RegRisk Legal Solutions

When regulators ask how an AI-driven decision was made, “we don’t know” is no longer survivable. That is the emerging supervisory expectation around AI, reporting and operational control. Most firms have more data, more models, more vendors and more automated workflows than ever. But complexity is not control. If the outcome cannot be replayed, the firm cannot prove how it was produced. That exposes accountable managers to a growing trust gap across: ▪️data ▪️models ▪️context ▪️third parties ▪️evidence The answer is not another policy pack. It is assurance architecture. Lineage. Evidence. Replay. The RegRisk Control Forum on 15 October will bring senior banking decision-makers together to work through what must be built before the 2027 test hardens. Request an invitation: Corrina@regrisksolutions.com Build once. Prove everywhere. #RegRiskControl #DigitalAssurance #AIGovernance #DataGovernance #OperationalResilience 🙏 Dominic S. Stephane MAHMOUDI Philip Miller Balvinder Dang First Derivative Datavid The Association of Governance, Risk & Compliance (AGRC) Cynthia Laumuno John Neasham Natalie Paton PJ Di Giammarino

The firms that win with AI will be the ones customers, regulators and markets trust first. Everyone else will spend the next three years trapped in remediation, challenge and escalating supervisory pressure. The next question is where that gap comes from. It starts in systems that were never designed to behave predictably, preserve context or produce evidence on demand. That is why compliance has become infrastructure. Supervisors are testing whether firms can show: ▪️how data was sourced ▪️how decisions were derived ▪️whether outcomes can be reproduced ▪️whether evidence can be produced under pressure AI will not scale on top of fragmented control architecture. Read “Compliance Has Become Infrastructure” 👇 DM Corrina Stokes to request an invitation to our RegRisk Control Forum on 15 October Build once. Prove everywhere. 🙏 Dominic S. Stephane MAHMOUDI Philip Miller Balvinder Dang First Derivative Datavid The Association of Governance, Risk & Compliance (AGRC) Cynthia Laumuno John Neasham Natalie Paton PJ Di Giammarino #RegRiskControl #DigitalAssurance #AIGovernance #DataGovernance #OperationalResilience

AI is accelerating faster than most banks can prove control, and regulators know it. Agents, models and automated workflows are now operating across fragmented systems, weak lineage and outsourced operating models. Humans remain accountable for the outcomes. ⚠️ That creates a dangerous trust gap. Supervisors are already testing AI governance, sovereign data control, reporting architecture and operational resilience as connected control issues. The 2027 test will ask whether firms can prove: ▪️what data drove an outcome ▪️which controls operated ▪️how decisions were formed ▪️whether evidence can be reconstructed under pressure. Assurance architecture is now the defining issue. 👇 Read Navigator 9: The AI Trust Gap Is Now in Front of Regulators Build once. Prove everywhere. #RegTechFS2026 #RegRiskControl #DigitalAssurance #AIGovernance #OperationalResilience #SovereignAI 🙏 Nils Gerstengarbe Grant Haley Dominic S. Stephane MAHMOUDI Philip Miller Balvinder Dang First Derivative Progress Software Datavid The Association of Governance, Risk & Compliance (AGRC) Cynthia Laumuno John Neasham Natalie Paton PJ Di Giammarino

AI is accelerating faster than firms can prove control, and regulators know it. Agents operate across fragmented systems, weak lineage and outsourced operating models while humans remain accountable for the outcomes. That creates a dangerous new trust gap. Supervisors are already stress-testing AI governance, sovereign data control, reporting architecture and operational resilience. Assurance architecture is now the defining issue. In 2027 the new test will be whether controls, lineage and evidence can withstand supervisory scrutiny at AI scale. That is why we are building on #RegTechFS2026 to host the RegRisk Control Forum in London on 15 October. A closed, invitation-only working forum for 100 senior banking decision-makers examining: • AI governance and explainable control • sovereign infrastructure and data assurance • reporting architecture and continuous evidence • operational models for AI-scale supervision The market is assembling the next control blueprint now. 👇 Read Navigator 8 Build once. Prove everywhere. #RegTechFS2026 #RegRiskControl #DigitalAssurance #AIGovernance #OperationalResilience #SovereignAI 🙏 Nils Gerstengarbe Grant Haley Stephanie Rubizhevsky Dominic S. Marc Gratacos Syed Ali Dawd H. Virginie Blaise John Laichena Dawd H. Stephane MAHMOUDI Philip Miller Balvinder Dang Novatus Global First Derivative Progress Software KOR Datavid The Association of Governance, Risk & Compliance (AGRC) Andrew Hedley Matthew Ranson John Neasham Natalie Paton PJ Di Giammarino

The test has already moved. Most firms have not. Supervisors are no longer reviewing outputs. They are testing system behaviour. At #RegTechFS2026, one gap was clear: Most firms cannot replay how outcomes were produced. They cannot evidence the data, logic, and decisions behind them. That is now being tested. And compared across firms. Weak control is being read as weak governance. The consequence is deeper scrutiny and higher buffers. 💡 If you cannot replay it, you cannot prove it. The question is no longer whether to fix this. It is what gets funded now. 👉 Read Navigator 7: https://lnkd.in/eUP8QSzF Thanks again to our sponsors for helping drive this conversation: 🙏 Nils Gerstengarbe Grant Haley Stephanie Rubizhevsky Dominic S. Marc Gratacos Syed Ali Tom Soden Nicolas Pessard Andrew Pinnington Dawd H. Virginie Blaise John Laichena Richard Bain Dawd H. Stephane MAHMOUDI Philip Miller Richard Kemp Rebecca Healey Nicholas Moger Balvinder Dang Kathryn Cenac TradeHeader The Depository Trust & Clearing Corporation (DTCC) Novatus Global First Derivative Progress Software KOR Datavid The Association of Governance, Risk & Compliance (AGRC) Andrew Hedley Matthew Ranson Verity Bluck (née Waple) PJ Di Giammarino #RegRiskControl #RegTechFS2026 #DigitalAssurance #RegulatoryReporting #FutureofCompliance

Regulators now see more than you think. Coming out of #RegTechFS2026, one message is clear: Supervisors are now interrogating how decisions were made. ▪️ They are reconciling data across regimes. ▪️ They are comparing firms. ▪️ They are asking much more pointed questions. And they are doing it at scale. In this clip, Sam North (DTCC) and Kim Jaffee - Prado break down what has changed: → Supervisors are using AI and data tools to interrogate reporting → They can look across regimes, not just one report → If your rules and data are not locked down, it shows immediately This is the live supervisory test that has changed. 👇 Watch the clip and follow RegCast on YouTube or your pod platform to stay ahead of what comes next. #RegRiskControl #RegTechFS2026 #MiFIR #DataIsCapital #DigitalAssurance #RegCast Thanks again to our sponsors for helping drive this conversation: 🙏 Nils Gerstengarbe Grant Haley Stephanie Rubizhevsky Dominic S. Marc Gratacos Syed Ali Tom Soden Nicolas Pessard Andrew Pinnington Dawd H. Virginie Blaise John Laichena Richard Bain Dawd H. Stephane MAHMOUDI Philip Miller Richard Kemp Rebecca Healey Nicholas Moger Balvinder Dang Kathryn Cenac TradeHeader The Depository Trust & Clearing Corporation (DTCC) Novatus Global First Derivative Progress Software KOR Datavid The Association of Governance, Risk & Compliance (AGRC) Andrew Hedley Matthew Ranson Verity Bluck (née Waple) PJ Di Giammarino

We are past the point of explaining reporting problems. The regulatory test has already changed. Supervisors are now testing: ▪️ How decisions are made ▪️ How systems behave ▪️ How outcomes can be proven Most firms are not ready for that. They are still operating in a repair cycle: ▪️ Find the issue ▪️ Fix it ▪️ Repeat That does not hold under cross-regime, AI-driven supervision. Our first post-conference article and Novatus Global shorts sets out what comes next. Control that holds. 👇 Beyond the Remediation Cycle #RegRiskControl #RegTechFS2026 #MiFIR #DataIsCapital 🙏 Nils Gerstengarbe Grant Haley Stephanie Rubizhevsky Dominic S. Marc Gratacos Nicolas Pessard Andrew Pinnington Dawd H. Virginie Blaise John Laichena Dawd H. Stephane MAHMOUDI Philip Miller Richard Kemp Rebecca Healey Balvinder Dang TradeHeader The Depository Trust & Clearing Corporation (DTCC) Novatus Global First Derivative Progress Software KOR Datavid The Association of Governance, Risk & Compliance (AGRC) Andrew Hedley Matthew Ranson

Can you prove your #MiFIR reports are correct? Supervisors are no longer simply checking report formats. They are testing how cross-regime decisions were made. And they are doing it at scale. 💡 If you cannot explain a reporting decision, you cannot defend it. And that is now a capital problem, not just compliance. Following #RegTechFS2026, one message is clear: the regulatory test has already changed. In this episode, Kim Jaffee - Prado, Sam North and PJ Di Giammarino focus on what that means in practice: 👉 Where reporting is breaking – governance 👉 What supervisors are doing differently – forensic questions 👉 What firms need to build now – pan-regime control frameworks, We also explore why #AI raises the bar to prove decisions, not lowers it, and why firms cannot wait for convergence to solve this problem. Firms that can prove control will reduce remediation, improve trust, and free up capital. Those that cannot, will be challenged and forced to explain every decision the hard way. Watch the sharp, practical discussion on YouTube or wherever you get your podcasts 👇 #RegRiskControl #RegTechFS2026 #MiFIR #DataIsCapital #DigitalAssurance 🙏 Nils Gerstengarbe Grant Haley Stephanie Rubizhevsky Dominic S. Marc Gratacos Syed Ali Tom Soden Nicolas Pessard Andrew Pinnington Dawd H. Virginie Blaise John Laichena Richard Bain Dawd H. Stephane MAHMOUDI Philip Miller Richard Kemp Rebecca Healey Nicholas Moger Balvinder Dang Kathryn Cenac TradeHeader The Depository Trust & Clearing Corporation (DTCC) Novatus Global First Derivative Progress Software KOR Datavid The Association of Governance, Risk & Compliance (AGRC) Andrew Hedley Matthew Ranson Verity Bluck (née Waple)

If your system cannot prove it, you cannot defend it. Supervisors are now testing how your systems behave. They want to see: ▪️ How the number was produced ▪️ Why it changed ▪️ Whether it will fail again. Most firms are still operating in a remediation cycle. 👎 Find the issue. Fix it. Move on. Repeat. That model does not pass AI-data fabric scrutiny. 👍 The shift now is to continuous control. Using #AI to cut rework, improve quality, and regain control is becoming the practical path forward. Together with Novatus Global, we are bringing a small group of firms together to work through this in practice on 3 June in #London. This private dinner is for senior reporting, data, operations, and regulatory change leaders who are accountable for outcomes, not just delivery. 12 firms are already confirmed. A few seats remain. If you are responsible for reporting performance in 2026, you should be in the room. Contact Corrina Stokes 🙏 Matthew Ranson Stephanie Rubizhevsky Andrew Hedley