Introducing an AI Governance Framework in Financial Organizations. Best Practices in Implementing the EU AI Act (Practitioner Track)

Genovesi, Sergio

doi:10.4230/OASIcs.SAIA.2024.9

Abstract

To address the challenges of AI regulation and the EU AI Act’s requirements for financial organizations, we introduce an agile governance framework. This approach leverages existing organizational processes and governance structures, integrating AI-specific compliance measures without creating isolated processes and systems. This framework combines immediate measures to address urgent AI compliance cases with the development of a broader AI governance. It starts with an assessment of requirements and risks, followed by a gap analysis; after that, appropriate measures are defined and prioritized for organization-wide execution. The implementation process includes continuous monitoring, adjustments, and stakeholder feedback, facilitating adaptability to evolving AI standards. This procedure guarantees not only adherence to current regulations but also positions organizations to be well-equipped for prospective regulatory shifts and advancements in AI applications.

Cite As Get BibTex

Sergio Genovesi. Introducing an AI Governance Framework in Financial Organizations. Best Practices in Implementing the EU AI Act (Practitioner Track). In Symposium on Scaling AI Assessments (SAIA 2024). Open Access Series in Informatics (OASIcs), Volume 126, pp. 9:1-9:7, Schloss Dagstuhl – Leibniz-Zentrum für Informatik (2025) https://doi.org/10.4230/OASIcs.SAIA.2024.9

Author Details

Sergio Genovesi

SKAD AG, Frankfurt am Main, Germany

Acknowledgements

Many thanks to Dennis Kautz and Kim Strunk for their valuable feedback and insights. Thanks to Felix Broßman, Daniel Schulz und Helge Krill for their trust and support.

References

Bundesregierung. Gesetz über das kreditwesen (kredwg), 2023. Available online: https://www.gesetze-im-internet.de/kredwg/index.html (Accessed: 2024-08-24).
European Banking Authority (EBA). Revised guidelines on outsourcing arrangements, 2019. Available online: https://www.eba.europa.eu/activities/single-rulebook/regulatory-activities/internal-governance/guidelines-outsourcing and PDF: https://www.eba.europa.eu/sites/default/files/documents/10180/2551996/38c80601-f5d7-4855-8ba3-702423665479/EBA%20revised%20Guidelines%20on%20outsourcing%20arrangements.pdf (Accessed: 2024-08-24).
Dr. Oliver Engels, Marc Peter Klein, Peter Gürtlschmidt, Dr. Georg Lienke, and Rei Tanaka. The three lines of defence model: Key success factors for effective risk management. In Non-Financial Risk Management in the Financial Industry, pages 71-88. Frankfurt School Verlag, 2022. Available at: URL: https://www.frankfurt-school-verlag.de/programm/non_financial_risk_management.html.
European Union Agency for Cybersecurity (ENISA). Artificial intelligence cybersecurity challenges, 2020. Available online: https://www.enisa.europa.eu/publications/artificial-intelligence-cybersecurity-challenges (Accessed: 2024-09-12).
European Union Agency for Cybersecurity (ENISA). Enisa threat landscape 2023, 2023. Available online: https://www.enisa.europa.eu/publications/enisa-threat-landscape-2023 (Accessed: 2024-09-12).
Bundesanstalt für Finanzdienstleistungsaufsicht (BaFin). Rundschreiben 05/2023 (ba) - mindestanforderungen an das risikomanagement - marisk, 2023. Available online: https://www.bafin.de/SharedDocs/Veroeffentlichungen/DE/Rundschreiben/2023/rs_05_2023_MaRisk_BA.html (Accessed: 2024-08-24).
Dr. Jochen Papenbrock, Dr. John Ashley, Dr. Georg Lienke, Florian Seiferlein, and Norbert Gittfried. Optimising effectiveness and efficiency: Deployment of artificial intelligence in non-financial risk management. In Non-Financial Risk Management in the Financial Industry, pages 213-239. Frankfurt School Verlag, 2022. Available at: URL: https://www.frankfurt-school-verlag.de/programm/non_financial_risk_management.html.
European Union. Regulation (eu) 2016/679 of the european parliament and of the council of 27 april 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing directive 95/46/ec (general data protection regulation), 2016. Available online: https://eur-lex.europa.eu/eli/reg/2016/679/oj(Accessed: 2024-09-12).
European Union. Regulation (eu) 2022/1925 of the european parliament and of the council of 14 september 2022 on contestable and fair markets in the digital sector and amending directives (eu) 2019/1937 and (eu) 2020/1828 (digital markets act), 2022. Available online: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=celex%3A32022R1925(Accessed: 2024-09-12).
European Union. Regulation (eu) 2022/868 of the european parliament and of the council of 30 may 2022 on european data governance and amending regulation (eu) 2018/1724 (data governance act), 2022. Available online: https://eur-lex.europa.eu/eli/reg/2022/868/oj(Accessed: 2024-09-12).
European Union. Regulation (eu) 2023/2854 of the european parliament and of the council of 13 december 2023 on harmonised rules on fair access to and use of data and amending regulation (eu) 2017/2394 and directive (eu) 2020/1828 (data act), 2023. Available online: https://eur-lex.europa.eu/eli/reg/2023/2854(Accessed: 2024-09-12).
European Union. Regulation (eu) 2024/1689 of the european parliament and of the council of 13 june 2024 laying down harmonised rules on artificial intelligence, 2024. Available online: https://eur-lex.europa.eu/eli/reg/2024/1689/oj(Accessed: 2024-09-12).

Introducing an AI Governance Framework in Financial Organizations. Best Practices in Implementing the EU AI Act (Practitioner Track)

Author Sergio Genovesi

File

Document Identifiers

Subject Classification

ACM Subject Classification

Keywords

Metrics

Abstract

Cite As Get BibTex

Author Details

Acknowledgements

References

Thanks for your feedback!

Could not send message