Regulatory Compliance & Assurance for Automated Decision Systems

Zerisk helps regulated organizations govern automated and data-driven decision systems by translating regulatory expectations into enforceable controls, audit-ready evidence, and assurance-ready structures.

As organizations increasingly rely on automated decisions, regulators and auditors are shifting their focus from innovation to accountability.Oversight expectations now extend beyond models and technology to the governance, controls, and evidence that support automated decision systems.Zerisk does not provide legal advice, audit services, or compliance certifications. We design governance and assurance structures that help organizations prepare for regulatory scrutiny, examinations, and audits involving automated and data-driven decision systems.

Scope of Work

Zerisk’s scope of work covers governance and assurance-readiness activities related to automated and data-driven decision systems.Scope coverage includes:

  • Governance structures for automated decision systems

  • Control objectives and evidence requirements

  • Assurance readiness and audit preparation

  • Forward-looking regulatory and examiner expectations

Zerisk’s work is non-audit, non-legal, non-attestation, and non-decision-making in nature.

Intended Use & Audience

Zerisk’s work is intended for regulated organizations and stakeholders responsible for the governance, oversight, and assurance of automated and data-driven decision systems.

Primary intended audiences include:

  • Regulated financial institutions and related entities

  • Risk, compliance, audit, and governance functions

  • Senior executives and board-level stakeholders with oversight responsibilities

  • Internal assurance, examination, and control stakeholders

This work is not intended for:

  • Consumer-facing use

  • Individual decision-making

  • Unregulated environments

  • Legal, audit, or certification reliance

Engagement Approach

Zerisk engagements are structured, bounded, and evidence-driven in nature.Engagements are typically framed around the following areas:

  • Governance and decision-system assessment activities

  • Control objective and evidence structure definition

  • Assurance-readiness and examination preparation support

Engagements are scoped through written Statements of Work and designed to support internal governance, compliance readiness, and audit preparation activities.Zerisk does not provide ongoing operational management or assume compliance or regulatory decision-making authority.

Governance

Zerisk operates under formal governance and independence principles aligned with regulatory, audit, and assurance expectations.

Professional Boundaries

Zerisk maintains clear professional boundaries to preserve independence and objectivity.

  • Zerisk does not perform audits, attestations, or certifications

  • Zerisk does not provide legal advice or legal opinions

  • Zerisk does not assume compliance or regulatory decision-making authority

  • Zerisk avoids conflicts of interest and maintains independence

Data Usage

Zerisk conducts public analyses using publicly available information only. Client-specific information used in private engagements is governed by contractual confidentiality obligations and is not incorporated into public materials.

Internal Governance

Zerisk maintains formal internal policies and controls aligned with its operating posture, including:

  • Independence and conflicts of interest

  • Public-source data usage

  • Client acceptance standards

  • Risk management and assurance posture

Leadership

Zerisk is led by its Founder & Managing Director, Kenneth Jones, a regulatory compliance and assurance professional with experience across governance, data management, automation, and risk oversight in regulated environments. His work focuses on the governance of automated and data-driven decision systems, aligning regulatory expectations with enforceable controls and audit-ready evidence.

Supporting Documentation

Zerisk maintains formal written policies addressing independence, data usage, client acceptance, and risk management. Supporting documentation is available upon request.

Insights

Zerisk produces periodic analyses and governance briefs focused on regulatory expectations, assurance readiness, and automated decision systems.Publications emphasize:

  • Regulatory and supervisory signals

  • Audit and examination expectations

  • Governance and evidence considerations

Zerisk does not comment on, assess, or draw conclusions about individual organizations except where analysis is based solely on publicly available information.

Engage

Zerisk engages selectively with organizations operating in regulated and supervised environments.Inquiries should relate to governance, assurance, or compliance-readiness for automated or data-driven decision systems.Zerisk does not provide legal advice, audit services, or compliance certifications.

Thank you for your inquiry.

Zerisk reviews inquiries selectively to ensure alignment with its governance and independence principles.If your inquiry falls within scope, you will be contacted directly.