AI Risk & Governance
The practitioner's guide to
AI risk management.
Free templates, frameworks, and guides for compliance and risk teams navigating AI governance. No vendor pitch. No enterprise paywall. Just the tools you need to build a defensible AI risk program.
Aligned with NIST AI RMF, SR 11-7, and emerging state AI laws.
Practitioner-First
Built for the person who just got handed AI governance and needs to show progress by next quarter. Not a 200-page consulting framework — actionable tools you can deploy this week.
US Regulatory Focus
Mapped to what US regulators actually cite: SR 11-7, NIST AI RMF, OCC guidance, Colorado AI Act, NYC Local Law 144. Written for financial services teams that answer to examiners.
Mostly Free
AI governance is a fast-moving field. Most of these resources are free because getting the fundamentals right shouldn't require a procurement cycle.
Template Guides
Need an AI risk assessment or vendor questionnaire? Start here.
These guides explain what belongs in each template, show practical field examples, and point you to the working version when you’re ready to use it.
Free Resources
Start here. No email required for guides.
Frameworks, templates, and guides you can use today. We're building the resource center we wish existed when we started.
AI Risk Assessment Guide
A free introductory guide to AI risk assessment for financial services teams.
- AI risk fundamentals overview
- Key risk categories and considerations
- Practical getting-started guidance
Threat Modeling for Agentic Payments
20,000-word deep dive on threat modeling for AI-powered autonomous payment systems. Formal taxonomy, tiered controls, and regulatory mapping.
- 5 threat categories, 7 control domains
- US, UK, and EU regulatory analysis
- Real attack scenarios from live infrastructure
AI Model Inventory Template
Free Excel template to catalog every AI system in your organization. The universal first step every regulation requires — and the thing most companies still haven't done.
- Pre-built fields for SR 11-7 alignment
- Risk tiering with scoring criteria
- Covers in-house models and vendor AI
Colorado AI Act Compliance Checklist
SB 205 requirements mapped to NIST AI RMF subcategories. The crosswalk nobody else has published — with the June 2026 deadline approaching fast.
- NIST AI RMF affirmative defense mapping
- Impact assessment template included
- Consumer notification requirements
Shadow AI Governance Playbook
76% of organizations have unauthorized AI in production. This playbook covers detection, policy, and controls — without requiring an enterprise platform.
- Discovery and detection methods
- Acceptable use policy template
- Amnesty program framework
AI Bias Audit Documentation Kit
Step-by-step bias audit documentation for NYC Local Law 144 and Colorado SB 205 compliance. The template almost nobody has published.
- Disparate impact testing methodology
- Audit documentation checklist
- Scoring rubric and escalation criteria
Premium Templates
When you need the full toolkit.
Operational templates with Excel dashboards, assessment checklists, and governance documentation. Built for teams that need to show progress to regulators and bank partners.
AI Risk Assessment Template & Guide
A complete framework for identifying, assessing, and mitigating AI-related risks in regulated financial institutions. Includes policy templates, pre-deployment checklists, AI Use Case Inventory with auto-tiering, bias assessment tools, 8 worked examples (Fraud Detection, Customer Chatbot, Credit Underwriting, AML Monitoring, Marketing GenAI, Shadow AI ChatGPT, BaaS KYC AI, Crypto Sanctions AI), a filled third-party vendor questionnaire (OpenAI), and an 8-response Bank Partner Response Library — mapped to the 2026 regulatory landscape: NIST AI RMF 1.1, the OCC's 2026 model risk management guidance (which replaced SR 11-7), Colorado AI Act, FS AI RMF (FinCEN), CFPB ECOA AI provisions, and EU AI Act high-risk requirements. Bank partners and regulators are starting to ask pointed questions about AI governance — and "we're working on it" isn't cutting it anymore. This kit gives you a structured assessment methodology with scoring criteria, a use case inventory you can populate in an afternoon, a third-party AI vendor questionnaire, pre-written responses to the most common bank partner AI governance questions, and worked examples for calibration. Built to complement your existing risk and compliance functions — so your team spends time on model-specific work, not rebuilding templates from scratch.
- AI Use Case Inventory tab with auto-tiering formula (consumer impact + decisioning role + PII + regulatory touchpoint)
- 44-question pre-deployment risk assessment scorecard across 11 risk domains
- 31-question third-party AI vendor due diligence questionnaire
- 8 pre-filled worked examples: Fraud Detection, Customer Chatbot, Credit Underwriting, AML Monitoring, Marketing GenAI, Shadow AI ChatGPT, BaaS KYC AI, Crypto Sanctions AI
- Filled vendor questionnaire (OpenAI) — what acceptable answers look like
- Bank Partner Response Library PDF — 8 pre-written responses to the most common bank partner AI governance questions
- AI Governance Dashboard tab and quarterly Board Report tab
- Shadow AI Register tab and discovery methodology
AI risk and governance articles
Years in risk and compliance
SR 11-7, NIST AI RMF, state AI laws
Latest Insights
AI Risk & Governance Journal
EU AI Act Digital Omnibus: What the December 2027 Deadline Deferral Means for Financial Services AI Teams
The EU AI Act's Digital Omnibus deal, reached May 7, 2026, defers Annex III high-risk AI obligations from August 2, 2026 to December 2, 2027. Here's what changed, what didn't, and how financial services AI teams should use the extra 16 months.
EU AI Act Article 5 Prohibited AI Systems: The Compliance Checklist Financial Institutions Can't Ignore
Article 5 prohibitions have been in force since February 2025 and the enforcement regime launched August 2025. Here's what financial institutions must audit, stop doing, and document — with the credit scoring carve-out explained.
EU AI Act High-Risk AI in Financial Services: What Banks and Fintechs Must Document by August 2, 2026
Annex III of the EU AI Act covers credit scoring, insurance pricing, and financial standing assessment. Here's what the seven compliance obligations actually require — and who they apply to.
AI Red Teaming Techniques: How to Stress-Test LLMs Before Deployment
A practitioner's playbook for AI red teaming in financial services. Covers the five attack categories regulators care about, how to structure an exercise, what scoring looks like, and how to document results for examiners.
Disparate Impact Testing Techniques: Statistical Methods Examiners Actually Accept
The four statistical methods used in fair lending disparate impact testing — adverse impact ratio, regression analysis, Fisher's exact test, and BISG proxy methodology — and how to document them for exam readiness even after the federal regulatory shift.
AI Risk Assessment Template: Pre-Deployment Checklist for Financial Services
A pre-deployment AI risk assessment for banks and fintechs — model inventory, tiering, scorecard, and the controls examiners ask about under SR 26-02 and FS AI RMF.
The AI regulatory landscape is moving fast.
Colorado's AI Act takes effect June 2026. NYC Local Law 144 is already live. NIST AI RMF 1.1 dropped in March. OCC examiners are applying SR 11-7 to AI models right now. More than half of US states have introduced AI legislation.
We track all of it. Our journal covers every major regulatory development, enforcement action, and framework update — with practical guidance on what it actually means for your program.
Immaterial Findings ✉️
Weekly newsletter
Sharp risk & compliance insights practitioners actually read. Enforcement actions, regulatory shifts, and practical frameworks — no fluff, no filler.
Join practitioners from banks, fintechs, and asset managers. Delivered weekly.