AI Governance
Gap Analysis
A diagnostic tool for UK Building Societies
Assess your society's AI governance framework against the regulatory landscape as of March 2026, including the FCA Consumer Duty, SM&CR, PRA SS1/23 on model risk management, and operational resilience requirements under PS21/3.
About This Diagnostic
This assessment comprises 23 questions across nine domains, designed specifically for UK building societies. It draws upon the full spectrum of applicable regulation, including the Financial Conduct Authority's Consumer Duty and portfolio letter for building societies, the Prudential Regulation Authority's Supervisory Statement SS1/23 on model risk management, the Senior Managers and Certification Regime, the operational resilience framework (PS21/3), UK GDPR, and the Building Societies Act 1986.
The diagnostic addresses the full spectrum of AI governance obligations, including the governance of AI embedded within third party GRC and compliance platforms, the risk of over reliance on automated compliance tools, and the emerging threat of AI enabled financial crime.
How to score: Each question carries a maximum of one point. A full "Yes" response scores 1 point. A "Partial" response scores 0.5 points. A "No" response scores 0 points. Results are presented as a percentage score with a maturity band and section level breakdown.
This diagnostic is intended for internal self assessment purposes only and does not constitute legal or regulatory advice. Building societies should seek independent legal and compliance advice when assessing their specific regulatory obligations. Regulations cited are current as of March 2026.