Skip to main content

    REIGN · OUTCOMES · THREE LINES OF DEFENSE

    First. Second. Third.
    Plus Independent Assurance.

    Reign instruments all three lines of defense in regulated organizations. Business and Operations, Risk and Model Risk Management, Internal Audit. And gives independent assurance functions the read-only, tamper-evident view they need. Built for the way regulated organizations actually work, not the way governance vendors imagine they do.

    Apply for a Reign pilotSee the Spine that delivers it

    The Gap

    Most AI governance tools instrument one line. Regulated organizations need all three.

    The Three Lines of Defense model is how every regulated bank, insurer, life-sciences company, and capital-markets firm organizes risk. The first line owns the activity. The second line independently challenges it. The third line provides assurance to the board. Independent Assurance, external auditors, regulators, sits on top.

    Most AI governance vendors were not built for this structure. They produce a dashboard for one persona. Usually a Director of AI Governance. And expect the rest of the organization to consume the same view. That does not survive a regulatory exam. The second line cannot independently challenge a control if it cannot see the control. The third line cannot provide assurance if it does not have read-only access to the same evidence the first line generates.

    Reign was architected for the Three Lines model from the ground up. Same governance Spine. Different views, different access controls, different audit trails per line. Instrumented at the platform layer.

    Four Cards

    How Reign instruments each line.

    First Line

    Business and Operations

    AI Gateway policy enforcement at the call layer. Real-time observability of every AI and agent decision in the workflow. Operational dashboards for product, engineering, and business owners. Self-service guardrails. Fast feedback, fast iteration, inside the policy envelope the second line set.

    Second Line

    Risk and Model Risk Management

    Independent challenge of first-line activity. Model Risk Validation aligned to SR 26-2, OSFI E-23, FDA PCCP. Drift monitoring, validation harness results, second-line attestation workflows. Three Lines reporting feeds into the audit ledger.

    Third Line

    Internal Audit

    Read-only access to the full Audit Ledger (CAVR). Replayable forensic record of every AI decision in the period under audit. Three Lines coverage reporting. Pre-built workpapers mapped to internal audit testing standards.

    Independent Assurance

    External Auditors and Regulators

    External auditors and regulators consume Assurance Packs in their preferred format. Big-4-attestor neutral. Reign is the platform any major audit firm can attest on top of. Read-only, tamper-evident, multi-jurisdiction.

    The Competitive Frame

    What you usually get vs. what Reign delivers.

    What you usually get

    What Reign delivers

    A dashboard for one persona.

    Built for a Director of AI Governance. The second line gets a CSV export. Internal Audit gets a screenshot.

    One platform, four views.

    Same governance Spine. Different access, different audit trails, different output formats per line. Designed for regulated-organization structure.

    First-line evidence only.

    What the operator captured. What the operator chose to share.

    Independent verification.

    The second and third lines see the same tamper-evident ledger the first line writes to. There is no shared workflow they can be excluded from.

    One attestor, one framework.

    A vendor-attested SOC 2 report.

    Multi-attestor, multi-framework.

    Big-4 audit-firm partners attest on top of Reign. Native coverage of SR 26-2, OSFI E-23, EU AI Act, FDA PCCP, 21 CFR Part 11.

    Design partner pilot

    Co-design Continuous Operational Assurance for Enterprise AI.

    Being hardened with a small set of Tier 1 design partners through 2026. Limited intake. Ninety-day pilots. Audit-grade evidence.

    Apply
    For the Chief Audit Executive

    Read-only access to the Audit Ledger.

    The third-line view. Replayable evidence, pre-built workpapers, Three Lines coverage reporting.

    See Reign for Internal Audit
    30 minutes

    Bring your specific scenario.

    30 minutes with the team.

    Talk to us