REIGN · OUTCOMES · THREE LINES OF DEFENSE
First. Second. Third.
Plus Independent Assurance.
Reign instruments all three lines of defense in regulated organizations — Business and Operations, Risk and Model Risk Management, Internal Audit — and gives independent assurance functions the read-only, tamper-evident view they need. Built for the way regulated organizations actually work, not the way governance vendors imagine they do.
The Gap
Most AI governance tools instrument one line. Regulated organizations need all three.
The Three Lines of Defense model is how every regulated bank, insurer, life-sciences company, and capital-markets firm organizes risk. The first line owns the activity. The second line independently challenges it. The third line provides assurance to the board. Independent Assurance — external auditors, regulators — sits on top.
Most AI governance vendors were not built for this structure. They produce a dashboard for one persona — usually a Director of AI Governance — and expect the rest of the organization to consume the same view. That does not survive a regulatory exam. The second line cannot independently challenge a control if it cannot see the control. The third line cannot provide assurance if it does not have read-only access to the same evidence the first line generates.
Reign was architected for the Three Lines model from the ground up. Same governance Spine. Different views, different access controls, different audit trails per line — instrumented at the platform layer.
Four Cards
How Reign instruments each line.
First Line
Business and Operations
AI Gateway policy enforcement at the call layer. Real-time observability of every AI and agent decision in the workflow. Operational dashboards for product, engineering, and business owners. Self-service guardrails — fast feedback, fast iteration, inside the policy envelope the second line set.
Second Line
Risk and Model Risk Management
Independent challenge of first-line activity. Model Risk Validation aligned to SR 11-7, OSFI E-23, FDA PCCP. Drift monitoring, validation harness results, second-line attestation workflows. Three Lines reporting feeds into the audit ledger.
Third Line
Internal Audit
Read-only access to the full Audit Ledger (CAVR). Replayable forensic record of every AI decision in the period under audit. Three Lines coverage reporting. Pre-built workpapers mapped to internal audit testing standards.
Independent Assurance
External Auditors and Regulators
External auditors and regulators consume Assurance Packs in their preferred format. Big-4-attestor neutral — Reign is the platform any major audit firm can attest on top of. Read-only, tamper-evident, multi-jurisdiction.
The Competitive Frame
What you usually get vs. what Reign delivers.
What you usually get
What Reign delivers
A dashboard for one persona.
Built for a Director of AI Governance. The second line gets a CSV export. Internal Audit gets a screenshot.
One platform, four views.
Same governance Spine. Different access, different audit trails, different output formats per line. Designed for regulated-organization structure.
First-line evidence only.
What the operator captured. What the operator chose to share.
Independent verification.
The second and third lines see the same tamper-evident ledger the first line writes to. There is no shared workflow they can be excluded from.
One attestor, one framework.
A vendor-attested SOC 2 report.
Multi-attestor, multi-framework.
Big-4 audit-firm partners attest on top of Reign. Native coverage of SR 11-7, OSFI E-23, EU AI Act, FDA PCCP, 21 CFR Part 11.
Co-design the Trust Layer for Enterprise AI.
FY26 Reign Design Partner Program. Selective cohort.
Apply