FS-ISAC, the City of London Corporation, UK Finance and The Cross Market Operational Resilience Group’s (CMORG) AI Taskforce have released an AI Baseline Guidance Review to mitigate AI risks in the financial services sector.

Following a baseline review of existing Gen AI risk mitigation guidance specific to the financial services sector the review provides practical insights around navigating generative AI risk across operational, reputational, compliance and cybersecurity domains.

The review identifies practical, methodical guidance on:

1. Government and Regulatory Approaches: Broad overview of the approach authorities take to balance Gen AI opportunity and risk, including a snapshot of emerging regulation.

2. Risk Management Principles and Frameworks: Outline of various principles and risk frameworks, with description of their role in managing operational, reputational, and compliance risks relative to Gen AI.

3. Technical Implementation: Standards firms should consider when deploying control frameworks to manage the risks associated with Gen AI adoption and implementation. The guidance focuses on data protection and privacy, cyber information security, and model risk.

4. Third Party and Legal Considerations: Considerations regarding third-party and legal risk arising from Gen AI usage, prompting firms to identify roles and responsibilities along the supply chain and determine the permitted usage of Gen-AI solutions by third parties.

5. Education and Awareness: Guidance for building and embedding a ‘responsible AI’ culture and advice for upskilling colleagues to mitigate Gen AI risks and threats.

“This resource is the collective insight of a diverse group of experts and is firmly grounded in real-world application,” said Amanda Creak, CIO Forum Co-Chair, CMORG. “It is intentionally designed to be both adaptable and forward-looking, allowing organisations to tailor it to their own unique needs and enabling responsiveness to emerging challenges and the evolving nature of threats.”

Dan Raywood

Dan Raywood is a B2B journalist with 25 years of experience, including covering cybersecurity for the past 17 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.

He has spoken at events including 44CON, Infosecurity Europe, RANT Forum, BSides Scotland, Steelcon and the National Cyber Security Show, and served as editor of SC Media UK, Infosecurity Magazine and IT Security Guru. He was also an analyst with 451 Research and a product marketing lead at Tenable.