AEGISPolicy Engine

WHO

Compliance Officer or Policy Approver — responsible for defining and enforcing governance rules across all AI systems

WHEN

When creating new policies, reviewing pending approvals, or investigating a policy breach

WHY

Without enforceable policies, AI systems operate without guardrails. SR 11-7 requires documented controls. Every deployment blocked by an overdue policy is an operational risk.

HOW

1. Author or edit policy rules 2. Assign policies to AI systems or risk tiers 3. Approve pending policy changes 4. Review breach history

SR 11-7EU AI Act Art. 9NIST AI RMFOCC

Create and manage governance policies applied to your AI systems. Policies define the rules Aegis enforces — automatically or with human approval.

Policy vs Rule: A Policy is a set of rules applied to one or more AI systems. A Rule is a specific condition within a policy — e.g. “Block decisions where demographic proxy score > 0.8”. Policies are versioned. Every change creates a new version with a full audit trail.

AI Control Plane / Policies

Policies

Rules that enforce automatically across every AI system

New Policy

Active Policies

6

Block Rules

4

Flag Rules

2

Regulations Covered

6

AI Code

—

Policy ID▼	Policy Name	Scope	Regulation	Enforcement	Triggered	Status	Owner
MFG-006	GenAI Consumer Interaction Policy Controls LLM and agent use in customer-facing apps.	ALL	UDAAP	FLAG	0 / 0	ACTIVE	M. Torres
MFG-005	FRTB Internal Model Approach Policy Governs market risk IMA models under FRTB.	ALL	FRTB	FLAG	0 / 0	ACTIVE	James Liu
MFG-004	AML Transaction Monitoring Controls Ensures AML models meet FinCEN SAR-filing thresholds.	ALL	FinCEN BSA	BLOCK	0 / 0	ACTIVE	Priya Sharma
MFG-003	CCAR/DFAST Stress Testing Governance Ensures stress testing models meet Fed supervisory expectations.	ALL	CCAR/DFAST	BLOCK	0 / 0	ACTIVE	Sandra Reyes
MFG-002	ECOA Fair Lending Compliance Prohibits discriminatory use of AI in credit decisions.	ALL	ECOA/Reg B	BLOCK	0 / 0	ACTIVE	Dev Kapoor
MFG-001	SR 11-7 Model Risk Management Governs model dev, validation, and use across all risk models.	ALL	SR 11-7	BLOCK	0 / 0	ACTIVE	M. Torres

ECOA / Fair Lending

Lending models — demographic proxy detection active

0 active policies

OCC SR 11-7

Model risk management — confidence, versioning, human review

1 active policy

OSFI B-10

Third-party AI risk — registration enforcement, AML escalation

0 active policies

Policy Checks

No policy checks recorded yet

Policy checks appear here when an AI system makes a decision that triggers a governance rule. Decisions are logged in real time once a system is connected.