Working-day guides — from DORA gap analysis to the EU AI Act, MDR / IVDR, ORSA, and beyond — written from real Sia engagements with GSIBs, insurers, hyperscalers, and pharma. No fluff, no vendor speak. The workflow we'd hand to a compliance lead taking the project on Monday.
Why ChatGPT, Claude, and horizontal AI tools like Harvey can't replace a purpose-built regulatory system. The thick-wrapper case, the five-question test we'd run on any vendor, and what "trained on tens of thousands of SME annotations" actually means.
The eight capabilities that matter, the four categories of vendor, and the seven questions to ask before signing. Honest about where Sia RegAI fits and where it doesn't.
How to add AI to GxP-validated workflows without breaking the validated state. CSA-aligned, audit-trail-grade.
Annex II structure, Annex VIII classification rules, GSPR matrix, clinical evaluation, post-market surveillance — and where AI cuts drafting time without breaking notified-body acceptance.
EMA GVP and ICH E2 framework, ICSR triage, MedDRA coding, narrative drafting, signal management, PBRER drafting. Where AI fits without breaking the QPPV's sign-off.
The three core questions, supervisor expectations, scenario analysis, and where AI compresses the report cycle while the actuarial function and CRO keep the judgment.
The five-phase workflow we run for utilities: BES Cyber System categorization, requirement mapping, evidence gap analysis, policy drafting, audit-pack assembly. Common findings and how to avoid them.
The Models that matter (MAR, ORSA, IDSML, AI Model Bulletin) and the multi-state mapping problem. How AI compresses 30+ jurisdictional comparisons into one matrix.
A side-by-side comparison. Certifiable management system vs. operational framework. When to pick one, when to add the other, when to run both.
GRC stores controls. Regulatory intelligence does the reading, mapping, and drafting. The category-distinction guide for compliance buyers running both.
The triage workflow we run with clients. Annex III, the Article 6(3) exception, GPAI. Produces defensible classification memos for every system.
The mechanic that turns AI output from "memo" into "audit-ready artifact." The five-property checklist for any vendor that claims defensibility.
Six phases — scope, obligation extraction, applicability triage, gap analysis, control drafting, evidence pack — from real GSIB engagements.
Where banks land in the four risk tiers. What Annex IV documentation actually needs. The August 2026 timeline you can't miss.
70% of obligations map cleanly. The remaining 30% — PEP scope, BO thresholds, STR timing — is where multi-jurisdictional banks burn budget.
For state-chartered banks moving to OCC supervision, or any large bank under heightened-standards scrutiny. The clause-level mapping playbook from a recent charter conversion.
Insurers run Solvency II for capital and IFRS 17 for accounting — and both touch the same products, contracts, and data. How to map them once and serve both.
The four functions (Govern, Map, Measure, Manage), what each one actually demands of an AI-first company, and the pragmatic 30-day onboarding plan we run with hyperscalers.
A 45-minute walkthrough on a slice of your scope and a sample policy. We bring the platform.
