The AI Baseline Guidance Review has now been published. You can download it here.

The Cross Market Operational Resilience Group’s (CMORG) AI Taskforce was created in 2024 as a joint initiative of the CIO Forum and Cyber Coordination Group, in response to concerns relating to sector-level risk introduced by the rapid adoption of Generative AI (Gen AI).

Alongside a quick reference list of key takeaway risk mitigation actions for firms, the document provides a useful reference point for the most relevant reading materials available to build deeper understanding of this complex and fast evolving risk area.

The Review provides guidance on: 

• Government and Regulatory Approaches: Broad overview of the approach Authorities take to balance Gen-AI opportunity and risk, including a snapshot of emerging regulation.
• Risk Management Principles and Frameworks: Outline of various principles and risk frameworks, with description of their role in managing operational, reputational, and compliance risks relative to Gen-AI.
• Technical Implementation: Standards firms should consider when deploying control frameworks to manage the risks associated with Gen-AI adoption and implementation. The guidance focuses on data protection and privacy, cyber information security, and model risk.
• Third Party and Legal Considerations: Considerations regarding third-party and legal risk arising from Gen-AI usage, prompting firms to identify roles and responsibilities along the supply chain and determine the permitted usage of Gen-AI solutions by third parties.
• Education and Awareness: Guidance for building and embedding a ‘responsible AI’ culture and advice for upskilling colleagues to mitigate Gen-AI risks and threats.

Please find the full UK Finance press release here.

Please find the full FS-ISAC press release here.