Governance & Program Info

Call Center Agent Assist — Governance

Cross-builder institution context and per-item ownership, due dates, status, and next actions for the governance-relevant checklist items in this builder.

← Back to checklist
Institution context
Program info
Applies across every builder in the app. Stored locally; nothing leaves the browser.
Checklist governance
Items (0 of 22 marked complete)
Annotate ownership, due date, status, and next action. Items on the left come from the builder's governance / compliance phases.
04 · UDAAP / MiFID Compliance & Quality
Force response grounding in retrieved context
required
LLM responses must cite a knowledge-base chunk or approved response-library entry — unsourced generation is blocked.
04 · UDAAP / MiFID Compliance & Quality
Response library priority over free-form generation
required
For known intents, suggest verbatim from the compliance-approved response library; free-form generation only for long-tail.
04 · UDAAP / MiFID Compliance & Quality
Hallucination monitoring on live traffic
required
Automated detection of responses that contain claims not present in any retrieved chunk. Target < 1% flagged rate.
04 · UDAAP / MiFID Compliance & Quality
Compliance flagging for sensitive topics
required
Automatic flagging when conversation touches Reg E disputes, TILA APRs, Reg BI suitability, fair lending — route to approved language.
04 · UDAAP / MiFID Compliance & Quality
Compliance-team ownership of knowledge base
required
Compliance signs off on corpus changes, response-library entries, and guardrail rules — the knowledge base is a compliance artifact.
04 · UDAAP / MiFID Compliance & Quality
Two-party consent management for AI analysis
required
State-specific consent management for CA, IL, FL, MD, MT, NV, NH, PA, WA two-party states.
04 · UDAAP / MiFID Compliance & Quality
Voice biometrics consent (Illinois BIPA)
required
Written notice, stated purpose, written release before voiceprint collection. $1,000 / $5,000 per violation.
04 · UDAAP / MiFID Compliance & Quality
PII masking before LLM call
requiredtrinidy
SSN, account number, card PAN, DOB masked in the transcript before any LLM call — even on-prem.
04 · UDAAP / MiFID Compliance & Quality
Fair lending disparate impact monitoring
recommended
Periodic testing of suggestion quality and resolution outcomes by customer demographic segment.
05 · Governance & Compliance
CFPB UDAAP exposure review
required
Treat AI-suggested scripts as institution-delivered content — compliance signs off on response library and knowledge base.
05 · Governance & Compliance
Regulation E / EFTA (12 CFR 1005) alignment
required
Dispute timelines, liability limits, and consumer-rights language surfaced by AI must be verbatim and current.
05 · Governance & Compliance
GLBA Safeguards Rule — training data and model access
required
Conversation transcripts used to train models are customer financial information — training pipelines inherit GLBA obligations.
05 · Governance & Compliance
CFPB 1033 open-banking provenance logging
required
Every 1033 data access surfaced in a call logged with consent token, data source, and retention window.
05 · Governance & Compliance
SEC Rule 17a-4 / FINRA recordkeeping for broker-dealer calls
required
Broker-dealer calls (including AI suggestions and agent responses) retained WORM-compliant for 6 years. $3B+ in enforcement since 2021.
05 · Governance & Compliance
MiFID II Article 16(7) recordkeeping
required
All client-order-related telephone conversations recorded, 5-year minimum retention, tamper-proof. 2024 EU penalties €44.5M (143% YoY).
05 · Governance & Compliance
MiFID III active AI analysis readiness (2026)
recommended
Forthcoming MiFID III requires active AI analysis of recorded conversations — not passive retention.
05 · Governance & Compliance
GDPR lawful basis for conversation AI processing
required
Lawful basis, data subject rights, DPIA for AI-processed conversation data.
05 · Governance & Compliance
California CCPA / CPRA compliance
required
Notice at collection, right to opt out of AI processing for automated decisioning, right to delete conversation data.
05 · Governance & Compliance
Illinois BIPA — voiceprint handling
required
Written notice, written release, published retention policy for voice biometrics. $1,000 / $5,000 per violation, private right of action.
05 · Governance & Compliance
Colorado AI Act — high-risk AI system documentation
required
Colorado AI Act (effective Feb 2026) classifies AI in consumer financial services as high-risk — requires risk management and documentation.
05 · Governance & Compliance
Model risk management (SR 11-7 equivalent) for LLM stack
required
MRM documentation, validation, monitoring applied to LLM and RAG pipeline — many banks still treat GenAI as out of scope.
05 · Governance & Compliance
Board-level AI governance reporting
recommended
AI suggestion accuracy, hallucination rate, compliance violation rate, and consumer outcome metrics in board risk reporting.