AI Compliance Assessment Tool

Board & Senior Management

• Designate AI oversight responsibility to a board committee or senior officer
• Approve the AI strategy and risk appetite framework
• Review AI risk reports at least quarterly
• Ensure sufficient AI expertise at the management level
• Approve high-risk AI system deployments

Chief Compliance Officer

• Maintain AI systems inventory and risk register
• Conduct compliance assessments for new AI implementations
• Monitor ongoing AI system performance and fairness
• Report AI-related incidents to management and regulators
• Coordinate with technology and operations teams

Risk Management

• Integrate AI risk into the enterprise risk management framework
• Develop AI-specific risk assessment methodologies
• Monitor model drift, bias, and performance degradation
• Establish escalation procedures for AI malfunctions
• Maintain business continuity plans for AI system failures

Technology & Operations

• Implement secure development practices for AI systems
• Maintain audit trails and logging for AI decisions
• Ensure data quality, lineage, and privacy controls
• Conduct regular security assessments of AI infrastructure
• Manage third-party AI vendor relationships and due diligence

Three Lines of Defence

• 1st Line: Business units own AI systems and manage day-to-day risks
• 2nd Line: Compliance and risk functions provide oversight and frameworks
• 3rd Line: Internal audit provides independent assurance over AI governance
• Clear roles and responsibilities documented for each line

Ethical AI Principles

• Fairness: AI systems must not discriminate against protected groups
• Transparency: Clients must be informed when AI influences decisions
• Explainability: AI decisions must be explainable in plain language
• Accountability: Human oversight for material AI-driven decisions
• Privacy: AI must comply with privacy legislation (PIPEDA, Quebec Law 25)

Policies & Procedures

• AI Governance Policy (board-approved)
• AI Risk Management Framework
• AI Ethics and Responsible Use Policy
• Data Governance and Privacy Policy
• Third-Party AI Vendor Management Policy
• AI Incident Response Procedures

Inventory & Assessment

• AI Systems Inventory (this tool helps build this)
• Risk Assessments for each AI system
• Data Protection Impact Assessments (DPIAs)
• Model validation and testing reports
• Bias and fairness testing documentation

Monitoring & Reporting

• AI performance monitoring dashboards and metrics
• Incident logs and resolution records
• Quarterly AI risk reports to board/management
• Annual AI governance review report
• Regulatory examination preparation files

Client-Facing

• Client disclosure notices for AI-assisted services
• Consent forms for AI data processing
• Explanation documents for AI-driven recommendations
• Complaint handling procedures for AI-related issues
• Client communication templates (AI transparency)

AI Systems Inventory (CSV)

Export all AI systems with risk scores and details.

Compliance Report (CSV)

Export all checklist items with completion status.

Print Full Report

Print or save as PDF for board packages and regulatory files.