The CMORG AI Taskforce, in partnership with the City of London Corporation, the Financial Services Information Sharing and Analysis Center, and UK Finance, has released a comprehensive guidance document aimed at helping financial services firms navigate the evolving landscape of generative AI technologies.
The publication follows an extensive baseline review of existing Gen-AI risk mitigation practices, offering a consolidated framework of best practices specifically tailored to the financial sector. The guidance is designed to support firms in responsibly adopting Gen-AI while managing the associated operational, legal, reputational, and compliance risks.
The document delivers methodical and actionable insights across five critical domains:
Government and Regulatory Approaches:
The review presents a high-level overview of how global authorities are approaching Gen-AI governance, including an outline of emerging regulations and the balance between innovation and risk mitigation.
Risk Management Principles and Frameworks:
It explores existing principles and risk frameworks, emphasizing their application in mitigating risks unique to Gen-AI. These include strategies for managing operational disruptions, regulatory compliance, and reputational concerns.
Technical Implementation:
Firms are advised on best practices for implementing technical controls to ensure safe deployment of Gen-AI. This section covers essential areas such as data privacy, cybersecurity, and model risk management.
Third-Party and Legal Considerations:
The guidance underscores the importance of clearly defined roles and responsibilities across the supply chain, addressing legal and contractual implications of Gen-AI use by third parties.
Education and Awareness:
Building a culture of responsible AI is a central theme. The document recommends upskilling employees and embedding awareness initiatives to strengthen internal understanding and oversight of Gen-AI risks.
Chris Hayward, Policy Chairman at the City of London Corporation, highlighted the dual imperative of innovation and responsibility:
“There are significant opportunities with artificial intelligence, but we must seize them responsibly. This guidance offers a comprehensive understanding of the complex and evolving risks associated with Gen-AI, encouraging firms to adopt a proactive governance approach that ensures the safe, ethical, and responsible adoption of Gen-AI.”
Rebecca Gibergues, Executive Director, EMEA at FS-ISAC, emphasized collaboration as key to effective risk management:
“Public-private and cross-sector collaboration and information sharing is integral to understanding the risks and benefits Gen-AI poses to the financial sector and its supply chain. Leveraging shared frameworks, principles, and best practices ensures responsible and ethical adoption of Gen-AI, safeguarding stakeholder trust and enhancing the security of the financial sector.”
Jana Mackintosh, Managing Director of Payments and Innovation at UK Finance, noted the importance of flexibility in implementation:
“As the financial sector increasingly leverages Gen-AI, firms must take a range of considerations into account to ensure risks are appropriately addressed. While there is not a one-size-fits-all solution, firms can adapt this resource to their risk appetite and leverage it in conjunction with other frameworks to achieve effective management of Gen-AI risks. This will help firms make the most of the opportunities these technologies offer.”
