Overview
The FS AI RMF is an industry‑led, sector‑specific AI risk management framework developed through public‑private collaboration with more than 100 financial institutions and input from U.S. and international agencies, including NIST. Structurally aligned with the NIST AI RMF and expanded with 230 Control Objectives, it helps financial organizations of all sizes manage and govern AI risks while enabling responsible innovation.
This effort was developed in coordination with the Financial Services Sector Coordinating Council (FSSCC) and is part of a larger, sector-wide initiative focused on responsible AI adoption and governance. For more information on the other Financial Sector AI Executive Oversight Group deliverables please visit the Financial Services Sector Coordinating Council website at https://fsscc.org/AIEOG-AI-deliverables/.
Why It Matters
AI adoption in financial services creates material opportunities and novel risks—bias, opacity, cybersecurity exposures, and systemic interdependencies—that traditional frameworks do not fully address. The FS AI RMF was developed to close those gaps with practical, targeted guidance that evolves with AI technologies and supports trustworthy, resilient AI deployment across the sector.
The FS AI RMF:
- Translates high‑level AI principles into actionable, sector‑relevant control objectives and implementation guidance.
- Supports consistent evaluation, benchmarking, and maturity of AI governance across institutions and supply chains.
- Helps organizations assess current AI adoption, define target adoption stages, and prioritize controls to close gaps incrementally and responsibly.
Who It’s For
The FS AI RMF was designed for all financial institutions—community banks, credit unions, national and multinational banks, insurers, investment firms, and more—and their third‑party providers. It is a useful tool for AI practitioners, technology leaders, risk and compliance teams, legal advisors, and others responsible for AI governance across the enterprise.
Alignment & Interoperability
The FS AI RMF is complementary to existing risk frameworks and regulatory guidance by design. It aligns structurally with the NIST AI RMF and synthesizes global standards and supervisory expectations to facilitate harmonized implementation across jurisdictions without replacing existing enterprise policies.
Key Benefits
Standards alignment: Synthesizes global guidance and aligns with NIST to support supervisory expectations and harmonization.
Practical operationalization: 230 actionable Control Objectives mapped to adoption stages.
Scalable and adaptable: Fits institutions of all sizes and AI adoption stages.
Industry-driven and accessible: Built by financial sector practitioners to reflect real operational constraints.
Integrated enterprise risk approach: Complements existing governance, enabling aggregated, prioritized, and risk-informed decisions.
Framework Components
The FS AI RMF begins by identifying an organization’s AI adoption stage. The Risk and Control Matrix (RCM) can then be customized with the relevant control objective information for that stage. Companion documents (Guidebook and Control Objective Reference Guide) provide implementation detail, controls examples, and effective evidence to support risk and governance practices across stages of adoption.
How it Works
Assess: Complete the AI Adoption Stage Questionnaire below to determine your organization’s current stage.
Customize Your View: Identify applicable control objectives in the RCM for your adoption stage and risk profile.
Implement: Follow Guidebook guidance and Reference Guide examples to adopt control objectives.
Integrate: Connect AI risk outcomes to existing enterprise governance, risk, and compliance programs for aggregated prioritization and mitigation.
Evolve: Iterate on control objectives as AI use cases and technologies evolve.
){kind=icon}