Generative artificial intelligence (GenAI) is in the spotlight, front and centre, but where do regulators stand on risk governance and compliance... and where are they headed?
What are the most pressing dangers of AI? Will AI ever truly be trustworthy? How can my organisation take advantage of automation advances, while mitigating risks?
If your business is exploring these questions, you're not alone. As AI systems, especially GenAI, prove to be increasingly beneficial in the real world and more widely adopted, the role of risk will be critical to innovating and maintaining trust.
In the absence of formal legislation or regulation (and even when they arrive), companies must proactively set appropriate risk and compliance guardrails and “speedbumps”.
Our newest report offers insights on where regulators are today and where they are headed; with a look at risk issues integral to embed into designing, developing, deploying and monitoring “trustworthy” AI systems.
AI risks span siloes
The benefits, as well as risks, of AI cut across organisations, from operations, products and services to customer protections. Some core areas of concern include:
Data collection, use, protection, quality, ownership, storage and retention
Data breaches, malware, fraud, identity theft, or other financial crime
Security risks of AI use, including adversarial attacks, data poisoning, insider threat and model reverse engineering, which require swift remediation to manage reputational risks
Operational risks of AI adoption, including third-party risk management, overreliance on a single provider, limited access to experts, and the need to train the workforce to effectively leverage this technology
Effective AI design and development requires robust TEVV processes at each stage of the AI lifecycle. A failure to can impact alignment with intended use and appropriate calibration, user experience and adherence to relevant requirements and expectations
AI trustworthiness to enable a successful user experience, fostered by providing assurances outlining the systems that maintain an AI system’s confidentiality, integrity and availability
AI could raise potential legal considerations around IP rights, including potential for devaluation
Keeping an eye on AI: Areas to watch
AI trustworthiness
Regulatory focus on AI trustworthiness, particularly around safety, efficacy, fairness, privacy and accountability, will require companies to holistically reassess the purpose and application of AI throughout the organisation, including for data collection, inputs and outputs, use, privacy and security.
Business risks
Anticipate that current policies and procedures may be reassessed or updated, based on emerging public policies and/or regulatory issues and actions around AI and related topics, such as privacy or cyber security. Monitor these regulatory developments/actions to assess whether they will lead to significant changes to your business model.
AI risk management
Be attentive to risks associated with incorrect or misuse of AI and related regulatory scrutiny. Address the potential for such risks through an active AI risk management framework. Regulators will look for: robust AI development, implementation and use; effective independent validation of AI design and development; and sound governance, policies, and controls.
Get in touch
Traverse the AI regulatory tightrope with confidence. Transform your approach to compliance governance with our team.
Connect with us
- Find office locations kpmg.findOfficeLocations
- kpmg.emailUs
- Social media @ KPMG kpmg.socialMedia
