Review provides insight on managing AI risk in the financial services sector, with a focus on generative AI
London, UK, 15 May, 2025 – To support the financial sector in responding to risks posed by artificial intelligence, The Cross Market Operational Resilience Group’s (CMORG) AI Taskforce published its AI Baseline Guidance Review.
“This resource is the collective insight of a diverse group of experts and is firmly grounded in real-world application,” said Amanda Creak, CIO Forum Co-Chair, CMORG. “It is intentionally designed to be both adaptable and forward-looking, allowing organisations to tailor it to their own unique needs and enabling responsiveness to emerging challenges and the evolving nature of threats.”
CMORG and its member firms, in conjunction with City of London Corporation (CoLC), Financial Services Information Sharing and Analysis Center (FS-ISAC), and UK Finance conducted a baseline review of existing Gen-AI risk mitigation guidance specific to the financial services sector and developed best practices for Gen-AI risk management.
The Review identifies practical, methodical guidance on:
- Government and Regulatory Approaches: Broad overview of the approach Authorities take to balance Gen-AI opportunity and risk, including a snapshot of emerging regulation.
- Risk Management Principles and Frameworks: Outline of various principles and risk frameworks, with description of their role in managing operational, reputational, and compliance risks relative to Gen-AI.
- Technical Implementation: Standards firms should consider when deploying control frameworks to manage the risks associated with Gen-AI adoption and implementation. The guidance focuses on data protection and privacy, cyber information security, and model risk.
- Third-Party and Legal Considerations: Considerations regarding third-party and legal risk arising from Gen-AI usage, prompting firms to identify roles and responsibilities along the supply chain and determine the permitted usage of Gen-AI solutions by third parties.
- Education and Awareness: Guidance for building and embedding a ‘responsible AI’ culture and advice for upskilling colleagues to mitigate Gen-AI risks and threats.
The AI Baseline Guidance Review then summarises its observations, provides key takeaways for firms to consider within their organisational context, and provides a reference section as a resource for deeper understanding.
“There are significant opportunities with artificial intelligence, but we must seize them responsibly. This guidance offers a comprehensive understanding of the complex and evolving risks associated with Gen-AI, encouraging firms to adopt a proactive governance approach that ensures the safe, ethical, and responsible adoption of Gen-AI,” said Chris Hayward, Policy Chairman, City of London. “By aligning its key takeaways with a commitment to fostering a culture of continuous evaluation and collaboration, firms will be better equipped to unlock Gen-AI’s full potential.”
“Public-private and cross-sector collaboration and information sharing is integral to understanding the risks and benefits Gen-AI poses to the financial sector and its supply chain,” said Rebecca Gibergues, Executive Director, EMEA, FS-ISAC. “Leveraging shared frameworks, principles, and best practices ensures responsible and ethical adoption of Gen-AI, safeguarding stakeholder trust and enhancing the security of the financial sector.”
“As the financial sector increasingly leverages Gen-AI, firms must take a range of considerations into account to ensure risks are appropriately addressed,” said Jana Mackintosh, Managing Director, Payments and Innovation, UK Finance. “While there is not a one-size-fits-all solution, firms can adapt this resource to their risk appetite and leverage it in conjunction with other frameworks to achieve effective management of Gen-AI risks. This will help firms make the most of the opportunities these technologies offer.”
Download the Review here.
About CMORG
CMORG is a public-private partnership run jointly between the Bank of England and UK Finance. It enhances the operational resilience of the UK financial sector through collective action and is supported by specialist industry groups. It achieves this through the identification of systemic risks, the development of solutions to support sector-wide mitigation strategies and sharing capabilities and knowledge across the sector. As part of this work, CMORG oversees the approach for sector-wide response to systemic incidents through the Sector Response Framework (SRF).
About City of London Corporation
The City of London Corporation is the governing body of the Square Mile dedicated to a vibrant and thriving City, supporting a diverse and sustainable London within a globally successful UK.
About FS-ISAC
FS-ISAC is the member-driven, not-for-profit organisation that advances cybersecurity and resilience in the global financial system, protecting the financial institutions and the people they serve. Founded in 1999, the organisation’s real-time information-sharing network amplifies the intelligence, knowledge, and practices of its members for the financial sector’s collective security and defenses. Member financial firms represent $100 trillion in assets in 75 countries.
About UK Finance
UK Finance is the collective voice for the banking and finance industry. Representing around 300 firms across the industry, we act to enhance competitiveness, support customers and facilitate innovation.
Contacts for Media
riya.makwana@cityoflondon.gov.uk
+++
