AI Governance – Step 1: Defining your AI compliance landscape

Understanding your regulatory obligations

The initial step in establishing an effective AI Governance framework involves delineating the organization’s AI compliance landscape.

This encompasses a comprehensive understanding of both external regulatory requirements and internal policies that pertain to the organization’s AI systems, tailored according to industry, jurisdiction, and risk profile.^8,10

Examples of AI regulations

For example, the EU AI Act places significant emphasis on transparency and risk management for “high-risk” AI systems, while the SR 11-7 guideline specifically addresses the management of model risks within the financial services sector.⁵

Streamlining compliance

The GRACE AI Platform facilitates this process by assisting organizations in mapping these frameworks to their respective models and systems, ensuring compliance while allowing for necessary adjustments. This alignment enables organizations to maintain a robust compliance posture and adapt to evolving regulatory landscapes effectively.

Key actions:

• Conduct a regulatory landscape analysis: Identify the relevant AI regulations, such as the EU AI Act¹, SR 11-7², or SS1-23³, that apply to your organization based on its geographical location and industry.
• Engage with legal Counsel: Collaborate with your legal team to interpret regulatory requirements, assess potential legal risks, and ensure your AI Governance framework aligns with all applicable laws and regulations.
• Define ethical principles and guidelines: Establish internal ethical standards for AI development and usage, focusing on fairness, transparency, and accountability.

Practice

GRACE has proven invaluable for a customer in the insurance sector by effectively managing both regulatory frameworks and internal guidelines. By leveraging GRACE, the organization was able to map regulatory requirements to their AI systems, ensuring compliance with industry standards while simultaneously aligning with their internal policies. This integration facilitated a streamlined approach to governance, allowing the customer to identify potential gaps and strengthen their AI practices. This enabled the insurance company to maintain oversight and accountability, fostering confidence among stakeholders and regulators alike.

References

• ¹ European Commission, “Proposal for a Regulation Laying Down Harmonised Rules on Artificial Intelligence,” Apr. 2021.
• ² Federal Reserve Board, “SR 11-7: Guidance on Model Risk Management,” Apr. 2011.
• ³ Prudential Regulation Authority, “Supervisory Statement SS1/23 on AI and Advanced Analytics,” Jan. 2023.
• ⁵ NIST “Artificial Intelligence Risk Management Framework”, 2023
• ⁸ Mäntymäki, Matti, et al. “Defining Organizational AI Governance.” AI and Ethics, vol. 2, no. 4, Feb. 2022, pp. 603–09, doi:10.1007/s43681-022-00143-x.
• ¹⁰ Eitel-Porter, Ray. “Beyond the Promise: Implementing Ethical AI.” AI and Ethics, vol. 1, no. 1, Oct. 2020, pp. 73–80, doi:10.1007/s43681-020-00011-6.

‍