The Carver Knowledge Index
Authoritative definitions across compliance automation, risk governance, and decision intelligence.
Authoritative definitions across compliance automation, risk governance, and decision intelligence.
Anti-Money Laundering / Countering the Financing of Terrorism. A core compliance domain in financial services, encompassing rules fordetecting, reporting, and preventing illicit financial flows. AML/CFT regulations are a primary focus of global regulatory activity and enforcement, and among the most frequently updated rule sets.
AI systems that operate autonomously — observing inputs, forming plans, and taking actions without requiring step-by-step human instruction. Carver's platform is built on agentic AI that continuously monitors regulatory sources, classifies changes, and surfaces relevant signals in real time.
The process of ensuring AI systems follow legal, regulatory, ethical, and organizational requirements.
Frameworks, policies, and controls used to manage AI systems responsibly across an organization.
The identification, assessment, monitoring, and mitigation of risks associated with AI systems.
A chronological record of actions, decisions, prompts, model outputs, and system events for traceability.
System-enforced rules or workflows that automatically ensure compliance requirements are met.
Regulatory bodies whose decisions tend to presage global trends. The ECB and US Federal Reserve are the primary global influencers. The Monetary Authority of Singapore (MAS) leads on digital assets; the FCA sets the tone for consumer protection. Tracking these bodies can provide 12–18 months of advance warning on emerging regulatory directions.
Processes used to identify unfair or discriminatory patterns in AI outputs or training data.
A system that applies predefined organizational rules to AI workflows and decision-making.
A backward-looking function that tracks whether an organisation is meeting currently published rules. Distinguished from regulatory risk intelligence, which is forward-looking and aimed at anticipating changes before they become binding obligations. Compliance monitoring answers "are we compliant?" — regulatory intelligence answers "what's changing next?"
A pre-legislative document published by a regulator to solicit public feedback on a proposed rule or policy. Tracking consultation papers provides 12–18 months of advance notice, since over 80% of proposals eventually become binding. Firms that engage during comment periods can also influence final rule language.
Carver's AI-powered regulatory risk intelligence platform. Monitors 1,000+ regulators across 50+ countries in real time and delivers structured alerts classified across 20 attributes per change — including impact level, urgency, affected business functions, and specific actionables by team (policy, process, reporting, technology, training). Built for compliance, risk, legal, and strategy teams at mid-market financial services firms.
Carver's custom intelligence agent offering. Allows organisations to deploy bespoke agents that monitor proprietary intelligence sources, deliver complex analysis, and integrate with internal systems and workflows — beyond the standard RegWatch coverage universe.
The use of software and AI systems to automatically monitor, enforce, and report compliance obligations.
A structured set of policies, procedures, and safeguards designed to manage regulatory and operational risk.
Real-time or ongoing tracking of AI behavior, risks, and compliance status.
Dynamic compliance checks based on geography, regulation type, business unit, or user context.
Regulatory signals that have been classified, contextualised, and prioritised to the point where they can directly inform a strategic or operational decision — rather than raw regulatory text that requires manual interpretation. The defining output of a regulatory risk intelligence platform.
EU regulation that sets a new standard for operational resilience in financial services, requiring extensive resilience testing, strict vendor oversight, and 24-hour incident reporting. Full EU compliance was required by early 2025. Similar frameworks are being adopted in Singapore, Australia, and Canada.
The ability to trace data origins, transformations, movement, and usage across systems.
The capability to understand and reconstruct how an AI-generated decision was produced.
A system that automatically updates and applies compliance policies based on changing regulations.
A formal regulatory measure taken against an institution for non-compliance — including fines, consent orders, or supervisory actions. Monitoring enforcement trends reveals where regulators are directing attention before formal guidance is updated, helping firms anticipate where examination scrutiny will land next.
Publicly stated or inferable areas of focus for upcoming regulatory examinations. Monitoring exam priorities alongside enforcement actions reveals where regulators are heading before formal guidance changes — a critical forward-looking intelligence signal for risk and compliance teams.
The ability to clearly understand and communicate how an AI model reaches decisions or outputs.
A technical layer that applies compliance controls, restrictions, approvals, or validations to AI workflows.
Financial Action Task Force — an intergovernmental body that sets international standards for combating money laundering, terrorist financing, and related threats. FATF recommendations often precede national regulatory implementation by 12–24 months, making them a high-value horizon scanning signal.
Ongoing evaluation of AI systems to ensure equitable treatment across users or groups.
A governance approach where compliance responsibilities are distributed across teams while maintaining centralized oversight.
Governance, Risk, and Compliance platform — software used to manage compliance workflows, internal policies, controls, and risk assessments (e.g., RSA Archer, ServiceNow GRC, MetricStream). RegWatch functions as an intelligence layer that feeds these systems, rather than replacing them.
A structured approval and review process for AI models, prompts, datasets, or deployments.
Predefined safety and compliance boundaries that restrict unsafe or non-compliant AI behavior.
Monitoring the full regulatory ecosystem — consultations, draft rules, enforcement trends, and legislative signals — before changes become binding obligations. Effective horizon scanning gives teams 3–18 months of advance warning. One of the three core capabilities of regulatory risk intelligence, alongside signal detection and impact modelling.
A governance model where humans review, approve, or intervene in AI-driven decisions.
An international messaging standard for financial transactions that significantly enriches the data accompanying payments. Adoption deadlines set by ECB, SWIFT, and FedNow are driving major infrastructure changes across the industry, and creating regulatory risk for firms not yet migrated to the new standard.
Translating a regulatory change into concrete business actions — identifying which team owns it, what needs to change in policy, process, reporting, technology, or training, and what the deadline is. Turns raw regulatory intelligence into an actionable workstream.
Coordinating multiple compliance systems, rules, and workflows automatically using AI.
Processes used to detect, manage, investigate, and resolve AI-related compliance incidents.
Policies and controls specifically designed to manage Large Language Models and generative AI systems.
Managing compliance requirements across the entire AI lifecycle — design, training, deployment, monitoring, and retirement.
An open standard for enabling AI agents to connect with external tools, data sources, and systems. RegWatch is MCP-native, meaning it can be integrated into agentic workflows and advanced analytics pipelines that use this protocol.
A centralized repository for tracking AI models, versions, approvals, risks, and deployment status.
Infrastructure that continuously observes AI system behavior, outputs, and compliance signals.
A Carver module focused on third-party and partner risk monitoring. Tracks regulatory developments affecting partners and vendors — including enforcement actions, licence changes, and executive moves — providing early warning of partner risks before they surface in headlines or affect the customer's business.
Encoding compliance policies into machine-readable rules that systems can automatically enforce.
An automated, system-driven approach to enforcing regulatory and governance requirements through software controls.
Controls and monitoring mechanisms applied to prompts used in generative AI systems.
Recording the origin and history of data, prompts, models, and AI-generated outputs.
The practice of tracking updates published by regulatory bodies in real time — including mandates, sanctions, guidance, and policy statements. The foundation layer of a regulatory intelligence function, distinct from the analytical and predictive work of horizon scanning and impact modelling.
Structured attributes attached to each regulatory update to enable classification and prioritisation. At minimum: jurisdiction, regulator, impacted system, effective date, risk level, team ownership, and action required. RegWatch classifies each update across 20 such attributes, enabling meaningful filtering and routing.
The continuous process of monitoring, classifying, and interpreting regulatory change in real time so organisations can act on it strategically, not just comply reactively. It goes beyond tracking what regulators publish — it connects regulatory signals to business decisions across risk, strategy, legal, and product functions.
An open benchmark released by Carver Agents for evaluating whether AI agents can correctly respond to regulatory change. Designed to establish a standard for assessing accuracy and reliability of AI-driven regulatory intelligence systems — the first benchmark of its kind in the domain.
RegWatch's programmatic interface for integrating regulatory intelligence into customers' own systems. Supports real-time alert webhooks, query endpoints, relevance scoring on demand, and bulk data exports in JSON, CSV, PDF, and XML formats.
The practice of identifying and exploiting differences in regulatory regimes across jurisdictions — for example, launching a product in a more permissive market before stricter rules converge globally. RegWatch surfaces early arbitrage opportunities before markets converge, enabling strategic market entry timing.
The degree to which an organisation's products, markets, or operations are subject to potential regulatory action or restriction. Understanding regulatory exposure early — before product launch, market entry, or partnerships — allows firms to reduce risk and preserve strategic flexibility.
Continuous monitoring and interpretation of changing laws, regulations, and policy updates.
Assigning measurable risk levels to AI systems, prompts, outputs, or workflows.
Linking business controls and AI workflows to specific regulatory requirements.
The process of filtering thousands of regulatory publications down to what actually matters for a specific business. In RegWatch, AI classifies each signal by impact, urgency, affected business functions, and deadlines, so teams see relevant updates — not everything published across 1,000+ regulatory sources.
A third-party audit certification confirming that a service organisation's security, availability, and confidentiality controls are operating effectively over an extended period (typically 6–12 months). RegWatch is SOC 2 Type II certified, meeting the vendor risk expectations of financial services customers.
Tracking updates from sanctioning authorities (OFAC, OFSI, EU, UN) that restrict transactions with designated entities or individuals. Sanctions updates represent the fastest-moving regulatory risk — sometimes requiring action within hours of publication — making automation essential for timely compliance.
Policies and controls governing the creation and use of AI-generated synthetic datasets.
Visibility into the internal states, performance, logs, and behavior of AI systems.
The window between when a regulation is published and when it goes into effect. Windows vary widely — as short as 24 hours for sanctions updates, to several months for AML rules, or longer for infrastructure changes like ISO 20022 migration. Short windows are a direct test of a firm's agility and the speed of its intelligence function.
Categorising regulatory updates by topic — fraud, consumer protection, digital assets, resilience — to identify patterns across jurisdictions and time. Trend tagging transforms reactive alerts into predictive intelligence: for example, spotting a cross-jurisdictional shift toward linking instant payments with fraud controls months before it becomes a binding requirement.
The ability to track AI actions, outputs, decisions, and data flow across systems.
A security and governance layer ensuring AI systems remain compliant, safe, and explainable.
Processes used to verify that AI systems meet compliance, quality, and performance requirements.
Managing approvals, changes, and audit records for AI model and policy versions.
A real-time integration method where RegWatch pushes alerts to a customer's system immediately when new intelligence is available. Webhooks can be filtered by relevance score, jurisdiction, or topic. Each payload includes full regulatory text, AI analysis, and metadata in JSON format.
Methods and technologies that make AI model decisions interpretable and transparent.