<!-- ADVISOR_ARCHITECT_CHECKLIST_STUB (auto-inserted) -->
Advisor / Architect Minimal Checklist (AUTO-STUB)
-----------------------------------------------

- protects: Which founder goal does this protect? (pick one)
- sina_workload: reduces / increases + short rationale
- permission_loop: yes / no + explanation
- sandbox_autonomy: yes / no + where/how (sandbox lane path)
- target_to_blocker: yes / no + mitigation
- canon_version: (string)
- sandbox_evidence: link(s) to sandbox receipt(s)

# Canadian orientation — OSFI E-23 & Copilot governance (v1)

**Use:** Attach to Canadian FRFI / credit union diligence. **Orientation only — not legal advice.**  
**Public summary:** `/copilot/governance-audit-trail/` · [Bank Pilot](/bank-pilot/) shadow simulation · [cross-link SSOT](../bank-pilot/NF_BP_OSFI_E23_CROSS_LINK_v1.md)

---

## Regulatory context (Canada)

| Framework | Relevance to Copilot |
|-----------|---------------------|
| **OSFI E-23** (effective **May 1, 2027**) | Enterprise-wide AI model risk management for federally regulated FIs |
| **OSFI B-10** | Third-party / vendor risk — Noetfield as **governance vendor layer** |
| **OSFI E-21** | Operational resilience — evidence of controls around AI adoption |
| **PIPEDA / Quebec Law 25** | Privacy — Noetfield **metadata-only** M365 evidence index |
| **FINTRAC / RPAA** | Noetfield does **not** execute payments — see [rpaa-positioning-onepager.md](./rpaa-positioning-onepager.md) |

No federal AI statute in force as of 2026-06; OSFI E-23 is the primary FRFI AI supervisory lens for Copilot rollouts.

---

## What auditors ask for (Copilot-specific)

1. **Inventory** — which AI systems, including M365 Copilot scope  
2. **Risk assessment** — before production use  
3. **Independent evidence** — decision records not only vendor-native logs  
4. **Board oversight** — documented go/no-go for material AI adoption  

Noetfield pilot deliverables map to **(3)** and **(4)** via TLE + board PDF — not a replacement for OSFI program build-out.

---

## Noetfield artifact map

| OSFI-style question | Noetfield artifact |
|---------------------|-------------------|
| Was this Copilot scope authorized? | TLE v1 — decision + confidence score + RID |
| What evidence supported the decision? | Evidence index (Purview · Entra · Audit metadata) |
| Can export integrity be verified? | Fail-closed procurement ZIP · `/trust-ledger/verify/` |
| Shadow before production? | Bank Pilot — read-only simulation |

---

## vs Canadian competitors (orientation)

| Vendor | Focus | Noetfield distinction |
|--------|-------|----------------------|
| **RegCore.AI** | Regulatory intelligence, OSFI/FINTRAC control library | Noetfield = **Copilot rollout receipt** + evaluate API |
| **OAIS** | AI sovereignty, cryptographic interaction custody | Noetfield = **metadata-only** governance evidence, Copilot wedge |
| **RegulateIQ** | SME compliance vault | Noetfield = institutional **$2k–10k** Copilot pilot |

**TrustField** (separate brand) handles Canadian regulated **trust/compliance** depth; **Noetfield www** leads Copilot Governance Pack.

---

## Contact

operations@noetfield.com · [trust-brief intake](https://www.noetfield.com/trust-brief/intake/) · Bank Pilot shadow lane

---

**End v1**
