Use case #0002

Impact Assessment Automation: How AI Scores Regulatory Change Severity

Not all regulatory changes are equal. An amendment clarifying a reporting date format is not the same as a new SR letter that restructures the entire collections and recovery framework. A compliance team that treats every bulletin with the same urgency treats every bulletin with insufficient urgency for some and excessive urgency for others. The Regulatory Monitor AI scores every change on a consistent severity framework — so the compliance team knows instantly which ones need the MD on the phone and which ones need an entry in the register.

Why Severity Scoring Is the Foundation of Regulatory Prioritisation

In a typical week, the Regulatory Monitor AI may ingest 6 to 8 regulatory communications from various authorities. Of these, perhaps 2 require immediate action before month-end. Two more require policy updates within 90 days. Three are informational — they monitor a trend or consult on a future change. And one may be a clarification of an existing rule that requires no action whatsoever.

Without a severity scoring framework, the compliance team must make these priority judgements individually for each bulletin — a process that is time-consuming, inconsistent between team members, and prone to the bias of whichever bulletin was read most recently or most visibly. With a severity score, the team sees immediately which changes need the Board's attention, which need functional heads, and which can be handled by the compliance team's standard workflow.

"Every compliance team has a finite amount of attention. The severity score tells them where to spend it — not by reducing rigour on low-severity changes, but by ensuring that high-severity changes receive the attention they demand before anything else."

The Severity Score: 7 Dimensions, One Number, One Decision Tier

Severity Assessment — Fed / OCC/2025-26/84 · bank Collections Conduct Amendment

Assessed Nov 07, 2025 · Within 2.5 hours of publication

Severity Score 78/100 High severity — Board notification required

Decision Tier Tier 1 MD + CCO + Board Risk Committee

Compliance Window 24 days Effective December 1, 2025

Process Impact 6 functions Collections, Tech, Legal, HR, Compliance, Grievance

Severity Dimension Scores (7 weighted dimensions → composite score 78)

Operational Disruption

IVR and all collection channels require immediate change

18/20

Compliance Window

24 days — shorter than average (typical 60–90 days)

13/20

Penalty Exposure

UDAAP or collections conduct breach — supervisory risk, potential monetary penalty

15/20

Technology Change Required

IVR platform + auto-dialler + WhatsApp template changes

11/15

Staff Training Obligation

All collection agents and recovery partners

9/15

Record-Keeping Obligation

3-year call log retention — storage and system config

8/10

Borrower Complaint Risk

Non-disclosure could generate borrower complaints to Fed / OCC

4/10

The Severity Scale: 4 Tiers, Defined Escalation Paths

Score Band	Severity Tier	Decision Authority	Response Timeline	Board Notification	Examples
85–100	Critical	MD + Board + CCO	Action plan within 24 hours	Emergency Board notification required	New capital adequacy norms; fundamental change to business model eligibility
65–84	High	CCO + All Function Heads	Action plan within 72 hours	Board Risk Committee at next meeting	This bulletin (score 78); major KYC / CIP change; new NPL / charge-off classification rule
40–64	Moderate	CCO + Relevant Function Head	Action plan within 1 week	Quarterly board compliance report	Reporting format change; minor policy clarification with process impact
Below 40	Low	Compliance team	Register update within 2 weeks	Annual compliance report	Definitional clarification; advisory note; FAQ publication

The Portfolio of Circulars: How the AI Scores Multiple Changes Simultaneously

The severity scoring framework is not applied to one bulletin in isolation. It is applied to every bulletin ingested by the Regulatory Monitor AI, producing a running priority-ranked list of all open regulatory changes across every applicable authority. The compliance team's dashboard shows — at any moment — the full stack of pending regulatory obligations ranked by severity, with their deadlines, their completion status, and the functions responsible for each.

This portfolio view is what transforms compliance from a reactive fire-fighting function into a managed programme. A compliance team that can see 18 open regulatory changes simultaneously, ranked by severity, with their completion status and deadline proximity, is a team that can plan its work, allocate its capacity, and give the Board an honest picture of compliance programme health — not just the emergency on today's agenda.

7Scoring dimensions per bulletin — operational disruption through borrower complaint risk

4Escalation tiers — Critical (85+) through Low (below 40) with defined decision authorities

2.5hrsSeverity score produced after bulletin publication — before the compliance team's first meeting

PortfolioAll open changes scored and ranked simultaneously — full compliance programme visibility

The Severity Score Is Not a Risk Reduction — It Is an Attention Allocation Tool

A compliance team that spends equal time on a date-format clarification and a fundamental collections conduct amendment is not being thorough — it is being inefficient in a way that creates risk. The severity score ensures that when a bulletin scores 78, the MD is briefed that day, the function heads have action plans the next day, and the Board is notified at the next committee meeting. And when a bulletin scores 28, it goes into the register, gets updated in the compliance programme, and receives the attention it deserves — proportionate, not panicked. That proportionality, consistently applied across every bulletin, is what a well-governed compliance function looks like from the outside.