Feasibility & Risk
What's buildable, what's hard, and how we test before we commit.
Feasibility Matrix
| Capability | Feasibility | Confidence | Dependencies | Notes |
|---|---|---|---|---|
| AI-assisted PRD/spec/QA generation | High | High | Internal docs, templates, guardrails | Fastest AI-fluent win. |
| Policy-grounded RAG for compliance context | Medium | Medium | Structured corpus, versioning, retrieval evals | Quality depends on policy source hygiene. |
| Case triage + next-step recommendation | High | Medium | Workflow taxonomy, labeled historical cases | Human approval remains mandatory for critical actions. |
| AI-guided issuance workflow copilot | Medium | Medium-Low | Workflow engine, policy service, UI integration | High value, needs careful rollout. |
| Deterministic policy check service | Medium | Medium | Rules engine + legal mapping | Non-negotiable control layer. |
| Event-level AI action logging/provenance | High | Medium | Centralized observability, immutable logs | Critical for audit trust. |
| Autonomous critical-path action execution | Low | Low | Regulatory clearance, mature controls | Defer until strong evidence and approval model. |
Challenging Parts Map
Policy-to-system translation gap
Legal/compliance language is nuanced; system rules need determinism.
Policy ontology, legal-approved rule interpretations, versioned mappings.
Retrieval trustworthiness in regulated contexts
LLM output quality collapses if policy/document retrieval is stale or noisy.
Curated corpus, freshness SLAs, citation requirements, fallback handling.
Human approval orchestration
Preserving accountability without bottlenecking workflow speed.
Risk-tiered approval model and dynamic routing by action criticality.
Explainability and evidencing
"Why this action" must be auditable for internal and external review.
Standardized rationale schema + immutable event traces.
Multi-system integration complexity
Issuance/custody/trading and account systems are often loosely coupled.
Orchestration layer with reliable event contracts + retries/idempotency.
Organizational adoption
Teams may use AI inconsistently, reducing reliability.
Shared playbooks, training, usage telemetry, role-specific governance.
Spike Plan
Compliance RAG reliability
Goal: Test policy retrieval quality and citation integrity.
Success: >90% answer grounding with correct policy references on benchmark set.
AI-assisted requirement-to-test pipeline
Goal: Reduce spec and QA authoring time.
Success: 30% cycle-time reduction with acceptable review pass rate.
Ops case triage copilot
Goal: Classify and route high-volume exception cases.
Success: 25% lower triage handling time and stable error profile.
Issuance workflow copilot (internal alpha)
Goal: Guide internal teams through missing docs, policy checks, next actions.
Success: Measurable reduction in stalled steps and handoff latency.
Spike Governance
Every spike must clear these gates before proceeding — no exceptions
Risk Review
Independent risk assessment for each spike before execution begins
Compliance Sign-off Gates
Mandatory compliance team approval at each stage transition
Post-Spike Audit Packet
Complete evidence package generated and filed for audit readiness