Banking Regulatory Mapping — Sample

How RiskAI maps banking AI use cases and controls across frameworks: EU AI Act, ISO 23894, NIST AI RMF, and EBA guidance (with CRD/CRR alignment and Basel references).

EU AI Act ISO 23894 NIST AI RMF EIOPA Solvency II
Book a 30-min Risk Review

What This Sample Shows

A tangible excerpt of RiskAI’s regulatory mapping: how policies & procedures (workflows) align with obligations, with example use cases for bankers. Data is anonymized and illustrative.

Frameworks Covered

EU AI Act

Risk tiers, RMF, data governance, transparency, human oversight, PMM.

Articles 6, 9, 10, 13–15, 61
ISO 23894

AI risk management processes and control themes.

Clauses 5–7
NIST AI RMF

Govern — Map — Measure — Manage alignment.

Core Functions
EIOPA Guidance

Trust, fairness, human oversight, documentation, accountability.

Supervisory expectations

Cross-Framework Mapping (Excerpt)

Use Case Policy → Procedure (Workflow) EU AI Act ISO 23894 NIST AI RMF EIOPA / Solvency II Status
Claims Fraud Scoring POL-05 Bias & Fairness → PROC-05-A Bias Test Suite (BiasCheck Pre-Prod) Art. 10 (Data), Art. 14 (Oversight) 6.2 Risk treatment Measure (metrics) Fairness & oversight Implemented
Underwriting & Pricing POL-01 Risk Tiering → PROC-01-B Model Tiering (Intake Register) Art. 6 (Risk), Art. 9 (RMF) 5.3 Risk assessment Map (context) Model governance; rate filing evidence Implemented
GenAI Claims Assist POL-09 Human Oversight → PROC-09-C Approval Gate (Prod Gate) Art. 14 (Oversight) 6.2 Controls Govern (roles) Accountability & logs In Review
Monitoring (All Models) POL-12 PMM → PROC-12-A Monitoring (Ops Monitor) Art. 61 (PMM) 7 Continuous improvement Manage (response) Incident mgmt; remediation Implemented

Note: This is an excerpt. Full mappings include sub-controls, artifacts, and approver roles.

Per-Framework Obligations (Sample)

EU AI Act (Excerpt)
Art. 9 Risk Management → POL-01, POL-12
Art.10 Data Governance → POL-05
Art.13 Transparency → surfaced via Model Cards
Art.14 Human Oversight → POL-09 (Approval Gate)
Art.61 Post-Market Monitoring → POL-12 (Ops Monitor)
ISO 23894 (Excerpt)
5.3 Risk Assessment → Tiering & intake
6.2 Risk Treatment & Controls → Bias tests, approvals
6.3 Monitoring & Review → Drift/bias dashboards
7 Improvement → Incident RCA & CAPA
NIST AI RMF (Excerpt)
Govern → Policies, roles, responsibilities
Map → Context & intended use documentation
Measure → Fairness, robustness, performance tests
Manage → Alerts, incidents, corrective actions
EIOPA / Solvency II (Excerpt)
Trust & Fairness → Bias controls & approvals
Human Oversight → 3 Lines of Defense sign-offs
Documentation & Accountability → Audit binder exports
Solvency II → Model validation evidence linkage

How to Read This Mapping

Policies articulate governance intent, procedures define how controls are executed, and workflows provide tangible artifacts (reports, logs, approvals). Each row ties to evidence IDs you can audit.

  • Policies (POL-xx): Governance intent aligned to frameworks
  • Procedures (PROC-xx): Operational steps with ownership
  • Workflows: Systemized actions producing artifacts (PDF/CSV/JSON, signatures, audit logs)

Want the Full Mapping?

Get the complete, role-based matrix with control IDs, approvers, and artifact examples for your lines of defense.

Book Risk & Controls Deep Dive