Where do I even start? A question that I get quite often when discussing AI governance and risk management.

Doing a search on Google or even Perplexity may not help much as there are more results than one can reasonably peruse.

Starting to housekeep references and papers that I have been going through for the past 2 years, and thought I’d compile a few into a simple reading list on AI governance and risk management.

Focused on official frameworks, regulations, supervisory guidance, particularly for the financial sector.

Far from complete, but may be a good set to start off from.

I’ve organized them in 3 circles of progression. Start from the center and work outwards.

Circle 1: General Foundations

These transcend jurisdictions and sectors. A good place to start.

1. NIST AI Risk Management Framework. The US voluntary framework that’s become globally influential. Four core functions: Govern, Map, Measure, Manage. Non-sector-specific but widely referenced. NIST AI 100-1 AI RMF Playbook

2. NIST AI RMF Generative AI Profile. Companion addressing GenAI-specific risks: hallucinations, prompt injection, training data issues, emergent behaviors. NIST AI 600-1

3. ISO/IEC 42001:2023 - AI Management Systems. The main certifiable international standard for AI management. ISO/IEC 42001

4. ISO/IEC 42005:2025 - AI System Impact Assessment. Methodology for AI impact assessment. 10-step process covering scoping through review cycles. 9 impact dimensions: accountability, transparency, fairness, privacy, reliability, safety, explainability, environmental impact, and misuse/failure scenarios. ISO/IEC 42005

5. OECD AI Principles. Five influential core values. Updated to address developments in the Generative AI era. OECD AI Principles

6. UN Report on Governing AI for Humanity. Seven recommendations including an international scientific panel, policy dialogue on AI governance, AI standards exchange, capacity development, global fund, AI data framework and UN AI office. UN AI Advisory Body Report

7. Council of Europe Framework Convention on AI, Human Rights, Democracy and Rule of Law. International treaty on AI. Focuses on rights-based AI governance. Council of Europe AI Convention

Circle 2: Global Finance

These transcend jurisdictions but are specific to finance.

8. FSB: Financial Stability Implications of AI. 2024 Financial Stability Board stock take of recent advancements, use cases in the financial sector, potential benefits and AI-related financial sector vulnerabilities. FSB AI Report

9. BIS: Generative AI and the Economy. Bank for International Settlements analysis of how GenAI may impact productivity, labour markets, inflation and financial stability. BIS Papers No 145

10. BIS FSI: Regulating AI in the financial sector. Financial Stability Institute insights on supervisory approaches to generative AI in financial services. FSI Insights

11. IOSCO Report on AI in Capital Markets. Updated guidance on AI risks for securities markets. IOSCO Report

12. IAIS Application Paper on Supervision of AI. International Association of Insurance Supervisors guidance for AI in insurance: underwriting, claims, pricing. IAIS AI Paper

13. OECD: Regulatory Approaches to AI in Finance. Cross-jurisdictional analysis of how financial regulators are approaching AI. OECD Finance AI Report

Circle 3: Jurisdiction & Finance Specific

Closer to home for finance. Pick your geography.

European Union

14. EU AI Act. Risk-based classification (unacceptable, high-risk, limited, minimal). Credit scoring and insurance pricing explicitly classified as high-risk. EU AI Act Official Journal

15. ESMA Statement on AI in Investment Services. Guidance on applying MiFID II requirements when using AI. ESMA AI Statement

United Kingdom

16. PRA SS1/23: Model Risk Management Principles. Bank of England’s Supervisory Statement on MRM for banks. Also relevant to AI models. PRA SS1/23

17. Bank of England: AI in the Financial System. Analysis of AI risks: correlated trading, shock amplification, concentration in AI service providers, cyber threats. Financial Stability in Focus: AI in the Financial System

United States

18. SR 11-7: Guidance on Model Risk Management. The foundational Fed/OCC guidance. Covers model lifecycle: development, validation, governance. Still the gold standard and somewhat relevant for AI models. SR 11-7

19. OCC Comptroller’s Handbook: Model Risk Management. Detailed examination procedures for model risk. Supplements SR 11-7. OCC MRM Handbook

Canada

20. OSFI Guideline E-23: Model Risk Management. Revised draft expanding scope to all federally regulated financial institutions and explicitly including AI/ML models. OSFI E-23

21. FIFAI Report: A Canadian Perspective on Responsible AI. OSFI/Global Risk Institute report establishing Explainability, Data, Governance, Ethics principles. FIFAI Report

Singapore

22. MAS FEAT Principles. Foundational Fairness, Ethics, Accountability, and Transparency principles for AI in the financial sector. MAS FEAT

23. MAS Veritas Toolkit. Open-source resource operationalizing FEAT principles. Assessment methodologies for all four principles. Veritas Initiative

24. MAS AI Model Risk Management Information Paper. Good practices from thematic review of banks’ AI/GenAI practices. MAS AI MRM Paper

25. MAS Consultation Paper: Guidelines on AI Risk Management. Proposed guidelines for AI risk management in the financial sector. MAS AI Guidelines Consultation

Hong Kong

26. HKMA High-Level Principles on AI. Hong Kong Monetary Authority’s principles for AI use in banking. HKMA AI Principles

27. SFC Guidance on Use of Generative AI. Securities and Futures Commission guidance specifically addressing GenAI risks. SFC GenAI Guidance

Japan

28. JFSA AI Discussion Paper. Japan’s invitation for dialogue on AI in finance. JFSA AI Paper

Switzerland

29. FINMA Guidance on AI Governance and Risk Management. Swiss Financial Market Supervisory Authority guidance for managing AI risks. FINMA AI Guidance

Useful Links

IAPP Global AI Law and Policy Tracker. Comprehensive tracker of AI legislation and policy developments worldwide. IAPP AI Tracker

MIT AI Risk Repository. Taxonomy and database of AI risks from academic literature. MIT AI Risk Repository

OECD AI Policy Observatory. Policy initiatives, trends, and data on AI across OECD countries and partners. OECD.AI

Stanford HAI AI Index. Annual report tracking AI progress, adoption, and policy developments. AI Index Report

EU AI Act Explorer Interactive tool for navigating EU AI Act requirements by risk category. EU AI Act Explorer

Any other interesting documents or resources on governance and risk management for AI and finance that should be on this list?

This focuses on official frameworks, regulations, supervisory guidance, particularly for the financial sector.

As I continue to housekeep, will be compiling and sharing more references and papers on technical areas such as explainability and evaluation and testing.

Subscribe to my newsletter so you don’t miss them.

#AIRiskManagement #AIGovernance #Finance #AIReadingList