Risk & Bias Assessment (RBA) — CHLOM Phase 0→1

Document Classification: Internal — CHLOM Confidential Phase: 0 → 1 Version: 0.1 Owner: CrownThrive, LLC Last Updated: 2025-08-08

Section 1 — Sensitive Attribute List

AttributeTypeHandling Policy
Race/EthnicityPIINever stored raw; use category encoding in privacy-preserving form
GenderPIITokenized; optional field; used only when policy allows
Date of BirthPIIStored as commitment; used in ZK proof for age verification
National IDPIINot stored; FPE/tokenized for temporary match
GeolocationPIICoarsened to region/country; never store precise lat/long without consent

Section 2 — Bias Detection Methods

  • Statistical Parity Difference — Compare positive decision rates across groups.
  • Equal Opportunity Difference — Compare TPR across groups.
  • Calibration Curves — Ensure predicted risk scores align with actual outcomes.
  • KS Test — For feature distribution differences across sensitive groups.

Section 3 — Drift Detection Methods

  • PSI (Population Stability Index) on key features.
  • KL Divergence for categorical shifts.
  • Windowed AUC Tracking for model performance degradation.
  • Drift alerts routed to Data Eng + Compliance for review.

Section 4 — Human-in-the-Loop Control Points

  • Pre‑Deployment Review: All models reviewed by Compliance + Risk team.
  • Appeals Process: Tenants can request score re‑evaluation by human analyst.
  • Threshold Adjustments: Only via governance‑approved policy bundles.

Section 5 — Corrective Action Procedures

  1. Bias Breach Detected → Freeze affected model in Model Registry.
  2. Launch RCA to identify root cause.
  3. Retrain with balanced dataset or reweight features.
  4. Validate on fairness metrics before re‑deployment.

CaaS API Spec (OpenAPI Skeleton) — CHLOM Phase 0→1

Document Classification: Internal — CHLOM Confidential Owner: CrownThrive, LLC Last Updated: 2025-08-08

openapi: 3.1.0
info:
  title: CHLOM CaaS API
  version: 0.1.0
  description: Compliance scoring, fraud detection, KYC resolution, ZK verification.
servers:
  - url: https://api.chlom.io
security:
  - mtls: []
  - oauth2: [caas.read, caas.write]
paths:
  /v1/score/compliance:
    post:
      summary: Compute compliance score
      operationId: postComplianceScore
      requestBody:
        required: true
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/ComplianceScoreRequest'
      responses:
        '202': { $ref: '#/components/responses/AcceptedAsync' }
  /v1/fraud/graph/inspect:
    post:
      summary: Graph-based fraud network inspection
      operationId: postFraudGraphInspect
      requestBody:
        required: true
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/FraudGraphRequest'
      responses:
        '200': { $ref: '#/components/responses/FraudGraphResponse' }
  /v1/anomaly/stream:
    post:
      summary: Subscribe to anomaly events
      operationId: postAnomalyStream
      responses:
        '101': { description: Switching Protocols (SSE/WS) }
  /v1/kyc/resolve:
    post:
      summary: Sanctions/PEP resolution
      operationId: postKycResolve
      requestBody:
        required: true
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/KycResolveRequest'
      responses:
        '200': { $ref: '#/components/responses/KycResolveResponse' }
  /v1/zk/verify:
    post:
      summary: Verify Obsidian ZK proof
      operationId: postZkVerify
      requestBody:
        required: true
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/ZkVerifyRequest'
      responses:
        '200': { $ref: '#/components/responses/ZkVerifyResponse' }
components:
  securitySchemes:
    mtls:
      type: mutualTLS
    oauth2:
      type: oauth2
      flows:
        clientCredentials:
          tokenUrl: https://auth.chlom.io/oauth/token
          scopes:
            caas.read: Read access
            caas.write: Write access
  schemas:
    ComplianceScoreRequest:
      type: object
      properties:
        entity: { $ref: '#/components/schemas/Entity' }
        context: { type: object, additionalProperties: true }
      required: [entity]
    FraudGraphRequest:
      type: object
      properties:
        seed_ids: { type: array, items: { type: string } }
        window: { type: string, example: 'PT24H' }
      required: [seed_ids]
    KycResolveRequest:
      type: object
      properties:
        name: { type: string }
        dob: { type: string, format: date }
        documents: { type: array, items: { type: string, format: uri } }
      required: [name]
    ZkVerifyRequest:
      type: object
      properties:
        proof: { type: string }
        public_inputs: { type: array, items: { type: string } }
      required: [proof, public_inputs]
    Entity:
      type: object
      properties:
        type: { type: string, enum: [person, organization] }
        identifiers: { type: object, additionalProperties: true }
  responses:
    AcceptedAsync:
      description: Accepted for async processing; webhook will deliver result.
      headers:
        Operation-Id: { description: Async correlation id, schema: { type: string } }
    FraudGraphResponse:
      description: Graph clusters and risk links
      content:
        application/json:
          schema:
            type: object
            properties:
              clusters: { type: array, items: { type: array, items: { type: string } } }
              explanations: { type: array, items: { type: string } }
    KycResolveResponse:
      description: Matched entities with confidence bands
      content:
        application/json:
          schema:
            type: object
            properties:
              matches: { type: array, items: { type: object, additionalProperties: true } }
    ZkVerifyResponse:
      description: Proof verification outcome
      content:
        application/json:
          schema:
            type: object
            properties:
              valid: { type: boolean }
              meta: { type: object, additionalProperties: true }

Was this article helpful?

Model Card Template — CHLOM Phase 0→1
SRE Playbook — CHLOM Phase 0→1