I build automation systems and governance frameworks for teams without a dedicated compliance function. Most of what's out there was written for enterprises with hundreds of people, and a lot of it doesn't port down cleanly.
Book a 30-minute assessmentTry the Governance GraderResults
What This Looks Like
Some projects are a single workflow that saves a few hours a week. Others are a full operations layer. Either is a reasonable place to start.
Quick wins
AI drafts replies for routine messages and flags the rest for a human.
Booking confirmations, pre-meeting briefs, and follow-up emails. All automatic.
AI handles common questions over SMS or chat. Escalates what it's not confident about.
Invoices, receipts, and contracts get read, categorized, and routed. No data entry.
Systems
New leads get researched, scored, and routed to the right person automatically, so your team spends time on the conversations that matter.
Topic research, drafts, and scheduling handled automatically. The creative calls stay with your team.
Track competitor pricing, product changes, and market moves. A weekly brief lands in your inbox with no manual digging.
Welcome sequences, account setup, resource delivery, and check-in scheduling, handled end to end.
Enterprise-grade
Multiple AI agents working together with governance guardrails. One researches, one writes, one reviews, one publishes. Humans review at the points that matter.
Frameworks that track what your AI agents did, why they did it, and what to check. Useful whether a regulator is watching or you want a clear record.
How It Works
30 minutes. We look at your workflow, find the highest-leverage opportunity, and scope a project. You get a written assessment either way, whether or not we work together.
I build, test with real data, and hand off with docs. Check-ins along the way, but you're not in the weeds. Usually 2 to 4 weeks.
30 days post-launch support included, since systems usually need tuning once they're live. Optional retainer after that if you want ongoing work.
Governance Frameworks
Standards-based approaches adapted for teams that ship AI agents without a dedicated compliance function.
AI governance policies degrade as models update, threats evolve, and teams change. This framework measures the rate of that degradation, so you know which policies need review now and which can wait.
EU AI Act Art. 9 / NIST AI RMFHow fast can your organization actually absorb a new governance requirement? This scores your time-to-policy, coordination speed, and incident response latency. High metabolism adapts in weeks. Low metabolism means you're still interpreting requirements when enforcement hits.
Organizational context layerAgent permissions rarely need to last forever. This scores each permission by data sensitivity, blast radius, and time since last review. High decay scores trigger revocation or re-scoping.
OWASP ASI03 / EU AI Act Art. 9Five rungs of human-agent delegation, from “verify everything” to “full delegation.” Unlike maturity models, this measures where you are with a specific agent. A personal diagnostic for practitioners deciding how much autonomy to grant.
CSA Agentic Trust FrameworkAbout
I spent a few years at Accenture on data governance for financial services clients. Mostly large programs with long review cycles.
At Chicago Booth I studied finance and strategic management, and built AI automation tools on the side. A lot of the teams I met were moving fast on agents and didn't have much to lean on for governance.
Loomiq is what I started building for those teams. It takes standards like OWASP, NIST, and the EU AI Act and turns them into something a smaller team can actually use. I still build the automation side too, since the two inform each other.
Work Together
If any of this sounds like where you are, I'd be glad to hear about it. Happy to talk through what you're working on, whether or not it becomes a project.