What OSFI E-23 actually requires of your AI

All insights

If you run AI in a Canadian bank or insurer, the most important regulatory document is not a dedicated "AI law." It's OSFI's model-risk guideline, E-23 — and as of its September 2025 final version, it now explicitly treats your AI and machine-learning systems as models subject to full lifecycle governance.

That single move quietly resolved a question many teams were waiting on a federal AI act to answer. AIDA stalled; E-23 didn't. For federally regulated financial institutions, the governance bar for AI is already set — and it takes effect May 2027, which in modernization terms is now.

E-23 in one sentence

A "model" is now defined broadly enough to capture any system that processes input to generate results — which deliberately includes AI/ML and generative systems — and every such model must have an owner, a risk tier, validation, ongoing monitoring, and documented oversight across its whole lifecycle.

If you can't name who owns a model, what tier it sits in, how it was validated, and how you'd know it had drifted — it isn't compliant, no matter how good the demo looked.

What it means in practice

• Model inventory. Every AI system — including third-party and decommissioned ones — is catalogued. "Shadow AI" in a spreadsheet macro counts.
• Risk tiering. A customer-facing credit-decisioning model and an internal meeting-summary copilot are not governed identically. Effort follows impact.
• Validation independent of the builder. Someone other than the team that shipped the model has to be able to challenge it.
• Ongoing monitoring. Performance, drift, and data quality are watched in production, not just at launch.
• Human accountability. High-impact use cases get board-level visibility and a human who is answerable for outcomes.

The teams that struggle with E-23 aren't the ones with weak models. They're the ones who can't produce the evidence.

The five things we build into every AI engagement

Rather than treat governance as a compliance bolt-on at the end, we make E-23 alignment a property of how the system is built:

1. Lineage by default — every input, prompt, retrieval, and output is traceable, so an auditor can reconstruct any decision.
2. A validation harness — evaluation sets and acceptance thresholds that an independent reviewer can re-run.
3. Monitoring as a deliverable — drift, quality, and cost dashboards ship with the model, not months later.
4. Human-in-the-loop where it matters — checkpoints on consequential decisions, with the override path designed in.
5. A model card — purpose, data, limits, owner, and risk tier, written in language a risk committee can actually read.

Where teams get caught

The common failure isn't a forbidden use case — it's an ungoverned one. A generative assistant quietly reaching production through a vendor add-on; a retrieval system pulling regulated data with no record of what it saw; an agent that "passes" a test by working around it. E-23 doesn't ban autonomy. It bans autonomy you can't explain.

That's also our north star, regulation aside: we don't ship AI we couldn't defend in an audit. It happens to be good engineering, and now it's also the rule.

This note is general guidance, not legal advice — confirm your obligations with your compliance function. If you'd like a candid read on where your AI estate stands against E-23, start a conversation.