Sia RegAI — Blog

Sia RegAI — Blog https://siareg.ai/blog Practical, working-day guides on regulatory compliance — DORA, EU AI Act, MAS, HKMA, OCC, FCA, FDA, EMA, NERC CIP, NAIC, Solvency II, NIST AI RMF, ISO 42001 — written from real Sia engagements with GSIBs, insurers, hyperscalers, pharma, and utilities. en-us © 2026 Sia Partners. All rights reserved. Sun, 04 May 2026 09:00:00 GMT Sun, 04 May 2026 09:00:00 GMT cyril.sayada@sia-partners.com (Cyril Sayada) cyril.sayada@sia-partners.com (Cyril Sayada) Regulatory Intelligence Compliance Technology AI Governance Sia RegAI https://siareg.ai/assets/logos/sia_logo_dark.png Sia RegAI — Blog https://siareg.ai/blog Thick wrapper vs thin wrapper — why regulatory AI needs a purpose-built system https://siareg.ai/blog/thick-vs-thin-wrapper https://siareg.ai/blog/thick-vs-thin-wrapper Sun, 26 Apr 2026 09:00:00 GMT Cyril Sayada Engineering Point of view Why ChatGPT, Claude, Perplexity, and horizontal AI tools like Harvey can't replace a purpose-built regulatory system. The thick-wrapper case, the five-question vendor test, and what "trained on tens of thousands of SME annotations" actually means. Citation graphs for compliance — why every AI output needs receipts https://siareg.ai/blog/citation-graphs https://siareg.ai/blog/citation-graphs Sun, 26 Apr 2026 09:00:00 GMT Cyril Sayada Engineering Defensibility The mechanic that turns AI output from "memo" into "audit-ready artifact." How a citation graph is built, why it's the moat, and the five-property checklist for any vendor that claims defensibility. Regulatory Change Management Software — A Buyer's Guide https://siareg.ai/blog/regulatory-change-management-software https://siareg.ai/blog/regulatory-change-management-software Thu, 30 Apr 2026 09:00:00 GMT Cyril Sayada Buyer's guide The eight capabilities that matter, the four categories of vendor (regulatory feeds, GRC platforms, pure regulatory intelligence, consulting deliverables), and the seven questions to ask before signing. GRC vs Regulatory Intelligence — Why They're Not the Same Tool https://siareg.ai/blog/grc-vs-regulatory-intelligence https://siareg.ai/blog/grc-vs-regulatory-intelligence Thu, 30 Apr 2026 09:00:00 GMT Cyril Sayada Buyer's guide GRC platforms (Archer, ServiceNow GRC, MetricStream, OneTrust) store controls. Regulatory intelligence platforms (Sia RegAI, Compliance.ai, Norm AI) do the reading, mapping, and drafting. The category-distinction guide for compliance buyers. EU AI Act High-Risk Classification — A Decision Tree for AI Builders https://siareg.ai/blog/eu-ai-act-high-risk https://siareg.ai/blog/eu-ai-act-high-risk Thu, 30 Apr 2026 09:00:00 GMT Cyril Sayada Tech AI governance An eight-step decision tree for classifying AI systems under the EU AI Act: definition, prohibited practices (Article 5), Annex III high-risk categories, the Article 6(3) exception, Annex I product-safety integration, GPAI track, limited-risk transparency. FDA 21 CFR Part 11 Compliance with AI — Records, Signatures, Audit Trail https://siareg.ai/blog/fda-21-cfr-part-11 https://siareg.ai/blog/fda-21-cfr-part-11 Thu, 30 Apr 2026 09:00:00 GMT Cyril Sayada Pharma How to add AI to GxP-validated workflows without breaking the validated state. CSA-aligned, audit-trail-grade. The five Part-11 control objectives mapped to AI integration. EU MDR & IVDR — Automating Technical Documentation https://siareg.ai/blog/eu-mdr-ivdr-technical-documentation https://siareg.ai/blog/eu-mdr-ivdr-technical-documentation Thu, 30 Apr 2026 09:00:00 GMT Cyril Sayada Pharma MDR and IVDR Annex II structure, Annex VIII classification rules (Rule 11 software, IVDR Rule 3), GSPR conformity matrix, clinical evaluation, post-market surveillance — and where AI cuts drafting time without breaking notified-body acceptance. Pharmacovigilance Automation — Cutting ICSR & PSUR Cycle Times https://siareg.ai/blog/pharmacovigilance-automation https://siareg.ai/blog/pharmacovigilance-automation Thu, 30 Apr 2026 09:00:00 GMT Cyril Sayada Pharma EMA GVP and ICH E2 framework. ICSR triage, MedDRA coding, narrative drafting, signal management, PBRER drafting. Where AI fits without breaking the QPPV's sign-off. NERC CIP Compliance with AI — From CIP-002 Asset Inventory to Audit-Ready Evidence https://siareg.ai/blog/nerc-cip-compliance https://siareg.ai/blog/nerc-cip-compliance Thu, 30 Apr 2026 09:00:00 GMT Cyril Sayada Utilities The five-phase Sia RegAI workflow for utilities: BES Cyber System categorization, requirement mapping, evidence inventory, policy drafting, audit-pack assembly. Common findings and how to avoid them. ORSA in Practice — Automating Solvency II Pillar II https://siareg.ai/blog/orsa-solvency-ii-pillar-2 https://siareg.ai/blog/orsa-solvency-ii-pillar-2 Thu, 30 Apr 2026 09:00:00 GMT Cyril Sayada Insurance The Article 45 ORSA's three core questions (overall solvency needs, continuous compliance, deviation from SCR assumptions). Country-specific NCA expectations. Where AI compresses the cycle and what stays human. NAIC Model Laws — US Insurance Compliance for Multi-State Carriers https://siareg.ai/blog/naic-model-laws-multi-state https://siareg.ai/blog/naic-model-laws-multi-state Thu, 30 Apr 2026 09:00:00 GMT Cyril Sayada Insurance How NAIC's Model Laws (Model Audit Rule #205, ORSA Model Act #505, IDSML #668, AI Model Bulletin) differ across the 50 states, and how AI compresses 30+ jurisdictional comparisons into one matrix. ISO 42001 vs NIST AI RMF — Which AI Governance Framework Should You Adopt? https://siareg.ai/blog/iso-42001-vs-nist-ai-rmf https://siareg.ai/blog/iso-42001-vs-nist-ai-rmf Thu, 30 Apr 2026 09:00:00 GMT Cyril Sayada Tech AI governance Side-by-side comparison: certifiable management system (ISO 42001) vs. operational framework (NIST AI RMF). Scope, structure, certification, jurisdictional alignment, cost. When to pick one or run both. OCC Heightened Standards — Mapping 12 CFR §30 with AI https://siareg.ai/blog/occ-heightened-standards https://siareg.ai/blog/occ-heightened-standards Sun, 26 Apr 2026 09:00:00 GMT Cyril Sayada Banking For state-chartered banks moving to OCC supervision, or any large bank under heightened-standards scrutiny. The clause-level mapping playbook from a recent charter conversion. Solvency II + IFRS 17 — Two Frameworks, One Compliance Workflow https://siareg.ai/blog/solvency-ifrs17 https://siareg.ai/blog/solvency-ifrs17 Sun, 26 Apr 2026 09:00:00 GMT Cyril Sayada Insurance How insurers can map both Solvency II and IFRS 17 once with a shared product taxonomy, AI-assisted gap analysis, and a single audit trail. NIST AI RMF for Tech — From Govern to Measure in 30 Days https://siareg.ai/blog/nist-ai-rmf-tech https://siareg.ai/blog/nist-ai-rmf-tech Sun, 26 Apr 2026 09:00:00 GMT Cyril Sayada Tech AI governance The NIST AI Risk Management Framework applied to AI-first tech companies. Govern, Map, Measure, Manage — what each function actually demands, and a 30-day onboarding plan. MAS Notice 626 vs HKMA SPM — Side-by-Side Compliance Map https://siareg.ai/blog/mas-vs-hkma https://siareg.ai/blog/mas-vs-hkma Sun, 26 Apr 2026 09:00:00 GMT Cyril Sayada Banking APAC 70% of obligations map cleanly between Singapore's MAS Notice 626 and Hong Kong's HKMA SPM. The remaining 30% — PEP scope, BO thresholds, STR timing — is where multi-jurisdictional banks burn budget. EU AI Act Compliance for Banks — Obligations Decoded https://siareg.ai/blog/eu-ai-act-banks https://siareg.ai/blog/eu-ai-act-banks Sun, 26 Apr 2026 09:00:00 GMT Cyril Sayada Banking AI governance Where banks land in the four risk tiers. What Annex IV documentation actually needs. The August 2026 timeline you can't miss. Automating DORA Gap Analysis — A Practical Guide for Financial Entities https://siareg.ai/blog/dora-gap-analysis https://siareg.ai/blog/dora-gap-analysis Sun, 26 Apr 2026 09:00:00 GMT Cyril Sayada Banking Six phases — scope, obligation extraction, applicability triage, gap analysis, control drafting, evidence pack — from real GSIB engagements. Written so a compliance lead with no AI background can run it themselves.