AI governance and risk management from the perspective of banking and financial supervision

From BaFin’s perspective, effective ICT risk management for AI begins at the strategic level. The guidance makes it clear that institutions should generally develop an AI strategy aligned with their overall, risk and DOR strategy and have it approved by the management body. This strategy is not an end in itself, but serves to consciously control the use of AI – especially where AI supports critical or important functions.

The strategic framework remains important because AI has a profound impact on business processes and can potentially have a significant effect on the stability, availability and integrity of data and systems. Without a clear vision, there is a risk of uncoordinated introduction of individual applications that promise short-term efficiency gains but create new dependencies and ICT risks in the long term.

BaFin explicitly links strategic responsibility to the management body. Not only does it bear formal ultimate responsibility, but it must also have sufficient knowledge to be able to assess AI-related risks. AI governance is not understood here as a delegable task, but as a management duty that requires specialist knowledge. This makes it clear that AI strategy is not a document for the filing cabinet, but a central management tool for the company’s management.

The second pillar of AI governance concerns organisational implementation. BaFin emphasises that governance and organisation are key building blocks for achieving digital operational resilience. For AI, this primarily means clear responsibilities within existing control structures.

Instead of creating new, parallel AI organisations, the supervisory authority expects them to be embedded in established governance models, in particular the three lines of defence model. Specialist departments and IT are responsible for the development, operation and use of AI systems. The second line of defence, such as risk management, compliance and information security, defines framework conditions, checks compliance and assesses risks. Finally, internal audit is responsible for independently reviewing the effectiveness of the entire AI governance framework.

This structure is crucial from a supervisory perspective because it ensures that AI is not operated ‘between the lines’. Particularly in the case of highly critical applications, it must be clear at all times who is responsible for decisions, controls and escalations. The guidance makes it clear that this clarity is not optional, but a prerequisite for the proper handling of ICT risks arising from AI.

A particularly striking point in the BaFin guidance is its consistent focus on the AI life cycle. The supervisory authority makes it clear that ICT risks do not primarily arise along the value chain, but rather through the permanent integration of an AI system into the ICT landscape. This is precisely why it is not enough to test or approve AI systems on a one-off basis.

Instead, institutions must consider the entire life cycle, from development and testing to ongoing operation and decommissioning. Different risk profiles arise in each phase. For example, training data can be manipulated, models can drift, cloud dependencies can intensify, and security gaps can only become apparent during operation. BaFin therefore expects AI systems to be continuously monitored, regularly reviewed and, if necessary, adapted or decommissioned.

The supervisory authority attaches particular importance to operation and decommissioning. From BaFin’s perspective, uncontrolled uninstallations, outdated model versions or insufficiently secured training data pose significant ICT risks. Governance therefore does not end with go-live, but explicitly includes exit strategies, uninstallation and the handling of historical data and models.