Washington, DC - The Cyber Risk Institute (CRI) is pleased to announce the official launch of the CRI Financial Services AI Risk Management Framework (FS AI RMF), a comprehensive guide developed through a collaborative effort by more than 100 financial institutions across the globe. This effort was developed in coordination with the Financial Services Sector Coordinating Council (FSSCC) and is part of a larger, sector-wide initiative focused on responsible AI adoption and governance.
As AI rapidly transforms the financial sector, enabling new efficiencies and innovation, it also introduces complex and constantly-evolving risks related to fairness, transparency, data privacy, security, and operational resilience. The FS AI RMF addresses these challenges head-on, offering a standardized yet flexible approach for institutions at every stage of their AI adoption journey.
"The future of financial services is increasingly intertwined with AI, making proactive and responsible governance and risk management a strategic imperative," said Josh Magri, CEO of CRI. "This framework empowers institutions to confidently navigate this evolving landscape, ensuring they can harness AI's transformative power while operationalizing robust controls and fostering trustworthy operations."
The FS AI RMF is, by design, closely aligned with the National Institute of Standards and Technology (NIST) AI Risk Management Framework (AI RMF) and other leading global standards, ensuring a robust foundation. Its unique value proposition lies in its industry-specific focus and practical applicability, making it scalable for institutions ranging from community banks to multinational corporations.
Key elements of the framework include:
- AI Adoption Stage Questionnaire: A means to pinpoint an organization’s current AI adoption stage and customize its approach to implementing the right control objectives.
- Risk and Control Matrix: A robust matrix with 230 control objectives linked to risk statements, trustworthy AI principles, and implementation guidelines—by adoption stage.
- Detailed User Guide:Â Comprehensive background information (purpose, audience), glossary, source material, and informative references.
- Control Objective Reference Guide:Â Illustrative examples of controls and effective evidence to aid implementation of each control objective.
This framework empowers financial institutions to build, deploy, and govern AI systems responsibly, fostering an environment of trust and security critical for sustained innovation. It serves as an essential resource for risk managers, compliance officers, technology leaders, and executives navigating the complexities of AI in finance.
The FS AI RMF is available for download and further information is available at the CRI website at www.cyberriskinstitute.org. For more information on the other Financial Sector AI Executive Oversight Group deliverables, please visit the FSSCC website at https://fsscc.org/AIEOG-AI-deliverables/.
About CRI (Cyber Risk Institute):
CRI is a not-for-profit, member-driven, standards development organization, dedicated to providing financial institutions with a comprehensive view of risk by connecting threats to mitigating controls and associated compliance expectations. Our mission is to advance the development and harmonization of cybersecurity, technology, and AI risk management standards for the financial services industry. We do this through our products - CRI Profile, Cloud Profile, and FS AI RMF – member engagement, and an ecosystem of globally known tool providers and consulting firms.
Media Contact:
Emily Beam, Managing Director and COO
emily.beam@cyberriskinstitute.org
){kind=icon}