Community
The AiGovOps Foundation
From Intentions to Evidence
AI governance that runs like engineering — versioned, tested, observable, and auditable by default.
We believe true accountability in AI must move beyond broad declarations of intent and reach a status of verifiable evidence. AiGovOps starts at the technical evidence — transforming noble principles into measurable, operational outcomes.
Founded by Ken Johnston and Bob Rapp — veterans in AI, data science, and enterprise transformation.
What is AI GovOps?
Defining the core concept and its critical importance in today's AI landscape.
What We Mean
AI GovOps is governance that runs like engineering: automating every element of safe, reliable, and compliant AI. Governance versioned like code, tested before deployment, observable in production, and auditable by default. It borrows DevOps principles – controls embedded early, automation over intention, and continuous evidence capture – applying them to AI risk.
Why Now
Every AI system deployed without automated governance creates compounding technical debt. Compliance frameworks existing only as PDFs become liabilities. As global regulations accelerate and AI scales into critical systems, the gap between governance intent and operational reality is widening rapidly.
What This Deck Is
This banking AI policy and lab companion is a practitioner artifact from the AiGovOps Foundation community. It is built to help banks move beyond "PDF Theater" to implement running controls and capture verifiable evidence.
AI Policy for [BANK NAME]
Getting to YES · Staying at YES · Recovering to YES
A Modern Primer & Executive Workbook — Banking Edition · Draft v1, May 2026
Front Matter
Front
Matter
What this document is, how it is structured, and who it is for.
CEO Memo
We Already Use AI
To hire, lend, price, detect fraud, route disputes, adjudicate claims, and speak to customers — AI is not coming. It is already here.
The Harder Question
Can we prove, on any Monday morning, that the AI inside our bank is governed? That is the narrower, harder standard this policy addresses.
One Standard Replaces PDF Theater
Named owners. Running controls. Captured evidence. Nothing else qualifies as governance.
Three Commitments
Get to YES
We do not ship regulated AI on vibes. We ship it on gates and evidence. Every system earns its launch.
Stay at YES
Production is where drift, shortcuts, and vendor updates turn into incidents. Governance does not end at go-live.
Recover to YES
Incidents will happen. Our standard is fast detection, bounded blast radius, rollback, and durable correction — not denial.
"Read this once. Then fill in the pages that apply to your systems." — [CEO Name]
How to Use This Document
This is a policy you can execute — not a framework to admire from a distance.
Every in-scope system must have:
  • An inventory record
  • Named owners
  • A risk tier
  • Controls that run
  • Evidence you can produce on demand

AOIFE REALITY CHECK: If the workbook page for a system is blank, that system is not governed. It is hoped for.
Conventions Used Throughout
KENJ NOTE
Practitioner asides written for executive and board conversations. Use these when you need to close the argument in the room.
AOIFE REALITY CHECK
The sharp version. Direct, unambiguous, and deliberately uncomfortable. Meant to end the conversation about whether something counts as a control.
THE 100 THINGS (#1–#100)
Portable rules: each item is a Claim plus the Evidence you must be able to produce on demand. Citable by number in audits and board reports.
CEO Picture Book
Visual Plates
Ten designer-ready plates that put the core arguments of this policy into images any board member can absorb in sixty seconds.
Plate A — From Promise to Proof
Image brief: Two stacks on a boardroom table. The left stack: thick binders labeled Principles / Committees / Frameworks. The right stack: slim folders labeled Tests / Logs / Owners / Rollback Drill.
"Policies are promises. Controls are proof."
The visual contrast is the argument. One stack looks like governance. One stack is governance.
Plate B — The Three YES Gates
"Governance is a lifecycle, not a meeting."
Plate C — PDF Theater
Image brief: A stage with actors in suits holding policy binders under spotlights. Behind the drawn curtain, production systems run with zero gates, zero monitoring, zero owners.
"The appearance of control is not control."

PDF Theater is the most common governance failure in banking AI. It passes audits until it doesn't.
Plates D–F: Lane Assist · The 2 a.m. Call · The Proxy Variable
D — Lane Assist
Car slams into guardrail (late control) vs. lane assist keeps car centered in real time (continuous control).
"Governance should be lane assist, not heroics."
E — The 2 a.m. Call
Phone lights up: AI INCIDENT. Four names appear: Business Owner · Model Owner · Data Owner · Incident Owner.
"Who gets paged is who owns it."
F — The Proxy Variable
Protected attribute locked in vault. Side pipes labeled ZIP, school, income, tenure feed the model anyway.
"Bias doesn't need a name tag to get in."
Plates G–J: Review · Denial · Vendor Chain · Kill Switch
1
G — The 1.2-Second Review
Stopwatch at 1.2s; stamp machine rapidly approves. "A timestamp is not meaningful review."
2
H — The Black Box Denial
Customer sees "Denied." Regulator sees "Insufficient Explanation." "If you can't say why, you're not ready to say no."
3
I — The Vendor Chain
One weak link in the customer→bank→vendor→sub-processor chain glows red. "Third-party AI risk is still first-party liability."
4
J — The Kill Switch
Big red DISABLE switch wired to a chatbot endpoint. "Recover to YES requires a button, not a meeting."
Part I
Why This Policy, Why Now
The regulatory, legal, and operational forces that make AI governance a present obligation — not a future aspiration.
The Fourth Technology Shift — and Banking Pays First
AI is not a future risk. It is already embedded in credit, hiring, fraud, claims, and customer service decisions across the bank today.
Banking's regulatory surface means every AI output is a potential:
  • Adverse-action notice
  • Disparate-impact claim
  • Examination finding
ECOA, CFPB, FCRA, BSA/AML, and state insurance codes all apply — simultaneously, to the same systems.

KENJ NOTE: The question regulators, insurers, and plaintiffs will ask is not "do you have a policy?" It is "show me the receipts."
The Receipts Era
72h
Board Notification
Maximum window to notify the Board Risk Committee of a material AI incident
30d
Vendor Notice
Minimum advance notice required in vendor contracts for model changes
4
Named Owners
Required per system: Business, Model, Data, Incident — each a real person with a pager
Examiners, plaintiffs, and D&O insurers now ask: what ran, what threshold, what evidence, who approved it. Insurance underwriters are adding AI governance attestations to D&O and E&O renewals. "We bought the tool" is not a control.
Part II
What AI
Governance
Means Here
Not a committee. Not a document. A discipline with named owners, running controls, and captured evidence.
Governance
Named owners + running controls + captured evidence. Not a committee or a document.
GovOps
Governance as an operational discipline: pre-production gates, runtime observability, incident response.
Controls
Tests and checks that actually run — not policies that describe what should happen.
Evidence
Stored, signed, retrievable artifacts that prove controls ran at a specific point in time.
Definitions That Matter
Precision in language prevents the governance theater that costs banks examination findings and litigation exposure. These four terms have exact meanings in this policy.

Every conversation about AI governance in this bank should be anchored to these four words. If a sentence could be true of a document that no one reads, it is not describing governance — it is describing hope.
The Theater Family
PDF Theater
A policy document that describes governance without any running controls behind it. The most common form.
Committee Theater
Governance meetings with no gate authority. Decisions happen anyway, without formal approval or accountability.
Dashboard Theater
Monitoring charts that no one acts on. The dashboard exists; the action does not.

AOIFE REALITY CHECK: If the control doesn't stop or change anything, it's decoration.
Lane Assist, Not Guardrails
Governance built as lane assist catches drift, threshold breaches, and vendor changes before they become examination findings, adverse actions, or headlines.
Guardrails = Reactive
The car has already left the lane before the barrier engages. Damage is already done.
Lane Assist = Continuous
The system keeps the car centered in real time. Drift is corrected before it becomes an incident.
Part III
Six Pillars
in Regulated
Workflows
The pillars of responsible AI — applied specifically to the banking workflows where they carry regulatory weight.
Accountability
Every AI system must have four named humans. Not four titles. Four people with phones.
Evidence required: Signed ownership record in the AI system registry, updated at each re-attestation.
Business Owner
Accountable for outcomes and regulatory exposure
Model Owner
Accountable for model behavior and re-attestation
Data Owner
Accountable for provenance, quality, and consent
Incident Owner
Accountable for response, containment, and RCA
Transparency & Explainability
Credit & Underwriting
Adverse-action notices must be explainable at the factor level. "Model said so" fails ECOA. Period.
Claims
"Meaningful human review" requires a reviewer who can explain the basis for the decision — not one who ratifies what the model already decided.

KENJ NOTE: If your explainability output is a ranked list of factors your team can't interpret, you don't have explainability — you have a list.
Fairness & Impact
How Bias Gets In Without Being Invited
Proxy variables enter through ZIP code, school, income, device type, and behavioral signals — not through protected class fields. The model doesn't need to see race to discriminate by race.
Adverse-impact testing is required:
  • Pre-production — before any system goes live
  • At each re-attestation — for hiring, credit, and claims systems
Evidence required: Disparate-impact test report with threshold, date, analyst, and approval signature.
Reliability & Safety
The Threat Profile
Chat and agent systems hallucinate, drift, and change behavior when underlying models are updated by vendors — without warning, without documentation, and without triggering your existing change-management process.

AOIFE REALITY CHECK: "The vendor updated the model" is an explanation. It is not a control.
Required Controls
  • Output validation at inference time
  • Confidence thresholds with human escalation triggers
  • Human escalation paths that actually work
  • Rollback capability tested before it is needed
Privacy & Security
Prompt Injection
Adversarial inputs that redirect AI agents to exfiltrate data or bypass controls. A live threat in every customer-facing system you operate today.
Data Supply Chain
Every training dataset and retrieval source is a provenance question: who collected it, when, and under what consent. "We used publicly available data" is not an answer.
Security Review Evidence
Required for all chat and agent deployments: security review including prompt injection testing, stored and signed before go-live.
Inclusiveness & Accessibility
ADA Obligations Apply to AI Channels
A chatbot that cannot serve customers with disabilities is a compliance gap — not a UX gap. ADA obligations do not stop at the front door of the branch; they follow the customer into every AI-mediated channel.
Channel Equity
AI-first servicing must not create a two-tier experience where digital customers receive faster, better outcomes than branch or phone customers. That disparity is measurable, discoverable, and regulatorily relevant.
Part IV
The Operating Model
Get to YES · Stay at YES · Recover to YES — the three-phase discipline that replaces PDF Theater with evidence-based governance at every stage of the AI lifecycle.
GET TO YES — Pre-Production Gates
Register
Inventory record created in the AI system registry — name, workflow, status, and evidence pack location on file.
Name Owners
Business Owner, Model Owner, Data Owner, and Incident Owner nominated and signed. Pager numbers verified.
Tier the Risk
Decision Tier × Trajectory Tier recorded with rationale. Both axes required — no single-axis shortcuts.
Run Controls
Fairness, privacy/security, and reliability tests completed. Evidence stored, signed, and retrievable.
Approve
BU Lead + RAIO approvals signed. Evidence pack complete. System cleared for production launch.
STAY AT YES — Runtime Monitoring
Go-live is not the finish line. It is the start of the monitoring obligation.
  • Drift detection and alerting active — not a dashboard, an alert that triggers action
  • Fairness and impact re-attestation: annually at minimum; quarterly for high/critical systems
  • Access review for agents and tools at each re-attestation cycle

KENJ NOTE: Monitoring that doesn't change decisions is wall art.
RECOVER TO YES — Incident & Improvement
1
Contain
Kill switch tested and documented. Disable path is a button, not a meeting.
2
Preserve
Incident evidence — logs, outputs, thresholds — archived before remediation begins.
3
Diagnose
Root cause analysis identifies the specific control gap and assigns an owner.
4
Re-launch
Control updates implemented. Re-attestation completed. Evidence pack refreshed. System re-launches on evidence, not urgency.
The Four Outputs of Governed AI
Policies
Promises — what we commit to do. Written, version-controlled, and owned by name.
Pipelines
The controls that run in production — not described in a document, but executing in the system.
Proof
Evidence that controls ran and passed — stored, signed, and retrievable on demand by any examiner.
Performance
Ongoing monitoring — continuous demonstration that the system still meets its governance commitments today.
Policies without pipelines are theater. Pipelines without proof are invisible. Proof without performance is history.
Part V
Banker's
Atlas
Regulated workflow rules for every use case where AI carries statutory, regulatory, or litigation exposure.
Hiring & Workforce
The Liability You Cannot Delegate
AI screening tools are subject to disparate-impact analysis under Title VII and EEOC guidance. Vendor disclaimers do not transfer the liability to the vendor. You are the employer.
Minimum Controls Required
  • Adverse-impact testing pre-deployment
  • Annual re-testing — not assumed, scheduled and evidenced
  • Human review before any adverse employment action

AOIFE REALITY CHECK: "The vendor validated it" is not your validation. You are the employer.
Credit / Underwriting / Pricing
Adverse-Action Notice Obligation
ECOA and CFPB require adverse-action notices with specific, accurate reasons. Model outputs must be translatable to compliant notices before the system goes live — not after the first complaint.
Fair Lending Analysis
Required: disparate impact on protected classes, proxy variable audit, and pricing disparity review. These are not optional enhancements — they are minimum regulatory requirements.
Evidence Required
Pre-production fair lending test report signed and stored. Adverse-action notice generation capability demonstrated before launch. No demonstration, no launch.
Healthcare Benefits / Claims / Prior-Auth
The 1.2-Second Problem
CMS and state regulators require "meaningful human review." A 1.2-second rubber stamp does not qualify — regardless of what the workflow documentation says.
What Auditability Requires
  • What criteria ran
  • What evidence was considered
  • Who reviewed — by name, with timestamp
  • What the outcome was and why

KENJ NOTE: If your prior-auth AI is faster than a human can read the record, your human is not reviewing — they are approving.
Insurance & Claims (incl. Bancassurance)
NAIC & State Guidance
The NAIC model bulletin treats AI-driven claims decisions as subject to the same standards as human decisions. State insurance departments are following. There is no AI exception.
Underwriting AI
Proxy variable audit required. Rate-setting AI must be explainable to state regulators on demand — not after a 60-day preparation period.
Evidence Required
Claims decision audit trail complete and retrievable. Underwriting model documentation filed or available for regulatory review at any examination.
Fraud, KYC / AML, Sanctions
Human Review Before Filing or Blocking
AI-driven SAR decisions and sanctions screening require human review before filing or blocking. Automated-only workflows create direct BSA/AML exposure.
False-Positive Monitoring
False-positive rates in AML screening must be monitored and reported. Disproportionate impact on protected classes is a fair banking risk — not solely a compliance-operations problem.

AOIFE REALITY CHECK: A fraud model that flags customers by ZIP code is a fair lending problem wearing a fraud hat.
Servicing, Collections, Customer Service & Advice
Collections Communications
AI-generated collection communications must comply with FDCPA. Tone, timing, and content controls are required — the algorithm does not create an FDCPA exemption.
Advice-Adjacent AI
Robo-guidance and product recommendations trigger suitability and disclosure obligations. If it sounds like advice, it probably is advice — and the rules apply.
Human Escalation Path
Customer service AI must have a clear, functioning human escalation path. "No agent available" is not a compliant resolution — it is a service failure with regulatory dimensions.
Part VI
Roles, Cadence & Vendor Governance
Who owns what, when they act, and what the vendor relationship requires — in writing, in contracts, and on the record.
Roles & Responsibilities
Minimum Vendor Requirements
What Must Be in Every Contract
  • Audit rights — explicit, exercisable, not theoretical
  • Model change notification: minimum 30 days advance notice
  • Data provenance disclosure
  • Incident notification SLA — in writing, with teeth
Vendor Evidence Pack at Onboarding
  • Fairness testing documentation
  • Security review results
  • Explainability documentation

KENJ NOTE: "We'll ask the vendor" is a question. It is not a control. You need the answer in writing before you go live.
Training & Attestation
1
Board
Annual governance overview. Material incident simulation every 24 months.
2
ExCo
Annual training plus incident simulation. Policy ownership re-confirmed in writing.
3
BU Leads
Annual training plus workbook certification. Participation in 90-day defensibility drills.
4
Model & Data Owners
Annual technical + ethics training. Re-attestation sign-off at each scheduled cycle.

Attestation is signed — not clicked through. The signature is the evidence.
Part VII
Executive
Workbook
The pages you fill in. Blank pages mean ungoverned systems. Completed pages mean defensible governance.
AI System Inventory
One record per system. Every field required. Evidence pack link is not optional.
Two-Axis Risk Tiering Worksheet
Decision Tier
Based on regulatory exposure and customer impact: Low / Medium / High / Critical.
Trajectory Tier
Captures agent and drift risk that single-axis tiering misses:
  • Stateless — no memory across interactions
  • Session — memory within a single session
  • Persistent-Relational — builds a relationship model over time
  • Population-Shaping — influences outcomes at population scale

Both axes required. A low-stakes decision made by a persistent agent is not a low-risk system.
Get-to-YES Gate Pack — Minimum Checklist
Every system must clear every gate. Partial completion is not a launch condition.
1
Inventory Record
System registry entry complete with link to evidence pack location.
2
Risk Tier Recorded
Decision Tier × Trajectory Tier, both with documented rationale.
3
Fairness Test Report
Signed adverse-impact test report (if applicable: hiring, credit, claims).
4
Explainability Demonstrated
Adverse-action notice generated from model output and reviewed by compliance (credit systems).
5
Security Review Complete
Including prompt injection testing for all chat and agent deployments.
6
Rollback Tested
Kill switch drill completed within last 30 days (critical systems). Log stored.
7
Approvals Signed
BU Lead + RAIO signatures on file. Evidence pack complete.
Stay-at-YES Monitoring Plan & Recover-to-YES Runbook
Monitoring Plan
  • Drift alert thresholds — set, documented, and active
  • Re-attestation schedule — dates on the calendar, owners notified
  • Access review cadence — at each re-attestation cycle
  • Escalation path — named, tested, not theoretical
Incident Runbook
  • Kill switch location and last test date
  • Rollback steps — written, versioned, and drilled
  • Evidence preservation protocol — before remediation, not after
  • RCA template — control gap + owner + due date
  • Re-attestation trigger — automatic on any incident close
90-Day Defensibility Drill
Randomly select any AI system in production. In 90 days, produce the complete governance evidence package:
Named owners with current pager/contact verified
Tiering rationale — Decision × Trajectory, with documented reasoning
Data provenance documentation for all training and retrieval sources
Test logs — fairness, security, reliability — signed and dated
Approvals — BU Lead + RAIO, from the most recent gate or re-attestation
Monitoring logs with at least one alert and action record
Rollback drill evidence within the required window
Last incident record — if any — with RCA and close date
Pass
All evidence produced on time
Pass-with-Findings
Evidence produced with gaps — findings assigned
Fail
Evidence not producible — system is not governed

AOIFE REALITY CHECK: If you can't pass the drill on a randomly selected system, you don't have governance — you have selected governance.
Part VIII
100
Things
The portable field guide. Each rule is a Claim and the Evidence you must produce on demand. Stable numbering — citable in audits, board reports, and incident records.
Field Guide: Structure & Pattern
Every Item Follows One Pattern
Rule (portable) — a principle you can carry into any meeting and defend without slides.
Evidence — the specific artifact you must be able to produce on demand. No artifact, no claim.
Grouped by Phase
Items are citable by number in audit findings, board reports, and incident records. The numbering is stable — #3 always means the same thing.
#1–#40
Get to YES
#41–#70
Stay at YES
#71–#90
Recover to YES
#91–#100
Vendor & Cross-Cutting
Sample Items: Get to YES (#1–#5)
1
#1 — Name it before you ship it
Evidence: System registry entry with name, workflow, and owner fields completed and signed.
2
#2 — Tier it on two axes
Evidence: Decision Tier + Trajectory Tier recorded with documented rationale — both fields required.
3
#3 — Test for bias before launch, not after complaints
Evidence: Signed adverse-impact test report with threshold, analyst name, and date.
4
#4 — Prove you can explain the denial
Evidence: Adverse-action notice generated from model output and reviewed by compliance before launch.
5
#5 — Test the kill switch before you need it
Evidence: Rollback drill log with date, tested system, and result — stored in the evidence pack.
Sample Items: Stay at YES (#41–#44)
1
#41 — Drift is not a surprise. Undetected drift is.
Evidence: Drift alert configuration documented and the last-triggered alert log with action taken.
2
#42 — Re-attest, don't assume.
Evidence: Re-attestation record signed by BU Lead and RAIO within the required cycle. Undated or unsigned records do not count.
3
#43 — Monitor what changes decisions, not what looks good on a dashboard.
Evidence: Alert log showing at least one threshold breach and the specific action taken in response.
4
#44 — Vendor model updates are your risk event.
Evidence: Change notification received from vendor, impact assessed in writing, re-attestation triggered and logged.
Sample Items: Recover to YES (#71–#73) & Vendor (#91–#92)
#71 — Contain first, explain later
Evidence: Incident containment timestamp vs. detection timestamp — the gap must be defensible. A wide gap is a control finding.
#72 — Preserve the evidence before you fix the system
Evidence: Incident evidence package — logs, outputs, thresholds — archived before remediation begins. Post-remediation evidence is not evidence.
#73 — Root cause is not "vendor issue"
Evidence: RCA with the specific control gap identified, owner assigned, and due date set.
#91 — Contracts are controls
Evidence: Vendor contract with audit rights, change notification, and incident SLA clauses — signed and current.
#92 — Vendor validation is not your validation
Evidence: Your own fairness and security review on file, separate from any vendor documentation. Separate. On file.
Back Matter
Back
Matter
Glossary, index, and next steps for finalizing this policy in your bank's exact voice and legal constraints.
Glossary: Key Terms
Adverse-Action Notice
Required disclosure when an AI-assisted decision harms a consumer — in credit, employment, or insurance. The notice must state specific, accurate reasons the model can actually produce.
Drift
Degradation in model behavior over time due to data shift, model updates by vendors, or environmental change. Undetected drift is a governance failure, not a technology surprise.
Evidence Pack
Stored, signed, retrievable artifacts proving controls ran at a specific point in time. An evidence pack that cannot be produced on demand does not exist.
PDF Theater
A governance document that describes controls without any running controls behind it. The most common form of AI governance failure in financial services.
Trajectory Tier
Risk classification based on whether an AI system is stateless, session-based, persistent-relational, or population-shaping. The tier that single-axis frameworks miss.
Index
A–D
Accountability · Adverse-action notice · Adverse impact · AI inventory · AML · Audit trail · Bias testing · Canary release · Claims review · Controls evidence · Credit underwriting · Drift detection
E–P
Explainability · Fairness · Fraud · Guardrails · Hiring screening · Human in the loop · Incident runbook · Kill switch · Lane assist · Model owner · Monitoring · PDF Theater · Prompt injection · Proxy variables · Provenance
R–V
Reliability · Risk tiering (two-axis) · Rollback · Sanctions screening · Stay at YES · Recover to YES · Trajectory Tier · Vendor governance

All terms are citable by section number. The 100 Things are citable by item number. Use both in examination responses, audit findings, and board reports to demonstrate governance fluency.
Next Steps to Finalize
Two inputs remain outstanding. With them, the full 100 Things can be completed in your exact bank voice and legal constraints.
Input 1 — Bank Footprint
US-only vs. US+EU. EU AI Act obligations and implementation timeline affect Part III pillar requirements and the precise language required in vendor contract clauses. Different footprint = different obligations.
Input 2 — Governance Owner
CRO-led, GC-led, or CIO-led RAIO. And: does Internal Audit own the 90-day defensibility drill, or does RAIO own it with IA as observer? The answer shapes the accountability structure throughout the workbook.
"Policies are promises. Controls are proof. The receipts era has arrived. The only question is whether yours are ready."
Join the AiGovOps Community
Governance is an engineering discipline. Build it with us.
Governance as Code
Embed ethical and regulatory checks directly into production pipelines as automated, testable code.
AI Technical Debt Elimination
Close the gap between policy and production by systematically addressing AI-specific technical debt.
Operational Compliance
Automate regulatory alignment and maintain continuous compliance across diverse jurisdictions.
Community-Driven Standards
Collaborate on practitioner-led tools, practices, and open standards for AI governance.
Who Should Join
Executives, founders, researchers, policymakers, engineers, compliance leads, investors—anyone deploying or governing AI.
Events
Monthly community meetups in Seattle (AI House) + virtual. Inaugural Symposium held Feb 2026. Upcoming: June 2026 Seattle.
"AI is shipping faster than governance can keep up. The people working on closing that gap deserve a community."
— Ken Johnston and Bob Rapp, Founders