In-house counsel · multi-branch letting agency group
Letting agent suite for in-house counsel
The problem
Counsel at a multi-branch agency owns the MLR-2017 compliance answer when the FCA or ICO comes calling. The branches each run their own check workflow; there's no central evidence trail; the screenshots scattered across SharePoint don't pass an audit. The cost of getting this wrong is the firm's authorisation, not just a fine.
How Stratum fits
The suite endpoint produces one PDF cert per check that's hash-bound to the request body — tampering breaks the signature, and the public verifier (stratumapis.com/verify/<hash>) confirms authenticity to an auditor in seconds. Centralise via API key tied to the firm so every branch's checks roll up to one dashboard. 7-year retention matches MLR-2017 record-keeping. Combine with the audit-trail dashboard for board-level reporting.
One request
# Request
curl https://api.stratumapis.com/v1/audit-log?customerId=$ID -H "x-stratum-key: $KEY"
# Response
{ "logs": [{ "checkId": "01HX...", "verdict": "pass", "branch": "Manchester", "timestamp": "..." }, ...] }Set $KEY from your dashboard.
Frequently asked
How is the PDF cert hash-bound?
Every request body produces a canonical JSON serialisation; we SHA-256 that and embed the hash in the PDF footer. Modifying the PDF or the underlying check breaks the binding. The public verifier route confirms a hash matches a real check on our side.
How do we satisfy the FCA in an audit?
Each cert + the central audit log + the API-key-to-firm mapping is the evidence chain. The audit-log endpoint exposes the full history per firm. Most counsel adopt after a 30-minute walkthrough.
Can we restrict which branches access which capabilities?
Pro tier — issue per-branch sub-keys with capability scopes. Available on request; contact us via the form on the Pro tier page.