AI Risk Triage

Know exactly where you stand against RBI's Model Risk Management direction

In 3 weeks we map your AI/ML systems within agreed scope, tier them by risk, and deliver a first evidence pack your board can act on — before the final guidance lands.

3 weeksScope frozen after kickoff
Fixed scopeNo open-ended advisory hours
Yours to keepNo vendor lock-in
Take the free assessment Book a scoping call

Why this sprint

AI-driven decisions directly affect your customers' access to credit.

RBI's draft Guidance on Model Risk Management asks a simple question of every regulated entity: which models do you have, how autonomous are they, and can you prove they're validated and overseen? Most institutions cannot yet answer that in one document. This sprint builds that document.

Model inventory and risk-based tiering, aligned to the draft's own tiering logic — materiality, complexity, and autonomy.
Third-party and vendor-embedded models (credit bureaus, Video-KYC, core banking ML) checked against the accountability clause.
A named, prioritised list — not a generic maturity score — so your RMCB knows what to review first.
Findings mapped paragraph-by-paragraph to the current draft, so nothing is asserted without a citation.

Who this is for

Built for banks and NBFCs

Banks & NBFCs deploying AI in lending or KYC

Credit scoring, video-KYC, collections automation, or fraud detection already live — and no single document ties them to a risk tier.

Risk & Compliance leaders needing a board-ready answer

You need something concrete to bring to the Risk Management Committee before it becomes a regulator's question instead.

Institutions with multiple vendor AI dependencies

Core banking, credit bureau integration, third-party chat and KYC tools — each one is your accountability regardless of who built it.

Choose the right entry point

If you're not sure this is the right starting point

What you get

Five documents, cross-referenced to each other

01

AI System Register

Every AI/ML system in scope — owner, discovery route, vendor dependency, data classification.

02

Risk Triage Report

Severity × Vulnerability × Detectability scoring per system, resulting in an IMMEDIATE / HIGH / MODERATE / LOW priority tier.

03

RBI MRM paragraph-level mapping

Every finding marked Evidenced, Planned, or Open against the current draft — stated plainly, not oversold.

04

Priority Summary for your RMCB

A board-ready document naming the systems that need attention first, and why.

05

30-60-90 day roadmap

Sequenced next actions — which are yours to execute internally, and which require the next OvikAI engagement.

How the sprint works

Four steps, three weeks

01

Scope & system list

We agree which business lines and systems are in scope — lending, KYC, collections, or all three.

02

Discovery & interviews

Structured interviews surface systems that never made it into a formal registry — including shadow AI.

03

Risk scoring & RBI mapping

Every system scored and mapped, paragraph by paragraph, against the current draft guidance.

04

Board debrief

We walk your risk team or RMCB through the findings and the recommended 30-60-90 day sequence.

After the sprint

You'll be able to answer, with evidence

Which AI/ML systems do we actually have in production, and who owns each one?

Which of them would RBI's draft guidance classify as high-tier, and why?

Where are we exposed on third-party or vendor-embedded model accountability?

What should the Risk Management Committee review first?

What's realistic to fix in 30, 60, and 90 days — and what needs a longer engagement?

Four service terms

How we protect you from scope creep

01

Fixed scope

The systems and deliverables we agree at kickoff are what you receive. No loose advisory hours added afterward.

02

Delivery commitment

If the sprint runs late due to our execution, we complete the agreed deliverables at no extra cost.

03

One structured review round

If your internal reviewer raises reasonable questions about completeness or methodology, we incorporate that feedback once, within scope.

04

No vendor lock-in

The Register, Risk Triage Report, and roadmap are yours — in your own format, with no dependency on OvikAI tooling to use them.

Frequently asked

Before you book a call

Is this a compliance certification?

No. We don't sell a certificate or an absolute compliance guarantee. You get a documented, evidence-based assessment — findings, gaps, and a prioritised roadmap — within the scope we agree.

RBI's guidance is still in draft. Why do this now?

Because model inventory and risk tiering are worth having regardless of the final wording — and institutions that build the foundation now arrive at final guidance with evidence already assembled, not scrambling to produce it.

What if we also need adversarial testing or runtime enforcement?

That's the Assess & Red Team and Governed AI Factory engagements — this sprint is the foundation they build on. Many institutions start here because you need to know what you have before you can test or govern it.

Do you work with institutions of our size?

This sprint is scoped for banks, NBFCs, and RRBs — from small finance banks to larger regulated entities. Scope and pricing adjust to the number of systems and business lines involved.

Where this fits

One programme, four layers — this sprint is Layer 0

Layer 0 · This sprint
Decide & Scope

Register, Risk Triage, RBI mapping

Layer 1
Assess & Red Team

Adversarial testing, fairness, explainability

Layer 2
Register & Govern

AI-BOM, vendor validation, catalogue

Layer 3
Operate & Monitor

Runtime gates, audit trail, kill-switch

Start with the assessment or a conversation.

Not sure this is the right first step? Take the free 10-minute self-assessment, or book a call and we'll tell you honestly whether this sprint is what you need.