credit union AI assurance model and risk assessment

This is the 3rd blog in a series about Artificial Intelligence (AI) in the context of credit union risk and compliance. This series is designed to provide auditors and compliance professionals with a clear understanding of how AI can be applied and managed within their operations.

Currently, there isn’t a wealth of regulatory guidance around AI. Furthermore, all credit unions will conduct their own AI risk assessments. AI truly is the wild west—the big frontier—when it comes to new credit union technology and best practices.

Still, there’s no need to reinvent the wheel. If you have a proven risk and compliance agenda, it should work for AI, too.

If you’re not 100% confident in your current risk and compliance practices, or if you’re building a specific one for AI, this should help.


The AI Assurance Agenda Model

The following 6-step AI Assurance Agenda is built on best practices in risk assessment. Your credit union may find this model helpful as you gain exposure to AI solutions.

For this to agenda to work with AI, you need to do each step—and follow them in order.

1.   Identification

What are you doing with AI (e.g. offense or defense)? What risks does that pose to the credit union?

2.   Guidance

What guidance or advice is already available? You may need to look to peers inside and outside of the financial industry.

Currently, regulatory bodies like the NCUA and FDIC don’t have much guidance. Financial institutions and technology companies like Apple and Google are developing guidance faster than regulators.

This will change and regulators will catch up. However, with this quickly emerging and rapidly evolving technology, don’t expect guidance to come as quickly as innovation.

3.   Prioritization

Which risks are most important? Where do you need to put most of your resources?

Credit unions need to prioritize risks according to importance. Especially with AI, you need to ensure that these prioritized items are on Audit and Leadership radar. They must be part of the conversation.

4.   Mitigation

How do you address risk? What will you do to mitigate the risks that you’ve identified and prioritized?

You’ll need to establish policies and procedures around each use of AI.

5.   Assignment

Who is responsible? Who is accountable for the success of your mitigation strategy?

This is a good time to review the 3 lines of defense at your credit union (policies and procedures, quality control and compliance, and internal/external audit).

6.   Execution

It’s easy to put together a plan. It’s harder to follow through with it. This is the hardest step of the whole AI Assurance Agenda, but it’s entirely possible.


Next Steps and Takeaways

When working with new AI solutions, it’s important for credit unions to do the following:

    1. Define whether their AI strategy is for offense, defense, or both;
    2. Understand the goals of the AI strategy or solution;
    3. Set intention behind the stated AI strategy or solution; and
    4. Run the AI strategy or solution through this AI Assurance Agenda.


Subscribe now to see further installments of this series on AI and credit union risk and compliance.

If you’d like to see how Redboard can save time and improve visibility and accountability in your audit process, schedule an assessment here.

Posted in: