AI compliance, governance & controls
I help risk, compliance and product leaders turn AI from a regulatory exposure into a controlled, auditable capability – grounded in EU AI Act requirements, NIST AI RMF and real-world model and operational risk practice.
Based in Europe · Working with fintech and financial services teams globally
Services
Whether you are piloting agentic AI, scaling decisioning models or preparing for EU and US regulatory expectations on high-risk AI, I work with your risk, compliance and product teams to design architectures that are demonstrable, repeatable and defensible.
AI Governance & Risk Architecture From principles to a concrete control stack that connects policy, risk frameworks and delivery.
Regulatory readiness for high-risk systems Practical controls and evidence for EU AI Act, US guidance and sector regulators.
Agentic AI authority & control frameworks Agents that act within defined, monitored boundaries.
Approach
I work as a partner to your risk, compliance, product and engineering teams – using simple artefacts, clear ownership and a bias toward implementable controls instead of theoretical frameworks.
Inventory & risk lens
Map current and planned AI/agentic use cases, classify by impact and regulatory exposure, and identify where governance really matters.
Architecture & authority design
Define who can do what, on which systems, with which guardrails – focusing on authority policies, human oversight, logging and escalation patterns.
Controls, evidence & playbooks
Turn requirements into controls, run-books and evidence templates that risk, audit and regulators can actually review and understand.
Scale & continuous governance
Establish rhythms for monitoring, exception handling and periodic review so governance keeps up as models and agents evolve.
Use cases
These use cases reflect the themes I write about frequently – agentic AI, regulatory patchwork and AI as a competitive advantage when governed well.
“We deployed AI agents – now the Board wants to understand the guardrails.” You have pilots or production agents making real decisions, but authority policies, kill switches and oversight are still fuzzy. We design concrete control patterns that your CISO, CRO and Audit Committee can stand behind.
“We need a plan for high-risk obligations – not another slide deck.” Together we identify which systems are in scope, where your current controls already align with EU AI Act, NIST AI RMF and sector expectations, and where you need new architecture, documentation and oversight mechanisms.
“How do we harmonize AI governance across EU, UK and US expectations?” I help you build a common governance spine that can flex for EU AI Act, sectoral rules and emerging global standards, so you do not maintain three competing frameworks internally.
Latest thinking
On LinkedIn, I write daily about the gap between AI hype and the controls regulators, Boards and risk teams now expect – from lending and operational workflows to agentic AI in production.
This site mirrors those themes. If a topic resonates, we can turn it into a working session for your team.
What it takes to harmonize AI governance across regions without three competing control stacks.
Why kill switches, autonomy drift tracking and decision ownership are now Board-level questions.
Using AI without overwhelming operations or degrading your control environment.
About
I work at the intersection of AI, risk and compliance – specialising in model risk and operational risk in fintech and financial services.
If you are looking to move beyond generic “responsible AI” statements to concrete, auditable architectures, we should speak.
Contact
If you would like to discuss AI governance, risk architecture, regulatory readiness, or a potential collaboration, please send an email and I will get back to you directly.
Email: consult@rihovilippus.com
Please include a short note about your organisation, AI use case, and what kind of support you are looking for.