Research, grounded in primary source.
Our practitioner research on OSFI E-23, the EU AI Act, ISO/IEC 42001, Canadian privacy law, agentic AI governance and foundation model diligence. Each paper is cited to regulator text, standards bodies and enforcement record.
OSFI E-23 Enterprise Readiness
A practitioner blueprint for the 17-field model inventory, principle mapped controls, and the artifact set your supervisor will read before the May 1, 2027 enforcement date.
EU AI Act: High-Risk System Compliance
Annex III classification, Article 9 risk management, Article 10 data governance, Article 15 accuracy and robustness, and the Annex IV technical file. What a Canadian FRFI with EU reach must produce before August 2, 2026.
ISO/IEC 42001 AIMS Implementation
A certifiable AI Management System: scoped, designed, deployed and audited, with a compliance agent pipeline that keeps the Statement of Applicability current.
Canadian Privacy for Financial-Services AI Deployers
Quebec Law 25, PIPEDA and cross-border transfer posture. Producing PIAs and ADM disclosures that stand up to regulator scrutiny in banking, insurance and capital markets.
Agentic AI Governance
Autonomous, multi-step, tool-calling agents: the controls, artifacts and oversight regulators are beginning to ask for.
Foundation Model Due Diligence
What a regulated deployer must now produce when a GPAI (Claude, GPT, Gemini, Llama, Mistral, Cohere) enters the control perimeter.
Need research on a framework we have not yet published?
Our research desk produces bespoke cuts for CROs, CCOs, CIOs and GCs when a supervisory conversation needs primary source depth. Speak with a partner.