Compliance Week AI Summit Key Takeaways
The inaugural AI Summit was informative and a jam-packed two days. Conference presenters brought diverse perspectives from enforcement divisions to tech-giant whistleblowers to compliance executives to AI pioneers and more. Here are the three key takeaways I would highlight for readers:
Diminishing Patience: Supervisory and enforcement agencies drum home that the “notice period” is over; firms need to take action. At a minimum a) implement an AI usage policy or integrate principles into the existing policy suite; b) ensure AI is contemplated in the development lifecycle, third-party program, and asset inventories; c) limit access to prohibited tools; and d) identify / build talent to effectively monitor and oversee AI usage.
Understand the Conclusion: The importance of human intervention cannot be underscored. Organizations must be able to explain and understand the conclusions AI is driving; meaning, know the data sources, be able to trace the lineage, probe for bias, and challenge the result if warranted. Organizations may look to their model risk governance and management programs for best practices and should anticipate exams / inspections will flow similarly.
Leverage NIST AI Framework: Many organizations already leverage the National Institute of Standards and Technology (NIST) frameworks for cyber-security and data protection. Review the NIST AI Framework and complimentary playbook and consider how to integrate the four basic building blocks: Govern, Map, Measure, & Manage into your risk and compliance programs. While AI may be a relatively new topic to some, the principles of effective governance, data management, metrics and reporting, as well as oversight are not new - programs simply need to be adapted and scaled to contemplate this emerging risk.
