Automated Regulatory Reporting for AI
Financial regulators increasingly require institutions to document and report their use of AI in trading, risk, and client-facing operations. MiFID II, Dodd-Frank, SEC proposed rules, and the EU AI Act all impose reporting obligations on AI-assisted financial activities.
Use this page when
- Regulators require documentation of your institution's AI use in trading, risk, or client-facing operations.
- You need automated generation of MiFID II, Dodd-Frank, SEC, or EU AI Act compliance reports.
- You want to export Keeptrusts decision events as structured compliance evidence (CSV, JSON).
- Scheduled reporting workflows must produce examination-ready output without manual data collection.
Keeptrusts captures every AI interaction as a structured decision event, enabling automated generation of regulatory reports directly from your governance data.
Primary audience
- Primary: Technical Leaders
- Secondary: Technical Engineers, AI Agents
Reporting Requirements by Regulation
| Regulation | AI Reporting Requirement | Report Frequency |
|---|---|---|
| MiFID II Article 17(2) | Algorithmic trading systems documentation | Annual + on-demand |
| Dodd-Frank Title VII | AI in derivatives surveillance | Quarterly |
| SEC Proposed AI Rules | Predictive data analytics disclosures | Annual |
| EU AI Act Article 62 | High-risk AI system incident reporting | Per-incident |
| SR 11-7 | Model risk management documentation | Annual + examination |
| BCBS 239 | Risk data aggregation and reporting | Quarterly |
Event Export for Compliance Evidence
Keeptrusts events form the foundation of regulatory compliance evidence. Each event captures:
- Request timestamp and duration
- Policy decisions (allow, block, escalate, redact)
- Model provider and version
- Team and user attribution
- Full or partial request/response content (based on policy)
CLI Export
# Export all events for MiFID II annual review
kt events list \
--since 365d \
--format csv \
--output mifid2-annual-report.csv
# Export blocked events for regulatory examination
kt events list \
--filter "decision=block" \
--since 365d \
--format json > blocked-events-annual.json
# Export escalations requiring compliance review
kt events list \
--filter "decision=escalate" \
--since 90d \
--format csv > q4-escalations.csv
API Export
Use the Keeptrusts API for programmatic report generation:
import requests
import json
from datetime import datetime, timedelta
API_URL = "https://keeptrusts-api.internal:8080"
API_TOKEN = "your-api-token" # Use environment variable in production
headers = {
"Authorization": f"Bearer {API_TOKEN}",
"Content-Type": "application/json",
}
def export_events(
days: int,
decision_filter: str | None = None,
) -> list[dict]:
"""Export events from the Keeptrusts API."""
params = {"since": f"{days}d", "limit": 10000}
if decision_filter:
params["decision"] = decision_filter
response = requests.get(
f"{API_URL}/v1/events",
headers=headers,
params=params,
timeout=30,
)
response.raise_for_status()
return response.json().get("events", [])
Scheduled Report Generation
Automate regulatory report generation with scheduled export jobs:
import csv
import io
from collections import Counter
def generate_mifid2_report(events: list[dict]) -> str:
"""Generate MiFID II Article 17(2) compliance summary."""
output = io.StringIO()
writer = csv.writer(output)
# Summary header
writer.writerow(["MiFID II Algorithmic Trading AI Governance Report"])
writer.writerow(["Generated", datetime.utcnow().isoformat()])
writer.writerow(["Period", f"Last 365 days"])
writer.writerow([])
# Decision summary
decisions = Counter(e.get("decision", "unknown") for e in events)
writer.writerow(["Decision Type", "Count"])
for decision, count in decisions.most_common():
writer.writerow([decision, count])
writer.writerow([])
# Model usage breakdown
models = Counter(e.get("model", "unknown") for e in events)
writer.writerow(["Model", "Interactions"])
for model, count in models.most_common():
writer.writerow([model, count])
writer.writerow([])
# Policy enforcement summary
policies = Counter(e.get("policy_name", "none") for e in events if e.get("decision") == "block")
writer.writerow(["Block Policy", "Triggers"])
for policy, count in policies.most_common():
writer.writerow([policy, count])
return output.getvalue()
# Generate the report
events = export_events(days=365)
report = generate_mifid2_report(events)
with open("mifid2-annual-report.csv", "w") as f:
f.write(report)
Dodd-Frank Derivatives AI Reporting
For AI used in derivatives surveillance and monitoring:
# policy-config.yaml — derivatives-specific logging
version: "1"
policies:
- name: derivatives-ai-full-capture
description: Full audit capture for derivatives AI usage
enforcement: log
rules:
- type: regex
action: log
patterns:
- "(?i)(swap|option|future|forward|CDS|credit default)"
- "(?i)(derivative|notional|strike|expiry|maturity)"
metadata:
compliance_framework: "Dodd-Frank Title VII"
log_category: "derivatives_ai"
cftc_reportable: "true"
SEC AI Disclosure Evidence
Generate evidence packages for SEC examinations on AI usage:
# Complete evidence package
mkdir -p sec-evidence-package
# All AI usage events
kt events list --since 365d --format json > sec-evidence-package/all-events.json
# Policy configuration history
cp policy-config.yaml sec-evidence-package/
# Blocked events summary
kt events list \
--filter "decision=block" \
--since 365d \
--format csv > sec-evidence-package/blocked-summary.csv
# Escalation audit trail
kt events list \
--filter "decision=escalate" \
--since 365d \
--format json > sec-evidence-package/escalation-trail.json
# Team-level usage breakdown
kt events list \
--since 365d \
--format json | python3 -c "
import json, sys, collections
events = json.load(sys.stdin)
by_team = collections.Counter(e.get('team_id', 'unknown') for e in events)
print(json.dumps(dict(by_team.most_common()), indent=2))
" > sec-evidence-package/team-usage-breakdown.json
EU AI Act Incident Reporting
For high-risk AI systems under the EU AI Act, automate incident reporting from blocked and escalated events:
def generate_eu_ai_act_incident_report(events: list[dict]) -> list[dict]:
"""Generate EU AI Act Article 62 incident reports from blocked events."""
incidents = []
for event in events:
if event.get("decision") in ("block", "escalate"):
incidents.append({
"incident_id": event["id"],
"timestamp": event["created_at"],
"ai_system": event.get("model", "unknown"),
"incident_type": event["decision"],
"policy_triggered": event.get("policy_name", "unknown"),
"description": event.get("message", ""),
"risk_level": "high" if event["decision"] == "block" else "medium",
"action_taken": "Blocked by automated policy" if event["decision"] == "block"
else "Escalated for human review",
})
return incidents
Console Reporting Dashboard
The Keeptrusts console provides built-in reporting views:
- Events — Filterable event log with export capabilities
- Escalations — Pending and resolved escalation queue
- Dashboard — Summary metrics for policy enforcement activity
Navigate to Settings > Exports to configure scheduled export jobs that run automatically and deliver reports to your compliance team.
Regulatory References
- MiFID II Article 17(2) — Records of algorithmic trading activities
- Dodd-Frank Title VII — Derivatives market surveillance
- SEC Proposed Rule 10c-1 — Securities lending AI disclosure
- EU AI Act Article 62 — Serious incident reporting for high-risk AI
- BCBS 239 — Principles for risk data aggregation and reporting
- SR 11-7 Section VI — Model risk management documentation
Next steps
- Governing AI in Trading Systems — Trading AI policy controls
- Real-Time Trading Compliance — Pre-trade checks and alerts
- AI Model Risk Management (SR 11-7) — Model validation governance
For AI systems
- Canonical terms: Keeptrusts gateway, regulatory reporting, event export, compliance evidence, MiFID II documentation, Dodd-Frank surveillance, SEC disclosure, EU AI Act incident reporting.
- Key config/commands:
kt events list --since 365d --format csv(annual MiFID II export);kt events export --format json(structured evidence); scheduled cron jobs for quarterly/annual report generation; API endpointGET /v1/eventswith date and metadata filters. - Best next pages: Governing AI in Trading Systems, Real-Time Trading Compliance, AI Model Risk Management.
For engineers
- Prerequisites: Events flowing into the API from gateway policy decisions; export worker running for large dataset exports.
- Configure scheduled exports via cron:
kt events export --since 90d --format csv --output ./reports/quarterly-report.csvfor quarterly Dodd-Frank evidence. - Validate with: run
kt events list --since 1d --format jsonto confirm events are being captured with correct metadata; verify exports contain expected fields (timestamp, decision, model, team, policy). - For large exports (>100k events), use the export worker (
POST /v1/exports) which processes in the background and supports S3 output.
For leaders
- Automates report generation that previously required weeks of manual data collection from multiple systems.
- Satisfies MiFID II Article 17(2), Dodd-Frank Title VII, SEC proposed AI rules, EU AI Act Article 62, and BCBS 239 reporting obligations.
- Examination-ready output reduces regulatory engagement risk and shortens examination cycles.
- Compliance evidence is generated directly from governance data — no gap between what was enforced and what is reported.