In [None]:
import json
from openai import OpenAI
import requests
from typing import Dict, Any, Optional

# Initialize the OpenAI client with the DeepSeek API base URL
client = OpenAI(
    api_key="xxx",  # Remove when sharing!
    base_url="https://api.deepseek.com",
)

# Prompt for generating the initial report (regulations and controls)
generate_report_prompt = """
You are an expert researcher specializing in operational risk for banks. The user will provide a specific risk type.
Please respond with the following:
1. A list of regulations or industry standards relevant to the specified risk type.
2. A list of 15-30 controls relevant to this risk, including short descriptions.
3. An overview of observations, trends or emerging themes

User will provide the risk type, and you will respond with a list of regulations, a list of controls with their brief
descriptions and any additional obversations around trends or emerging themes
"""

# Prompt for refining the report and adding observations
refine_report_prompt = """
You are a senioer manager specializing in operational risk for banks. The user will provide a report output that you previously generated.
Please:
1. Review the provided report and identify any areas for improvement.
2. Provide a comment section called "Critique", summarizing:
    - Any significant gaps or areas where more detail is needed.
    - Suggestions for additional regulations or controls that might be relevant.
"""


def generate_report(risk_type: str) -> Optional[Dict[str, Any]]:
    """Generates an initial report on the specified risk type."""
    user_prompt = f"Risk Type: {risk_type}"
    messages = [
        {
            "role": "system",
            "content": generate_report_prompt,
        },
        {"role": "user", "content": user_prompt},
    ]
    try:
        # DeepSeek API call
        response = client.chat.completions.create(
            model="deepseek-reasoner",
            messages=messages,
        )
        return response.choices[0].message.content
    except Exception as e:
        print("Error during report generation:", str(e))
        return None


def refine_report(report: str) -> Optional[str]:
    """Refines the initial report and adds observations."""
    user_prompt = f"""
    Please review and refine the following report:
    {report}
    """
    messages = [
        {"role": "system", "content": refine_report_prompt},
        {"role": "user", "content": user_prompt},
    ]
    try:
        response = client.chat.completions.create(
            model="deepseek-reasoner",
            messages=messages,
        )
        # Return the response directly as a string
        return response.choices[0].message.content
    except Exception as e:
        print("Error during report refinement:", str(e))
        return None


# Implementation:
if __name__ == "__main__":
    risk_type = "Third Party Risk"  # Specify the risk type
    print(f"Generating report for Risk Type: {risk_type}")

    # Step 1: Generate initial report
    initial_report = generate_report(risk_type)
    if initial_report:
        print("\nInitial Report:")
        print(initial_report)

        # Step 2: Refine report
        refined_report = refine_report(initial_report)
        if refined_report:
            print("\nRefined Report with Observations:")
            print(refined_report)

Generating report for Risk Type: Third Party Risk

Initial Report:
### **1. Regulations & Industry Standards for Third-Party Risk**  
- **Basel III/BCBS 239 (2013)**: Principles for effective risk data aggregation and reporting, including third-party dependencies.  
- **OCC Bulletin 2013-29 (US)**: Guidelines for third-party relationship risk management for national banks.  
- **EBA Guidelines on Outsourcing (2019)**: EU standards for financial institutions outsourcing to third parties, including cloud providers.  
- **GDPR (EU, 2018)**: Data protection requirements for third parties processing EU citizen data.  
- **FFIEC Third-Party Guidance (2021)**: US interagency guidance on managing risks in third-party relationships.  
- **DORA (EU, 2025)**: Digital Operational Resilience Act requiring robust IT third-party risk management.  
- **ISO 27001/27701**: Standards for information security and privacy in vendor relationships.  
- **Dodd-Frank Act (US, 2010)**: Stress testing and oversi

In [None]:
import json
from openai import OpenAI
import requests
from typing import Dict, Any, Optional

# Initialize the OpenAI client with the DeepSeek API base URL
client = OpenAI(
    api_key="xxx",  # Remove when sharing!
    base_url="https://api.deepseek.com",
)

# Prompt for generating the initial report (regulations and controls)
generate_report_prompt = """
You are an expert researcher specializing in operational risk for banks. The user will provide a specific risk type.
Please respond with the following:
1. A list of regulations or industry standards relevant to the specified risk type.
2. A list of 15-30 controls relevant to this risk, including short descriptions.
3. An overview of observations, trends or emerging themes

User will provide the risk type, and you will respond with a list of regulations, a list of controls with their brief
descriptions and any additional obversations around trends or emerging themes
"""

# Prompt for refining the report and adding observations
refine_report_prompt = """
You are a senioer manager specializing in operational risk for banks. The user will provide a report output that you previously generated.
Please:
1. Review the provided report and identify any areas for improvement.
2. Provide a comment section called "Critique", summarizing:
    - Any significant gaps or areas where more detail is needed.
    - Suggestions for additional regulations or controls that might be relevant.
"""


def generate_report(risk_type: str) -> Optional[Dict[str, Any]]:
    """Generates an initial report on the specified risk type."""
    user_prompt = f"Risk Type: {risk_type}"
    messages = [
        {
            "role": "system",
            "content": generate_report_prompt,
        },
        {"role": "user", "content": user_prompt},
    ]
    try:
        # DeepSeek API call
        response = client.chat.completions.create(
            model="deepseek-reasoner",
            messages=messages,
        )
        return response.choices[0].message.content
    except Exception as e:
        print("Error during report generation:", str(e))
        return None


def refine_report(report: str) -> Optional[str]:
    """Refines the initial report and adds observations."""
    user_prompt = f"""
    Please review and refine the following report:
    {report}
    """
    messages = [
        {"role": "system", "content": refine_report_prompt},
        {"role": "user", "content": user_prompt},
    ]
    try:
        response = client.chat.completions.create(
            model="deepseek-reasoner",
            messages=messages,
        )
        # Return the response directly as a string
        return response.choices[0].message.content
    except Exception as e:
        print("Error during report refinement:", str(e))
        return None


# Implementation:
if __name__ == "__main__":
    risk_type = "Cyber Security Risk"  # Specify the risk type
    print(f"Generating report for Risk Type: {risk_type}")

    # Step 1: Generate initial report
    initial_report = generate_report(risk_type)
    if initial_report:
        print("\nInitial Report:")
        print(initial_report)

        # Step 2: Refine report
        refined_report = refine_report(initial_report)
        if refined_report:
            print("\nRefined Report with Observations:")
            print(refined_report)

Generating report for Risk Type: Cyber Security Risk

Initial Report:
### **1. Relevant Regulations & Industry Standards**  
- **General Data Protection Regulation (GDPR)** (EU): Protects personal data and mandates breach notifications.  
- **GLBA Safeguards Rule** (US): Requires financial institutions to secure customer data.  
- **NYDFS Cybersecurity Regulation (23 NYCRR 500)** (US): Mandates cybersecurity programs for NY-regulated banks.  
- **FFIEC IT Examination Handbook** (US): Framework for managing IT and cybersecurity risks.  
- **PCI DSS**: Standards for securing payment card data.  
- **ISO/IEC 27001**: International standard for information security management.  
- **NIST Cybersecurity Framework** (US): Risk-based approach to managing cyber risks.  
- **DORA** (EU): Ensures operational resilience of financial entities against ICT risks.  
- **EBA Guidelines on ICT and Security Risk Management** (EU): Specific to EU banking authorities.  
- **MAS Technology Risk Management G