AI Governance Framework Design

Build the policies, structures, and processes MAS expects to see.

What It Is

A 6–8 week engagement to design and document the AI governance framework required for compliance with AIRG Sections 2 and 3 (Governance & Oversight, AI Risk Management Systems/Policies/Procedures). This is the foundational architecture that everything else builds on.

What You Get

  1. AI Governance Policy Suite — Board-approvable policy documents covering AI risk appetite statement, roles and responsibilities (including designated control functions), AI use approval process, and escalation procedures. Aligned to AIRG Section 2.5–2.7.
  2. AI Risk Committee Charter — Terms of reference for the cross-functional AI risk committee mandated by AIRG for institutions with material AI risk exposure. Defines membership, meeting cadence, decision authority, reporting lines.
  3. AI Inventory Standard & Template — Operational standard defining what attributes must be captured for every AI use case (per AIRG 3.4–3.7), including fields for third-party AI, with a working template/register the institution can immediately begin populating.
  4. Materiality Assessment Methodology — Documented, repeatable methodology for classifying AI use cases by Impact, Complexity, and Reliance. Includes scoring rubrics, decision trees, and worked examples using the institution's own AI use cases.
  5. AI Lifecycle Control Framework — High-level control requirements for each lifecycle phase (selection, development, testing, deployment, monitoring, retirement) calibrated to materiality tiers. Defines what "proportionate" means in practice.

AIRG Domains Covered

Governance & Oversight

Board-level accountability, AI risk committees, and designated control functions per AIRG Section 2.

AI Identification & Inventory

Comprehensive AI use-case registry covering in-house, third-party, and embedded AI per AIRG Section 3.

Risk Materiality Assessment

Proportionate classification of AI use cases by impact, complexity, and reliance on AI-driven decisions.

How It's Different

The governance architecture draws directly from Corvair's original research — particularly the design-time governance plane (registry, governance gating, identity management) and the concept of cumulative operational authority as the metric that distinguishes AI agent risk from traditional software risk. The materiality methodology incorporates our three-dimensional validity model (source reliability, information credibility, temporal validity).

Engagement Details

Duration

6–8 weeks (approximately 20–25 advisory days).

Delivery Model

Senior-only delivery. Every session and deliverable is led by principals with direct regulatory and implementation experience.

Ready to build your governance foundation?

Start with a briefing to scope the engagement against your institution's current state and regulatory timeline.

Schedule a Briefing

Related Services

AIRG Readiness Assessment

Understand where you stand today against every AIRG requirement.

Learn more
Board & Senior Management Workshop

Equip leadership with the knowledge to govern AI effectively.

Learn more
Ongoing Advisory Retainer

Continuous guidance as you implement and operationalise your framework.

Learn more