Lightweight AI Governance for an Investment Firm's Screening Tool
A previous advisor quoted six months of EU AI Act compliance for a five-user internal tool. The Act had no jurisdiction. The right-sized approach took three weeks at a quarter of the cost.
A boutique investment firm in the UAE was building an internal AI tool to screen deal flow. The model read pitch decks, financials, and market data, then ranked opportunities against the firm's investment criteria. A handful of people used it, all inside the firm.
An external advisor had quoted them a six-month EU AI Act compliance programme. The tool was internal only. No EU users. No external access. No regulated financial product.
What the situation actually called for
Our team assessed it under all three frameworks. The EU AI Act had no jurisdiction over an internal tool with no EU exposure. ISO 42001 was more than a single small tool with a few users needed. NIST AI RMF gave them exactly the right amount: a lightweight but structured way to document model risks, data quality controls, and human oversight for investment-committee sign-off.
The result
We delivered the governance wrapper in three weeks. The previous advisor's proposal would have taken six months and cost roughly four times as much, for a regulatory framework that did not apply. The skill in governance is not knowing every framework. It is knowing which one the situation actually needs, and having the discipline to stop there. For a small firm, that discipline is the difference between getting governance done and never starting it.
If your situation is similar, our team is happy to start with a conversation about scope and approach.