1) Executive Overview
Use Case: Portfolio Optimization (Anonymized)
Business Line: Discretionary Portfolio Management (UCITS/AIF)
Model Type: Hybrid quant (factor model + heuristic rules) with GenAI advisor assist
Purpose: Improve after-fee risk-adjusted returns while meeting suitability constraints.
This sample shows how RiskAI dynamically maps WAM use cases to MiFID II, the EU AI Act, ISO 23894, NIST AI RMF, and ESMA/SEC/FCA guidance, auto-generating evidence (model cards, tests, approvals) to cut review cycles from weeks to days.
2) Policy → Procedure → Workflow
Client Suitability & Appropriateness
All AI-assisted recommendations must be demonstrably suitable to the client’s profile and risk tolerance; overrides documented.
POL-07Run Suitability Checks
Bind client profile, product risk, and rationale; capture advisor notes and e-sign off.
PROC-07-BSuitability — Recommendation
- Triggered: Pre-trade & portfolio change
- Outputs: Suitability PDF, rationale JSON, advisor e-sign
Best Execution & Conflict Management
Trading must evidence venue selection, price improvement, and conflict controls per policy.
POL-08Capture Execution Evidence
Archive input quotes, venue choice, outcome metrics; attach to trade.
PROC-08-ABestEx — Trade Binding
- Triggered: On trade
- Outputs: BestEx PDF, metrics JSON, conflict attest
3) Controls & Evidence Table
| Control ID | Policy | Procedure | Workflow | Regulatory Ref | Status | Evidence |
|---|---|---|---|---|---|---|
| POL-01 | Model Risk Classification | Model Tiering | Tiering — Intake | EU AI Act Art. 6; ISO 23894 5.3 | Implemented | EVID-101 |
| POL-07 | Suitability & Appropriateness | Run Suitability Checks | Suitability — Recommendation | MiFID II Art. 25; ESMA Suitability Guidelines | Implemented | EVID-207 |
| POL-08 | Best Execution & Conflicts | Capture Execution Evidence | BestEx — Trade Binding | MiFID II Art. 27; RTS 28 / best-ex policies | Implemented | EVID-308 |
| POL-12 | Post-Market Monitoring | Monitor Drift & Incidents | Monitoring — Ops | EU AI Act Art. 61; NIST “Manage” | Implemented | EVID-512 |
4) Evidence Snapshots
EVID-101 — Model Register / Tiering (Intake)
Timestamp: 2025-07-08 10:42 UTC
User: quant.lead@wam.example
Result: Tier = High Risk (Investment decisions)
Artifacts: JSON intake, owner sign-off
EVID-207 — Suitability Check (Pre-Trade)
Timestamp: 2025-07-12 09:14 UTC
User: advisor@wam.example
Result: PASS — portfolio within client risk band
Approvals: Advisor e-sign ✔; Compliance spot-check ✔
EVID-512 — Controls Assessment
Signal: Factor drift (value tilt ↑ beyond threshold)
Action: Escalated per runbook; re-opt request opened
Outcome: CAPA logged; guardrail adjusted
5) Regulatory Mapping (Excerpt)
MiFID II / ESMA (Suitability, BestEx, Conflicts) • Art. 25 Suitability → POL-07 (Suitability), PROC-07-B (Checks) • Art. 27 Best Execution → POL-08 (BestEx), PROC-08-A (Evidence) • Conflicts Mgmt → BestEx attestations & surveillance EU AI Act • Art. 6 Risk tiering → POL-01 (Model Register & Tiering) • Art.14 Human oversight → Approvals & overrides bound to artifacts • Art.61 Post-market monitoring → POL-12 (Monitoring — Ops) ISO 23894 / NIST AI RMF • 5.3 Risk assessment; Govern–Map–Measure–Manage alignment
Appendix: Workflow Definitions
Trigger: Before recommendation or portfolio change
Inputs: Client profile (KYC, risk rating), product risk, constraints
Steps: Check fit → create rationale → advisor notes → e-sign → archive
Outputs: Suitability PDF, rationale JSON, signatures, audit log ID
Trigger: On each trade
Inputs: Quotes, venues, algos, conflict flags
Steps: Venue selection → execute → capture metrics → archive
Outputs: BestEx PDF, metrics JSON, conflict attest, audit log ID
Trigger: Scheduled & real-time
Signals: Drift (factors/risk), bias, data quality, conflicts, incidents
Outputs: Alerts, incident record, CAPA, audit log ID