RegCore.AIRegCore.AI

Practitioner notes from the firm.

Reference notes we at RegCore.AI have written against the regulatory ground, OSFI E-23, FIFAI II, FINTRAC, CIRO, SR 11-7, NIST AI RMF, EU AI Act and the operating practice around them. For the current editorial track, see our insights page; for the canonical framework index, see frameworks.

/ai-governance-artifacts

Five AI governance artifacts a regulated deployer has to produce

The artifact set that answers OSFI E-23, SR 11-7, NIST AI RMF and EU AI Act reviewers, model cards, agent cards, HITL architecture, inventory, governance operating model.

Read the note →/fintrac-ciro-ai-2026

FINTRAC 2026 and CIRO consolidation, AI in Canadian financial services

What the 2026 FINTRAC amendments and CIRO consolidation mean for AI-driven transaction monitoring and investment-dealer supervision.

Read the note →/intervenability

The intervenability turn, why monitoring alone stops working

Observability became table stakes. The 2026 maturity step is intervenability, how fast you can stop the system and who is on the gate when you do.

Read the note →/osfi-e23-vendor-cascade

What OSFI E-23 asks of AI vendors selling into Canadian banks

The practical flow-down effect of E-23 on AI vendors, read clause-by-clause against the supervisory perimeter the bank client operates under.

Read the note →/osfi-e23-vendor-playbook

OSFI E-23 vendor questionnaire playbook

The questions Canadian FRFI procurement teams are sending on AI, the artifacts that answer them, and the failure modes that show up repeatedly.

Read the note →/osfi-fifai-agile

What OSFI is signalling through its AI governance workshops

FIFAI is a channel, not a rulebook. How OSFI's supervisory themes cascade through E-23, B-10 and E-21 to shape AI governance programmes in Canadian FRFIs.

Read the note →/platform-vs-consultancy

AI governance, platform, consultancy, or something else

A structured comparison of AI governance platforms and consultancy-led delivery for Canadian and North American FSI. Where each fits, where each breaks.

Read the note →/sr-11-7-e-23-crosswalk

SR 11-7 meets OSFI E-23, a cross-border model risk crosswalk

The Fed/OCC/FDIC refresh and the OSFI E-23 enforcement date have made the two frameworks asymmetric on GenAI and agentic AI. Here is the crosswalk.

Read the note →/three-governance-gaps

Three AI governance gaps existing tools cannot close

Observability without traceability, policy buried in prompts, and a commit-semantics gap, three structural failures dashboards and GRC tools cannot address alone.

Read the note →

Looking for the current editorial track?

The firm publishes longer-form insights on the regulatory ground that is moving fastest, and compliance playbooks that walk from discovery to artifact. Both are maintained against change.

InsightsPlaybooks