GCC bank ships AI ESG risk scoring across 14k…

01 · The challenge

Problem

ESG risk on the corporate book was rated by analyst spreadsheets. 14,000 counterparties had inconsistent scoring. The regulator was about to mandate stricter capital treatment.

02 · How we delivered

Solution

AI ESG scoring platform combining structured filings, alternative data, and LLM analysis of disclosures. Lineage-by-default, ISSB and CSRD aligned, model-risk record per counterparty.

03 · Outcome

Impact

14,000 counterparties scored consistently. 32% of the portfolio re-priced based on new ESG signals. Capital-charge benefit measurable. Regulatory submission accepted on first attempt.

How we delivered

Programme phases.

Five phases. One accountable team. Every phase had a named decision point and a measurable outcome.

Discovery & alignment

2–3 weeks

Workshops with the Leading GCC Bank executive team, baseline metrics, target outcome tree, programme governance set up.

Design & architecture

4–6 weeks

Reference architecture, security blueprint, joint squad model agreed. Data model and integration contracts published.

Build & live-parallel

Q2 onwards

Vertical slice built and run live-parallel against the existing system. Continuous integration, daily deploys, weekly business demos.

Cutover & scale

Mid-programme

Phased cutover, audit-aligned reconciliation, scaling out of squads, capability transfer to Leading GCC Bank teams.

Run & continuous improve

Steady state

Managed run with named SLOs, quarterly value reviews, and a 15% optimisation budget reserved for improvement work.

Engineering view

Architecture overview.

Foundations

Cloud landing zone, identity, network, security baseline. Data fabric with lineage-by-default. Audit-grade observability stack from day one.

Application & integration

Domain-aligned microservices behind a published API surface. Event-driven core with CDC into the data fabric. Live-parallel capability built in, not bolted on.

Trust & governance

RBAC, audit logs, lineage, policy-as-code. Model risk records for every production model. Compliance posture on the executive dashboard, not in a quarterly slide.

Built on

Technology stack.

Production-grade choices, defended by track record. The stack is one engineering decision among many — but a load-bearing one.

Azure Snowflake Anthropic Claude MLflow Polygon ID Power BI

Trust by design

Governance & assurance.

01

Programme assurance

Independent assurance reviews at each phase gate. Findings tracked in a single risk register with named owners and remediation deadlines.

02

Security & data

ISO 27001, SOC 2 Type II controls applied throughout. Data lineage captured by default; sensitive data tokenised at the edge.

03

Model risk management

SR 11-7-aligned model risk record per production model. Audit-trail evidencing model behaviour against benchmarks at the decision level.

04

Regulator engagement

Quarterly briefings to the regulator with reproducible explainability artefacts. First-attempt acceptance is the default expectation.

A risk view we can defend in front of any regulator — and act on commercially.

G Group Chief Risk Officer · GCC Tier-1 bank

What we learnt

Three things we would do again.

01

10 months from kickoff to first regulated outcome — squad density and decision velocity matter more than headcount.
02

Joint squads with Leading GCC Bank engineers stayed in place after go-live. Ownership did not transfer in a hand-off — it grew in place.
03

Live-parallel for a meaningful window before cutover bought us trust. The cutover itself was a flag flip, not a war room.

Related case studies.

All case studies →

Banking

Book the partner

Want a programme like this one?

Tell us your sector and your timeline. A senior partner with sector experience will respond within one business day.

Request Executive Briefing

GCC bank ships AI ESG risk scoring across 14k corporate counterparties