Financial Services Cloud Council and Forum Join us to materially reduce the risk of cloud consumption across the financial services industry Getting Started
After speaking on stage with @David Kliemann (at the Fast Company Accelerate Conference in San Francisco - Nov 8) I was asked by three audience members (in three different occasions) about my thoughts on the AI Trust, Risk, and Security Management (AI TRiSM) framework. I had read it in Gartner reports and had no idea how it would be pronounced as an acronym, and still do not because each person vocalized it in a different way. AI TRiSM refers to a framework and set of practices designed to ensure the responsible and secure development, deployment, and use of artificial intelligence (AI) systems. In many ways the principles and spirit of AI TRiSM are the same as the work that is being done in the IBM Financial Services Council with their AI Framework, and further points towards the importance of this genre of work. With Executive Order 14110, "Safe, Secure, And Trustworthy Development and Use of Artificial Intelligence (AI)," signed by President Biden on October 30, 2023, and now the US Cybersecurity and Infrastructure Security Agency (CISA) announcing a roadmap and steps towards playing a "key role in addressing and managing risks at the nexus of AI, cybersecurity, and critical infrastructure" and ongoing efforts by NIST and DHS towards the same, we are officially at a precipice of domestic inconsistencies of standards.
To make this more complicated there are looming potential conflicts and inconsistencies in AI and Security regulations between regions (US, EU, UK, China, Asia, Japan, etc.) that could make it difficult for global financial institutions to comply with multi-jurisdictional security, data privacy and data governance requirements. Details and interpretations of definitions of prohibited practices, risk classification frameworks, and required documentation/testing may also differ across regimes depending upon final legislation. As nothing happens in isolation and too many interconnections and interdependencies ultimately impact businesses in a global digital economy, the challenges over time with continued fragmentation of standards, regulations, and best practices, the security and governance requirements grow with an attack surface that becomes not only broader but also deeper with AI. And alarmingly all of this is growing as a body of requirements and constraints without the proper taxonomy and risk classification work that is being done in the IBM Financial Services Council by @Aly Farooqui and @Asif Riaz.