Industries · Financial services

Demonstrated · design partner wanted

Prove the controls around AI in financial workflows.

Risk tiers, required approval, and per-invocation evidence are declared in the manifest today. This page shows how they would back a model-risk review; the compliance export your regulator expects is what we build with a design partner.

Read the essay: “Controls in the contract, not the code review” →

The pain

AI and automation sit inside trading, credit, payments, and onboarding decisions. Risk and compliance need to show what the model was allowed to do, that approvals were enforced, and that the whole decision can be replayed — not just that an outcome was logged.

The trigger

A model-risk review, an internal audit, or a regulator asks: “Demonstrate the controls around this automated decision.” Assembling that evidence after the fact is expensive and incomplete.

Who owns it

Risk and compliance, with the platform team — accountable for model governance and for the evidence that the controls actually held.

What CHP would do

High-risk capabilities are declared with a risk tier, required authorization, and required approval before they can be invoked; every invocation emits evidence, and the decision replays as a single bundle. The controls are in the contract, not just the code review.

The demonstrated record

The controls, declared up front.

This is a CHP host manifest: the capability declares a high risk tier, that authorization is required, and that approval is required — before anything can invoke it. Callers see the controls, and every invocation against them is evidenced.

Demonstrated, not yet shipped: risk tiers, approval, and evidence exist today. Compliance export and enterprise identity are what we build with a design partner.

host manifest — high-risk, approval-gated
json
{
  "id": "service-ops-host",
  "version": "0.1.0",
  "protocol_version": "0.1",
  "kind": "service",
  "capabilities": [{
    "id": "schedule_technician",
    "version": "1.0.0",
    "description": "Reserve a qualified technician.",
    "status": "experimental",
    "modes": ["sync"],
    "emits": ["execution_started", "execution_completed", "execution_denied"],
    "policy": {
      "risk_tier": "high",
      "auth_required": true,
      "approval_required": true
    }
  }],
  "evidence": {
    "store": "local-append-only",
    "append_only": true
  }
}

Putting AI into regulated financial decisions?

Bring a real decision flow. We’ll declare the controls in the protocol and build the compliance export your risk function needs, together.

Build it with us