AEGISAI
Start Assessment

About AegisAI Compliance

AI governance readiness for regulated financial institutions.

AegisAI Compliance helps banks, credit unions, fintechs, and regulated technology teams evaluate AI governance readiness across policy, vendor risk, model risk, data governance, board oversight, and evidence readiness.

AegisAI Compliance is founder-led by Grant Holloway, Founder & CEO, whose 18+ years of model risk, regulatory compliance, and AI/ML oversight experience spans Europe and North America.

Talk to an ExpertSee Methodology
Built for regulated financial institutions
Evidence-based AI governance assessments
Clear scope, process, and data handling

Why we exist

AI adoption moved faster than governance evidence.

Financial institutions are adopting vendor AI, embedded AI, internal analytics, and employee-use AI faster than many compliance teams can document ownership, review, monitoring, and board oversight.

Founder origin

“Compliance teams understand the obligation. The hard part is turning broad AI governance expectations into evidence a risk committee, auditor, examiner, or board can actually review.”

AegisAI Compliance was built for institutions that need a defensible path without starting from a blank page or waiting for a large consulting engagement to define the basics.

Generic AI policies often miss model risk, vendor oversight, data controls, and board reporting dependencies.

Manual governance projects can create long inventories of gaps without helping teams prioritize what to do next.

AegisAI's approach combines structured evidence review with expert judgment so findings are specific, documented, and usable.

Leadership and experts

Named accountability matters in a trust-sensitive category.

Regulated buyers should be able to see who is behind a governance service, what background informs the work, and where the limits are. AegisAI Compliance is currently founder-led, with methodology, client assessment work, and public resources directly overseen by Grant Holloway.

Grant Holloway, Founder and CEO of AegisAI Compliance

Grant Holloway

Founder & CEO, AegisAI Compliance

LinkedIn profile

Founder profile

Grant Holloway helps banks and regulated financial institutions design and operationalize AI governance frameworks that can stand up to regulatory, audit, and board scrutiny. Educated overseas at the University of Warwick in the UK, he brings more than 18 years of hands-on experience across model risk management, regulatory compliance, and AI/ML oversight.

Before founding AegisAI Compliance, Grant led Model Risk and AI Governance for a Tier-1 European bank, overseeing validation and lifecycle governance for high-impact credit, fraud, pricing, and production machine learning models. His work has involved SR 11-7 and SR 26-2 expectations, ECB and PRA model risk guidance, and emerging AI regulations.

Model risk leadership

Led Model Risk and AI Governance work for a Tier-1 European bank, including production ML model lifecycle governance.

Regulatory translation

Turns SR 11-7, SR 26-2 / OCC Bulletin 2026-13, NIST AI RMF, FFIEC, and supervisory themes into reviewable controls.

Evidence-first outputs

Focuses on policies, inventories, vendor files, approval records, monitoring routines, and board reporting artifacts.

MSc Financial Mathematics, University of Warwick

BSc Applied Statistics, University of Cape Town

Certified Financial Risk Manager (FRM)

Certified Information Privacy Professional (CIPP/E)

Relevant background

  • More than 18 years of hands-on experience in model risk management, regulatory compliance, and AI/ML oversight
  • Former Model Risk and AI Governance lead for a Tier-1 European bank
  • Oversaw validation and lifecycle governance for high-impact credit, fraud, pricing, and production machine learning models
  • Worked with SR 11-7, SR 26-2, ECB, PRA, and emerging AI regulatory expectations
  • Builds assessment content from recognized sources including NIST AI RMF, FFIEC guidance, model risk guidance, and current supervisory themes

Areas of specialization

AI governance program designAI model inventory and risk tieringMachine learning model validationExplainable AI in credit decisioningModel risk and lifecycle governanceThird-party and embedded AI vendor reviewBoard and executive reportingEvidence readiness and auditability

Implementation experience

  • Led or advised programs to establish AI model inventories and risk tiering
  • Integrated AI and machine learning models into existing model risk frameworks
  • Designed evidence packages for internal audit and supervisory exam readiness
  • Translated regulatory language into practical controls, policies, and governance artifacts
  • Bridged data science, compliance, audit, and executive stakeholders in cross-border institutions

Speaking, training, and professional communities

Grant has delivered talks and training sessions for industry audiences, including the European Risk Management Council, the Global Association of Risk Professionals (GARP), and regional fintech associations. His work focuses on practical AI governance topics that connect technical implementation with risk, audit, and regulatory expectations.

Explainable AI in credit decisioningModel validation for machine learning modelsPractical implementation of NIST AI RMF in banking environmentsOperationalizing AI governance for overlapping regulatory regimes

International perspective

Originally from South Africa and educated in the UK, Grant brings cross-border perspective to AI governance programs for institutions subject to overlapping regulatory regimes. His operating stance is direct: AI systems used in regulated finance should be explainable, auditable, and aligned with the institution's obligations to customers and regulators.

Our methodology

Structured assessment first. Expert judgment where it matters.

AegisAI Compliance assessments are designed to make the “who, how, and why” of AI governance review visible. Automation helps organize evidence and apply a consistent framework. Human review is required for context, materiality, prioritization, and executive-ready interpretation.

01

Discovery

Clarify AI use cases, ownership, risk appetite, oversight bodies, and the institution's current policy environment.

02

Evidence Review

Review available policies, inventories, vendor files, approval records, monitoring routines, and board or committee reporting artifacts.

03

Controls Mapping

Map evidence against practical governance domains: policy, vendor risk, model risk, data governance, board oversight, and compliance evidence.

04

Risk Analysis

Separate missing documentation from deeper governance gaps so teams can distinguish quick evidence fixes from structural issues.

05

Prioritized Findings

Translate gaps into sequenced remediation actions with clear owners, documentation needs, and executive-level risk context.

06

Executive Reporting

Package findings into concise, board-aware outputs that risk, compliance, internal audit, and leadership can use.

How automation is used

Automation may help structure intake, organize responses, map evidence to domains, and create first-pass reporting views. It does not replace expert review of institutional context, documentation quality, risk significance, or remediation priority.

Methodology accordion candidate

On a longer page, each phase can expand to show inputs, example evidence, reviewer questions, and expected outputs. Keep the default state scannable for executives and expandable for compliance, risk, and audit users.

What makes clients trust us

Credibility comes from traceability, not vague AI claims.

Risk-conscious institutions need to know what an assessment is based on, how findings are produced, how sensitive information is handled, and where to verify the company's operating standards.

Framework-traceable work

Assessment domains are organized around recognized governance expectations and documented industry practice, not generic responsible AI claims.

Financial-institution specificity

The work distinguishes vendor AI, internal models, employee-use AI, data governance, third-party risk, model risk, and board oversight.

Documented outputs

Findings are written for reviewability: what was assessed, what evidence was available, what gaps remain, and what actions come next.

Clear scope limits

AegisAI Compliance does not provide legal advice, examination conclusions, or supervisory approvals. The role is structured readiness support.

Evidence snapshot

NIST AI Risk Management Framework
NIST Generative AI Profile
FFIEC third-party and IT examination themes
SR 11-7 model risk continuity mapping
Current model risk governance expectations
CFPB, FDIC, OCC, and Federal Reserve supervisory themes

Security and privacy stance

Assessment conversations are scoped to minimize unnecessary sensitive data. Teams should avoid submitting customer NPPI, credentials, or non-public supervisory information unless a separate reviewed process requires it.

PrivacyTermsContact

How we work

Clear inputs, documented outputs, and reviewable decisions.

Engagements are designed for teams that need practical governance clarity without ambiguity about scope, data handling, or the difference between readiness support and legal advice.

Engagement style

AegisAI Compliance works from defined domains, evidence requests, documented assumptions, and prioritized outputs so stakeholders can see how conclusions were reached.

  • Start with the evidence your institution already has before adding new process.
  • Make gaps understandable to business owners, risk committees, and executive stakeholders.
  • Separate advisory observations from legal or regulatory conclusions.
  • Favor concise documentation that can be reviewed, updated, and defended.
  • Give teams a practical sequence for remediation rather than a long undifferentiated issue list.

Resources and insights

Public resources should educate before they convert.

AegisAI Compliance publishes resources that help teams understand AI governance expectations, improve evidence readiness, and evaluate the methodology before starting a deeper conversation.

Reviewed by Grant Holloway

Methodology

How the readiness scoring framework works, what it covers, and what it does not claim to prove.

View resource

Reviewed by Grant Holloway

Editorial Standards

How AegisAI Compliance keeps public content practical, sourced, and clear about limitations.

View resource

Reviewed by Grant Holloway

AI Governance Checklist

A practical readiness resource for smaller financial institutions building AI oversight.

View resource

Attribution pattern for insight content

Resource pages should identify the author or reviewer, describe review scope where relevant, and link back to this About page, methodology, privacy policy, and contact page so buyers and search systems can verify authorship, process, and company identity.

Ready to evaluate AI governance readiness?

Start with a focused assessment conversation.

Share the governance questions your institution is working through. AegisAI Compliance will help identify the right next step without asking for unnecessary sensitive information.

Privacy-conscious intake. Clear scope. No legal advice claims.

Book an AssessmentStart free readiness score