AI 扩展计划 / Playbooks
AI Three Lines Governance / Decision Rights / Assurance Playbook
版本: v1.0
459 行AI_THREE_LINES_GOVERNANCE_DECISION_RIGHTS_ASSURANCE_PLAYBOOK.md
AI Three Lines Governance / Decision Rights / Assurance Operating Model Playbook
版本: v1.0 日期: 2026-06-30 适用对象: experienced CBAP、financial retail PM、product architect、enterprise architect、AI governance lead、risk / compliance partner、internal audit partner、AI platform owner。
本文是一份执行型手册, 用于把 AI use case 的三道防线职责、生命周期 gate、decision rights、evidence forum、challenge memo、issue/action tracking、assurance packet、escalation path 和 architecture governance 连接成可运行的 operating model。本文不构成法律意见、监管解释、审计意见、模型验证结论、内控有效性结论或生产批准。
1. Purpose and When To Use
Use this playbook when an AI initiative has any of these conditions:
| Trigger | Why this playbook is needed |
|---|---|
| AI output affects customers, cases, credit, onboarding, financial crime, complaints or regulated content | Decision rights and control ownership must be explicit before release. |
| RAG, copilots, agents or vendor models are embedded into business workflow | Evidence must connect architecture, controls, issues and gate decisions. |
| Risk, compliance, privacy, security, model risk, third-party risk or internal audit will review the use case | First-line ownership, second-line challenge and third-line assurance must not be blurred. |
| Project teams say "risk signed off" without naming residual-risk owner | The operating model needs a clear decision record and challenge memo. |
| Conditional release or management action is expected | Issue/action tracking needs owner, due date, acceptance criteria, closure evidence and escalation path. |
| Similar AI issues repeat across teams | Architecture governance should turn repeat issues into reusable controls and platform standards. |
Recommended use cases:
| Use case | Operating-model focus |
|---|---|
| GenAI contact center | Regulated content boundary, escalation, quality review, transcript evidence |
| AML copilot | Analyst-owned disposition, source-span evidence, typology coverage, case narrative review |
| Credit decision support | Decision-support boundary, policy consistency, adverse-action evidence, fairness challenge route |
| KYC onboarding | Document classification, missing-information follow-up, false reject / false accept issue route |
| AI vendor model | Data use terms, model update notice, incident notice, fallback and exit readiness |
| Enterprise knowledge assistant | Approved-source governance, entitlement-aware retrieval, issue routing for stale or sensitive content |
Definition:
AI Three Lines operating model = first-line product/ops ownership
+ second-line independent challenge
+ third-line independent assurance
+ lifecycle decision rights
+ evidence forum
+ issue/action tracking
+ architecture governance integration
2. Operating Model
2.1 Core Principles
| Principle | Practical rule |
|---|---|
| First line owns product and operational risk | Product / operations owner owns outcome, control operation, evidence production and residual-risk proposal. |
| Second line challenges, conditions and escalates | Risk / compliance / privacy / security / model risk / TPRM define standards and challenge evidence. |
| Third line assures independently | Internal audit does not approve releases; it provides independent assurance through audit planning, testing and findings. |
| Gate decisions bind exact evidence | Every gate decision references evidence packet version, issue disposition and conditions. |
| Conditions are managed actions | Conditional go decisions require owner, due date, acceptance criteria and closure evidence. |
| Architecture governance is part of the model | ADRs, ARB minutes, reference architecture and platform standards must reflect control and evidence decisions. |
| Material change reopens review | Model, prompt, RAG corpus, tool permission, automation, vendor or customer-impacting workflow changes trigger gate analysis. |
2.2 Operating Cadence
| Cadence | Purpose | Participants | Output |
|---|---|---|---|
| Intake triage | Classify AI use case and risk tier | PM, governance office, EA, relevant second line | use case record, gate plan |
| Design evidence review | Challenge architecture, controls and evidence plan before pilot | Product architect, control owners, risk/compliance, platform | design decision, issue log |
| Release evidence forum | Review release packet, challenge memo and open issue disposition | First line owner, second line challenge owners, governance lead, EA | gate decision record |
| Issue/action review | Track conditions, defects, overdue actions and repeat issues | action owners, governance office, second line | action status, escalation |
| Architecture governance review | Convert repeat risks into standards and reusable platform patterns | EA, platform, security, governance office | ADR, reference architecture update |
| Assurance planning touchpoint | Align audit universe with high-risk AI areas without making audit an approver | internal audit, governance office, relevant management | assurance plan inputs |
3. Template: Three-Lines Role Map
Use this table at intake and update it at each material gate.
| Role area | First line product / ops | Second line risk / compliance | Third line internal audit | Evidence |
|---|---|---|---|---|
| Accountable owner | Business sponsor: Head of Financial Crime Operations; product owner: AML Copilot Product Owner; operations owner: AML Investigation Manager | Challenge functions: Financial Crime Compliance, Model Risk, Privacy, Security, Third-Party Risk | Audit relationship owner: Internal Audit Financial Crime Technology Director | owner attestation, AI inventory record |
| Business outcome | Defines benefit, scope, users, process change and operating capacity | Challenges whether outcome creates unmanaged risk or policy conflict | May assess whether governance representations are reliable | PRD, value case, operating model |
| Risk tier and scope | Proposes risk tier and automation boundary | Challenges risk tier, customer impact and policy mapping | May use risk tier for audit universe planning | risk tier worksheet |
| Control ownership | Owns control design and operating performance | Challenges control adequacy and failure condition | Tests selected controls if in audit scope | control matrix |
| Evidence ownership | Produces evidence packet and maintains evidence freshness | Challenges completeness, relevance and expiry | Uses evidence for independent assurance | evidence packet index |
| Gate decision | Makes go / no-go / conditional-go recommendation within authority | No objection, condition, object or escalate | No release approval; assurance note if relevant | gate decision record |
| Issue closure | Owns management actions and closure evidence | Challenges severity, due date and closure sufficiency | Validates closure for audit findings where applicable | issue/action log |
| Architecture governance | Implements approved architecture and control points | Challenges policy and risk fit of architecture | Reviews governance consistency if audited | ADR, ARB minutes |
Completed example:
| Role area | GenAI contact center example |
|---|---|
| First line | Contact center director owns agent-assist operating process; AI product owner owns release packet; quality operations owns sampling control. |
| Second line | Compliance challenges regulated answer boundaries; privacy challenges transcript retention; conduct risk challenges vulnerable customer escalation. |
| Third line | Internal audit does not approve launch; it records the use case for possible future review of governance and control operation. |
4. Template: Lifecycle Decision-Rights Matrix
| Gate | Decision question | First line decision right | Second line challenge right | Third line assurance role | Required evidence | Possible decision |
|---|---|---|---|---|---|---|
| Intake | Should this be registered and assessed as AI? | Accept use case scope and owner | Challenge AI classification, risk tier and policy functions in scope | None or audit universe awareness | use case record, risk tier worksheet | proceed, reclassify, reject |
| Design | Is design fit for controlled pilot? | Approve design proposal and control owner map | Challenge control design, architecture, data use and evidence plan | Review artifacts only if assurance planning requires | architecture view, control matrix, evidence plan | proceed, redesign, escalate |
| Pilot | Is limited pilot controlled enough? | Approve pilot scope, users, traffic and exit criteria | Challenge pilot population, restrictions, monitoring and stop rule | May observe governance, not approve pilot | pilot plan, eval summary, SOP, issue log | pilot, reduce scope, no-go |
| Release | Can production release occur? | Make go / no-go recommendation and accept residual-risk proposal | No objection, condition, objection or escalation | Does not sign release; may reference prior findings | release packet, challenge memo, open issue disposition | go, conditional go, no-go, escalate |
| Scale | Can traffic, automation or scope expand? | Request scale based on value and control evidence | Challenge evidence under expanded population and capacity | May include in audit plan | scale memo, operating evidence, action aging | scale, hold, reduce, rework |
| Material change | Can changed model, prompt, RAG, tool or vendor proceed? | Classify change and request approval | Challenge materiality and regression evidence | May test change process if audited | change impact, regression eval, ADR update | approve, require gate, rollback |
| Incident / stop | Should system pause, degrade or rollback? | Execute stop rule and remediation | Challenge severity, customer impact and closure | Independently review incident handling later | incident record, replay packet, action plan | pause, rollback, continue with controls |
| Retire | Can capability or dependency be decommissioned? | Retire product scope and operational dependency | Challenge retention, obligations and customer impact | May test retirement controls | retirement ADR, retention evidence | retire, extend support, remediate |
Decision vocabulary:
| Decision | Meaning |
|---|---|
| Go | Evidence sufficient, issues within authority, controls ready |
| Conditional go | Release allowed only with named actions, due dates and review trigger |
| No-go | Blocker issue or evidence gap prevents release |
| Reduce scope | Pilot or release continues with lower-risk users, channels, actions or data |
| Escalate | Authority exceeded or first / second line disagreement requires senior decision |
| Pause / rollback | Production control failure, incident or material drift requires stop action |
| Retire | Use case, model or vendor dependency exits with retention and obligation evidence |
5. Template: Evidence Forum Agenda
Use for design, release, scale and material-change gates.
| Agenda item | Owner | Evidence | Decision needed |
|---|---|---|---|
| 1. Confirm gate and decision authority | Governance lead | decision-rights matrix | Confirm who can decide, challenge and escalate |
| 2. Confirm use case scope and changes | PM | use case record, change note | Confirm scope, automation boundary and customer impact |
| 3. Review architecture and control points | Product architect / EA | architecture diagram, ADR | Confirm policy decision point, evidence capture and issue route |
| 4. Review control ownership | First line control owners | control matrix | Confirm owner, frequency, failure condition and evidence |
| 5. Review eval / test / pilot evidence | AI platform / delivery lead | eval report, pilot findings | Confirm release criteria and failure disposition |
| 6. Review second-line challenge memo | Challenge owners | challenge memo | Confirm no objection, conditions, objections or escalation |
| 7. Review issue/action log | Governance lead | issue register | Classify blockers, conditions, accepted issues and overdue actions |
| 8. Decide gate outcome | Accountable first line owner | evidence packet | Record go, conditional go, no-go, reduce scope or escalate |
| 9. Confirm ADR and review triggers | Architect | ADR, review triggers | Update architecture decision and material-change triggers |
| 10. Confirm management action follow-up | Action owners | action tracker | Assign closure evidence and next review date |
Forum discipline:
- Do not review every artifact page by page; use evidence index and exception-based review.
- Do not allow verbal closure of issues; closure requires acceptance criteria and evidence.
- Do not combine risk acceptance with unclear owner language; record first-line accountable owner.
- Do not treat internal audit attendance as release approval.
6. Template: Second-Line Challenge Memo
Concrete memo example:
# Second-Line Challenge Memo: AML Copilot Release Gate
Date: 2026-06-30
Gate: release
Challenge functions: Financial Crime Compliance, Model Risk, Privacy, Security
First-line accountable owner: Financial Crime Operations Director
## 1. Scope Reviewed
- Use case: AML copilot drafts sourced investigation timelines and narrative suggestions for alert types A and B.
- Channel / user population: L2 AML analysts in the retail banking investigations queue.
- Automation boundary: The copilot cannot close alerts, change disposition, file SARs or send customer communications.
- Customer / employee / regulatory impact: Analyst productivity and case narrative quality; regulatory sensitivity through case record content.
- Model / RAG / agent / vendor components: Enterprise LLM gateway, approved AML procedure corpus, case timeline retriever, narrative drafting copilot.
- Evidence packet version: AML-COPILOT-REL-2026-06-30-v1.
## 2. Challenge Summary
| Area | Challenge position | Required condition or rationale |
|---|---|---|
| Risk tier and scope | conditional no objection | High-risk operational support is acceptable for pilot-to-production only because final disposition remains analyst-owned. |
| Control design | condition | Narrative evidence must bind each saved paragraph to source-span ids and analyst approval event. |
| Evidence sufficiency | condition | Current eval report is sufficient for common typologies but needs 30-case source-span sample before broad scale. |
| Operational readiness | no objection | SOP, reviewer training and fallback to manual narrative drafting are documented. |
| Change and incident readiness | condition | Material changes to AML corpus, prompt or narrative template must reopen release gate. |
## 3. Material Concerns
| Concern id | Concern | Severity | Gate impact | Suggested action |
|---|---|---|---|---|
| C-001 | Paragraph-level source-span evidence is incomplete for high-risk typology narratives. | high | conditional release only | Add event capture and produce 30-case source-span review sample. |
| C-002 | Material-change trigger for AML corpus updates is not reflected in ADR. | medium | condition | Update ADR with corpus, prompt and workflow materiality rules. |
## 4. Conditions for Proceeding
| Condition id | Condition | Owner | Due date | Closure evidence |
|---|---|---|---|---|
| CON-001 | Capture source ids, passage ids, analyst edit diff and approval event for every narrative saved to case record. | AML Copilot Product Owner | 2026-07-15 | Event extract, 30-case sample workbook, reviewer sign-off. |
| CON-002 | Update ADR with material-change triggers for corpus, prompt, workflow and vendor gateway changes. | Product Architect | 2026-07-10 | Approved ADR-AML-COPILOT-004. |
## 5. Residual Concerns and Review Triggers
- Residual concern: Analysts may over-rely on fluent narrative drafts despite source support.
- Review trigger: Source-span error above 2% in monthly sample, any unsupported SAR-related phrase, or material corpus update.
- Escalation trigger: Any production narrative saved without source-span event.
## 6. Challenge Position
Final position: conditional no objection for controlled production release, no broad scale until CON-001 and CON-002 close.
Summary view:
| Field | AML copilot release example |
|---|---|
| Concern | Draft investigation narrative lacks paragraph-level source-span evidence for high-risk typologies. |
| Severity | High |
| Gate impact | Conditional go for pilot only; production release blocked until evidence is available. |
| Condition | Every saved narrative must capture source ids, analyst edit diff and approval event for a 30-case sample. |
| Closure evidence | Event extract, sample review workbook and updated ADR showing evidence collector design. |
7. Template: Issue / Action Log
| Field | Description | Example |
|---|---|---|
| Issue id | Unique issue identifier | ISS-KYC-2026-014 |
| Use case / gate | AI use case and lifecycle gate | KYC onboarding / pilot |
| Issue type | evidence gap, control design gap, operation failure, policy deviation, unresolved challenge, issue aging, repeat finding | control design gap |
| Issue statement | Specific problem, not vague risk language | Missing-info email draft can be sent without reviewer approval in edge case path |
| Severity | critical, high, medium, low | high |
| Gate impact | blocker, condition, monitor, accepted risk, escalate | blocker |
| Root cause hypothesis | Why it exists | workflow branch bypassed approval state |
| Action statement | Concrete management action | Add approval state check before send event and negative test for all branches |
| Action owner | Named role | KYC product owner |
| Due date | Date | 2026-07-10 |
| Acceptance criteria | Testable closure rule | 100% negative tests block unapproved send; sample trace shows approval event before send |
| Closure evidence | Evidence required | test report, trace sample, ADR update |
| Second-line view | challenge / closure opinion | Compliance confirms approval path is sufficient |
| Escalation trigger | When to escalate | overdue by 7 days or any production bypass |
| Status | open, in progress, ready for review, closed, reopened, escalated | in progress |
Issue severity guide:
| Severity | Definition | Typical action |
|---|---|---|
| Critical | Customer harm, regulatory breach, unauthorized write action or severe evidence failure likely or observed | stop, rollback, executive escalation |
| High | Material control gap or unresolved second-line objection for high-risk use case | release blocker or conditional pilot only |
| Medium | Control or evidence gap with compensating control and limited exposure | conditional release with due date |
| Low | Documentation, clarity or low-risk evidence improvement | track to next gate |
8. Template: Assurance Packet
Assurance packet is the minimum set of artifacts that lets reviewers understand what was decided, on what evidence, by whom, with which issues and review triggers.
| Section | Required content | Owner |
|---|---|---|
| Cover page | use case id, gate, date, decision, accountable owner, evidence packet version | Governance lead |
| Scope and boundary | business objective, user group, data, model, RAG, agent, tool, vendor, automation boundary | PM / architect |
| Three-lines role map | first-line owners, second-line challenge owners, third-line assurance role | Governance lead |
| Architecture view | context diagram, policy decision points, evidence collector, issue route, fallback | Product architect / EA |
| Control matrix | control objective, activity, owner, evidence, frequency, failure condition | Control owners |
| Eval / test summary | test scope, thresholds, failures, defect disposition, unresolved limits | AI platform / delivery |
| Challenge memo | second-line position, objections, conditions, residual concerns | Second line owners |
| Issue/action log | blocker, condition, accepted issue, action status and aging | Governance lead |
| Gate decision record | decision, rationale, conditions, review triggers, escalation path | First line owner + governance lead |
| ADR | architecture decision, tradeoffs, consequences, review triggers | Architect |
| Operating evidence plan | post-release evidence cadence, issue review cadence, scale criteria | Operations owner |
Quality bar:
- Every claim in executive narrative links to evidence.
- Every material issue has owner, due date and acceptance criteria.
- Every conditional go has explicit follow-up forum or review date.
- Every architecture tradeoff appears in an ADR.
- Every high-risk action has policy and evidence route.
9. Template: Escalation Path
| Trigger | First response | Escalation owner | Decision authority | Evidence required |
|---|---|---|---|---|
| Release blocker unresolved | Hold gate or reduce scope | Governance lead | Business sponsor + risk acceptance authority | blocker issue, impact, options |
| First / second line disagreement | Document positions and options | Governance chair | Delegated executive / risk committee | decision memo, challenge memo |
| Conditional action overdue | Notify owner and sponsor | Governance office | Portfolio governance / sponsor | action aging report |
| Production control failure | Pause affected function or activate fallback | Incident commander | Incident management authority | incident record, trace, customer impact |
| Repeat issue across use cases | Create platform standard candidate | Enterprise architect | Architecture review board | trend, root cause, proposed standard |
| Vendor material change | Freeze change or restrict use | Vendor owner / TPRM | Third-party risk authority + sponsor | vendor notice, impact analysis |
| Audit finding overdue | Follow audit issue route | Management action owner | Audit issue governance | action status, closure evidence |
Escalation decision memo:
| Field | Content |
|---|---|
| Decision required | go, no-go, reduce scope, accept risk, extend due date, pause, rollback |
| Options | option A / B / C with benefit, risk and operational impact |
| First-line position | accountable owner recommendation |
| Second-line position | no objection, condition, objection or escalation rationale |
| Assurance consideration | relevant audit finding or assurance concern, if any |
| Evidence | packet ids, issue ids, ADR ids |
| Final decision | selected option, owner, expiry, review trigger |
10. PM / BA / Architecture Questions
PM Questions
| Question | Strong answer should include |
|---|---|
| Who owns the business outcome and residual-risk proposal? | Named first-line owner and delegated decision authority |
| Which lifecycle gate are we at? | Intake, design, pilot, release, scale, change, incident or retire |
| What is the AI allowed and not allowed to do? | Automation boundary, prohibited actions and human workflow |
| What evidence proves value and control readiness together? | KPI, KRI, KCI and evidence packet links |
| What happens if second line objects? | Escalation path and decision authority |
| What conditions can we accept without weakening control? | Action owner, due date, acceptance criteria and review trigger |
BA Questions
| Question | Strong answer should include |
|---|---|
| What claims must be verifiable at the gate? | Claim-to-control-to-evidence mapping |
| Which process states create control evidence? | Workflow state model, event dictionary and evidence owner |
| Which exceptions are allowed and how are they closed? | Exception taxonomy, owner, expiry and compensating control |
| How is issue severity determined? | Gate impact, customer impact, policy deviation and evidence failure criteria |
| What is the minimum sufficient evidence packet? | Artifact list with owners and version ids |
| How are management actions tested before closure? | Acceptance criteria and closure evidence |
Architecture Questions
| Question | Strong answer should include |
|---|---|
| Where are policy decisions enforced? | Policy decision point, enforcement point and decision log |
| Where is evidence generated by design? | Trace store, evidence collector, event schema and retention tags |
| How do RAG / agent / copilot components map to controls? | Source inventory, tool registry, approval binding and UX state |
| Which architecture changes reopen the gate? | Model, prompt, RAG corpus, tool permission, vendor, automation and workflow materiality |
| How do issues become platform improvements? | Repeat issue trend, reference architecture standard and ADR |
| How can audit or independent reviewers query evidence without joining delivery tools manually? | Evidence packet index, access control and query path |
11. Release Checklist
Use this as a gate-entry checklist. A release meeting should not begin until the required items exist.
| Check | Pass criteria | Gate-entry signal |
|---|---|---|
| Use case registered | AI inventory record has owner, scope, risk tier and automation boundary | Missing record defers forum |
| Three-lines role map complete | First-line owner, second-line challenge owners and third-line role are documented | Missing owner blocks gate |
| Decision authority confirmed | Gate decision owner and escalation authority are known | Missing authority escalates before forum |
| Architecture view complete | RAG / agent / copilot / policy / evidence / issue route are shown | Missing view blocks architecture approval |
| Control matrix complete | Each material control has owner, activity, evidence, frequency and failure condition | Missing material control blocks release |
| Eval and test evidence ready | Thresholds, failures and defect disposition are documented | Unresolved high-risk failure blocks release |
| Evidence packet indexed | Evidence ids and versions are linked to claims and controls | Unindexed evidence returns to owner |
| Challenge memo complete | Second-line position, conditions and objections are documented | Missing memo limits gate to design discussion |
| Issue/action log current | Blockers, conditions, accepted issues and overdue actions are visible | Unknown blockers defer decision |
| Operational readiness confirmed | SOP, training, support, fallback and escalation are ready | Missing readiness reduces scope or blocks |
| ADR updated | Material tradeoffs, decision and review triggers recorded | Missing ADR blocks architecture sign-off |
| Material change rule defined | Model, prompt, RAG, tool, vendor and scope changes trigger review | Missing rule blocks scale |
| Post-release cadence set | Evidence, issue, quality and scale review cadence defined | Missing cadence turns go into no-go |
No-go signals:
- No named first-line owner.
- Second-line objection unresolved and not escalated.
- Critical or high blocker lacks closure plan.
- Evidence packet cannot support the proposed gate decision.
- Architecture lacks evidence capture for material control.
- Conditional go has no owner, due date or closure evidence.
- Internal audit is being asked to approve release.
12. Executive Narrative
Use this narrative for steering committee or portfolio review. Keep the wording factual and avoid saying "risk approved."
We are requesting conditional go for the AML copilot at the release gate.
The first-line accountable owner is the Financial Crime Operations Director, who owns the business outcome, operational process, control operation and residual-risk proposal. The use case is limited to L2 analyst support for alert types A and B. The AI is not permitted to close alerts, change disposition, file SARs or send customer communications.
The release packet includes the AML copilot architecture view, control matrix, eval/test evidence, second-line challenge memo, issue/action log and ADR-AML-COPILOT-004. Second-line functions reviewed the packet and recorded conditional no objection. The material conditions are paragraph-level source-span evidence for saved narratives and an ADR update for corpus, prompt, workflow and vendor material-change triggers, each with owner, due date and closure evidence.
The main value case is reduced narrative preparation time and improved case evidence consistency. The main risk/control considerations are unsupported narrative claims, analyst over-reliance and material corpus change. Open issues are classified as two release conditions and no unresolved blocker. The decision requested is conditional production release for the defined population, with review triggers for corpus update, prompt change, vendor gateway change, source-span sample failure, incident signal or scale request.
Internal audit is not approving this release. The use case will be visible to audit for future assurance planning because it affects financial crime case records.
Scenario-specific examples:
| Use case | Executive narrative emphasis |
|---|---|
| GenAI contact center | Internal agent-assist scope, regulated content escalation, transcript evidence and quality sampling |
| AML copilot | Analyst-owned final disposition, source-span narrative evidence and typology coverage |
| Credit decision support | Decision-support boundary, policy consistency and adverse-action / fairness challenge route |
| KYC onboarding | Human review for rejection, missing-info workflow, false reject / accept issue route |
| AI vendor model | Data-use terms, model update notice, fallback and exit plan |
| Enterprise knowledge assistant | Approved-source governance, entitlement-aware retrieval and sensitive-corpus restrictions |
13. Interview Drills
Drill 1: Explain Three Lines for AI in 30 seconds
Good answer:
For AI, Three Lines governance means first-line product and operations teams own the business outcome, controls and residual-risk proposal; second-line risk and compliance teams challenge policy fit, control design and evidence sufficiency; third-line internal audit provides independent assurance and does not approve release. The practical architecture artifact is a lifecycle gate model with decision records, evidence packets, challenge memos, issue/action logs and ADRs.
Drill 2: What is the most common failure?
Good answer:
The most common failure is saying "risk signed off" without defining who owns the release decision and residual risk. That blurs accountability. I would separate first-line decision, second-line challenge position and third-line assurance role in the gate record, then bind the decision to exact evidence and issue dispositions.
Drill 3: How would you apply this to an AML copilot?
Good answer:
The first line is financial crime operations, which owns analyst workflow, narrative quality and final disposition. Second line financial crime compliance challenges typology coverage, SAR boundary, source evidence and escalation rules. Internal audit does not approve release; it may later test whether governance and controls operated. The release packet should include source-span evidence for narratives, analyst approval events, issue/action log, eval coverage and an ADR stating the copilot cannot close alerts or file SARs.
Drill 4: How do you keep this from becoming bureaucracy?
Good answer:
I would make the model risk-tiered. Low-risk internal knowledge use gets a light gate. High-risk customer-impacting, credit, AML, KYC or agentic tool-use scenarios get full evidence forum and challenge memo. The key is reusable platform evidence: policy decision logs, trace events, control matrix templates and ADRs. That reduces meeting load while improving assurance readiness.
Drill 5: What would you ask the CTO to fund?
Good answer:
I would ask for an enterprise AI governance control plane: AI inventory, policy decision logging, evidence collector, trace store, issue/action register, ADR integration and material-change detection for model, prompt, RAG corpus, tools and vendor dependencies. This turns Three Lines from manual committee work into platform-supported governance.
14. Source Anchors
| Source | Official link | Execution translation |
|---|---|---|
| IIA Three Lines Model | https://www.theiia.org/en/content/position-papers/2020/the-iias-three-lines-model-an-update-of-the-three-lines-of-defense/ | Separate management ownership, risk/compliance challenge and internal audit assurance. |
| Basel Committee Corporate Governance Principles for Banks | https://www.bis.org/bcbs/publ/d328.htm | Align AI governance with banking governance, risk management, control environment and internal audit expectations. |
| COSO Internal Control Overview | https://www.coso.org/guidance-on-ic | Translate AI controls into control environment, risk assessment, control activities, information/communication and monitoring language. |
| NIST AI Risk Management Framework | https://www.nist.gov/itl/ai-risk-management-framework | Use Govern / Map / Measure / Manage to structure AI risk lifecycle and management action. |
| ISO/IEC 42001 AI Management System | https://www.iso.org/standard/81230.html | Treat AI governance as a management system with scope, operation, performance evaluation and improvement. |
| ISO/IEC 23894 AI Risk Management | https://www.iso.org/standard/77304.html | Anchor AI risk management, treatment and review vocabulary. |