Skip to main content

Command Palette

Search for a command to run...

Why Compliance isn't just a checkbox exercise

Updated
3 min readView as Markdown
Why Compliance isn't just a checkbox exercise

Validation of an AI model is about proving that the model meets policy, standards and expectations for fairness, accountability and transparency.

At the time of writing (July 2026) there are a number of regulatory compliance and legal frameworks in place that businesses operating with AI models in their tech stack may have to comply with.:

SR 11-7 - A foundational Model Risk Management (MRM) framework issued by the U.S. Federal Reserve and the OCC in 2011. They require clear documentation, back-testing and independent validation

EU AI Act - Legal framework for artificial intelligence, designed to ensure AI systems are safe, transparent, non-discriminatory, and respectful of fundamental rights. Emphasises risk classification, transparency and human oversight.

Basel Principles - BCBS (Basel Committee on Banking Supervision) framework on Model Risk Management and operation resilience. They require financial institutions to safely integrate AI by ensuring strict data governance, model validation and human oversight.

When you evaluate an AI models validation results in accordance to these regulatory frameworks you are asking:

  • Does is follow required policy and regulatory standards?

  • Does it have the documentation to back it up?

  • Does it stand up to independent scrutiny?

Failing compliance can result in:

  • Regulatory fines

  • Reputational damage

  • Forced shutdown of your AI Model

Mini case studies

Retail bank credit risk

You are working for a financial institution operates a retail bank with an AI credit risk model that performed well technically, with a stable AUC and good back-testing results. However, when a regulator requested documentation on this during an SR 11-7 audit, the bank were not able to provide clear records on feature selection rationale and assumption testing.

As SR 11-7 explicitly requires comprehensive documentation of all AI Modelling choices the bank is forced to halt the model's use until it was documented and independent validation were completed.

Even if an AI model works, missing documentation can make it noncompliant and legally unusable.


Lack of human oversight under the EU AI Act

A hiring algorithm was classified as "high-risk" under the EU AI Act. It produces accurate predictions, but human oversight was absent over decisions made as a result of the AI model. This is violation of Article 14 of the act.

The company had to suspend the system, retrain their staff and implement an oversight protocol before resuming use. Under the EU AI Act, human oversight isn't optional; it's a compliance safeguard that ensures accountability.


Basel stress testing gap

A global bank's trading model passed normal validation tests, but failed stress testing against extreme market conditions. Basel requires testing under "plausible but severe" conditions.

Regulators flagged the gap, requiring additional stress tests prior to re-approval. Basel isn't only about governance, it ensures AI models remain reliable under crisis conditions, not just in calm markets.

Summary

Compliance isn't just paperwork, it's proof of integrity. Regulators want proof that AI models are transparent, fair and traceable.

Governance varies by framework. SR 11-7 focusses on independent validation and documentation. Basel principles handle governance, stress testing and oversight. The EU AI Act covers transparency, explainability and human accountability.

Non-compliance carries real costs. Ai model shutdowns, delayed product launches and reputational damage are common outcomes when validation gaps are unaddressed.

Compliance and trust go hand-in-hand. Meeting these standards reassures regulators, business leaders, customers and the public that your models are safe, fair and responsibly managed.