Wealth & Asset Management Regulatory Mapping — Sample

How RiskAI maps WAM AI use cases and controls across frameworks: MiFID II, EU AI Act, ISO 23894, NIST AI RMF, and ESMA / SEC / FCA guidance (with suitability, best execution, and surveillance).

MiFID II EU AI Act ISO 23894 NIST AI RMF ESMA · SEC · FCA
Book a 30-min Risk Review

What This Sample Shows

A tangible excerpt of RiskAI’s regulatory mapping for wealth & asset management: how policies & procedures (workflows) align to obligations, with anonymized use cases. Each row ties to artifacts you can audit.

Frameworks Covered

MiFID II / Conduct

Suitability, appropriateness, product governance, best execution, conflicts.

Arts. 24–27; ESMA Guidelines
ISO 23894

Risk assessment → Tiering & intake

Complete ISO 23894, 31000
EU AI Act

Risk tiers, RMF, data governance, transparency, human oversight, PMM.

Arts. 6, 9–10, 13–15, 61
NIST AI RMF

AI risk processes; Govern–Map–Measure–Manage alignment.

NIST AI RMF Core

Cross-Framework Mapping (Excerpt)

Use Case Policy → Procedure (Workflow) MiFID II / Conduct EU AI Act ISO / NIST Status
AI-Assisted Recommendations (Suitability) POL-07 Suitability → PROC-07-B Suitability Checks (Suitability — Recommendation) Art. 25; ESMA Suitability Art. 14 (Oversight) ISO 6.2; NIST Measure Implemented
Best Execution (Trade Binding) POL-08 BestEx & Conflicts → PROC-08-A Execution Evidence (BestEx — Trade Binding) Art. 27; RTS 28 / policies Art. 13 (Transparency) ISO 5.3; NIST Map Implemented
Surveillance (Marketing/Communications) POL-10 Marketing Fairness → PROC-10-A Review (Surveillance — Marketing) Conduct / fair, clear, not misleading Art. 13 (Transparency) ISO 6.2; NIST Govern Implemented
Post-Market Monitoring (All Models) POL-12 PMM → PROC-12-A Monitoring
(Monitoring — Ops) 		Ongoing oversight Art. 61 (PMM) ISO 7; NIST Manage Implemented

Note: Full mappings include sub-controls, approver roles, artifacts (PDF/CSV/JSON), and thresholds per policy.

Per-Framework Obligations (Sample)

MiFID II / ESMA (Excerpt)
Art. 25 Suitability → POL-07 / PROC-07-B
Art. 27 Best Execution → POL-08 / PROC-08-A
Conflicts Mgmt → Attestations, surveillance linkage
Product Governance → Model register, approval gates
ISO 23894 (Excerpt)
ISO 5.3 Risk assessment → Tiering & intake 
ISO 6.2 Treatment → Bias, performance, approvals
EU AI Act (Excerpt)
Art. 6 Risk tiering → POL-01 (Model Register)
Art.10 Data governance → Bias/quality tests
Art.14 Human oversight → Approvals & overrides
Art.61 Post-market monitoring → POL-12 (Ops Monitor)
NIST AI RMF (Excerpt)
NIST Measure/Manage → Monitoring, incidents, CAPA
Govern → Policies, roles, audit trail

How to Read This Mapping

Policies articulate governance intent; procedures define how controls are executed; workflows produce tangible artifacts (reports, logs, approvals). Each row corresponds to an evidence pack your auditors can trace.

  • Policies (POL-xx): Governance intent aligned to frameworks
  • Procedures (PROC-xx): Operational steps with ownership
  • Workflows: Systemized actions producing artifacts (PDF/CSV/JSON, signatures, audit logs)

Want the Full Mapping?

Request the complete role-based matrix with control IDs, approvers, thresholds, and artifact examples for your lines of defense.

Book Risk & Controls Deep Dive