Solution · Financial Services
Govern model risk and AI obligations on one record.
One operating record across model risk, AI Act obligations and supervisory expectations — for the systems your bank, insurer or asset manager runs.
FRD-021Retail credit decisioning
High-risk · Annex IIIOwner · Head of Model Risk
Model
GBM challenger v3.4
Validated 2026-04-18
Vendor
In-house · MRM-reviewed
Jurisdictions
UK · EU27
Population stability
Within threshold
Drift checked 2026-06-19
EU AI Act · obligations mapped ISO 42001 · controls active Annex IV §3 held open
DERIVED FROM ONE RECORDv2026.06
The sector problem
Model risk and AI governance still live in different rooms.
Model risk holds the validation file. Compliance holds the obligation. Engineering holds the system. The board carries the accountability — without a single defensible view.
One record makes the link explicit: the system, the validation, the obligation and the owner — every line cited.
FRD-021 · today
Three sources of truth
Model Risk
Validation memo (PDF)
Monitoring deck (PPT)
Compliance
Obligation tracker
Policy register
Engineering
MLflow runs
Drift dashboard
ON HAEL · ONE RECORDFRD-021
What matters here
The capabilities a regulated balance sheet needs first.
01
Model risk on the record
Validation evidence, monitoring thresholds and challenger results live on the same record as the obligation and the owner.
Validation · 2026-04-18
PSI within tolerance · KS 0.32
02
AI Act high-risk discipline
Credit-decisioning and insurance-pricing systems classified to Annex III, with the Annex IV technical file built from sourced controls.
EU AI Act
Annex III §5(b) · cited
03
Board-grade readiness
A single defensible posture per system and across the estate — every point explained, no spreadsheet rebuilds.
Readiness
71 / 100 · 6 gaps named
FRD-021Retail credit decisioning
One record
EU AI ActAnnex III · Annex IV
ISO/IEC 42001AIMS · SoA
NIST AI RMFGovern · Map · Measure · Manage
GDPRDPIA · ROPA · Art. 22
DERIVES FROM ONE RECORD4 frameworks
Through-line
One record. Every framework that applies to you.
EU AI Act, ISO/IEC 42001, NIST AI RMF and GDPR derive their evidence from the same record — never re-keyed, never re-narrated.
When the record changes, every framework view changes with it.
Proof
An Annex IV technical file, sourced.
FRD-021 · Annex IV technical file
Sourced
Annex IV §1 — General descriptionFRD-021 · Registry
Annex IV §2 — Detailed descriptionFRD-021 · Documents
Annex IV §3 — MonitoringHeld open · 2 evidence items pending
Annex IV §4 — Performance metricsMRM Validation · 2026-04-18
Annex IV §5 — Risk managementISO 42001 SoA · 14 controls
EVERY LINE CITEDv2026.06