# Governance #### 1. Institutional Roles and Mandates NRM is not institutionally neutral. Its authority and legitimacy depend on clearly defined roles for **GCRI, GRF, GRA**, and the distributed network of **Regional Nexus Consortia (RNCs)** and **Nexus Competence Cells (NCCs)**. **1.1 GCRI as Technical and Scientific Authority for NRM** **Mandate** The **Global Centre for Risk & Innovation (GCRI)** is the **technical and scientific authority** for Nexus Risk Management. Its mandate covers: * Design and stewardship of: * Nexus Rail core architecture, * Core Risk Ontology and domain extensions, * UNOSINT pipelines and AEP formats, * NRM scoring engines, simulation methods, and model governance frameworks. * Operation of global and reference infrastructure (e.g., reference observatories, reference NRM Profiles). * Leadership of research, experimentation, and methodological innovation relevant to NRM. **Responsibilities** GCRI shall: 1. **Define and maintain** the technical specifications that underlie NRM, including reference implementations and SDKs. 2. **Validate and approve** new models, methods, and ontological changes proposed for NRM use, subject to GRF governance review. 3. **Coordinate Nexus Competence Cells (NCCs)** as distributed technical and research nodes: * Support NCCs in implementing and extending NRM in countries, sectors, and institutions. 4. **Anchor the Risk Academy**: * Develop curricula and training standards for NRM practitioners (analysts, modelers, validation experts, chairs, etc.). 5. **Advise GRF and GRA**: * Provide scientific and technical input to governance and capital decisions involving NRM. GCRI is thus responsible for ensuring NRM is **scientifically sound, technically robust, and continuously updated**. *** **1.2 GRF as Governance and Consortia Authority for NRM** **Mandate** The **Global Risks Forum (GRF)** is the **governance and consortia authority** for NRM. Its mandate covers: * The constitutional, normative, and organisational aspects of NRM. * The design and enforcement of **NRM standards, conformance levels, and profiles**. * Convening and stewarding **NRM-related consortia**, including RNCs and thematic coalitions. * Operating the **Council Register** and contributing to dual logging (with the Nexus Ledger) for decisions with legal/protocol effect. **Responsibilities** GRF shall: 1. **Articulate governance principles** for NRM (polycentricity, inclusivity, accountability, anti-capture). 2. **Charter, recognise, and oversee** Regional Nexus Consortia and other NRM consortia, ensuring adherence to: * NRM standards, * Data sovereignty and justice commitments, * Participation and grievance procedures. 3. **Define and maintain**: * NRM Conformance Levels (CL), * Evidence Quality Levels (EQL), * Governance templates for NRM Profiles, AEP assurance, and consortia charters. 4. **Provide forums and processes** for: * Multi-level dialogue (global–regional–national–community–Indigenous), * Contested-knowledge resolution, * Community and Indigenous participation in NRM decisions. 5. **Dual log governance-relevant actions**: * Record key NRM decisions, certifications, and conformance changes in the GRF Council Register, mirrored in the Nexus Ledger where required. GRF ensures NRM is **legitimate, accountable, and resistant to capture**, and that it serves the public interest, not narrow institutional agendas. *** **1.3 GRA as Capital and Industry Authority for NRM** **Mandate** The **Global Risks Alliance (GRA)** is the **capital and industry authority** for NRM. Its mandate covers: * Organising financial institutions, insurers, reinsurers, asset managers, corporates, and infrastructure operators into **NRM-aligned alliances**. * Translating NRM evidence and profiles into **risk transfer, risk-sharing, and resilience investment programmes**. * Ensuring industry participation respects NRM’s public-interest governance and standards. **Responsibilities** GRA shall: 1. **Convene and manage** membership-based industry alliances operating on the Nexus Rail: * Define participation rules and codes of conduct for members, * Align product development with NRM Profiles and GRF standards. 2. **Co-design financial and risk instruments** that use NRM evidence: * Sovereign & sub-sovereign facilities, * Parametric covers and reinsurance layers, * Resilience bonds, credit enhancements, and other structured products. 3. **Ensure transparency and auditability**: * Products and programmes claiming NRM alignment must use: * NRM Profiles and AEPs, * Clear trigger and allocation logic, * Dual logging of key events (e.g., payouts, escalations) where appropriate. 4. **Protect public-interest guardrails**: * Enforce rules that prevent proprietary black-box models from substituting for NRM evidence in public decisions, * Ensure fair access and non-discriminatory terms in public-interest NRM programmes. GRA ensures NRM is not merely analytic, but **connected to real capital flows and operational risk-sharing**, under robust rules. *** **1.4 Roles of Regional Nexus Consortia (RNCs) and Nexus Competence Cells (NCCs)** **Regional Nexus Consortia (RNCs)** and **Nexus Competence Cells (NCCs)** are the distributed implementation arms of NRM. * **RNCs** (e.g., Singapore Nexus/APAC, Kenya Nexus/East Africa, etc.) are regional consortia operating under local legal frameworks and GRF licenses. * **NCCs** are institutionally hosted units (often in universities, agencies, or infrastructure operators) responsible for **localisation and operation** of NRM capabilities. **RNC responsibilities** RNCs shall: 1. Act as **regional stewards** of NRM: * Adapt and apply NRM Profiles to regional realities, * Coordinate cross-border, cross-sector NRM initiatives. 2. Host or coordinate regional instances of: * Nexus Rail infrastructure, * UNOSINT observatories, * Risk Academy programmes. 3. Facilitate participation of: * National governments and agencies, * Regional financial institutions, * Community and Indigenous networks. 4. Report on **regional NRM performance**, including: * Adoption, use, and impact of NRM Profiles, * Equity and justice outcomes, * Lessons for global evolution of NRM. **NCC responsibilities** NCCs shall: 1. Operate as **technical and analytical cells**: * Implement NRM ontologies, data pipelines, and models, * Produce NRM AEPs and scenario analyses for local contexts. 2. Serve as **interface nodes** between: * Local institutions (universities, agencies, firms, communities), * GCRI, GRF, and their global counterparts. 3. Support **capacity-building**: * Train local experts and practitioners via the Risk Academy, * Support integration of NRM into curricula and institutional processes. 4. Uphold NRM standards: * Conform to CL/EQL requirements, * Implement governance, ethics, and participation protocols locally. Together, RNCs and NCCs ensure NRM is **globally coherent and locally grounded**. *** #### 2. NRM Governance Model **2.1 Governance Principles (Polycentricity, Inclusivity, Accountability, Anti-Capture)** NRM governance is built on four core principles: * **Polycentricity** * Multiple centres of decision-making exist (global, regional, national, community), each with defined mandates and coordination mechanisms. * No single institution can unilaterally dictate how NRM is used everywhere. * **Inclusivity** * Those affected by NRM-related decisions—especially communities and Indigenous nations—must have structured opportunities to: * Participate in design and review, * Supply and interpret evidence, * Challenge outcomes and seek remedies. * **Accountability** * Decisions and standards must be: * Traceable to their authors and rationales, * Reviewable by oversight entities, * Open to revision when harm, error, or bias is demonstrated. * **Anti-capture** * Governance design actively mitigates risks of: * Regulatory capture by powerful industries or states, * Technocratic capture by narrow epistemic communities, * Data or platform capture by a small set of vendors or infrastructures. These principles guide all institutional and procedural design choices in NRM governance. *** **2.2 Multi-Level Governance: Global, Regional, National, Community, Indigenous** NRM governance is **multi-level**: * **Global level** * GCRI, GRF, GRA define and steward global standards, profiles, and infrastructure baselines. * Interfaces with global standard-setting bodies and multilaterals. * **Regional level** * RNCs adapt and apply NRM to regional contexts, coordinating cross-border initiatives. * Regional councils bring together states, regional organisations, industry, and community representatives. * **National level** * National authorities and NCCs: * Integrate NRM into national risk, finance, and resilience strategies, * Align NRM with domestic law and policy. * National multi-stakeholder forums help prioritise NRM Profiles and use cases. * **Community and municipal level** * Local structures (municipal councils, community organisations) use NRM for local risk decisions and engage in participatory modelling and scenario work. * **Indigenous level** * Indigenous governance bodies negotiate: * How (and if) their knowledge participates in NRM, * How consent, benefits, and oversight are structured, * How Indigenous ontologies and governance traditions are recognised. Multi-level interactions are governed by explicit **subsidiarity and escalation rules**, so decisions are made at the **lowest appropriate level**, with higher levels providing support and coordination. *** **2.3 Decision Rights and Escalation Paths** NRM governance specifies **who decides what**, and how disputes are resolved: * **Decision rights** * Designation of: * Technical decisions (e.g., model inclusion, ontology changes) → primarily GCRI with GRF oversight, * Governance and standard-setting decisions → GRF councils, * Capital and product design decisions → GRA, under GRF/GCRI guardrails, * Local implementation details → RNCs and NCCs, within NRM conformance boundaries. * **Escalation paths** * When conflicts occur (e.g., between: * Local and regional interpretations, * Community and state perspectives, * Technical and governance views): * Clear steps exist for: * Mediation and joint review, * GRF panel adjudication, * Appeal to higher-level councils or independent oversight. * **Dual logging** * Key governance decisions are **dual logged**: * In the GRF Council Register for legal/institutional record, * In the Nexus Ledger (where applicable) for protocol-level enforcement and transparency. This structure ensures that NRM decisions are **structured, reviewable, and enforceable** without rigid centralisation. *** #### 3. NRM Standards and Conformance **3.1 NRM Conformance Levels (CL1–CL4)** NRM defines **Conformance Levels (CL1–CL4)** to describe the maturity and completeness of implementations: * **CL1 – Awareness and Partial Alignment** * Ad-hoc use of NRM concepts and some ontology mapping, * Limited use of AEPs or NRM Profiles, * No formal certification. * **CL2 – Basic NRM Integration** * Systems and institutions: * Use approved NRM Profiles in selected use cases, * Consume AEPs and produce some NRM-conformant outputs, * Implement basic governance and documentation requirements. * **CL3 – Full NRM Conformance** * Systems and institutions: * Systematically use NRM Profiles for relevant decisions, * Produce and consume AEPs aligned with EQL requirements, * Implement model governance, participation, and grievance mechanisms, * Are audited and certified by GRF-accredited bodies. * **CL4 – NRM Anchor / Reference Implementation** * Entities (e.g., GCRI reference systems, leading RNCs, exemplary NCCs) that: * Contribute significantly to NRM evolution, * Host reference implementations of NRM components, * Serve as training and demonstration sites. Profiles, systems, and institutions may claim specific CL levels for specific scopes; GRF oversees the use of these claims. *** **3.2 Evidence Quality Levels (EQL1–EQL5) for NRM Contexts** **Evidence Quality Levels (EQL1–EQL5)** classify the robustness and suitability of evidence for different NRM uses: * **EQL1 – Exploratory / Hypothesis-Generating** * Early-stage, experimental models or datasets, * Suitable for research and internal learning, not for high-stakes decisions. * **EQL2 – Indicative** * Limited validation, known gaps and biases, * Useable for framing issues and low-stakes decisions, with explicit caveats. * **EQL3 – Operational** * Reasonable validation, documented uncertainties, * Suitable for typical operational uses and mid-stakes decisions. * **EQL4 – Decision-Critical** * Strong validation, multi-source triangulation, rigorous uncertainty treatment, * Suitable for high-stakes policy or capital decisions, subject to governance review. * **EQL5 – Exceptional / Constitutional** * Highest level of scrutiny, including: * Independent replication, * Community and Indigenous review where relevant, * Deep ethical and equity analysis. * Reserved for decisions with long-term or constitutional consequences. NRM Profiles specify **minimum EQL requirements** for each use case (e.g., “EQL3+ for portfolio stress testing, EQL4+ for triggering sovereign facility payouts”). *** **3.3 Certification and Accreditation Processes (Systems, Institutions, Profiles)** GRF, with GCRI support, operates or accredits **certification schemes** for: * **Systems and platforms** * Certification that a system: * Implements relevant NRM components correctly, * Meets security and governance requirements, * Properly handles provenance and evidence. * **Institutions** * Certification of institutions as: * CL2, CL3, or CL4 NRM entities for specific roles (e.g., NCC, RNC operator, AEP producer). * **NRM Profiles** * Formal adoption and labelling of profiles as: * GCRI/GRF-approved NRM Profiles, * With specified CL/EQL usage constraints. Accredited third parties may carry out assessments under GRF’s supervision; decisions are dual logged and publicly registered. *** **3.4 Compliance and Enforcement Mechanisms** Compliance is enforced via: * **Contractual mechanisms** * NRM conformance commitments embedded in: * Membership agreements (for RNCs, GRA alliances), * Facility term sheets, * Data sharing and licensing agreements. * **Registry and reputational mechanisms** * Public registries of: * Certified entities and systems, * Sanctions and suspensions for non-compliance. * Naming and shaming for repeated or serious violations. * **Protocol-level enforcement** * In some cases, NRM conformance is enforced at the **protocol level** (via NSF rules and Nexus Ledger): * Automatic revocation of entitlements or access when breaches are detected, * Smart-contract-based restrictions on non-conformant entities in certain programmes. * **Remedial pathways** * Entities may regain status through: * Corrective action plans, * Re-certification processes, * Demonstrated improvements in governance and practice. Compliance is treated as a **means to protect systemic integrity and public interest**, not a punitive end in itself. *** #### 4. Authority Establishment and Recognition **4.1 Legal and Policy Instruments that Recognise NRM** NRM becomes authoritative when embedded into: * **National laws and regulations** * E.g., as recognised frameworks for: * Systemic risk assessment, * Climate and disaster risk management, * Risk finance eligibility criteria. * **Supervisory guidance and expectations** * Central banks and regulators may: * Reference NRM Profiles and EQLs in stress testing and disclosure, * Encourage or mandate use of NRM for specific systemic risk assessments. * **Public finance and procurement frameworks** * Inclusion of NRM requirements in: * Budgeting methodologies, * Infrastructure planning guidelines, * Public procurement RFPs. * **International agreements** * References to NRM in memoranda, frameworks, or treaties dealing with risk, climate, resilience, or digital public goods. NRM specifications are designed to be **modularly adoptable**, allowing jurisdictions to start with specific profiles or sectors. *** **4.2 Memoranda of Understanding with Standards Bodies (e.g., ISO, BIS, NIST, WMO)** GRF and GCRI seek MoUs and cooperative arrangements with: * **Technical standard bodies** (e.g., ISO, IEC, NIST, ETSI), * **Financial standard-setting bodies** (e.g., BIS/BCBS, IAIS, IOSCO), * **Scientific and climate bodies** (e.g., WMO, IPCC-linked entities), * **DRR bodies** (e.g., UNDRR). These MoUs aim to: * Coordinate development of overlapping standards, * Ensure mappings and crosswalks remain current, * Avoid duplicative or conflicting guidance, * Explore **co-badging** or **mutual recognition** arrangements in certain domains. *** **4.3 Relationships with Multilateral and Regional Organisations** NRM’s global authority is strengthened through relationships with: * **Multilateral development banks and funds** (e.g., World Bank, regional development banks, climate funds), * **UN entities** (e.g., UNDP, WHO, FAO, UNEP, UNFCCC institutions), * **Regional organisations** (e.g., AU, ASEAN, EU, OAS, regional economic communities). These relationships may encompass: * Adoption of NRM Profiles in programme design, * Use of NRM AEPs for project appraisal and monitoring, * Co-financing of NRM infrastructure (RNCs, NCCs, Risk Academy programmes), * Joint governance arrangements for specific NRM initiatives. *** **4.4 Pathways to Regulatory Reliance on NRM Evidence** Regulators may develop **reliance frameworks** similar to those used for accounting, ratings, or benchmarks: * **Recognition of NRM Profiles** as: * Acceptable frameworks for stress scenarios and systemic risk analyses, * Reference methodologies for specific regulatory requirements. * **Approval of AEP producers and NCCs** as: * Recognised third-party providers of systemic risk evidence, * Subject to oversight and quality standards. * **Integration into supervisory processes**: * Use of NRM outputs in: * Supervisory reviews (e.g., SREP, ORSA), * Macroprudential assessments, * Resolution planning and contingency frameworks. Reliance does not imply blind acceptance; regulators retain **discretion and judgement**, but NRM provides a common technical and governance baseline. *** #### 5. Community, Indigenous, and Stakeholder Governance **5.1 Formal Roles for Communities and Indigenous Nations in NRM Governance** NRM formally embeds community and Indigenous roles: * **Representation** * Seats for community and Indigenous delegates in relevant GRF and RNC governance bodies. * **Authority** * Veto or consent rights for: * Use of their knowledge in NRM, * NRM Profiles that materially affect their territories and rights. * **Advisory and review** * Participation in: * AEP review panels, * Model and ontology governance committees, * Evaluation and oversight processes. These roles are defined in charters and MoUs, not as symbolic gestures but as **substantive governance powers**. *** **5.2 Rights to Refusal, Withdrawal, and Opaque Knowledge** NRM recognises that some knowledge: * Cannot ethically or legally be codified or shared, * May be conditional on specific relational obligations. Therefore communities and Indigenous nations have: * **Right to refusal** * To decline participation in certain NRM Profiles or data flows without penalty. * **Right to withdrawal** * To withdraw previously shared knowledge or data from future NRM use, subject to negotiated transition arrangements. * **Right to opacity** * To maintain certain knowledge as **opaque**: informing governance and decisions without being fully encoded in the semantic and data layers. These rights are encoded in: * Legal agreements, * Ontology and data governance rules, * Technical access and deletion mechanisms where feasible. *** **5.3 Grievance, Appeal, and Remedy Mechanisms** NRM establishes pathways for stakeholders to: * **File grievances** * E.g., about misuse of data, misrepresentation of risk, harmful decisions linked to NRM. * **Seek appeal** * Against specific NRM-based decisions or certifications, * Through structured review panels at appropriate governance levels. * **Obtain remedies** * Where harm is established, remedies may include: * Correction or withdrawal of NRM outputs, * Public acknowledgement and apologies, * Changes to NRM Profiles or standards, * Financial or other forms of reparation (particularly where NRM-linked programmes caused or exacerbated harm). Grievance systems must be: * Accessible (including non-digital pathways), * Fair and timely, * Independent of direct control by implicated actors. *** **5.4 Participatory Modelling and Co-Design Processes** Participatory modelling and co-design are **core methods** in NRM: * **Co-design of Profiles and scenarios** * Communities, Indigenous nations, local practitioners, and other stakeholders are involved from the outset in shaping: * The questions NRM asks, * The metrics and thresholds considered, * The scenarios deemed plausible and relevant. * **Participatory modelling practices** * Workshops, citizen assemblies, living labs, and other participatory processes help: * Build shared understanding of risks and trade-offs, * Identify blind spots and local insights. * **Capacity-building** * Risk Academy programmes explicitly include: * Training for communities and Indigenous practitioners, * Co-creation of educational materials. This ensures NRM is **co-produced**, not simply deployed onto communities from above. *** #### 6. Meta-Governance and Reflexivity **6.1 Risk of the NRM System Itself (Meta-Risk)** NRM itself creates new risks: * **Procyclicality** * Shared risk models and scenarios can amplify herd behaviour. * **Concentration** * Reliance on a common rail may create common failure modes. * **Bias and exclusion** * Ontologies and models may systematically underrepresent certain groups or risk types. * **Abuse of authority** * NRM governance structures could be captured or misused. NRM therefore treats **its own operation as an object of risk management**: * Meta-risk is analysed, monitored, and managed using NRM tools and governance, with explicit KPIs and safeguards. *** **6.2 Independent Review and Oversight Structures** Independent oversight structures provide external checks: * **Independent review panels** * Composed of experts, community representatives, and ethicists with no direct operational role in NRM. * **External audits** * Periodic audits of: * Governance processes, * Technical architectures, * Equity and justice outcomes. * **Whistle-blower protections** * Safe channels for individuals to report concerns about misuse or malfunctions in NRM without fear of retaliation. Oversight maintains **trust and legitimacy** and can recommend changes to GCRI, GRF, and GRA. *** **6.3 Protocols for Rollback, Safe Mode, and Architecture Changes** NRM includes protocols for: * **Rollback** * Reverting specific models, profiles, or rules when harm or major error is detected. * **Safe mode** * Operating the Rail and NRM capabilities in a **degraded but safe** configuration during crises or suspected compromise: * Restricting certain automated actions, * Limiting high-stakes uses of AI, * Reverting to conservative, well-understood methods. * **Architecture changes** * Governing major structural changes: * New classes of actors or domains, * Fundamental ontology shifts, * Changes in the balance of centralised vs federated components. These changes follow the change control processes described earlier, with **enhanced scrutiny** for meta-level modifications. *** **6.4 Transparency and Public Reporting Requirements** Finally, NRM is subject to strong **transparency and public reporting** obligations: * **Public dashboards** * High-level indicators of: * Systemic risk and resilience, * NRM adoption and coverage, * Equity and justice outcomes. * **Annual NRM reports** * Summarising: * Key decisions and changes in NRM governance and standards, * Evaluations of performance and impact, * Responses to grievances and oversight findings. * **Open documentation** * NRM specifications, model cards, AEP catalogues (with appropriate redactions), and governance records are accessible to the public, except where constrained by legitimate security, privacy, or sovereignty concerns. Transparency is a **primary defence** against capture, misuse, and erosion of public trust in Nexus Risk Management. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.therisk.global/organization/standardization/nexus-rail/nexus-based-risk-management-nrm/governance.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.