Firms need to embrace the opportunities that AI presents, whilst being mindful of the potential risks that they are exposed to. Whilst developing your strategic plans to introduce AI into your operational estate there are some tactical solutions and controls you can adopt now to help manage the risks and encourage responsible use of public generative AI (GenAI) across your organisation.
Organisational controls
![]() |
![]() |
![]() |
AI policy | Boundary controls | Enteprise license |
Document a corporate policy that defines and informs acceptable use by employees. | Configure existing technology (such as CASB, DLP, web filters, network hardware, firewalls) to control access or monitor use of web based GenAI services. | Opt for licensed versions of web based GenAI services that have additional features to manage usage, history, data privacy and security. |
Individual controls
![]() |
![]() |
![]() |
Data governance | User preferences | User credentials |
Refrain from uploading personal, corporate, or sensitive information that may be intercepted or accessed by malicious actors. | Update the user settings in your GenAI service to prevent storage of data or its use in training the model. | Use anonymous / pseudonymous accounts when subscribing and interacting with GenAI services. |
Guardrails, training and awareness
![]() |
![]() |
![]() |
Risk appetite | Employee communication | Employee education |
Define your risk appetite from the top down, agree what risk you are prepared to accept in the short term through using GenAI. | Engage in ongoing communication with employees, informing them on the BAU activities that can/should be enriched through the use of GenAI and those that should be avoided. | Educate employees on the disinformation and discrimination risks when using GenAI, from either data bias, knowledge gaps, fabrication or even infiltration. |
Given the pace of change, organisations must keep one eye on the external environment. New regulations, third party considerations, client and customer expectations, are all changing. With their other eye, organisations should consider which functional teams may need to evolve their current ways of working to accommodate these emerging external requirements and what changes may be required to their internal operating models.
To learn more about how to develop your strategic plans around AI, please contact us.
Our Experts

Related Insights

AI regulation - EU vs UK horizon
As the race for developing AI and harnessing its advantages surges on, we look at the different approaches to regulating AI between the EU and UK.
Read more
FCA Skilled Person Reviews (s166)
Baringa is an FCA/PRA section 166 (s166) panellist and has undertaken a wide variety of reviews over recent years.
Read more
Delivering regulatory change for UK building society
How can a UK building society deliver regulatory change while ensuring a great customer experience?
Read more
Keeping large-scale capital investment on track
How do you independently assess the governance and maturity of a multi-billion program?
Read more