Understanding the risks of integrating GenAI in GRC programs: A framework for compliance teams
NIST's recent AI Risk proposal, AI RMF Generative AI Profile, aims to assist organizations in comprehending AI risks internally and from third-party vendors. While GenAI adoption is on the rise across various sectors, compliance managers are more cautious about incorporating AI into their compliance programs. Despite all the hype about AI, a survey conducted by The Wall Street Journal among approximately 300 compliance professionals revealed that only one-third currently incorporate GenAI within their compliance programs.
Collaborative efforts between entities like NIST and prominent organizations including OpenAI and Microsoft are underway to expedite the development of standards and recommendations for the responsible deployment of AI. Amidst grappling with the implementation of GenAI, it becomes imperative to understand how third parties are integrating this technology to better evaluate corporate risk, consequently enhancing regulatory and compliance reporting.