When regulators audit, when boards ask, when something goes wrong — your institution must answer one question: can you prove your AI is doing what it was meant to? R-BED is the operational framework that makes that answer possible.
Across 1,368 documented failures, the breakdown was rarely the absence of policy. It was the inability to determine, in operational terms, whether deployed systems remained within acceptable behavioural boundaries — and to credibly link what was monitored to the business outcomes the deployment was meant to influence. We call this the Evaluability Gap. It manifests in three dimensions.
Organisations cannot articulate, in measurable operational terms, what acceptable AI system behaviour means in their specific deployment context. Without a definition, monitoring is theatre.
Even where definitions exist, institutions lack the monitoring infrastructure, intervention thresholds, and enforcement authority required to act on them in production. Governance becomes documentation, not control.
The dimension most often missed: governance signals are rarely connected to the revenue, customer outcomes, or institutional risk the deployment was meant to influence. Well-monitored systems remain disconnected from why they were deployed.
R-BED grounds AI governance in the same disciplined risk decomposition that the Federal Reserve's SR 11-7 brought to banking models after the global financial crisis — extended into the probabilistic, adaptive, and operationally fluid systems that now define the AI frontier.
The probability that the system itself misbehaves: system design, data foundations, failure modes, fairness, stability, safety, explainability.
Given a failure, the probability that harm reaches a stakeholder: human control, exposure architecture, monitoring & guardrails.
Given harm, the magnitude and reversibility of the consequence: propagation, severity, recovery.
A unified governance operating model spanning traditional ML, generative AI, RAG, and agentic systems. Grounded in the analysis of 1,368 documented AI failures and synthesised with the Stanford Digital Economy Lab's 51 Enterprise AI Success Patterns.
Develops R-BED from first principles, maps it to nine regulatory frameworks, presents six worked examples drawn from financial services and insurance, and operationalises the framework through the Indicator Catalogue, the Indicator Companion, and the R-BED Workbook.
Extends the SR 11-7 lineage into the SR 26-2 era — including the GenAI and agentic systems the supervisory letter explicitly carved out. Aligned with OSFI Guideline E-23 for Canadian institutions.
Mapped to the NAIC Model Bulletin on AI Systems, with worked examples for accelerated underwriting, conversion scoring, and external lead allocation deployments.
R-BED tier assignment maps directly to EU AI Act high-risk categorisation, NIST AI RMF profiles, and ISO/IEC 42001 management-system requirements.
For deployments where reversibility, recourse, and consequence severity demand the discipline of operational evaluability — not aspirational principle.
Start where the urgency is. Most institutions begin with an executive briefing, move to a portfolio assessment of their current AI deployments, then operationalise R-BED through their model risk function.
The complete framework, mapped to regulatory expectations, with six worked examples and the full indicator catalogue. The entry point for governance, MRM, and risk teams.
Get the book →A 90-minute working session for boards, executive committees, or MRM leadership. Tailored to your portfolio, your regulators, and your current AI risk posture.
Request a briefing →A structured implementation: portfolio scoring, gap analysis, governance operating model design, and training for your three lines of defence. Typical engagement: 8–16 weeks.
Start the conversation →