Concepts
The governance layer
What sits between your AI and your customers — the eleven capabilities Bedrock layers on top of the immutable ledger.
The ledger and certificate system tell you what happened. The governance layer is the set of capabilities that make sure the right things keep happening — that the AI models are still calibrated, that vulnerable customers are routed to the right reviewers, that incidents get triaged, that bias doesn't creep in unnoticed, that the right checklists were completed. It's where Bedrock crosses from “system of record” into “system of control.”
The eleven capabilities
- Model registry — every AI model your firm uses, registered, versioned, and named
- Drift detection — automatic alerts when a model starts behaving differently
- Bias monitoring — protected-characteristic outcome comparisons
- Vulnerability routing — Consumer Duty triggers send the right cases to the right humans
- Incident response — structured handling for things that go wrong
- Impact assessments — Consumer Duty outcome assessments, signed off before any AI use case goes live
- Explainability — capture the rationale, not just the output
- Chain integrity — continuous proof that the ledger hasn't been tampered with
- Checklists — gating reviewer decisions on completeness
- SLA enforcement — turnaround time guarantees with breach events
- Certificates — externally verifiable proof of every decision
How they fit together
Each capability produces verifiable evidence — either as ledger events or as per-job structured fields anchored to the chain. SLA breaches write SLA_BREACHED. Incident handling writes INCIDENT_LOGGED and INCIDENT_RESOLVED. Impact-assessment sign-off writes IMPACT_ASSESSMENT_APPROVED. Drift detection and bias monitoring read directly from the per-job aiContext.model and clientSegments fields, so the evidence is the underlying data rather than a derived alert event. Vulnerability routing persists vulnerabilityFlags on the job itself. Every capability produces something a regulator or auditor can ask for and get a verifiable answer about.
Mapping to FCA rules
Each capability maps to a specific section of the FCA Handbook — Principles 6 and 12, Consumer Duty (PRIN 2A), SYSC 8, SYSC 22, COBS, and others. See the full mapping in FCA Handbook mapping.