Mad About Marketing Consulting is an award-winning boutique consultancy firm that offers both B2C and B2B clients advisory services on marketing transformation, go-to-market and market expansion strategies.
When Jaslyn Qiyu from Mad About Marketing (MAMC) approached us, the challenge was clear:
A major bank’s creative teams were using GenAI tools to produce marketing images — but compliance, copyright, and regulatory risk were becoming a serious concern.
The bank needed more than just an AI checker.
They needed a secure, enterprise-grade compliance platform that could:
- Detect copyright infringement and unlicensed likenesses
- Verify compliance with MAS advertising regulations
- Validate brand alignment and creative effectiveness
- Produce audit-ready PDF reports
- Maintain full role-based access control, logging, and traceability
In short:
They needed GenAI speed with bank-grade governance.
That’s when WunderWaffen came into the picture.
The Mission
We submitted a proposal: design and build a GenAI Creative Compliance Platform that allows:
- Copywriters, designers, and campaign managers to upload AI-generated images
- Automated analysis using OpenAI, TinEye, and Kantar APIs
- Secure storage and versioning of creative assets
- Structured reporting for compliance, legal, and audit teams
- Full traceability for regulatory review
All inside a cloud-native, security-first architecture.
The Team We Assembled
It required a proper engineering team with enterprise delivery discipline:
- Overall Company Liaison
- Technical Lead
- Backend Developer
- Frontend Developer
- DevOps Engineer
- QA Engineer
This structure allowed us to run the project like a bank-grade delivery, not a startup experiment.
High-Level Architecture: How the Platform Works
At the core, we designed a cloud-native AWS microservices architecture.
Frontend Layer
- React.js application
- Hosted via CloudFront + S3
- Secure access via OAuth 2.0
Used by:
- Copywriters
- Designers
- Campaign managers
- Compliance officers
Backend & Processing Layer (AWS Lambda + Node.js)
All logic runs inside AWS Lambda containers using Node.js/Express, ensuring:
- Scalability
- Isolation
- Security
- Cost efficiency
Key components:
1. Auth & OAuth2 Layer
Manages:
- User authentication
- Role-based access (Creative, Compliance, Admin)
- Session security
2. Image Upload & Processing Engine
Handles:
- Secure upload of GenAI images
- Asset storage in AWS S3 with versioning
- File integrity checks
- Metadata tagging
3. Multi-API Integration Layer
This is where the intelligence happens.
The system orchestrates calls to:
- OpenAI (or other LLMs) – creative analysis & reasoning
- TinEye Reverse Image Search – copyright and source detection
- Kantar Brand Metrics API – performance benchmarking & brand metrics
All calls are:
- Logged
- Rate-limited
- Encrypted
- Auditable
4. Diagnostic Analysis Engine
Aggregates all signals and evaluates:
- Brand alignment
- Emotional tone
- Archetype classification
- Distinctiveness scoring
- Potential IP risks
- Likeness detection
- Regulatory flags
This is not a single score — it’s a multi-dimensional compliance profile.
5. Report Generation Engine
Automatically generates:
- PDF compliance reports
Includes:
- Risk flags
- Performance benchmarks
- IP findings
- Regulatory notes
- Timestamps and versioning
These reports are:
- Downloadable
- Audit-ready
- Immutable once generated
6. Audit Trail & Compliance Logging
Every action is logged into:
- PostgreSQL (RDS) – structured data (users, roles, actions)
- CloudWatch Logs & Metrics – operational traceability
This gives:
- Full chain-of-custody for every asset
- Complete traceability for regulators
- Internal audit confidence
The Three-Pillar Analysis Framework
We structured the platform around three core compliance pillars.
1. Creative & Branding Module
This answers:
“Does this creative align with our brand?”
Using OpenAI + custom logic, we analyze:
- Tone & emotional appeal
- Archetype classification
- Distinctiveness scoring
- Brand consistency markers
This prevents:
- Off-brand GenAI outputs
- Tone violations
- Inconsistent creative direction
2. Performance Benchmarking Module (Kantar Integration)
This answers:
“Is this creative actually effective?”
Using Kantar APIs, we assess:
- Power
- STEL
- Impact
- Comparative performance benchmarks
The platform visualizes:
- How this asset compares to industry standards
- Whether it meets internal performance thresholds
This turns compliance into a performance advantage, not just a risk control.
3. Copyright & Regulatory Compliance Module
This answers:
“Are we legally safe to use this?”
Using TinEye + AI detection, we check for:
- Reverse image matches
- Stock image misuse
- Celebrity or public figure detection
- Logo and trademark identification
- MAS advertising guideline violations
This is where most banks get burned.
We built this module with zero tolerance for ambiguity.
Security & Compliance Framework
This system is designed for financial institutions, not startups.
Regulatory Compliance
- MAS advertising guidelines integrated
- PDPA compliance enforced
- Full audit trails
- Role-based access control
Security Measures
- HTTPS/TLS everywhere
- Encryption at rest and in transit
- Secure API key vaulting
- Regular security assessments
- Penetration testing before production
No shortcuts. No assumptions.
Development Methodology
We ran this using a strict Agile delivery model.
Phase 1 – MVP (Weeks 1–6)
- Core upload flow
- API integrations
- Basic diagnostics
- Essential security
Phase 2 – Enhancement (Weeks 7–10)
- Advanced reporting
- UI/UX refinement
- Performance optimisation
- Full QA cycles
Quality Assurance
This was not “does it work on my laptop” testing.
We ran:
- Unit testing
- Integration testing
- User Acceptance Testing with stakeholders
- Security testing
- Load & performance testing
Because in banking:
If it breaks once, trust is gone.
Post-Launch Support & Future-Proofing
We designed this platform for Phase 2 evolution:
- Recommendation engines
- Predictive analytics
- Creative optimisation models
- ML training pipelines
- Campaign performance learning loops
This is not a tool. It’s a foundation layer for AI-driven creative governance.
Why This Matters (And Why Banks Are Moving This Way)
GenAI is already in your creative teams. Whether compliance likes it or not.
The question is:
Will you govern it, or will you explain it to regulators later?
This platform gives banks:
- Automated compliance enforcement
- Reduced legal risk
- Faster creative cycles
- Standardised decision-making
- Audit confidence
It turns GenAI from a liability into a controlled strategic asset.
Why WunderWaffen
This project required:
- Deep understanding of financial compliance
- Real-world AI integration experience
- Secure cloud architecture capability
- Ability to build and manage multi-disciplinary tech teams
- Understanding of Singapore’s regulatory environment
That’s exactly what we do. We don’t build demos. We build operational systems for regulated industries.
Ready to bring AI into your fold?
Most agencies talk about AI.
Most vendors talk about compliance.
Very few can engineer both into the same system.
That’s where WunderWaffen operates.
If your organisation is facing similar challenges around:
- GenAI governance
- Compliance automation
- AI risk management
- Or regulated AI deployment
Then we should talk.
Because GenAI without control is not innovation.
It’s exposure.
