The framework, the register, the board pack — in one product.
govn.ai is the AI governance platform built specifically for FCA-regulated firms in the 50-500 staff range. Adoption-ready policies. A complete control library. Regulatory mappings down to specific clauses. A board pack that generates itself.
Executive summary
The mid-market FS firm has no product purpose-built for them.
OneTrust, Credo AI, AuditBoard — designed for FTSE 100 and global banks. Year-one cost commonly £150-400k. Too much product, too much price, too generic.
Microsoft Purview, Strac, Nightfall — useful, but they solve a different problem: stopping people pasting data into ChatGPT. Not the governance lifecycle.
The Big Four consulting alternative — bespoke engagements at £100k+ producing PowerPoint frameworks. Useful once. Doesn't run the governance day to day.
Most firms in the 50-500 staff range are operating AI governance on a mix of spreadsheets, Word documents, calendar reminders, and the personal worry of one Head of Compliance. govn.ai replaces that.
Four pillars. One product.
The full AI governance lifecycle, designed to operate inside an FCA-regulated firm without external help.
AI Register
Use case submission, risk tiering, assessment, approval, ongoing review, retirement. The full lifecycle, captured in one place. Multi-user with role separation across Compliance, Risk, IT, DPO, Business Owner, and Board.
Risk Tiering
Four-dimension methodology tuned to FCA, Consumer Duty, and EU AI Act requirements: data sensitivity, decision impact, autonomy, customer impact. Tier auto-computed; assessment paths auto-routed.
Regulatory Mapping
54 controls mapped to specific clauses across 8 regulations: FCA SYSC, Consumer Duty, SS1/23, EU AI Act, UK GDPR, ISO 42001, NIST AI RMF, FCA AI Approach. 368 named mappings with confidence ratings.
Board Pack
A complete quarterly board pack, generated from live data. Editable commentary, immutable data. Chair sign-off, PDF export, archived snapshots. Once you have one, the Board expects another.
Built mapping-first. Generic GRC doesn't speak FCA.
The substantive content layer of govn.ai is its regulatory mapping — controls anchored to specific clauses, not vague "frameworks." When an auditor or the FCA asks for evidence against a specific rule, the platform produces it. When the Board asks "where are we on the EU AI Act," the answer is concrete.
This is what generic GRC platforms can't easily replicate for UK FS. Building it took a CISO who knows the FCA Handbook from the inside.
One control, mapped to specific clauses.
AI Risk Tiering
Apply a documented risk-tiering methodology to every AI use case, classifying by data sensitivity, decision impact, autonomy, and customer impact. The methodology drives the depth of subsequent assessment.
- Documented risk tiering methodology
- Tier assigned to every register entry
- Tier review on material change
- Periodic re-tier within review cycle
- LowLightweight assessment, annual review
- MediumFull assessment, annual review
- HighAIGC approval, semi-annual review
- ProhibitedNot permitted
AIG-007 is one of 54 controls in the govn.ai library. Request the full library →
Transparent. Mid-market priced.
No "talk to sales" gatekeeping. Annual contracts (10% prepay discount); monthly available. 14-day trial.
- Foundational control library (18 controls)
- Full AI Register and lifecycle
- FCA SYSC, Consumer Duty, UK GDPR mapping
- Quarterly board pack generation
- All seven adoption-ready policies
- Microsoft / Google SSO, MFA
- Everything in Essential, plus:
- Standard control library (+24 controls = 42 total)
- SS1/23, EU AI Act, ISO 42001 mappings
- Vendor management with DDQ workflow
- Training delivery (all 3 modules)
- Foundations engagement included Year 1
- Everything in Standard, plus:
- Advanced control library (+12 = full 54)
- Model Risk Management (SS1/23 P1-P5)
- SAML SSO (Okta, Azure AD)
- API access + webhooks
- Priority support, named CSM
Additional users: £15 / user / month
Need more seats than your tier includes? Add users at £15 each per month, billed alongside your subscription. No surprise overage charges; we'll prompt you when seat count climbs.
"I built this because I needed it."
I'm a CISO actively advising the Risk and Compliance functions at a UK financial services firm on AI governance. Day to day I work the same problem this product solves — a register that's hard to keep current, a board pack that takes a week to prepare, regulatory expectations that change every quarter, and a small Compliance team trying to hold it all together.
govn.ai exists because the products I'd buy didn't. The enterprise platforms quote six-figure first-year cost and don't speak the FCA Handbook. The consultancies produce frameworks that age out within a year. The shadow-AI tools solve a different problem entirely.
What was needed was the substantive content layer — controls, mappings, policies, training, board pack template — built by someone who lives the buyer's reality, delivered through software that makes it operationally tractable. That's govn.ai.
- · CISO at a UK financial services firm
- · Active advisor on AI governance to Risk and Compliance leadership
- · Previously an engineer; shipped multiple SaaS products
- · UK based, London
Things people ask before booking a conversation.
Is govn.ai available now?
The content layer (54 controls, 8 regulations, 368 mappings, 7 policy templates, 3 training modules, board pack template) is built and validated. The software application is in active build with a planned v1 launch within 6-9 months from now. We are recruiting 3-5 design partners for the launch cohort. Contact us to discuss design partner status.
Who is govn.ai for?
UK FCA-regulated firms in the 50-500 staff range — asset managers, wealth managers, specialist lenders, MGAs, fund administrators, and similar. The buyer is typically a Head of Compliance, CCO, or COO holding SMF24. Smaller firms may benefit from the Essential tier; firms over ~1,500 staff are better served by enterprise GRC platforms.
How is this different from OneTrust or Credo AI?
Three differences: price — govn.ai is a tenth to a fifth of the cost; focus — govn.ai is AI-specific and FS-specific, not a general GRC platform; depth— the 368 clause-level UK FS regulatory mappings are not in the enterprise platforms because they're built for global, multi-vertical scale. If your firm has the budget for a generalist enterprise platform and the need for it, those are good products. Most mid-market FS firms don't.
What about Microsoft Purview / Strac / Nightfall?
Different products solving a different problem — they prevent data leakage at the point of AI tool use. govn.ai covers the governance lifecycle around your AI use cases: register, risk tiering, approvals, incident management, training, board reporting. Most firms need both. We integrate where it makes sense.
What’s a "design partner"?
A small number of firms (3-5) who use govn.ai through its early life, at significantly reduced pricing, in exchange for active feedback, willingness to be reference customers, and tolerance of an evolving product. The benefits: direct access to the founder, influence on the roadmap, the Foundations onboarding engagement included, year-one pricing typically 50% of list. Suited to firms that have specific, current pain on AI governance and want a product partner not a vendor.
What’s the security and data position?
Data hosted in the UK / EU. MFA mandatory; SSO available; SAML at Premium tier. Encryption in transit and at rest. SOC 2 Type 1 targeted within 12 months of launch (Drata in place from day one). Cyber Essentials Plus within 3 months. Full sub-processor disclosure. DPA template signed with every customer. We will refuse customer requests that compromise our security posture and tell you why.
Will I be locked in?
12-month minimum contract, as is standard. Annual renewal. Your data is yours; on cancellation we provide full data export in CSV and PDF formats. We don’t lock-in via proprietary data formats — your AI Register, your incidents, your policies are all exportable.
Can I see the product?
Yes. Request a conversation and we'll schedule a walkthrough of the working product mockup and discuss whether the product fits your situation. If it doesn't, we'll tell you what might.
Request a conversation.
We respond within two working days. No automated drip sequences; just an email back from a real person to schedule a real conversation.