← Back to Enterprise.AI
Accelerator · Reference

AI Risk Taxonomy for Banking

A categorisation of 30+ AI risks across six dimensions, mapped to existing risk frameworks and to the controls that address them. Use this as a starting point for your own AI risk register.

46
Risks Catalogued
6
Risk Dimensions
4
Severity Levels
Don't build a parallel risk universe. Map each AI risk category to your existing operational, model and conduct risk classifications. The goal is to extend your risk register, not replace it.

1 · Data risk

Data is the foundation of all AI models. Weakness here propagates through the entire system. Eight distinct risks:

RiskDescriptionSeverityControl recommendationRegulatory ref
Data quality & lineageModels trained on stale, incomplete, unrepresentative or undocumented data. Lineage unclear makes root-cause analysis impossible.HighData quality SLAs; automated lineage tracking; golden dataset versioning; DQ dashboards by data sourceSR 11-7 model documentation
Sensitive data exposurePII, PCI, material non-public information, trade secrets leaking into training sets or GenAI prompts.CriticalData classification framework; DLP rules pre-training; prompt scanning & redaction; data masking; PII detection in model inputsGDPR, PCI-DSS, GLBA
Bias in training dataHistorical bias (e.g., past lending discrimination) encoded into model behavior; disparate impact on protected groups.HighFairness testing (disparate impact analysis); demographic parity & equalized odds checks; representative sampling; stratified evaluation sets; bias documentation in model cardFair Lending regs, EU AI Act Annex III
Data drift & stalenessTraining data becomes unrepresentative of real-world distribution. Model accuracy degrades silently.HighAutomated drift detection; retraining triggers; holdout test set monitoring; concept drift detection; version control on retraining dataSR 11-7 monitoring requirements
Synthetic / poisoned dataAdversarial actors inject or poison training data to corrupt model behavior; synthetic data with incorrect labels.MediumData provenance tracking; anomaly detection on input distributions; red-team synthetic data; version control & approval gates for training data changesNIST AI RMF
Privacy leakage in trainingModel may memorize & regurgitate training examples (especially GenAI); privacy attacks can extract personal data from models.HighDifferential privacy in training; membership inference testing; differential privacy audits for LLMs; data minimisation in promptsGDPR, CCPA
Cross-border data transferTraining data flows to non-compliant jurisdictions; GDPR Adequacy Decision not met.MediumRegional data residency enforced; Standard Contractual Clauses; data transfer impact assessments; contractual restrictions on sub-processorsGDPR Articles 44–50
Unlicensed or copyrighted training dataTraining data includes copyrighted content, news articles or proprietary datasets without license or consent.MediumTraining data audit & licensing review; indemnification agreements with data providers; content filter exclusions; opt-out mechanisms for rightsholdersCopyright law, EU AI Act Annex III

2 · Model risk

The model itself — its logic, accuracy, fairness and robustness — is the second critical risk layer. Seven distinct risks:

RiskDescriptionSeverityControl recommendationRegulatory ref
Model error & inaccuracyPredictions fall outside acceptable error bounds in validation, test or production. Precision, recall or AUC degradation.HighRigorous validation with independent test set; challenger model approach; performance SLOs by business segment; monitoring & retraining triggersSR 11-7 validation
Hallucination (GenAI)LLMs confidently generate false, nonsensical or off-topic outputs. Especially risky for financial advice, documentation, or customer-facing use.CriticalGrounding to trusted knowledge bases; RAG (Retrieval Augmented Generation) architecture; human-in-the-loop for high-stakes outputs; hallucination detection tooling; guardrails on output format & contentEU AI Act Annex III, FCA guidance
Explainability gapInability to explain a model's decision to a customer, regulator or the decision-maker. Black-box model in high-stakes use.HighExplainability tooling (SHAP, LIME, attention visualization); challenger models that are inherently interpretable; model cards documenting global & local explanations; decision rationale loggingGDPR right to explanation, EU AI Act Annex III
Model bias & fairnessDisparate impact across protected groups (race, gender, age, etc.). Model systematically disadvantages a customer segment.CriticalFairness testing pre-launch & ongoing (disparate impact ratio, equalized odds, calibration); stratified performance evaluation; bias documentation; mitigation strategies (thresholding, fairness constraints in training)Fair Lending regs, ECOA, FCA guidance, EU AI Act
Robustness & adversarial attacksModel sensitive to small input perturbations or adversarial attacks; prompt injection can manipulate LLM outputs.MediumAdversarial testing & red-teaming; input filtering & validation; prompt injection detection; robustness metrics (perturbation tolerance); guardrails on model outputsNIST AI RMF
Model staleness & concept driftModel performance degrades because the real world has changed; concept drift is not detected or remediated.HighAutomated performance monitoring; drift detection algorithms; retraining triggers & schedules; periodic model challenger evaluations; version control on all model artifactsSR 11-7 monitoring
Overfitting & poor generalizationModel fits training data too closely; poor performance on new, unseen data. Cross-validation gaps.MediumProper train/validation/test splits; cross-validation; regularization tuning; holdout test set evaluation; performance parity across cohorts & time periodsSR 11-7 validation

3 · Deployment & operational risk

Operational risk materializes after deployment. Models that looked good in validation can fail in production if not properly deployed and monitored. Eight distinct risks:

RiskDescriptionSeverityControl recommendationRegulatory ref
Shadow AI & rogue deploymentsBusiness teams using external AI tools (ChatGPT, Copilot, bespoke SaaS) outside IT/risk visibility; unvetted models in production.HighAI inventory audit with deep packet inspection; enterprise GenAI gateway & allowlist; SaaS application controls; user education & amnesty; regular audits of what tools are actually in useSR 11-7, SS1/23
Deployment-validation gapModel performs well in validation but fails in production due to different data, latency, or infrastructure issues.HighCanary deployment (10% traffic); A/B testing pre-full rollout; shadow mode deployment (parallel to incumbent); production performance monitoring pre/post rollout; rollback proceduresSR 11-7
Inadequate monitoring & alertingModel degradation, drift, bias or failures not detected; risk materialises silently until customer complaint or regulatory exam.CriticalReal-time SLO monitoring (latency, accuracy, fairness); automated alerting with escalation; model performance dashboard; data quality monitoring; drift detection; alert response SLAsSR 11-7, SS1/23
Cost & compute concentrationRunaway inference cost from large-scale GenAI use; heavy reliance on single GPU vendor (e.g., NVIDIA) creating supply chain risk.MediumFinOps discipline (tagging, budgets, alerts); multi-model strategy reducing vendor lock-in; cost optimization (model quantization, caching, batch processing); compute capacity planningOperational resilience
Model versioning & rollback failureInability to revert to prior model version; unclear which version is in production; audit trail lost.MediumModel registry with version control; immutable artifacts; automated version promotion gates; rollback procedures & testing; audit logs of all version changesSR 11-7 model documentation
Latency & performance SLA breachModel takes too long to score; inference latency causes downstream system timeouts or poor user experience.MediumLatency SLOs by use case; performance profiling pre-deployment; auto-scaling & load balancing; caching strategies; model compression for inference speedOperational resilience
Data pipeline failuresData quality issues, stale data or missing features in the production data pipeline feeding the model.HighData pipeline monitoring & alerting; schema validation; feature freshness checks; data quality dashboards; fallback / degraded mode if data unavailableSR 11-7 monitoring
Undocumented or missing model lineageCannot trace a production model back to training data, validation report, or deployment approval; audit trail incomplete.HighModel registry with full lineage tracking; automated model card generation; deployment approval workflow & audit logs; Git version control on model code & training specsSR 11-7, Audit requirements

4 · Third-party & supply chain risk

Most financial institutions now depend on external AI providers, open-source models, and cloud infrastructure. Supplier risk is material. Seven distinct risks:

RiskDescriptionSeverityControl recommendationRegulatory ref
Foundation model dependencyHeavy reliance on a single LLM provider (e.g., OpenAI) for GenAI use cases; lock-in risk; single point of failure.MediumMulti-model architecture with model abstraction layer; evaluate alternatives (Anthropic, Meta, open-source); contractual commitments from vendor; cost diversification strategySS1/23 third-party risk
Vendor opacity & auditing gapsUnable to assess foundation model training data, fine-tuning approach, safety evaluations, or control testing. Vendor documentation is sparse.HighStandardized vendor questionnaires (AI Act Annex III requirements); on-site vendor audits; contractual audit rights; third-party assessment reports; SLAs on model performance & safetyEU AI Act Annex III, SS1/23
Data residency & jurisdictional riskSensitive customer data or training data flows to non-compliant jurisdictions; cloud provider processes data outside agreed regions.CriticalRegional endpoint enforcement in contracts; data residency SLAs with penalties; technical controls (encryption in transit, VPN, regional gateways); GDPR Adequacy Assessment mappingGDPR, GLBA, CCPA
Open-source license & compliance riskOSS models with restrictive licenses (e.g., GPL); viral IP obligations; commercial use restrictions; unclear licensing terms.MediumLicense audit of all OSS components; SBOM (Software Bill of Materials) for models; legal review before deployment; usage guidelines & restrictions in contracts; indemnification from partnersCopyright law
Vendor service interruptionProvider outage, discontinuation of service, or capacity constraints disrupt business-critical AI systems.HighMulti-vendor redundancy where feasible; contractual SLAs with financial penalties; backup models & fallback processes; disaster recovery testing; scenario analysis of vendor failureSS1/23, Operational resilience
Vendor training data leakageThird-party provider uses customer data in training their foundation model; confidential information or customer PII exposed.CriticalExplicit opt-out clauses in contracts; no data retention beyond contract term; audit rights for training data use; indemnification provisions; DPIA for data sharingGDPR, confidentiality obligations
Model poisoning via supply chainProvider intentionally or negligently deploys a model with embedded malicious behavior, backdoors or undetected bias.MediumVendor security assessments; red-team evaluation of provided models; behavioral testing before deployment; vendor incident response SLAs; contractual liability provisionsNIST AI RMF, Cyber risk frameworks

5 · Conduct, ethical & reputational risk

How AI is used matters as much as how well it works. Ethical lapses damage brand, invite regulation, and harm customers. Eight distinct risks:

RiskDescriptionSeverityControl recommendationRegulatory ref
Customer harm & mis-sellingAI recommends unsuitable products, pricing or services; customer not informed AI made the decision; suitability not assessed.CriticalSuitability checks before AI recommendations; human-in-the-loop for high-stakes advice; explainability to customer; complaint handling & escalation; documented due diligenceFCA ICOBS, FINRA, SEC, GDPR
Discrimination & disparate treatmentAI systematically disadvantages protected groups (race, gender, age, disability, religion); disparate impact in lending, pricing or hiring.CriticalFairness testing across protected attributes; disparate impact monitoring; adjustment mechanisms (thresholding, fairness-aware training); diversity in training data; audit trails & documentationFair Lending regs, ECOA, FCA guidance, Employment law
Consent & transparency failuresCustomers unaware of AI involvement in decisions affecting them; insufficient disclosure; no right to opt-out.HighClear, upfront disclosure that AI is used; explain what AI assessed; offer human alternative; publish AI governance commitments; GDPR-compliant automated decision-making noticesGDPR Art. 22, FCA guidance, GLBA
Reputational damagePublic failure of AI system (bias scandal, hallucinated financial advice, security breach) damaging brand and customer trust.HighCrisis playbook & incident response team; communication templates; media monitoring; executive training; customer remediation program; independent review of failuresRegulatory guidance
Workforce displacement & moralePoorly managed AI automation displaces staff without reskilling; low staff morale; litigation risk; union pushback.MediumStaff communication & change management; reskilling programs; transition support; redeployment opportunities; staff representatives on AI governance committeesLabor law, Internal governance
Conflicts of interest in AI decisionsAI used to maximize bank profit at expense of customer interest (e.g., predatory pricing, inattention to suitability).HighSuitability assessments required before AI recommendations; conflicts of interest disclosure; customer interest over bank profit policy; auditable decision logic; human override capabilityICOBS, MiFID, fiduciary duty
Unequal access to AI benefitsAI benefits go to affluent customers while AI-driven cost-cutting or denial affects vulnerable populations; widening digital divide.MediumEquitable access policy; responsible AI principles; impact assessments for vulnerable populations; affordability & inclusion in AI use case designRegulatory guidance, Social responsibility
Environmental & social impactLarge language models consume enormous energy; training data sourcing involves labor exploitation or environmental harm.Low–MediumCarbon footprint assessment of AI models; vendor sustainability questionnaire; consideration of more efficient model alternatives; ESG reporting on AI impactTCFD, ESG frameworks

6 · Regulatory & legal risk

The regulatory landscape for AI is fragmenting. Overlapping regimes create compliance burden. Eight distinct risks:

RiskDescriptionSeverityControl recommendationRegulatory ref
EU AI Act non-complianceFailure to classify systems, document training data, implement human oversight, or complete conformity assessment for high-risk systems.CriticalAI inventory with EU AI Act classification; training data governance & documentation; risk management system per Annex III; human oversight audit trails; conformity assessment & technical documentation; regulatory monitoring for changesEU AI Act Articles 4–37
SR 11-7 & SS1/23 gapsAI and GenAI models not properly classified under model risk management; validation, monitoring, documentation requirements not met.HighExtend existing MRM policy to cover all models including ML & GenAI; independent validation gate; ongoing monitoring & revalidation; model inventory & risk tiering; documentation & audit trailsSR 11-7, SS1/23
Intellectual property infringementTraining data includes copyrighted content, code or proprietary databases without license; model outputs reproduce training data; copyright litigation.MediumTraining data audit & licensing review; copyright clearance for all data sources; indemnification agreements with data vendors & model providers; output filtering; rightholder opt-out mechanismsCopyright law, DMCA
Privacy & GDPR violationsLawful basis for processing personal data in training unclear; automated decision-making without human review; data subject rights (access, deletion, portability) not honored.HighDPIAs for all high-risk AI uses; transparent lawful basis documentation; human review for decisions impacting rights; rights fulfillment processes; GDPR training for teams; data minimisation in model inputsGDPR Articles 1–99
Fair lending & discrimination law violationsCredit models with disparate impact; insurance pricing with age discrimination; hiring AI with gender bias; regulatory enforcement action.CriticalDisparate impact testing & monitoring; fair lending audits; protected attribute exclusion (or justified use cases); monitoring & remediation of adverse action; customer notification if AI critical to denialFCRA, ECOA, Fair Credit Reporting Act, GDPR
Consumer protection & disclosure gapsFailure to disclose AI use in financial advice; inadequate explanation of AI decisions; no human escalation path available.HighClear disclosure of AI involvement; explainability in plain language; right to human review; complaint handling procedures; training on disclosure requirementsFCA ICOBS, FINRA, SEC
Cross-border supervisory divergenceConflicting expectations across EU, UK, US, SAMA, other regimes; compliance with one regime creates non-compliance with another.MediumLegal & regulatory mapping across all jurisdictions where institution operates; apply most-restrictive interpretation; document compliance choices; engage regulators proactively; adjust governance by jurisdiction if neededMultiple, overlapping frameworks
Contractual liability & indemnification gapsContracts with AI vendors lack adequate indemnification for IP infringement, data breaches, or model failures; liability allocation unclear.MediumVendor contract review & amendment; ensure indemnification for IP, data protection, model performance; audit rights & SLAs; insurance coverage assessment; liability caps & dispute resolution processesContract law, Risk management

Risk appetite statement template

A board-approved risk appetite statement for AI should define tolerance by tier and risk category. Here is a template:

The top-right quadrant of any AI risk heat map is dominated by data risks — PII exposure, bias in training data, and hallucination. These are the risks that regulators ask about first and where control gaps are most visible.

Heat map: Risk by category & likelihood

This simplified heat map ranks the 40+ risks by typical severity and likelihood in a FS institution. Position indicates relative priority for governance investment.

Low High High Medium Low Likelihood → Severity → PII exp Hallucin Bias Drift Cost OSS

Top-right quadrant = highest priority. Bubble size = relative number of controls available. This is illustrative; actual risk positioning varies by institution and use case.

How to use this taxonomy

  1. Map to existing frameworks. Don't create a parallel risk universe. Map each risk category to your operational, model and conduct risk classifications in your existing risk register.
  2. Score inherent & residual risk. For each risk category, estimate inherent (no controls) and residual (with controls in place) impact & likelihood. Use a 5x5 matrix (impact: low–critical; likelihood: rare–almost certain).
  3. Identify controls. For each identified risk, confirm which primary and secondary controls are in place. Track exceptions and remediation.
  4. Use case risk assessment. For each AI use case intake, identify which subset of the taxonomy applies. Confirm controls are in scope for that use case's risk tier.
  5. Portfolio aggregation. Aggregate risk scores to portfolio level. Feed into AI Risk Committee dashboard and board reporting.
  6. Refresh & improve. Update the taxonomy annually, and after every material AI incident or major regulatory change. Include lessons from near-misses.

Control reference: Top controls by risk category

Risk CategoryTop 3 ControlsSecondary Controls
Data riskData quality SLAs, PII classification & DLP, fairness testingLineage tracking, drift monitoring, synthetic data testing
Model riskIndependent validation, fairness monitoring, hallucination detectionExplainability tooling, adversarial testing, version control
Operational riskAI inventory & classification, real-time monitoring, production SLOsCanary deployment, automated alerting, data pipeline monitoring
Third-party riskVendor assessment questionnaire, contractual controls, data residency enforcementMulti-vendor redundancy, audit rights, SLAs & indemnification
Conduct riskSuitability checks, fairness testing, customer disclosure & transparencyHuman-in-the-loop escalation, conflict of interest monitoring, complaint handling
Regulatory riskAI governance policy, regulatory mapping, compliance documentationLegal contract review, DPIA templates, incident response playbooks

Ready to implement this in your organisation?

Get in touch to discuss how this accelerator fits your institution.

Book a Consultation →