About a-team Marketing Services
The knowledge platform for the financial technology industry
The knowledge platform for the financial technology industry

A-Team Insight Blogs

A First for RegTech: Corlytics Achieves ISO 42001 Certification for AI Governance

Subscribe to our newsletter

Dublin-based Corlytics has become the first RegTech company to achieve ISO/IEC 42001 certification, positioning the firm among a select group of global technology companies certified to stringent international standards for AI governance.

ISO 42001 aligns closely with evolving regulatory frameworks such as the EU AI Act and the UK National AI Strategy. The standard includes the following core principles:

Ethical and Responsible AI Deployment: The standard emphasizes aligning AI systems with ethical principles, human rights, and societal values. It advocates for fairness, non-discrimination, and respect for individual autonomy in AI applications.

Risk Management: ISO/IEC 42001 mandates a comprehensive risk management approach, requiring organizations to identify, assess, and mitigate risks associated with AI systems. This includes evaluating potential biases, security vulnerabilities, and unintended consequences throughout the AI lifecycle.

Transparency and Accountability: The standard requires organizations to maintain transparency in AI operations by documenting decision-making processes and ensuring that AI decisions are explainable and auditable. Accountability mechanisms must be in place to address any adverse outcomes resulting from AI system deployment.

Data Privacy and Security: Organizations must ensure that AI systems comply with applicable data protection laws and regulations, such as GDPR and CCPA. This involves safeguarding personal data and implementing robust security measures to protect AI systems from unauthorized access and threats.

Continuous Improvement and Monitoring: ISO/IEC 42001 promotes a culture of continuous improvement by requiring regular monitoring and evaluation of AI systems. Organizations should establish processes to assess AI performance, address deficiencies, and implement enhancements to maintain system effectiveness and compliance.

Stakeholder Engagement: The standard encourages involving stakeholders in the AI governance process to ensure that diverse perspectives are considered. Engaging stakeholders helps in identifying potential impacts, addressing concerns, and fostering trust in AI systems.

The certification was granted following a thorough, two-stage audit by cybersecurity compliance specialists A-LIGN, who reported no compliance issues. “We have been using AI from our inception and have always been led by a strategy of AI-by-design,” explained John Byrne, CEO and Founder of Corlytics. Byrne noted that this approach ensures the firm’s clients benefit from “robust and transparent AI solutions.” The company currently processes approximately 30 million pages of regulations annually and has established relationships with 40% of the world’s 30 largest banks.

The certification process included collaboration with Waystone Compliance Solutions. Conor Flynn, Managing Director at Waystone, recognized the significance of Corlytics’ achievement, stating, “ISO 42001 will quickly become a gold standard for organisations adopting AI, and Corlytics has demonstrated both the strategic foresight and operational discipline to lead from the front.”

The recent certification aligns with strategic shifts since Verdane acquired a majority stake in Corlytics last year. The company has expanded its governance frameworks across all its operations, embedding the new standards into every product and process. Corlytics expects further enhancements to its products and services later in the year.

Chief Data Officer Oisín Boydell noted, “This milestone reflects the years of investment Corlytics has made in building expert, ethical, intelligent AI.”

Responding to a question from RegTech Insight he continued, “We’ve had very positive feedback, particularly from risk and procurement teams in financial services, where due diligence processes are especially rigorous. These teams are deeply aware of the risks surrounding AI, and they care enormously about the reliability and trustworthiness of the systems they adopt. Our ISO/IEC 42001 certification gives them confidence, not just in the functionality of our AI, but in the governance behind it,” he says, emphasising that “This certification reassures clients that we’re building responsibly and aligning with regulatory expectations, not only from the EU AI Act but more broadly across global best practices. It’s not just Corlytics saying ‘we follow good governance,’ we have been independently audited and certified to that effect. That makes a real difference to customers who are under increasing pressure to demonstrate their own oversight of third-party AI systems.”

Looking ahead to the updates hinted at for later this year, Boydell noted, “Our roadmap is tightly aligned with the full regulatory compliance lifecycle, from horizon scanning and regulatory change management to obligations, controls and policy alignment. We’re enhancing AI across all stages, guided by six core AI competencies that underpin our platform: classification, summarisation, extraction, rationalisation, mapping and creation.

“The opportunity lies in using AI to unify and streamline this lifecycle. But at the same time, AI is evolving fast – and that comes with risk. New vulnerabilities and unintended consequences are emerging all the time, often before they’re fully understood by the industry. That’s where our AI governance framework, including ISO/IEC 42001, gives us a real advantage. It lets us adapt quickly and responsibly, integrating new AI capabilities while maintaining structured oversight. For us, it’s about balancing innovation with accountability, delivering cutting-edge tools without compromising trust.”

Subscribe to our newsletter

Related content

WEBINAR

Upcoming Webinar: Navigating a Complex World: Best Data Practices in Sanctions Screening

5 November 2025 10:00am ET | 3:00pm London | 4:00pm CET Duration: 50 Minutes As rising geopolitical uncertainty prompts an intensification in the complexity and volume of global economic and financial sanctions, banks and financial institutions are faced with a daunting set of new compliance challenges. The risk of inadvertently engaging with sanctioned securities has...

BLOG

EU’s AMLA Sets Stage for Direct Supervision of High-Risk Cross-Border Banks

The EU’s new Anti-Money Laundering Authority (AMLA – the Authority)) moved from concept to reality in summer 2025 as it began operations in Frankfurt. The Authority has a mandate to drive supervisory convergence, coordinate Financial Intelligence Units (FIUs) and, from 2028, directly supervise a set of high-risk, cross-border financial institutions. The EU Anti Money Laundering...

EVENT

AI in Capital Markets Summit London

The AI in Capital Markets Summit will explore current and emerging trends in AI, the potential of Generative AI and LLMs and how AI can be applied for efficiencies and business value across a number of use cases, in the front and back office of financial institutions. The agenda will explore the risks and challenges of adopting AI and the foundational technologies and data management capabilities that underpin successful deployment.

GUIDE

Regulatory Data Handbook 2025 – Thirteenth Edition

Welcome to the thirteenth edition of A-Team Group’s Regulatory Data Handbook, a unique and practical guide to capital markets regulation, regulatory change, and the data and data management requirements of compliance across Europe, the UK, US and Asia-Pacific. This year’s edition lands at a moment of accelerating regulatory divergence and intensifying data focused supervision. Inside,...