Skip to main content
Image coming soon

EU AI Act Compliance for CIB Legal Counsel

$199.00
Adding to cart… The item has been added

A focused course, tailored for you

EU AI Act Compliance for CIB Legal Counsel

Build the Article 9-to-17 implementation programme for the AI systems your front office has already deployed.

Your front office has deployed AI systems in trading, risk, and client advisory functions. The EU AI Act is now in force. As CIB legal counsel, you are accountable for the compliance programme, not just the policy memo. The gap is the implementation layer: classification methodology, technical documentation, third-party provider obligations, and the internal governance structure that makes legal sign-off operational.

$199 one-time
Tailored to your situation. Access within 24 hours. 30-day money-back.

Includes a hand-built implementation playbook delivered alongside course access, generated for your specific situation.

Why this course

The EU AI Act compliance question in a CIB legal function is not whether to comply. It is how to build a programme that survives regulatory scrutiny when the AI systems involved are pricing models, client scoring tools, algorithmic risk monitors, and portfolio optimisation engines that the front office has already deployed and is actively using. Legal counsel are being asked to own Articles 9, 13, and 17 compliance for systems they did not design, with documentation obligations that sit between legal, technology, and risk functions. Generic AI governance training does not address this layer. The course does.

What you walk away with

  • Classify every AI system in the CIB environment against Article 6 risk categories using a defensible methodology.
  • Build the Article 9 risk management system documentation for high-risk AI systems already deployed in trading and risk functions.
  • Draft Article 13 transparency obligations for client-facing AI tools used in advisory and scoring workflows.
  • Structure the Article 17 quality management system in a way that integrates with existing legal and technology governance.
  • Negotiate Article 28 obligations with third-party AI providers under existing and new vendor contracts.
  • Build the internal governance layer that connects legal sign-off to front office deployment decisions on an ongoing basis.

The 12 modules

Module 1. Mapping the CIB AI Inventory Against Article 6
Start with a structured methodology for inventorying AI systems in a CIB environment, covering trading tools, risk models, client scoring, and advisory functions. The module works through the Article 6 prohibited practice exclusions and the Annex III high-risk category criteria as they apply specifically to financial services AI. Output is a classification register that holds up under supervisory review, not just an internal spreadsheet.
Module 2. Article 9 Risk Management System Requirements
The Article 9 risk management obligation runs through the entire AI system lifecycle. This module translates the statutory requirements into a documentation structure that CIB legal teams can own and that technology and model risk teams can operationalise. Covers the continuous risk identification cycle, the testing and validation documentation, and the residual risk records that regulators will ask for first during a supervisory walk-through.
Module 3. Technical Documentation Under Article 11
Article 11 requires technical documentation to be prepared before a high-risk AI system is placed on the market or put into service. In a CIB context, many covered systems are already live, which creates a retroactive documentation obligation. This module works through what that documentation must contain, how to reconstruct it for deployed systems, and how to maintain it as systems are updated by third-party providers or internal model risk teams.
Module 4. Logging and Record-Keeping Obligations
Article 12 logging requirements apply specifically to high-risk AI systems and must be capable of reproducing operation during the system's lifetime. The module covers what automatic logging means in practice for trading and risk AI, the record retention periods under the Act and how they interact with existing MiFID II and EMIR record-keeping obligations, and the access and audit trail requirements that supervisors will reference during examination.
Module 5. Article 13 Transparency Obligations for Client-Facing AI
CIB client advisory and scoring tools that interact with clients or influence outputs presented to clients trigger Article 13 transparency requirements. This module covers the disclosure language that legal teams need to draft for client documentation, how transparency obligations interact with existing suitability and appropriateness disclosure frameworks under MiFID II, and what the Article 13 requirement for instructions of use means for front office sales and advisory teams.
Module 6. Human Oversight Obligations Under Article 14
Article 14 requires high-risk AI systems to be designed so that human oversight is possible and effective. The legal obligation for CIB counsel is to document the oversight mechanisms and ensure they are operational, not just described in policy. The module covers the specific oversight measures required, how to document them in a way that satisfies Article 14 and ECB internal governance expectations, and the responsibility allocation between legal, risk, and technology for maintaining oversight capability.
Module 7. Article 17 Quality Management System Construction
The Article 17 quality management system is the operational backbone of high-risk AI compliance and the document most likely to be requested in a supervisory review. This module builds the QMS structure for a CIB environment: written policies and procedures, resource allocation records, post-market monitoring protocols, the serious incident reporting chain, and the data management practices that the QMS must document. Focus is on what the document needs to contain rather than abstract quality principles.
Module 8. Conformity Assessment for In-House Developed Systems
Where CIB AI systems are developed or significantly modified internally, Article 43 conformity assessment obligations apply. The module covers the internal conformity assessment procedure for systems not subject to third-party assessment, the technical documentation and testing records required to complete the assessment, and the EU Declaration of Conformity that must be drafted and retained before a system goes live or is materially updated.
Module 9. Article 28 Third-Party Provider Obligations
Most CIB AI deployments involve third-party providers whose obligations under the Act flow through the deployer. This module covers the Article 28 obligations that attach to deployers when using third-party high-risk AI systems, the contractual provisions that need to be in vendor and technology provider agreements, and the due diligence questions legal teams must ask of existing providers before the supervisory cycle begins. Includes a review of how DORA third-party ICT risk obligations interact with the Act.
Module 10. Supervisory Engagement and Examination Preparation
ECB, AMF, and PRA supervisors are beginning to integrate EU AI Act compliance into their examination frameworks for significant financial institutions. This module covers what examiners are looking for, how to structure the documentation package for a supervisory review of AI systems in a CIB environment, and the internal dry-run methodology that allows legal teams to identify gaps before the examination rather than during it.
Module 11. Internal Governance: Legal Sign-Off in the Deployment Cycle
The gap in most CIB legal functions is not understanding the Act. It is the absence of a governance mechanism that connects legal sign-off to front office deployment decisions on an ongoing basis. This module builds the internal governance layer: the classification gate that requires legal review before a new AI system is deployed, the change notification protocol for material modifications to existing systems, and the escalation path when classification is uncertain or third-party documentation is incomplete.
Module 12. The Compliance Programme as a Legal Deliverable
The final module assembles the full compliance programme as a document package that legal counsel can own and present to the management body, risk committee, and supervisors. Covers the structure of the programme document, the ownership and maintenance responsibilities, the integration with existing financial services compliance frameworks, and the standing agenda items the programme requires in legal and risk governance meetings on a quarterly basis.

How this addresses your situation

Specific modules that map to what you said you are dealing with.

Front office has deployed AI systems and legal needs a classification methodology that holds up under examination: Modules 1, 3, 8.
Legal is accountable for Article 9 and 17 documentation but has no template that fits CIB-specific systems: Modules 2, 7, 11.
Vendor contracts need Article 28 provisions before the next supervisory cycle: Modules 9, 6.
Supervisory review is approaching and the legal team needs to know what the examiner will ask for: Modules 10, 12.

What you get with this course

  • Twelve text-based modules in the Art of Service learning environment, each with worked examples drawn from CIB AI deployment scenarios.
  • Downloadable templates for every module: AI inventory classification register, Article 9 risk management system document, Article 11 technical documentation framework, Article 17 QMS structure, Article 28 vendor contract checklist, and supervisory examination preparation package.
  • Hand-built implementation playbook tailored to your specific role and the AI systems in scope, delivered alongside course access within 24 hours of purchase.

What you will have in hand by Day 1, Week 1, Month 1

Within 24 hours your account in the learning environment is provisioned and the tailored implementation playbook is delivered alongside it.

Before and after

Before

Legal counsel is asked to own EU AI Act compliance for CIB AI systems that are already live, with no clear methodology for classification, no documentation template that fits CIB-specific tools, and no governance mechanism connecting legal sign-off to front office deployment decisions.

After

A complete, documented compliance programme covering classification, Article 9-17 technical documentation, third-party provider obligations, and internal governance, structured as a legal deliverable that can be presented to the management body and survive a supervisory review.

What happens if you do not address this

Supervisory examination of AI systems in significant financial institutions is beginning now. Legal functions that cannot produce Article 9 risk management documentation, Article 17 QMS records, and Article 28 vendor compliance evidence during an examination will face material findings. The documentation obligation is retroactive for systems already deployed, which means the window to build the programme without supervisory pressure is closing.

Who it is for

Senior legal counsel in a corporate and institutional banking function, responsible for advising on structured finance, capital markets, and derivatives transactions, now also accountable for EU AI Act compliance across the AI systems the front office has deployed in trading and client-facing functions. Comfortable with regulatory frameworks; the specific gap is operationalising the Act's Title III requirements for CIB-specific AI systems rather than generic enterprise AI.

Who this is NOT for. General counsel at non-financial firms, compliance officers in retail banking who are not responsible for CIB AI systems, or legal professionals who only need the policy-level overview rather than the implementation programme.

How it arrives

Text-based course in the Art of Service learning environment, plus downloadable templates and worked examples for every module, plus the hand-built implementation playbook delivered alongside course access.

Time investment. Twelve modules. Most CIB legal professionals complete the core classification and documentation modules in a concentrated session, then work through the governance and supervisory preparation modules over the following week alongside active compliance programme build.

Why $199 is the right number

External law firm advice on EU AI Act compliance for CIB functions costs materially more and does not leave the legal team with an owned, documented programme. Generic AI governance training does not address the CIB-specific documentation obligations or the third-party provider and supervisory engagement layers. Internal policy teams can produce the top-level memo; the implementation programme requires the module-by-module methodology this course provides.

FAQ

The AI systems we use are provided by third parties. Does the Act still impose obligations on us as the deployer?
Yes. Article 28 imposes obligations on deployers of high-risk AI systems regardless of whether the system was developed internally or provided by a third party. Modules 9 and 6 cover exactly this layer, including what contractual provisions are needed in existing vendor agreements and what due diligence questions to ask before the supervisory cycle begins.
Many of the AI systems in our CIB environment were deployed before the Act came into force. Does that affect our documentation obligations?
Systems already in service when the Act applied must be brought into compliance with the documentation and quality management requirements. Module 3 covers the retroactive technical documentation obligation specifically, including the methodology for reconstructing documentation for systems that have been live for some time.
How does this interact with DORA obligations for ICT third-party risk?
Module 9 covers the interaction directly. The DORA third-party ICT risk framework and the Article 28 EU AI Act deployer obligations both apply to covered AI systems provided by third-party technology providers. The module works through where the obligations overlap, where they are additive, and how to structure vendor engagement to satisfy both frameworks in a single contractual and due diligence process.

30-day money-back guarantee. If after a week of working through the materials this is not what you needed, reply to the receipt email and a full refund is processed. No questions, no forms.

Within 24 hours your account in the learning environment is provisioned and the tailored implementation playbook is delivered alongside it.

!