Firms need to embrace the opportunities that AI presents, whilst being mindful of the potential risks that they are exposed to. Whilst developing your strategic plans to introduce AI into your operational estate there are some tactical solutions and controls you can adopt now to help manage the risks and encourage responsible use of public generative AI (GenAI) across your organisation.
Organisational controls
AI policy | Boundary controls | Enteprise license |
Document a corporate policy that defines and informs acceptable use by employees. | Configure existing technology (such as CASB, DLP, web filters, network hardware, firewalls) to control access or monitor use of web based GenAI services. | Opt for licensed versions of web based GenAI services that have additional features to manage usage, history, data privacy and security. |
Individual controls
Data governance | User preferences | User credentials |
Refrain from uploading personal, corporate, or sensitive information that may be intercepted or accessed by malicious actors. | Update the user settings in your GenAI service to prevent storage of data or its use in training the model. | Use anonymous / pseudonymous accounts when subscribing and interacting with GenAI services. |
Guardrails, training and awareness
Risk appetite | Employee communication | Employee education |
Define your risk appetite from the top down, agree what risk you are prepared to accept in the short term through using GenAI. | Engage in ongoing communication with employees, informing them on the BAU activities that can/should be enriched through the use of GenAI and those that should be avoided. | Educate employees on the disinformation and discrimination risks when using GenAI, from either data bias, knowledge gaps, fabrication or even infiltration. |
Given the pace of change, organisations must keep one eye on the external environment. New regulations, third party considerations, client and customer expectations, are all changing. With their other eye, organisations should consider which functional teams may need to evolve their current ways of working to accommodate these emerging external requirements and what changes may be required to their internal operating models.
To learn more about how to develop your strategic plans around AI, please contact us.
Our Experts
Related Insights
What the PRA’s 2024 mandate for international banks means for your organisation
The Prudential Regulation Authority (PRA)’s recent ‘Dear CEO’ letter is a lifeline for investment firms navigating the UK’s challenging financial landscape. We’ve highlighted the need-to-know insights to help you lead your firm with renewed focus on resilience and innovation.
Read more2023 CASS insight survey
Now in its sixth year, Baringa’s 2023 CASS insight survey shares the views of 42 firms on CASS audit, the growing roles of software and automation in CASS management, and other key areas.
Read moreWhy organisational culture could be your biggest risk management blind spot
To survive and thrive in a constantly shifting risk landscape, financial institutions need to build a risk culture that is comprehensive, integrated and agile.
Read moreAdd a little "Red Bull" to your risk management
What parallels can be drawn between financial services and Formula 1? We look at how firms can apply Formula 1 thinking to their risk management strategy.
Read more