NYC Local Law 144 — Module 5

The Framework

The enforcement is over. Three more AI tools are in procurement. The question is what kind of company Vantage decides to be.

VANTAGE PROPERTY GROUP — SIX MONTHS AFTER THE CONSENT ORDER — MONDAY, 8:30 AM

Your Role

Sam Rourke

Director, People Operations — AI Governance (newly titled)

Six months after the DCWP consent order. The quarterly attestations are clean. TalentScope was replaced at the end of Q3. Priya Venkatesan’s settlement closed in July. Gil Fontaine is no longer at TalentScope.

Today, Procurement is asking for sign-off on three new AI tools: a performance-management platform, a promotion-ranking engine, and an engagement analytics system. Each one could trigger the same cycle. The VP wants a decision by end of week.

Before You Start

How This Works

The final module. Three decisions about the governance framework. Compliance is no longer a reactive cycle — it’s the design brief.

+3Scales beyond LL144 — posture ready for the next regulation.
+1Solves today’s problem, not tomorrow’s.
−1Invites the next investigation.
Monday, 8:47 AM — procurement brief on your desk

AI Tools Procurement — Pending sign-off

Three vendor proposals. Each one could be an AEDT under NYC LL 144. Two states and the EEOC have rules pending.

ToolVendorUseRegulatory surface
PerformProAscend AIPerformance management: scores 1,800 employees quarterly on 'impact'NYC LL144, NY State AI Bill pending, EEOC guidance
PromoteIQMeridian Talent (Kari Patel)Promotion ranking: scores internal candidates for open rolesSame as above + CO SB 24-205 if extended to CO employees
PulseReadNorthstar EngagementSentiment analysis on Slack, email, survey dataIL AI Video Interview Act-adjacent, EEOC-adjacent
All three vendors are pitching this week. Marcus Webb (VP Procurement) wants a framework, not three separate fights.
Narrator

Nora is now a VP-peer. Rachel still runs GC. You have the Director title, the AI Governance mandate, and about five days to write the framework that shapes the next three tools — and the next five after that.

Knowledge Check

Before you design the Vantage governance framework, classify these six elements. Is each one a minimum required by LL 144, a best practice beyond the law, or an internal HR process (valuable but not strictly governance)?

Click a category for each element, then submit.

Annual independent bias audit published on the company website

Written candidate notice delivered 10 business days before AEDT use

Maintaining an alternative selection process for candidates who opt out

Cross-functional AI governance committee with external legal or ethics review

Vendor contract clause requiring audit cooperation and data access rights

Training programme for hiring managers on interpreting AI scores

Decision Point1 of 3
Monday, 10:00 AM — framework design

Rachel:

“LL144 is one regulation. The CO law is different. The EEOC is writing rules. The SEC has a draft proposal on AI-influenced employment decisions for public companies. If we build a LL144-only framework, we’ll be rebuilding it next year. What’s your design?”

What governance structure do you propose?

Your choice

Cross-functional AI Governance Committee + Tool Registry

Standing committee: People Ops, GC, Procurement, Data, Risk. Quarterly cadence. Every candidate AI tool logged in a registry with risk tier, applicable regulations, bias audit status, notice status, vendor data agreement. Scales across regulations, not just LL144.

Your choice

Procurement checklist — compliance clause in standard MSA

Add a LL144-compliance clause to the standard vendor contract. Procurement runs a checklist before sign-off. Lower overhead. Solves today’s problem.

Your choice

Case-by-case — review each tool when it comes up

Keep it light. Each new AI tool gets reviewed by People Ops + GC at the time of procurement. Don’t create new bureaucracy.

Monday, 11:30 AMRachel Voss
“Committee: you, me, Marcus Webb from Procurement, the Chief Data Officer, VP People. Registry is the operational artefact. If a tool isn’t in the registry, procurement can’t sign. Every tool gets a risk tier that maps to the regulatory surface — so PerformPro picks up LL144, the NY State bill, and the EEOC guidance automatically when the regulations change.”
Sam Rourke
“And when a new regulation lands?”
Rachel Voss
“Committee does the crosswalk. Registry flags every affected tool. One workstream, not five.”

Legal Insight — Regulations are a moving target — frameworks scale, checklists don’t

NYC LL144 is the beginning, not the endpoint. Colorado’s SB 24-205, Illinois’s AI Video Interview Act, California’s proposed FEHA AI rules, the EEOC’s guidance, and draft federal legislation all regulate the same class of tools differently. A registry-based governance model absorbs new rules without rebuilding. A clause-based model does not.

Monday, 11:15 AMRachel Voss
“LL144-specific clause in the MSA. Checklist at procurement. It covers today.”
Sam Rourke
“What happens when Colorado’s law comes in scope in November?”
Rachel Voss
“We’d update the clause.”
Sam Rourke
“For the tools we’re procuring now. Not the three that signed last year.”

Legal Insight — Clauses are prospective; registries are retroactive

A contract clause binds new procurement. It does not automatically re-examine tools already in production. Each new regulation requires a manual re-review of the tool estate. A registry structure does this crosswalk by design.

Monday, 11:00 AMSam Rourke
“Light touch. People Ops + GC review each tool at procurement. No new committee.”
Rachel Voss
“Sam. That is the system we had in October 2024. That system produced a $485,000 consent order and a candidate re-scoring exercise.”
Narrator
She’s not wrong. Case-by-case review is what got you here.

Legal Insight — The same structure produces the same outcome

A case-by-case review process is what existed before LL144 enforcement. It failed because procurement timelines compressed compliance review, and because no single owner held the tool estate. Re-adopting it after a consent order signals that the organisation has not internalised what went wrong.

Wednesday, 2:00 PM — vendor pitchKari Patel (Meridian Talent, PromoteIQ)
“Sam, I want to be direct. I know what happened at Vantage last year. I read the consent order. Meridian’s approach is different. Our bias audit is published every quarter by Petrov Analytics — yes, the same firm — and our MSA includes a candidate-level data access clause without needing Section 8.3 arm-twisting. Our pricing is 15% above the market because the compliance is built in.”
Kari Patel
“Our competitors will pitch cheaper. They’ll offer ‘compliance-ready,’ meaning their client runs the compliance on top of their product. We’ve priced the compliance in. You’ll pay it either way.”
Narrator
She’s right about the market. The question is whether Vantage buys compliance-in or compliance-on-top.
Decision Point2 of 3
Wednesday, 3:30 PM

The committee’s first real test: how does Vantage select AI vendors going forward? Kari’s pitch is the best-case version of compliance-in. The other two vendors are pitching cheaper options.

What is the vendor selection standard?

Your choice

Compliance-built-in required — pre-published audit, data-access clause, committee-approved vendor list

Vendor must provide: (a) independent bias audit published in the last 12 months, (b) candidate-level data access in the MSA, (c) clear AEDT/non-AEDT classification with evidence, (d) commitment to notify Vantage of regulatory developments. Pays 10–20% premium. Saves the compliance overhead on every tool.

Your choice

Compliance-ready — vendor cooperates but Vantage runs the compliance

Vendor provides data access and audit support. Vantage commissions and publishes the audit, handles notice, manages the alternative process. Cheaper on vendor side. More overhead internally.

Your choice

Lowest-cost compliant — whoever meets the letter at the best price

Any vendor that meets the MSA compliance clause at procurement qualifies. Price is the primary criterion. Keep overheads low, let the committee clean up edge cases.

Thursday, 9:40 AMMarcus Webb (VP Procurement)
“Compliance-in adds 10–20% to the sticker price across the three tools. The committee will get pushback from Finance.”
Sam Rourke
“The consent order was $485,000. Priya’s settlement was $92,000. The re-scoring effort cost an estimated $140,000 in internal time. Per quarter, we could absorb a 20% compliance premium on three tools before we’re at the cost of one enforcement cycle.”
Marcus Webb
“That framing Finance will understand.”

Legal Insight — The cost of compliance vs. the cost of non-compliance

Building compliance into vendor selection is more expensive than running compliance on top. But the downstream cost of a non-compliant tool — enforcement, remediation, staff time, reputational damage — is almost always higher. Regulators recognise and credit this posture.

Thursday, 10:10 AMSam Rourke
“Compliance-ready — we pick the vendor, we run the compliance.”
Rachel Voss
“That’s last year again. We did the audit. We did the notice. The vendor wasn’t the bottleneck — we were. Scaling that model across three tools is a People Ops team of six people working full-time on compliance.”
Narrator
It’s a defensible structure. It is also the one that sent you into an enforcement cycle last year.

Legal Insight — Internal compliance capacity has a ceiling

Running compliance internally on each new AI tool does not scale linearly. Compliance-ready vendors reduce the multiplier but still require proactive Vantage workflow. Compliance-in vendors absorb more of the workflow into the product.

Thursday, 10:30 AMSam Rourke
“Lowest-cost compliant. Clause meets the bar. Procurement drives the decision.”
Rachel Voss
“Procurement drives price. Compliance drives risk. When the two conflict and Procurement wins, you’re back in Holloway’s office in eighteen months.”

Legal Insight — Letter-of-the-MSA is a floor, not a ceiling

An MSA clause creates contractual liability but does not prevent compliance failures. Low-cost vendors who merely agree to the clause often lack the internal discipline to execute it. The clause becomes the basis for vendor-blaming when the employer’s exposure lands first.

Friday, 11:00 AM — framework near finalNarrator

The committee is constituted. The vendor standard is set. Three tools are in procurement. The last question is the one the VP will ask on Monday:

How will you know if the framework is working?

There’s no § 20-872 analog for framework monitoring. This is where Vantage writes the compliance posture it will be known for.

Decision Point3 of 3
Friday, 11:30 AM

Last call. How does the committee monitor the framework, and what does Vantage commit to publishing?

What monitoring and transparency regime do you design?

Your choice

Continuous monitoring + annual public AI transparency report

Quarterly registry review. Continuous flagging of demographic drift. Annual public report: which tools, which audits, what findings, what remediation. Goes beyond LL144. Positions Vantage as a reference in the market.

Your choice

Annual internal review — publish only what LL144 requires

Committee meets annually to review the tool estate. Bias audits are published per LL144 requirement. No additional voluntary transparency. Meets the letter. Doesn’t move the market.

Your choice

Triggered review only — committee convenes when issues arise

No standing cadence. Committee reviews when a complaint, regulation, or vendor change triggers it. Reduces overhead. Increases reactivity.

Friday, 5:00 PM — framework signedSam Rourke
“Quarterly registry review. Annual public AI Transparency Report. The first one posts in December. Every AI tool Vantage uses in employment decisions — listed, audited, monitored. Not because LL144 requires it. Because the market will in two years and we may as well be early.”
Rachel Voss
“The VP asked what the framework is called. I told him ‘the framework.’ He wants a name for the press release.”
Sam Rourke
“Tell him to use ‘the framework.’ Names are what you give things you want to sell. This is what you build when you don’t want the next enforcement cycle.”
Narrator
Jenna Park texts Monday morning: Saw the transparency report. You came out the other side. Proud of you.

Legal Insight — Voluntary transparency pre-empts regulation

Voluntary AI transparency reports are not required under LL144 or any current law. But the EEOC, FTC, and SEC have all indicated that published voluntary disclosure is a mitigating factor in future enforcement. Employers who publish early are cited as examples rather than cases.

Friday, 4:30 PMSam Rourke
“Annual review. LL144-compliant publication only. Meets the bar, doesn’t exceed it.”
Rachel Voss
“We’ll be compliant. We won’t be differentiated. The next regulation that drops, we’ll be scrambling to upgrade.”

Legal Insight — Compliance-minimum is a defensive posture only

Doing exactly what LL144 requires, annually, keeps Vantage out of enforcement. It does not position the company ahead of the next regulation, the next scrutiny, or the next market expectation.

Friday, 4:00 PMSam Rourke
“Triggered review. Committee convenes on complaint or regulation.”
Rachel Voss
“That means the first time the committee meets on PerformPro, it will be because something has already gone wrong.”
Narrator
Triggered review is the oversight posture of the last cycle, with a new title. The regulation changed. The company didn’t.

Legal Insight — Triggered is reactive — the point of a framework is to stop being reactive

A governance framework that only activates on trigger is not a framework — it is an escalation procedure. The core insight of LL144 and its successors is that periodic, systematic review catches the issues a triggered review cannot see coming.

Course Complete

Status: Ahead of the curve.

The framework scales.

Your Score

Outcome

Screened Out — Course Complete

You have navigated classification, audit, notice, enforcement, and governance. Vantage is not the cautionary tale. It is the reference. Every module’s compliance file held. The framework now absorbs the next regulation as it lands.

Return to Course Overview

Course Complete

Status: Compliant. Not yet leading.

Ready for next cycle of upgrades.

Your Score

Outcome

Screened Out — Course Complete

Vantage is compliant. The next regulation will require an upgrade cycle. You will run it. The lesson stuck.

Return to Course Overview

Course Complete

Status: Same structure, same cycle.

Eighteen months out.

Your Score

Outcome

Screened Out — Course Complete

The consent order stopped the last investigation. The governance decisions you made after it made the next one a matter of time.

Return to Course Overview