The model inventory trap

Six months ago this was a timeline conversation. Now it is an inventory conversation, and the inventory is wrong.

At Disseqt we sit on FS risk calls every week, and the same pattern shows up. The published model register is short and tidy. The Head of AI Risk treats it as the firm's exposure. Then somebody actually counts the vendor SaaS with inference embedded in it, plus the spreadsheets a credit team has run for a decade, and the room goes quiet.

"We have maybe four times more high-risk systems running than we registered." That is the call.

The first question is not when the obligations land. The first question is what is running today, under what intended purpose, scored by what control. The firms that confuse registered with running are the firms with the gap.

What financial services firms actually have running

The exposure is broader than the model the data science team published last quarter.

Vendor-embedded AI runs inside third-party SaaS already in production (core banking, claims, fraud, KYC), shipped with inference components the buyer never procured as "AI". Spreadsheet-based scoring tools, in use for years, rank or classify customers using logic never formally labelled. Both meet the Article 6 intended-purpose test for credit decisioning and insurance pricing.

The Annex III categories hitting FS hardest are not exotic either. Point 5(b) covers AI used to evaluate creditworthiness or establish a credit score. Point 5(c) covers risk assessment and pricing in life and health insurance. Both sweep into core operating processes at every FCA-regulated lender and most major UK insurers.

A real inventory sweeps all of it. If the sweep stops at the published register, the inventory is decorative.

Where the delay actually helps, and where it does not

The regulator timeline now reads like this. On 7 May 2026, EU lawmakers reached political agreement on revisions to the EU AI Act. Stand-alone high-risk AI systems are pushed to 2 December 2027. AI embedded in regulated products is pushed to 2 August 2028. Both are contingent on regulatory guidance and harmonised standards landing.

A legal point gets lost in the headlines. Until the revised Omnibus is formally adopted and published in the Official Journal, the original 2 August 2026 deadline in Regulation 2024/1689 still applies. Firms pausing programmes on the assumption the revision is final are taking a position they cannot evidence on a supervisory call.

The delay buys time on standards, on conformity assessment, and on notified-body capacity. It does not buy time on the inventory.

What runs today is what supervisors will ask about, regardless of which deadline lands first.

Why an AI committee register is PowerPoint Governance

A separate "AI governance committee" register is comfortable to build and weak under examination. A glossy slide-deck of policies, a workstream RACI, an "AI framework" stood up beside model risk management. It looks like coverage.

It is PowerPoint Governance.

PowerPoint Governance is what does not survive an FCA reading. It does not survive because the supervisor does not pick up the committee deck. The supervisor picks up the SMCR responsibilities map and reads who is named.

In SMCR terms, AI inventory and risk decisions sit primarily under SMF24 (Chief Operations function), with material exposure mapping to SMF4 (Chief Risk) and SMF16 (Compliance Oversight). Three named accountabilities, mapped to the systems they own, evidenced through operational records. Anything else is PowerPoint Governance dressed up.

The cure for PowerPoint Governance is not better slides. It is folding AI risk into the existing model risk management discipline, named on the responsibilities map, evidenced by the same continuous controls supervisors already read.

The inventory is the start. The evidence is the answer.

Once the sweep is honest, three questions follow, each mapping to a pillar of the AI Assurance Layer. Test. Protect. Monitor.

• Test before deployment. What was tested before this system went live, against what intended purpose under Article 6, with what reproducible record?

• Protect at runtime. Runtime policy enforcement, inline blocking of unsafe or non-compliant behaviour, escalation rules, and human review triggers that bind the system to the operating thresholds set by its inventory classification.

• Monitor in production. What evidence trail shows the FCA or a notified body that the system is continuously managed under Article 9 and observed under Article 72?

Without the AI Assurance Layer, the inventory produces a list. With it, the inventory produces evidence. That is the difference between a register and a control. The structured assurance approach we run with regulated firms starts at the sweep and ends at the audit-ready trail.

What FS compliance leads should be doing in the next 90 days

Three questions a Chief Risk Officer can put to their Head of AI Risk on Monday.

• Have we swept beyond formally labelled AI? A real inventory covers vendor-embedded inference, spreadsheet scoring, and any production logic that ranks, classifies, or scores customers. If the sweep stops at the published model register, it is not finished.

• Is our classification regulatory-grade? Documented intended purpose against Article 6 and Annex III, with reproducible records of the assessment. Narrative descriptions do not survive examination.

• Is accountability mapped into SMCR, not into a committee deck? Each high-risk system named, each accountability assigned under SMF24, SMF4, and SMF16, each decision evidenced in the operational record. Anything sitting only in a committee register is exposure, not coverage.

The firms doing this well are not waiting for the revised Omnibus. They are treating model inventory as a continuous control, with the AI Assurance Layer producing the evidence underneath it.

Bottom Line

The delay is a distraction. The systems are already running. PowerPoint Governance does not survive a supervisor reading the responsibilities map, and the deadline slipping does not change which name is written next to SMF24.

A firm using the delay to pause is not relieving governance risk. It is letting the gap between registered and running widen, in the months before supervisors stop waiting and start asking.

The window the revised timeline opens is for building the AI Assurance Layer underneath the inventory, not for stalling.