Sample Wealth & Asset Management Audit Binder

An audit-ready sample binder for WAM AI models. Includes policies, procedures, workflows, mapped obligations, evidence artifacts, approvals, and post-market monitoring for robo-advice, portfolio optimization, best-execution, and surveillance.

MiFID II EU AI Act ISO 23894 NIST AI RMF ESMA · SEC · FCA
Book a 30-min Risk Review

Executive Summary

Use Case: AI-Assisted Portfolio Recommendations (Robo-Advice) · Business: Discretionary Portfolio Management · Model: Ensemble (GBM + Rules)

This sample illustrates how RiskAI produces audit-ready evidence: policy → procedure → workflow mapping, regulatory coverage (MiFID II, EU AI Act), test results, approvals, best-execution evidence, and post-market monitoring.

Binder Contents

1. Model Overview & Ownership
  • Business context & KPIs (suitability pass rate, drift, client outcomes)
  • Data sources & lineage (KYC, risk profile, markets)
  • Risk tier & intended use (advice vs. execution-only)
  • RACI & roles (Front Office, Risk, Compliance, Audit)
2. Regulatory & Control Mapping
  • MiFID II (suitability, best-ex, conflicts), EU AI Act
  • Policy → Procedure → Workflow links
  • Evidence IDs & artifacts
3. Validation Evidence
  • Suitability & appropriateness tests
  • Performance & scenario/stress tests
  • Explainability (recommendation rationale)
4. Approvals & Sign-offs
  • 1st/2nd/3rd line approvals
  • Approval gate outputs (Pre-Prod → Prod)
  • Immutable audit trail
5. Monitoring & Incidents
  • Drift/quality/surveillance thresholds
  • Best-ex outlier alerts, greenwashing checks
  • Corrective actions (CAPA)
6. Appendix
  • Model cards & logs
  • Workflow definitions
  • Raw artifacts (PDF/CSV/JSON)

Model Overview & Ownership

Model Register / Intake Screenshot Placeholder
  • Owner: Head of Digital Advice
  • Risk Tier: High (Client Advice)
  • KPIs: Suitability pass %, AUC (propensity), churn impact, complaints rate
  • Lineage: KYC/Risk Profile, positions, market data
EVID-100

Regulatory & Control Mapping (Excerpt)

Control ID Policy → Procedure (Workflow) Framework Mapping Status Evidence
POL-07 Suitability & Appropriateness → Suitability Checks (Suitability — Recommendation) MiFID II Art. 25; ESMA Suitability; EU AI Act Art. 14 Implemented EVID-207
POL-08 Best Execution & Conflicts → Execution Evidence (BestEx — Trade Binding) MiFID II Art. 27; RTS; Conflicts policies Implemented EVID-308
POL-10 Marketing Fairness → Surveillance Review (Surveillance — Marketing) Conduct (fair, clear, not misleading); SEC/FCA guidance Implemented EVID-510
POL-12 Post-Market Monitoring → Monitor & Incidents (Monitoring — Ops) EU AI Act Art. 61; Ongoing oversight Implemented EVID-612

Note: Full binder includes sub-controls, approver roles, thresholds, and artifact references.

Validation Evidence — Suitability & Appropriateness

Suitability Test Report / Rationale Snapshot Placeholder

Timestamp: 2025-07-10 11:32 UTC

Result: PASS — suitability acceptance 98.7% (threshold ≥ 97%)

Explainability: Client-level rationale generated & archived

Approvals: Front Office ✔ · Compliance ✔

EVID-207
Explainability & Stress (Excerpt)
Local rationale stored per recommendation (XAI IDs XAI-207-1..XAI-207-50)
Stress: Rate shock +300 bps → suitability ≥ 96.9% (alert below 97%)
Documented edge cases auto-routed to human review

Best-Execution Evidence

Best-Ex TCA / Venue Comparison Snapshot Placeholder

Scope: Equity & ETF orders; sample month

Metrics: Slippage vs. NBBO, venue latency, hit ratios

Outcome: Meets policy thresholds; 3 outliers escalated

EVID-308
Conflicts & Oversight (Excerpt)
Conflicts attestations collected quarterly (ATT-308-Q2)
Outliers → Review board minutes RBM-308-07 with decisions & CAPA
RTS reporting datasets archived (ANON)

Approvals & Sign-offs

Approval Workflow & e-Signatures Placeholder

Approvers: Model Owner (1st), Risk (2nd), Audit (3rd as needed)

Artifacts: Signed PDF, approval metadata, version tag

Audit: Immutable log entry AL-509-A

EVID-509

Monitoring, Surveillance & Incidents

Ops Monitoring Dashboard & Alert Record Placeholder

Signals: Data drift, suitability exceptions, best-ex outliers, marketing claims flags

Action: Severity-based escalation; rollbacks supported

Outcome: CAPA recorded; thresholds tuned; board notified

EVID-612
Runbook Excerpt
Trigger: Suitability pass < 97% for 2 intervals OR best-ex outliers > policy
Steps: Notify Front Office → Freeze auto-recommendations for impacted cohort
→ RCA → Method tweak → Re-validate → Approval gate
Records: INC-612-09, CAPA-612-12

Appendix — Workflow Definitions

Suitability — Recommendation

Inputs: KYC, risk profile, constraints

Outputs: Client rationale (PDF/JSON), pass/fail, approvals

Gate: Blocks deploy on fail

BestEx — Trade Binding

Inputs: Order data, venues, quotes

Outputs: TCA report, outlier escalations

Gate: Policy thresholds enforceable

Monitoring — Ops

Signals: Drift, suitability, best-ex, marketing

Outputs: Alerts, incident record, CAPA

SLA: Severity-based escalation

Want the Full Binder?

Get the complete, role-based binder with artifacts and read-only access for internal audit or your risk committee.

Book Risk & Controls Deep Dive