AIMS™ServicesAbout ResourcesContact Request Demo
AIMS™ — AI Monitoring & Governance System

Complete AI governance.
Built for the way community financial institutions actually operate.

AIMS™ connects to your existing infrastructure, discovers every AI tool in use, assesses its risk, and produces examiner-ready documentation — automatically and continuously.

Request a Demo Download Tech Specs
AIMS™ Governance Dashboard — First Community Bank ● LIVE
⊞ Dashboard
☰ AI Inventory
◈ Risk Scoring
📋 Documents
📊 Reports
⊙ Audit Log
⚙ Settings
Overview — Q1 2026
21
AI Tools Tracked
2
High Risk
7
Risk Score
23
Open Alerts
AI Tool Inventory
Tool / VendorRisk BandRAG StatusDHA
OpenAI API HIGH Under Eval
Microsoft Copilot MEDIUM Developing Pending
Featurespace ARIC HIGH Under Eval
Abrigo LOS LOW Active
Jack Henry SilverLake AI LOW Active
How It Works

Three stages. Continuous governance.

Every AI tool in your environment moves through this pipeline automatically — from first detection to examiner-ready documentation.

01
Discover

Agentless Detection

AIMS™ uses read-only API connections to your existing infrastructure. Nothing is installed on user devices. No endpoint agent required. Connection takes 10–15 hours of IT time — and we handle the technical heavy lifting. Most institutions discover shadow AI they didn't know existed — staff-adopted consumer tools, AI embedded in vendor platforms, and developer-built integrations that never went through approval.

Data Sources
M365 Audit Logs Active Directory / Entra ID OAuth Consent Grants Network Logs Firewall Telemetry Sign-in Telemetry
Read-only
No write permissions. Ever. No elevated service account credentials required.
No changes
AIMS™ does not modify your infrastructure or core banking systems.
No surveillance
Identifies tool usage at application level only. Does not read conversations or PII.
02
Assess

Five-Dimension Risk Scoring

Pre-built risk profiles for Microsoft Copilot, ChatGPT, Gemini, Claude, and others. Institutions are not starting from scratch — profiles are pre-loaded and customizable. A Three-Factor Model ensures your controls are reflected in the final score.

Risk Dimensions
  • Regulatory Risk
  • Operational Risk
  • Model Risk
  • Vendor Risk
  • Fair Lending Risk
Three-Factor Model
Factor 1 Inherent Risk (0–100)
Factor 2 Mitigant Controls
Factor 3 Residual Risk Band
LOW MEDIUM HIGH CRITICAL
03
Document

Examiner-Ready Output

Every output AIMS™ generates is structured to satisfy the questions your examiners are already asking. One-click PDF export. Governance dashboard. Immutable audit trail. GRC integration via REST API (Archer, ServiceNow). Not just an internal dashboard — documentation your examiners will actually accept.

AIMS™ Examiner Risk Report — sample output
AIMS™ Examiner Risk Report · Sample Output 13 pages · PDF
PDF Export
AI inventory, risk scores, compliance status, audit trail — one click.
GRC Integration
REST API to Archer, ServiceNow. Structured file export fallback.
Audit Trail
Immutable log: who, when, what changed, reasoning. Full traceability.
Technical Specifications

Everything your IT team needs to know.

AIMS™ Technical Specifications 2026
DeploymentAgentless — no endpoint software installed, no infrastructure changes, no elevated permissions
Data SourcesM365 audit logs, Active Directory / Entra ID sign-in telemetry, OAuth consent and permission grants, network logs, firewall telemetry
Supported AI ToolsMicrosoft Copilot, ChatGPT (OpenAI), Google Gemini, Claude (Anthropic), custom integrations, developer-built frameworks; manual CSV import for others
Risk ScoringThree-Factor Model: Inherent Risk → Mitigant Controls → Residual Risk. Rated Low / Medium / High / Critical. Five risk dimensions.
Risk DimensionsRegulatory Risk, Operational Risk, Model Risk, Vendor Risk, Fair Lending Risk
GRC IntegrationREST API — Archer, ServiceNow, configurable per deployment; structured file export as fallback
Human OversightHuman-in-the-loop by design. No autonomous remediation or auto-action. Your team reviews every alert.
Output FormatGovernance dashboard + examiner-ready PDF export (inventory, risk scores, compliance, audit trail)
SecurityRBAC, TLS 1.2+, AES-256 at rest, full audit logging. Dedicated cloud tenants — no cross-institution data mixing.
Regulatory AlignmentOCC Bulletin 2023-17, FDIC FIL-29-2024, SR 11-7, NCUA AI Guidance 2024, CFPB Circular 2022-3, NIST AI RMF, BSA/FinCEN, NYDFS DFS Circular 2024
Target InstitutionsCommunity banks and credit unions, $500M–$100B in assets. Designed for lean IT teams.
Technical FAQ

Questions your IT team will ask.

For IT leaders, compliance officers, and due diligence reviewers evaluating AIMS™.

AI Discovery & Monitoring
How does AIMS™ discover AI tools without installing software on endpoints?
AIMS™ uses agentless detection via read-only API connections to your existing infrastructure. It connects to M365 audit logs, Active Directory / Entra ID sign-in telemetry, OAuth consent and permission grants, network logs, and firewall telemetry. Nothing is installed on user devices. No endpoint agent is required.
Does AIMS™ read employee conversations or access message content?
No. AIMS™ identifies tool usage at the application level only. It does not read conversations, access data content, monitor employee communications, or capture transaction details. It provides governance visibility, not surveillance.
What AI tools does AIMS™ detect out of the box?
AIMS™ includes pre-built detection and risk profiles for Microsoft Copilot, ChatGPT (OpenAI), Google Gemini, Claude (Anthropic), and other commonly used AI platforms. It also detects custom integrations and developer-built frameworks. The inventory can be supplemented manually via the UI or bulk CSV import for tools not automatically detected.
How are dormant tools handled?
Dormant tools remain in the governance record but are weighted at 25% in composite risk scoring versus 100% for active tools. This keeps them visible for audit purposes without inflating your overall risk posture. They are also flagged as cost-saving opportunities if associated costs remain active.
Integration & Architecture
What IT infrastructure does AIMS™ require?
AIMS™ requires no special infrastructure, no elevated service account credentials, and no changes to your core banking systems. It connects via read-only APIs to your existing Microsoft 365 environment, Active Directory / Entra ID, and network telemetry sources. Ongoing IT maintenance is approximately 2–3 hours per week post-launch.
How does AIMS™ integrate with our GRC platform?
AIMS™ integrates via REST API with Archer, ServiceNow, and other GRC platforms, configurable per deployment. A structured file export is available as a fallback for institutions without a GRC platform. Integration scope is confirmed during the implementation discovery phase.
Is AIMS™ a replacement for our existing risk management systems?
No. AIMS™ is an overlay solution. It does not replace your core banking platform, enterprise risk management system, or any other existing tool. It works alongside your current architecture via API connections.
What is the implementation timeline?
Implementation follows a structured path: discovery complete, AI inventory documented, system configured, then testing complete, team trained, governance reports generating, and finally live examiner-ready documentation established with full AI tool visibility achieved. Pace is flexible with no penalties for adjustment.
Data Security & Privacy
What data does AIMS™ access?
AIMS™ accesses metadata and audit logs from AI tools and your network — not customer PII, core transaction data, or conversation content. Only information necessary to maintain inventory, assess risk, and generate compliance documentation is accessed.
Where does our data stay?
Data remains in your configured environment. Nothing is extracted to shared external locations without explicit consent. Cloud deployments use dedicated tenants with no cross-institution data mixing or commingling of customer data.
What encryption and access controls are in place?
AIMS™ implements Role-Based Access Controls (RBAC) — users see only information relevant to their role. TLS 1.2 or higher for all data in transit. AES-256 encryption for all data at rest. Full audit logging of all system access and changes.
Regulatory & Compliance
Which regulatory guidance does AIMS™ align with?
AIMS™ governance outputs are structured to address AI oversight requirements from OCC, FDIC, Federal Reserve, NCUA, CFPB, FinCEN, and state regulators including NYDFS. The framework draws on SR 11-7, OCC Bulletin 2023-17, FDIC FIL-29-2024, NIST AI RMF, ECOA/FHA, UDAP/UDAAP, BSA/FinCEN, the FFIEC IT Handbook, GLBA, and CFPB Circular 2022-3.
What examiner-ready documentation does AIMS™ produce?
One-click PDF reports include: (1) AI tool inventory and classifications, (2) risk scores and risk distribution, (3) governance controls in place, (4) compliance status — DHA, NDA, VDD, RAG, (5) vendor information and due diligence status, (6) historical governance decisions and full audit trail.
How does the human-in-the-loop governance model work?
AIMS™ alerts your team when governance action is needed — tool review overdue, compliance deadline approaching, high-risk tool detected, or vendor update received. Your team reviews the alert and decides the appropriate response: Resolve, Acknowledge, or Defer. All decisions are recorded in an immutable audit trail. No autonomous action occurs without human review and approval.
Vendor Due Diligence & Support
How does the Three-Factor risk scoring model work?
Factor 1 — Inherent Risk: baseline assessment across the five dimensions (0–100 scale). Factor 2 — Mitigant Controls: assessment of control effectiveness across six categories (Policies, Human Oversight, Monitoring & Logging, Vendor Due Diligence, Training, and Audit). Factor 3 — Residual Risk Band: Inherent Risk minus mitigation effectiveness, yielding a final band of Low, Medium, High, or Critical.
What post-implementation support is included?
Post-implementation support includes: a dedicated named contact for your institution (not a ticketing queue), direct communication channels, regular check-ins at your cadence, and staff training and documentation. Implementation is flexible with no penalties for adjusting pace — quality is prioritized over speed.
What if AIMS™ flags something incorrectly?
All flags are reviewed by your team before any action is taken. AIMS™ documents observations and generates alerts — it does not automatically remediate or take autonomous action. Your team has full authority over every governance decision.

Question not answered here? Contact Lisa Pent and the PentEdge team directly.

Contact the Team
Early Adopter Program · 2026

Be among the first to own your
AI governance narrative.

Founding cohort institutions receive preferred pricing, direct product input, and white-glove implementation support. AIMS™ is built for institutions that want to lead — not react — when examiners ask about AI governance.

Apply for Early Access Schedule a Demo
See AIMS™ in Your Environment

See what AIMS™ surfaces in your environment.

Schedule a 30-minute demo. No obligation, no sales script — just a clear look at what AI governance looks like for your institution.

Request a Demo Contact the Team