Conformité IA pour les Petites Équipes de Services Financiers

Ce qu'elle couvre

Cet atelier de deux jours couvre les points de contact IA des réglementations DORA, MiFID II et de la loi européenne sur l'IA applicables aux petits courtiers, gestionnaires de patrimoine et fintechs. Les participants apprennent à évaluer le risque de modèle à un niveau pratique, à auditer les pratiques d'archivage des communications clients et à appliquer des modèles de diligence raisonnable lors de l'achat d'outils IA. Le format alterne courtes séances réglementaires et exercices pratiques, afin que les équipes repartent avec des listes de contrôle utilisables et une cartographie des lacunes de conformité propre à leur structure.

À l'issue, vous saurez

• Identify which EU AI Act risk categories apply to tools your firm currently uses or plans to procure
• Complete a vendor due diligence checklist for an AI provider and flag material risks
• Map your firm's client-communication archiving workflow against MiFID II and DORA requirements
• Apply a lightweight model-risk scoring template to assess a new AI-driven feature or product
• Produce a prioritised compliance gap map that can be presented to senior leadership or regulators

Sujets abordés

• EU AI Act obligations relevant to financial services firms
• DORA ICT risk requirements and AI system resilience
• MiFID II touchpoints: suitability, best execution, and AI-generated advice
• Light-touch model risk assessment for non-technical teams
• Marketing AI rules and compliant client-communication drafting
• Client-communication archiving obligations when using AI tools
• Vendor due diligence: evaluating AI providers and third-party model risk
• Building a compliance gap map and prioritised remediation checklist

Modalité

Delivered in-person or via live virtual classroom over two consecutive days (6–8 hours each). Materials include a regulatory quick-reference card, a vendor due diligence template, a model-risk lite scoring sheet, and an archiving audit checklist. Approximately 40% instruction and 60% guided case-work using anonymised scenarios drawn from small financial services firms. A follow-up 90-minute Q&A session is recommended two to four weeks post-workshop.

Ce qui fait que ça marche

• Assigning a named compliance owner for AI tools immediately after the workshop, even part-time
• Embedding the vendor due diligence template into existing procurement workflows before the next tool purchase
• Scheduling a quarterly internal review of the compliance gap map to track remediation progress
• Securing brief senior management sign-off on the gap map to create accountability and resource allocation

Erreurs fréquentes

• Assuming DORA and the EU AI Act only apply to large institutions and delaying compliance work until regulators intervene
• Procuring AI vendors without any due diligence process, exposing the firm to third-party model and data risk
• Using AI tools for client communications without verifying archiving compatibility, creating MiFID II record-keeping gaps
• Treating model risk as a purely technical concern and excluding compliance and ops staff from oversight processes

Fournisseurs à considérer

• Finos / FINTECH Circle (EU regulatory AI programmes)www.fintechcircle.com →
• Compliance & Risk Academy (UK)www.complianceandrisks.com →
• DataScientest (FR — AI Act & compliance tracks)datascientest.com →
• Riskonnect Training (EU risk & compliance workshops)www.riskonnect.com →

Sources

• EU AI Act — Official Text and Annexes (EUR-Lex) →
• DORA Regulation — Digital Operational Resilience Act (European Commission) →