.
A typical QFC financial institution KYC onboarding document — before and after QFCDR WatchDog processing.
Client: Mohammed Khalid Al-Rashidi
QID: 28481234567890
Passport: QA-7894321
Date of Birth: 15 March 1984
Address: Villa 14, Al Waab Street, Doha, Qatar
Health Condition: Type 2 diabetes — disclosed for insurance waiver
Religion: Islam
Account No: QA57QNBA000000000069123456
Credit Score: 742 / Excellent
Transaction Ref: TXN-2024-QFC-00847
Client: ██████████████████
QID: █████████████████
Passport: ██████████
Date of Birth: ████████████
Address: ███████████████████████████
Health Condition: BLOCKED — Art.12 Cond.A consent absent
Religion: BLOCKED — Art.12 Cond.B missing
Account No: QA57****…****3456 (masked)
Credit Score: ███ / ██████ (pseudonymised)
Transaction Ref: TXN-████-QFC-█████
Every article that creates a compliance obligation for QFC-registered entities is mapped to an automated enforcement workflow.
15 categories of standard PII processed only with a lawful basis. Full name, QID, passport, address, DOB, email, phone, IP address, employment data, financial basics, and location data.
8 sensitive categories requiring one of 11 specific lawful conditions (A–K). Racial/ethnic origin, political opinions, religious beliefs, trade union membership, health data, biometric, genetic, and sexual orientation data.
Mandatory record of processing activities covering purpose, legal basis, data categories, retention periods, controller/processor chains, and cross-border transfers. Auto-generated and maintained.
Access, rectification, erasure, restriction of processing, data portability, and objection rights — all with 30-day response deadline tracking and audit trail documentation.
Transfers to QFC-adequate countries permitted. Transfers to non-adequate countries require QFC Standard Contractual Clauses (4 modules available). Adequacy list validated automatically per transfer event.
Breach detection, severity classification, 72-hour QFC DPO notification package, data subject notification risk assessment (discretionary under QFCDR), and post-breach remediation tracking.
5 additional financial-specific PII categories under Qatar Central Bank Data Handling & Protection Regulation — account numbers, credit scores, transaction data, wealth profiles, and beneficial ownership. Dual notification: QFC DPO + QCB.
Qatar's data sovereignty requirements mean your compliance AI must respect your data residency. QFCDR WatchDog runs on any of three provider tiers — switchable at runtime.
Claude Opus 4 and Claude Sonnet 4 via Anthropic API. Highest capability for complex Art.12 lawful-basis analysis and multi-document synthesis. Best suited for organisations with cloud data agreements.
Falcon 3 and Falcon 3 Mamba via G42 / AI71 platform, hosted in Abu Dhabi and Qatar data centres. Regional data residency by design — recommended for QCB-regulated financial institutions requiring Gulf data sovereignty.
Fully air-gapped Qatar-local deployment. Arabic-first model with deep Gulf financial vocabulary. Zero data egress — document content never leaves the institution's infrastructure. For the strictest sovereignty requirements.
Deployed within your QFC-registered entity's own infrastructure. Full control over AI model selection, data flows, and audit logs. Supports all three LLM provider tiers.
Full data controlDeployed in your private cloud tenancy within Qatar or UAE data centres. G42 / AI71 hosting natively supported. Meets QCB data residency requirements for financial institutions.
Qatar data residencyFully isolated network deployment with Saal.ai on-premise inference. Zero external API calls. Ideal for QCB-regulated institutions with strict network isolation requirements or classified client portfolios.
Zero data egressStandard PII (Art.11) processed via cloud LLMs; sensitive PII (Art.12) and QCB DHPR financial categories processed exclusively by on-premise models. Tier-aware routing at classification time.
Tier-aware routingFour real QFCDR WatchDog demo scenarios showing actual system output across the most common QFC financial institution document types.
Client onboarding for Ahmed Al-Mansouri, QID: 28390012345678, Passport: QA-1234567. DOB: 12 Sep 1983. Address: Villa 7, Pearl Qatar, Doha. Source of wealth: property. Health declaration: hypertension, on medication. Religion for estate planning: Muslim — Shia. Account: QA63CBQM000000000002345678. Credit rating: BBB+ (Moody's).
Wealth management profile for Fatima Al-Sulaiti, relationship manager Yousef Karimi. Portfolio value: QAR 14.2M. Risk tolerance: aggressive growth. Health note (longevity planning): chronic kidney disease, stage 3. Investment mandate excludes non-halal instruments per client religious preference. Beneficiary: Omar Al-Sulaiti (son), QID: 29100067890123.
HR file: Khalid Ibrahim Al-Farsi, Senior Analyst, QID: 28765432109876. Salary: QAR 52,000/month, IBAN: QA58QNBA000000000012345678. Biometric access profile: fingerprint hash 7f3a9c2d, iris scan registered. Medical: colour blind (red-green) — accessibility accommodation. Trade union membership: Doha Financial Workers Association.
Suspicious Activity Report — case SAR-2024-QFC-00291. Subject: Ali Hassan Al-Thani, QID: 28155678901234. Beneficial owner: Al-Thani Holdings WLL (100%). Transactions flagged: QAR 4.7M — 23 transactions in 14 days. Linked accounts: QA12AAAA…, QA34BBBB…, QA56CCCC…. Political exposure: PEP status — Tier 2.
Request a personalised demo with your own document samples. We run a live QFCDR compliance scan and deliver an Enforcement Analysis Report within 48 hours.
A TexterBlue compliance specialist will contact you within one business day to schedule your personalised QFCDR WatchDog demo.