The Cross Market Operational Resilience Group’s (CMORG) and its member firms, in conjunction with City of London Corporation (CoLC), Financial Services Information Sharing and Analysis Center (FS-ISAC), and UK Finance have conducted a baseline review of existing GenAI risk mitigation guidance specific to the financial services sector and developed best practices for GenAI risk management.
The Review identifies practical, methodical guidance on:
- Government and Regulatory Approaches: Broad overview of the approach Authorities take to balance Gen-AI opportunity and risk, including a snapshot of emerging regulation.
- Risk Management Principles and Frameworks: Outline of various principles and risk frameworks, with description of their role in managing operational, reputational, and compliance risks relative to Gen-AI.
- Technical Implementation: Standards firms should consider when deploying control frameworks to manage the risks associated with Gen-AI adoption and implementation. The guidance focuses on data protection and privacy, cyber information security, and model risk.
- Third Party and Legal Considerations: Considerations regarding third-party and legal risk arising from Gen-AI usage, prompting firms to identify roles and responsibilities along the supply chain and determine the permitted usage of Gen-AI solutions by third parties.
- Education and Awareness: Guidance for building and embedding a ‘responsible AI’ culture and advice for upskilling colleagues to mitigate Gen-AI risks and threats.
The AI Baseline Guidance Review then summarises its observations, provides key takeaways for firms to consider within their organisational context, and provides a reference section as a resource for deeper understanding.
Chris Hayward, Policy Chairman, City of London said: “There are significant opportunities with artificial intelligence, but we must seize them responsibly. This guidance offers a comprehensive understanding of the complex and evolving risks associated with Gen-AI, encouraging firms to adopt a proactive governance approach that ensures the safe, ethical, and responsible adoption of Gen-AI.
“By aligning its key takeaways with a commitment to fostering a culture of continuous evaluation and collaboration, firms will be better equipped to unlock Gen-AI’s full potential.”
Rebecca Gibergues, Executive Director, EMEA, FS-ISAC said: “Public-private and cross-sector collaboration and information sharing is integral to understanding the risks and benefits Gen-AI poses to the financial sector and its supply chain.
“Leveraging shared frameworks, principles, and best practices ensures responsible and ethical adoption of Gen-AI, safeguarding stakeholder trust and enhancing the security of the financial sector.”
Jana Mackintosh, Managing Director, Payments and Innovation, UK Finance said: “As the financial sector increasingly leverages Gen-AI, firms must take a range of considerations into account to ensure risks are appropriately addressed.
“While there is not a one-size-fits-all solution, firms can adapt this resource to their risk appetite and leverage it in conjunction with other frameworks to achieve effective management of Gen-AI risks. This will help firms make the most of the opportunities these technologies offer.”
