AI Risk Assessment Matrix - Financial Services Edition

Overview

Financial AI risk assessment has regulatory requirements. SR 11-7 expects model risk management for AI. Fair lending examination will ask how you tested for discrimination. Your risk framework must address what regulators expect—generic risk assessment doesn't.

This framework provides financial services-specific risk assessment. It aligns with SR 11-7, addresses fair lending, covers trading AI, and provides the documentation regulators expect to see.

What's Inside

Financial Services-Specific Risk Categories

• Model risk (SR 11-7)
• Fair lending and discrimination risk
• Market manipulation and trading risk
• Consumer protection (UDAAP) risk
• Cybersecurity and fraud risk
• Third-party/vendor risk
• Operational and compliance risk

1. Model Risk Assessment Framework
Aligned with SR 11-7 expectations:

• Conceptual risk: Model design, assumptions, limitations
• Implementation risk: Coding, integration, controls
• Data risk: Quality, bias, representativeness, drift
• Performance risk: Accuracy, stability, degradation
• Risk scoring by model tier (Tier 1/2/3)

2. Fair Lending Risk Assessment

• Disparate impact testing methodology
• Proxy discrimination analysis
• Protected class performance evaluation
• Adverse action documentation requirements
• Fair lending testing frequency and scope

3. Algorithmic Trading Risk Assessment

• Market manipulation risk
• Flash crash and stability risk
• Best execution compliance
• Spoofing and layering detection
• Kill switch and circuit breaker requirements

4. Third-Party AI Risk Assessment

• Vendor due diligence requirements
• Model transparency expectations
• Contractual requirements
• Ongoing monitoring requirements
• Concentration risk evaluation

5. Risk Scoring Methodology

• Likelihood × Impact scoring
• Financial services-specific impact factors (regulatory, consumer, financial)
• Risk tier classification
• Aggregation methodology

6. Risk Mitigation Strategies

• Controls mapped to risk types
• Implementation guidance
• Effectiveness measurement

7. Risk Register Template

• Financial services-adapted fields
• Regulatory mapping
• Audit trail requirements

8. Monitoring & Reassessment

• Ongoing monitoring requirements
• Reassessment triggers
• Performance drift detection
• Quarterly review process

Who This Is For

• Chief Risk Officers managing AI in risk frameworks
• Model Risk Management implementing AI risk assessment
• Fair Lending Officers ensuring compliance
• Compliance Officers preparing for examination
• AI/ML Teams understanding risk requirements

Why This Resource

Financial services risk assessment must align with regulatory expectations. This framework addresses SR 11-7 model risk categories, fair lending testing requirements, and securities trading concerns—not generic risk factors you have to adapt. Examiners will recognize the framework alignment.

Fair lending risk assessment is detailed enough to satisfy examination expectations.

FAQ

Q: How does this align with SR 11-7?

A: The model risk assessment framework uses SR 11-7 risk categories (conceptual, implementation, data, performance) and tiering approach. It extends SR 11-7 to AI-specific considerations while maintaining regulatory alignment.

Q: What about fair lending testing for AI?

A: The fair lending risk assessment provides disparate impact testing methodology, proxy discrimination analysis, and documentation requirements. It covers what fair lending examination expects for AI credit decisions.

Q: Do we need separate risk assessment for trading AI?

A: Yes—algorithmic trading has distinct regulatory requirements and risk factors. The trading risk assessment section addresses market manipulation, stability, and securities compliance concerns that don't apply to other AI.