Governance & Program Info
Anomaly Detection & Market Surveillance — Governance
Cross-builder institution context and per-item ownership, due dates, status, and next actions for the governance-relevant checklist items in this builder.
Institution context
Program info
Applies across every builder in the app. Stored locally; nothing leaves the browser.
Checklist governance
Items (0 of 16 marked complete)
Annotate ownership, due date, status, and next action. Items on the left come from the builder's governance / compliance phases.
05 · Governance & Compliance
Complete SR 11-7 documentation for every detection model
Purpose, data lineage, assumptions, limitations, known failure modes, validation results — all seven SR 11-7 elements per model, including unsupervised and GNN components.
05 · Governance & Compliance
Independent model validation
Second-line or external independent team validates logic, data, assumptions, and performance claims — including the unsupervised and ensemble arbiter.
05 · Governance & Compliance
Ongoing model performance monitoring plan
KPIs, monitoring frequency, alert thresholds, escalation paths for performance degradation. Required under SR 11-7 and SR 15-18.
05 · Governance & Compliance
Change management and versioning for detection models
Who approves model updates, what tests gate promotion, how changes roll back, and what audit trail is produced.
05 · Governance & Compliance
SEC Rule 613 (CAT) reporting integrity
All reportable events accurately, timely, and completely reported to the Consolidated Audit Trail. Surveillance findings must reconcile to CAT.
05 · Governance & Compliance
FINRA Rule 3110 / NASD 3010 supervisory system evidence
Documented evidence the supervisory system is reasonably designed — including why the chosen detection models are appropriate for the firm's business.
05 · Governance & Compliance
FINRA Rule 3310 / BSA AML program evidence
Written AML program, independent testing, designated BSA officer, ongoing training, risk-based customer due diligence.
05 · Governance & Compliance
MiFID II Art. 17 algorithmic-trading surveillance
For EU-regulated firms: pre-trade controls, kill-switch, annual self-assessment, and evidence that surveillance catches market-abuse typologies specified in MAR.
05 · Governance & Compliance
EU Market Abuse Regulation (MAR 596/2014) typology coverage
Evidence that surveillance covers the MAR-specified typologies: spoofing, layering, marking the close, wash trading, abusive squeezes, insider dealing, unlawful disclosure.
05 · Governance & Compliance
SEC 8-K Item 1.05 cyber disclosure process
Documented process for detecting, escalating, determining materiality, and filing within 4 business days. Effective Dec 18 2023 — enforcement actively in progress.
05 · Governance & Compliance
EU DORA (Jan 17 2025) ICT risk management and incident reporting
Register of ICT contracts, TLPT penetration testing for systemic firms, major ICT incident reporting within prescribed windows.
05 · Governance & Compliance
NIST CSF 2.0 mapping
NIST Cybersecurity Framework 2.0 (effective 26 Feb 2024) added the "Govern" pillar. Map our program to all six functions — 81% of US financial institutions report partial/full adoption.
05 · Governance & Compliance
OCC Heightened Standards alignment
For large US banks: independent risk-management framework, three-lines-of-defense, risk-appetite statement covering model and AI risk.
05 · Governance & Compliance
EU AI Act high-risk system obligations
Most surveillance AI is high-risk under the EU AI Act — technical documentation, human oversight, logging, transparency, and post-market monitoring obligations.
05 · Governance & Compliance
Fair-surveillance / disparate-impact assessment
Does our anomaly detection disproportionately flag any protected class (directly or via proxy)? Document the assessment and mitigation.
05 · Governance & Compliance
Regulator-facing audit trail
Every alert, disposition, model version, and escalation decision retrievable on demand for SEC / FINRA / FCA / BaFin examination.