AI Governance Playbook
Open search
Use-case library

26 industry-approved patterns with risk ratings.

Filter by industry to view safe, controlled, and high-risk uses with clear deployment guidance and required controls.

Low riskPublic data, no PII, minimal controls
Medium riskInternal data, private tenant, human review
High riskSensitive data, on-prem, strict controls
BankingLow risk

Developer acceleration

Speed up scaffolding and tests without touching client data.

DataSynthetic data only
DeployPublic SaaS or private tenant

Required controls

  • No secrets
  • Approved prompt templates
  • Code review

Decision summary

  • Safe when no client data is used
  • Review for auth and logging
  • Audit output changes
BankingMedium risk

Policy Q&A

Answer staff questions using approved internal policies.

DataInternal policies only
DeployPrivate tenant

Required controls

  • RAG over approved docs
  • Prompt logging
  • Human review

Decision summary

  • No client data
  • Content must be versioned
  • Outputs reviewed
BankingHigh risk

KYC document summarisation

Summarise identity verification documents for faster onboarding review.

DataClient PII (redacted)
DeployOn-prem or air-gapped

Required controls

  • PII redaction
  • Access controls
  • Audit trail
  • DLP

Decision summary

  • Requires full PII redaction
  • On-prem deployment mandatory
  • Human reviewer for all outputs
BankingMedium risk

Fraud pattern detection

Identify suspicious transaction patterns using AI analysis.

DataTransaction metadata (anonymised)
DeployPrivate tenant

Required controls

  • Data anonymisation
  • Model monitoring
  • Alert thresholds

Decision summary

  • No individual account details
  • Pattern-only analysis
  • Human investigation required
BankingMedium risk

Regulatory filing drafts

Draft regulatory submissions using approved templates and data.

DataInternal + public regulatory data
DeployPrivate tenant

Required controls

  • Template approval
  • Legal review
  • Version control

Decision summary

  • No client-specific data in prompts
  • All drafts require legal sign-off
  • Track all revisions
InsuranceLow risk

Claims workflow documentation

Draft process guides without claim files.

DataPublic/internal
DeployPublic SaaS

Required controls

  • No claim data
  • Template approval

Decision summary

  • Keep it template-only
  • Avoid policyholder data
InsuranceMedium risk

Underwriting guidelines assistant

Help underwriters navigate complex guideline documents.

DataInternal guidelines only
DeployPrivate tenant

Required controls

  • RAG over approved docs
  • No policy data
  • Audit logging

Decision summary

  • Guidelines only, no policyholder info
  • All queries logged
  • Human decision required
InsuranceHigh risk

Claims triage classification

Route claims to appropriate handlers based on description.

DataClaim summaries (redacted)
DeployOn-prem or private tenant

Required controls

  • PII redaction
  • Classification audit
  • Human override

Decision summary

  • No policyholder names or IDs
  • Classification only, not decisions
  • Human handler makes final call
InsuranceLow risk

Product comparison generator

Create comparison documents for internal training.

DataPublic product information
DeployPublic SaaS

Required controls

  • No pricing data
  • Review for accuracy

Decision summary

  • Public data only
  • Marketing review before use
  • No competitive intelligence
AuditMedium risk

Evidence indexing

Organize evidence metadata for faster review.

DataRedacted evidence
DeployPrivate tenant

Required controls

  • Redaction
  • Audit logging
  • Reviewer signoff

Decision summary

  • Never ingest raw evidence
  • Log all prompts
  • Reviewer required
AuditLow risk

Working paper drafting

Generate draft working papers from standardised templates.

DataInternal templates + public standards
DeployPrivate tenant

Required controls

  • Template controls
  • No client data
  • Partner review

Decision summary

  • Templates only, no engagement data
  • All drafts require review
  • Track template versions
AuditLow risk

Control testing assistant

Help auditors identify relevant controls for testing.

DataPublic standards + internal methodology
DeployPrivate tenant

Required controls

  • Methodology approval
  • No client info
  • Quality review

Decision summary

  • Standards-based recommendations
  • No client-specific controls
  • Senior auditor validates
AuditMedium risk

Engagement risk assessment

Assist in preliminary risk assessment for new engagements.

DataPublic company data + internal criteria
DeployPrivate tenant

Required controls

  • No confidential data
  • Partner approval
  • Documentation

Decision summary

  • Public information only
  • Risk factors, not conclusions
  • Partner makes final decision
FundsMedium risk

NAV support summaries

Summarise operational documentation for NAV workflows.

DataInternal SOPs
DeployPrivate tenant

Required controls

  • Access controls
  • Retention policy

Decision summary

  • No holdings or investor identity
  • Only approved docs
FundsMedium risk

Regulatory reporting drafts

Draft standard regulatory reports from templates.

DataInternal templates + public requirements
DeployPrivate tenant

Required controls

  • Template approval
  • Compliance review
  • Version control

Decision summary

  • No fund performance data
  • Templates and structure only
  • Compliance sign-off required
FundsMedium risk

Due diligence questionnaire assistance

Help complete standard DDQ sections using historical responses.

DataHistorical DDQ responses (approved)
DeployPrivate tenant

Required controls

  • Response approval
  • No investor data
  • Compliance review

Decision summary

  • Use only approved historical text
  • No fund-specific performance
  • Legal review for new content
HealthcareMedium risk

Clinical documentation assistance

Help clinicians draft documentation from templates.

DataClinical templates only
DeployOn-prem or private tenant

Required controls

  • No PHI
  • Template approval
  • Clinician review

Decision summary

  • Templates only, no patient data
  • Clinician validates all outputs
  • HIPAA compliance required
HealthcareHigh risk

Medical coding suggestions

Suggest ICD/CPT codes based on procedure descriptions.

DataAnonymised procedure descriptions
DeployOn-prem

Required controls

  • De-identification
  • Coder verification
  • Audit trail

Decision summary

  • No patient identifiers
  • Human coder makes final selection
  • Track all suggestions for audit
HealthcareLow risk

Research literature review

Summarise published research for clinical teams.

DataPublic medical literature
DeployPrivate tenant

Required controls

  • Source citation
  • Clinical review
  • No patient data

Decision summary

  • Published papers only
  • Always cite sources
  • Clinical team validates relevance
HealthcareLow risk

Patient education materials

Generate patient-friendly explanations of procedures.

DataPublic health information
DeployPrivate tenant

Required controls

  • Clinical accuracy review
  • Readability standards
  • No PHI

Decision summary

  • Generic information only
  • Clinician approves before use
  • Plain language requirements
LegalMedium risk

Contract clause library search

Find relevant clauses from approved internal precedents.

DataInternal clause library
DeployPrivate tenant

Required controls

  • Approved precedents only
  • Attorney review
  • No client data

Decision summary

  • Search approved clauses only
  • Attorney validates selection
  • No client-specific terms
LegalLow risk

Legal research assistant

Summarise case law and statutes for research.

DataPublic legal databases
DeployPrivate tenant

Required controls

  • Source citation
  • Attorney verification
  • No client matters

Decision summary

  • Public sources only
  • Always cite authorities
  • Attorney validates analysis
LegalHigh risk

Document review triage

Prioritise documents for review based on relevance indicators.

DataRedacted document metadata
DeployOn-prem

Required controls

  • Privilege protection
  • Redaction
  • Attorney supervision

Decision summary

  • Metadata only, not content
  • Privilege review required
  • Human reviewer makes decisions
Public SectorLow risk

Policy drafting assistance

Help draft public policy documents from templates.

DataPublic policy templates
DeployPrivate tenant

Required controls

  • Template approval
  • Senior review
  • No citizen data

Decision summary

  • Templates and guidance only
  • Policy owner approves
  • Public consultation still required
Public SectorMedium risk

FOI request classification

Classify and route freedom of information requests.

DataRequest metadata (redacted)
DeployOn-prem or private tenant

Required controls

  • PII redaction
  • Classification audit
  • Human decision

Decision summary

  • No requestor identification
  • Routing only, not response
  • Officer makes final decision
Public SectorHigh risk

Grant application screening

Screen grant applications for eligibility criteria.

DataApplication summaries (redacted)
DeployOn-prem

Required controls

  • Applicant anonymisation
  • Criteria documentation
  • Human review

Decision summary

  • No applicant identification
  • Eligibility check only
  • Panel makes final decisions