CLARENDON

AI Governance Scorecard

Full 23 question assessment across 6 regulatory sections — IAF, EU AI Act, CPC 2025, DORA.

Full Scorecard

2026 AI Governance Pulse Check

Irish Credit Unions and Building Societies

A condensed specialist assessment of the ten most critical AI governance questions for Irish credit unions and building societies. Each question targets a specific area of regulatory exposure as at March 2026.

Answer all 10 questions below to generate your preliminary score. Use the Regulatory Context toggle beneath each question to understand the specific obligation it addresses.

Why this matters now (March 2026):

The Central Bank of Ireland has the power to take direct enforcement action under the IAF frameworks. CPC 2025 requirements are effective from March 2026. EU AI Act high risk obligations apply from August 2026. DORA operational resilience requirements will apply to credit unions from January 2028.

Progress0 of 10 questions answered
Q1.The Shadow AI Inventory:Does the organisation maintain a documented inventory of AI systems that includes third party platforms where models are embedded but not explicitly labelled as AI (for example, credit scoring modules within core banking platforms, automated fraud detection layers, or AML monitoring tools)?
Q2.The IAF Accountability Gap:Can you name the PCF holder who is legally accountable for the fairness of your most critical automated decision making tool, consistent with the obligations of the Individual Accountability Framework, and is this accountability documented in their Statement of Responsibilities?
Q3.The 10 Minute Response:If the Central Bank issued a request for information regarding your AI oversight framework tomorrow, could your team produce a board ready report demonstrating proportionate and effective oversight in under 10 minutes?
Q4.The Hidden Model Bias Check:Do you have a recurring programme to test for hidden bias in automated lending decisions, specifically regarding the outcomes for vulnerable members as defined under the Consumer Protection Code 2025?
Q5.The Vendor Black Box:Have your technology vendor contracts been reviewed and updated to grant the credit union an explicit contractual right to audit the underlying logic, data inputs, and decision outputs of any authorised AI model deployed on your behalf?
Q6.Board Line of Sight:Does your Board or Risk Committee receive a dedicated Red, Amber, Green dashboard on AI system performance, fairness, and incidents, or is AI performance information embedded within general technical vendor updates where it may not receive appropriate scrutiny?
Q7.F&P Competence:Does your annual Fitness and Probity assessment process explicitly verify that individuals in AI adjacent roles, including those who review, approve, or rely upon automated decisions, possess the technical literacy required to exercise genuine oversight of these systems?
Q8.EU AI Act Classification:Has each automated system in use been formally analysed against the EU AI Act risk tiers, and is the rationale for any classification as Non High Risk documented and available for regulatory review?
Q9.Human Oversight:Are your protocols for human in the loop oversight formally documented in a manner that demonstrates staff are performing a critical and meaningful review of AI generated decisions, rather than simply approving outputs without independent assessment?
Q10.2028 DORA Readiness:Have you commenced building your Register of Information for all third party AI vendors and ICT service providers in preparation for the specific January 2028 DORA compliance deadline applicable to credit unions?

Please answer all 10 questions to calculate your result