Linking governance decisions to runtime enforcement evidence
agents-for-openbb · CSVA-20260614-9BE11290 · 2026-06-17 07:47 UTC
Each row names a person who authorised or accepted a high-severity risk whose mitigating controls are proven ineffective at runtime. This is not a control finding — it attaches a named human accountability to a control that did not operate.
| Risk | Severity | Accepted / owned by | Runtime effectiveness |
|---|---|---|---|
| RISK-FIN-001 Hallucination in financial recommendations | CRITICAL | E. Vandermeer 2026-03-20 | 0.0% |
| RISK-FIN-002 No human oversight before financial advice delivery | HIGH | E. Vandermeer 2026-03-20 | 0.0% |
| RISK-FIN-003 Absence of audit trail on data sources used | HIGH | E. Vandermeer 2026-03-22 | 0.0% |
🔎 Accountability provenance: A1 — Declared in repository — asserted, not independently verified
| Authorized by | E. Vandermeer |
| Role | Chief Risk Officer |
| Date | 2026-03-15 |
| Scope of automated decisions | Automated market analysis, signal generation and trade recommendation. Order execution excluded from autonomous scope. |
| Autonomy level granted | supervised |
| Policy ID | AI-POL-007 |
| Policy version | 1.3 |
| Effective date | 2026-03-15 |
| Risk owner | M. Okonkwo |
| Role | Head of Trading Technology |
| Residual risk level accepted | MODERATE |
| Acceptance date | 2026-03-20 |
| Next review date | 2026-05-20 |
Runtime sessions covered: 50 · Observation period: 2026-04-01 → 2026-04-05
⚠️ Risk acceptance review date is overdue
| Declared constraint | Domain | Owner | Mapped checkpoint | Control status | Observations & Evidence |
|---|---|---|---|---|---|
| Human oversight required on all critical recommendations | oversight | M. Okonkwo | Human Validation | Design: DECLARED Implementation: NOT DETECTED Operating effectiveness: NOT EFFECTIVE · 0.0% Design: E1 · Impl: E3 · Runtime: E5 | · 50 sessions evaluated for this control · 0 passed · 50 failed · strict pass rate: 0.0% method: runtime trace analysis (Behavioral Audit process mining) |
| Low-confidence outputs routed to human review | oversight | M. Okonkwo | Confidence-Based Human Routing | Design: DECLARED Implementation: DETECTED Operating effectiveness: PARTIALLY EFFECTIVE · 80.0% Design: E1 · Impl: E3 · Runtime: E5 | · 50 sessions evaluated for this control · 41 passed · 9 failed · strict pass rate: 80.0% method: runtime trace analysis (Behavioral Audit process mining) |
| Human operators can override or block any automated recommendation | oversight | M. Okonkwo | User Override | Design: DECLARED Implementation: DETECTED Operating effectiveness: EFFECTIVE · 100.0% Design: E1 · Impl: E3 · Runtime: E5 | · 50 sessions evaluated for this control · 50 passed · 0 failed · strict pass rate: 100.0% method: runtime trace analysis (Behavioral Audit process mining) |
| Every automated decision recorded in a tamper-evident audit trail | logging | S. Lindqvist | Audit Trail | Design: DECLARED Implementation: NOT DETECTED Operating effectiveness: NOT EFFECTIVE · 0.0% Design: E1 · Impl: E3 · Runtime: E5 | · 50 sessions evaluated for this control · 0 passed · 50 failed · strict pass rate: 0.0% method: runtime trace analysis (Behavioral Audit process mining) |
| Agent reasoning loop bounded to prevent runaway execution | security | S. Lindqvist | Execution Limits (Guardrails) | Design: DECLARED Implementation: DETECTED Operating effectiveness: EFFECTIVE · 98.0% Design: E1 · Impl: E3 · Runtime: E5 | · 50 sessions evaluated for this control · 49 passed · 1 failed · strict pass rate: 98.0% method: runtime trace analysis (Behavioral Audit process mining) |
| Only secure model serialization formats permitted (no pickle) | security | S. Lindqvist | Secure Format Policy | Design: DECLARED Implementation: PARTIALLY DETECTED Operating effectiveness: NOT TESTED (static evidence only) Design: E1 · Impl: E3 · Runtime: — | · no runtime sessions for this checkpoint · verdict derived from evidence_ledger.json method: static evidence analysis (Phase B/C ledger) |
| Personal data masked before any third-party LLM call | data | A. Ferreira | PII Masking Before External Transmission | Design: DECLARED Implementation: DETECTED Operating effectiveness: EFFECTIVE · 100.0% Design: E1 · Impl: E3 · Runtime: E5 | · 50 sessions evaluated for this control · 50 passed · 0 failed · strict pass rate: 100.0% method: runtime trace analysis (Behavioral Audit process mining) |
| Exhaustive registry of data sources, types and flows maintained | data | A. Ferreira | Data Inventory | Design: DECLARED Implementation: NOT DETECTED Operating effectiveness: NOT TESTED (static evidence only) Design: E1 · Impl: E3 · Runtime: — | · no runtime sessions for this checkpoint · verdict derived from evidence_ledger.json method: static evidence analysis (Phase B/C ledger) |
| Quarterly model risk committee review of strategy drift | oversight | E. Vandermeer | — | Design: DECLARED Implementation: NOT VERIFIABLE Operating effectiveness: NOT TESTABLE Design: E1 · Impl: — · Runtime: — | method: not mapped to checkpoint |
| Risk | Controls | Owner | Residual accepted | Review | Control enforcement |
|---|---|---|---|---|---|
| RISK-FIN-001 Hallucination in financial recommendations | Human Validation Confidence-Based Human Routing Audit Trail | M. Okonkwo | E. Vandermeer 2026-03-20 | 2026-09-20 | OBSERVED NOT EFFECTIVE · 0.0% |
| RISK-FIN-002 No human oversight before financial advice delivery | Human Validation Human-in-the-Loop Mechanism | M. Okonkwo | E. Vandermeer 2026-03-20 | 2026-05-20 OVERDUE | OBSERVED NOT EFFECTIVE · 0.0% |
| RISK-FIN-003 Absence of audit trail on data sources used | Audit Trail Decision Record Structure Logging Implementation | S. Lindqvist | E. Vandermeer 2026-03-22 | 2026-09-22 | OBSERVED NOT EFFECTIVE · 0.0% |
| RISK-FIN-004 Agent loops without iteration limit | Execution Limits (Guardrails) Error Handling | M. Okonkwo | E. Vandermeer 2026-03-22 | 2026-09-22 | OBSERVED EFFECTIVE · 98.0% |
| RISK-FIN-005 Bias in financial recommendations by asset class | Bias Metrics Continuous Monitoring | S. Lindqvist | E. Vandermeer 2026-04-02 | 2026-10-02 | NOT IMPLEMENTED — STATIC |
| RISK-FIN-006 Use of stale training data without real-time grounding | Data Quality Limitations Disclosure | NOT ASSIGNED | NOT ACCEPTED | — | NOT IMPLEMENTED — STATIC |
| RISK-FIN-007 Prompt injection via malicious widget data | Input Robustness Prompt Guardrail / Injection Detection | NOT ASSIGNED | NOT ACCEPTED | — | PARTIALLY IMPLEMENTED — STATIC |
Each control failure is traced back to its risk, owner, and acceptance decision.
| Runtime Failure | Risk | Owner | Acceptance | Status |
|---|---|---|---|---|
| Human oversight required on all critical recommendations Human Validation · 0.0% | RISK-FIN-001 Hallucination in financial recommendations | M. Okonkwo | E. Vandermeer 2026-03-20 | NOT_ENFORCED |
| RISK-FIN-002 No human oversight before financial advice delivery | M. Okonkwo | E. Vandermeer 2026-03-20 · OVERDUE | NOT_ENFORCED | |
| Low-confidence outputs routed to human review Confidence-Based Human Routing · 80.0% | RISK-FIN-001 Hallucination in financial recommendations | M. Okonkwo | E. Vandermeer 2026-03-20 | NOT_ENFORCED |
| Every automated decision recorded in a tamper-evident audit trail Audit Trail · 0.0% | RISK-FIN-001 Hallucination in financial recommendations | M. Okonkwo | E. Vandermeer 2026-03-20 | NOT_ENFORCED |
| RISK-FIN-003 Absence of audit trail on data sources used | S. Lindqvist | E. Vandermeer 2026-03-22 | NOT_ENFORCED |
Decision Accountability Record · CAMSVA Behavioral Audit · sealed evidence · sha256: 518af45d3c6eff5b…