How to Build a Strategy to Mitigate AI Risks

Allison Spagnolo CIPP / Jacqueline Pluta ACAMS / Morgan Maiorino October 31, 2024

In the rapid evolution of artificial intelligence, companies are often enticed by the numerous benefits that AI can offer, from improving efficiency and productivity to gaining a competitive edge. However, many companies tend to overlook significant AI risks due to a lack of awareness about the complexities and potential pitfalls, overconfidence in the technology’s infallibility, immense pressure to innovate, and resource constraints that make implementing robust AI governance frameworks challenging. The regulatory landscape for AI is still in its formative stages, with different jurisdictions adopting varied approaches, creating confusion and uncertainty for companies. Some companies underestimate the impact of AI risks on their operations and reputation–believing the benefits far outweigh the downsides or assuming they can manage risks as they arise. Ignoring AI risks is fatal flaw and can undermine the advantages AI seeks to provide.

Companies must strike a balance between embracing AI innovation and implementing robust AI risk management frameworks by raising internal awareness, dedicating resources, and adhering to ethical standards to mitigate AI risks and ensure successful AI adoption.

THE 3 AI RISKS YOU SHOULD NEVER IGNORE

Regulatory compliance: As AI continues to become more ubiquitous, companies adopting AI must steer its use in an uncertain regulatory landscape. AI has outpaced controls around it, forcing reactive regulations from legislators who have developed different approaches for different jurisdictions. Companies must navigate these regulations to ensure their corporate AI policies are compliant with laws such as the General Data Protection Regulation (GDPR) in Europe, the EU Artificial Intelligence Act in the EU, Executive Order 14110 in the United States and other local laws. The lack of standardized regulations across different regions puts multinational companies especially at higher risk of noncompliance. Despite the challenges posed by differing compliance standards, all AI regulations target the same general concerns that existed before the widespread use of AI, such as data privacy and bias, and emphasize taking a risk-based approach with adequate controls to mitigate company-specific risk.

Data theft: While AI can strengthen cybersecurity measures by detecting threats and analyzing large datasets quickly, it also presents new vulnerabilities, such as data theft. Malicious actors aim to exploit vulnerabilities in AI controls to conduct sophisticated cyberattacks, including data breaches, ransomware, and malware distribution. Threats may also arise from within the company. Employees may inadvertently violate data privacy laws by inputting sensitive information into AI tools that do not guarantee data protection.

To combat this, those responsible for managing cybersecurity risks may need to reevaluate the relative importance of data assets, update data asset inventory, and account for new threats and risks. This is particularly critical for industries like healthcare and finance that safeguard personal and confidential data.

Disinformation: AI systems, especially those generating content, can be used to spread false information, which can lead to legal liability and loss of reputability. Companies’ policies and procedures should make clear that AI users must verify all information received through AI. The SEC and DOJ recently issued warnings to public companies against “AI washing,” a phenomenon in which companies overstate the capabilities of their AI systems to attract customers or investors. Following best practices and creating controls around transparency and accuracy puts companies in the best position to maintain compliance with consumer protection laws. Furthermore, it will help foster an environment of trust between companies and their customers.

Traversing the complexities of AI governance requires more than just good intentions; it demands a strategic approach that aligns operational needs with regulatory mandates and emerging risks. As the regulatory landscape continues to evolve and AI risks become more sophisticated, partnering with an experienced third-party consultant can be the difference between staying ahead of challenges or falling behind. Guidepost brings deep expertise in regulatory compliance, risk management, and policy development—ensuring your corporate AI framework is both comprehensive and resilient. With tailored assessments, practical guidance, and robust testing, Guidepost can help your organization mitigate AI risks while seizing its full potential.

Alison Spangolo with curly hair is wearing a black jacket and a plaid shirt

Allison Spagnolo CIPP

Chief Privacy Officer, Senior Managing Director

As Chief Privacy Officer and Senior Managing Director, Allison Spagnolo leads the Artificial Intelligence (AI) practice, ensuring governance and compliance for clients’ AI usage, and compliance engagements across sectors including financial institutions, healthcare, and government contractors. This includes reviewing anti-money laundering (AML) and sanctions (OFAC) issues for global banks and multi-national companies, as well as advising on financial crime compliance issues specific to cryptocurrency exchanges and Fintech companies. She has traveled extensively in Europe and Asia for the purpose of leading and conducting on-site inspections and reviews related to NYDFS and Federal Reserve monitorships, BSA/AML audits and other compliance matters.

Jacqueline Pluta ACAMS

Analyst

Jacqueline Pluta is an analyst with Guidepost Solutions working on a variety of issues across multiple industries. Most recently, Ms. Pluta completed a compliance review for a community bank with 13 locations, where she developed several review procedures to test the bank’s compliance with regulatory requirements including the Equal Credit Opportunity Act and Truth in Savings Act.

Morgan Maiorano in a striped shirt is smiling for the camera

Morgan Maiorino

Senior Analyst

Morgan Maiorino is a compliance and investigations analyst at Guidepost Solutions. She supports the Investigations + Business Intelligence, Corporate Risk + Compliance, Institutional Integrity, and Immigration + Border Services practice groups.

InvestigationHotlines