AI Regulatory Position Assessment
Understanding your position — before it is determined for you
For commercial banks, fintech companies, insurance organisations and state enterprises using AI in processes that affect client rights or operational activity.
Regulatory context
Law No. ZRU-1115 has established a legal norm: consequential decisions cannot be made solely on the basis of AI system conclusions. The mechanism for verifying compliance with this requirement is for organisations to establish themselves — and most have not yet done so.
The regulator is forming requirements. The question is not whether this will happen — but what position your organisation will be in when it does: with a functioning control architecture already in place, or in the process of building one under pressure.
Readiness for regulatory requirements and readiness for an incident are the same architecture. System failure, an erroneous decision affecting clients, a data breach — all of this happens without warning. Organisations with real control meet such a moment with established procedures and a clear chain of accountability. Those whose control architecture is only outlined or not yet formalised find themselves in a position where explaining what happened is impossible, stopping the consequences is too late, and accountability has already arrived.
What the assessment covers
ZRU-1115 Compliance Analysis
Which of the organisation’s processes and decisions fall under the scope of the law. Where the boundary lies between permissible AI use and violation of the norm. What the organisation’s position looks like today — and what needs to change.
Assessment of Gaps Between Declared and Actual Control
What the regulations say — and what actually happens when decisions are made with AI participation. Where declared oversight diverges from operational practice. This is where regulatory risk is concentrated.
Priority Action Map
What needs to be done first — while it is still the organisation’s own choice, rather than a regulatory requirement. Prioritisation by urgency and complexity of implementation. Specific steps, not general recommendations.
Documentation for Regulatory Engagement
Preparation of materials the organisation can present to the regulator, Supervisory Board or external partners as evidence of real — rather than declarative — control over AI systems.
For banks and microfinance banks — additionally
The Central Bank of Uzbekistan is developing requirements for financial recovery plans. Organisations using AI in critical processes will need to demonstrate a functioning recovery architecture — not merely a document, but verifiable procedures.
Within the extended bank-specific assessment:
- Analysis of compliance with the draft CBU regulation on financial recovery plans
- Assessment of AI systems’ role and position within the recovery architecture
- Gap identification between current state and regulatory requirements
- Recommendations for integrating AI control into the financial recovery plan
- Preparation of documentation for the Central Bank
Format and deliverables
Duration: 2–3 weeks. For banks with extended CBU requirements assessment: 3–4 weeks.
Deliverable: ZRU-1115 compliance analysis, gap assessment, priority action map, regulatory documentation.
Confidentiality: complete. Results are shared only with the organisation’s leadership. A Non-Disclosure Agreement (NDA) is available upon request before engagement begins.
Who this is for
- Commercial banks and microfinance banks under CBU supervision — in relation to ZRU-1115 and recovery plan requirements
- Payment organisations and payment system operators under CBU oversight
- Fintech companies holding a CBU licence
- Insurance organisations using AI in underwriting and claims assessment
- State enterprises where AI participates in legally consequential decisions
- Any organisation that needs to understand its position relative to ZRU-1115 before an inspection or incident
Next step
To request an assessment or hold a preliminary discussion — write directly. A preliminary conversation requires no commitment and takes 30 minutes.
Request an assessment: ok@okhodjaev.com | +998 90 352 83 50
All engagements are conducted under a Non-Disclosure Agreement (NDA).