Resources for Reference
AI Risk Management
National Institute of Standards and Technology (NIST) Artificial Intelligence Risk Management Framework. January 2023. Link
National Institute of Standards and Technology (NIST) Artificial Intelligence Risk Management Framework: Generative Artificial Intelligence Profile. July 2024. Link
OECD (2022), OECD Framework for the Classification of AI systems, OECD Digital Economy Papers, No. 323, OECD Publishing, Paris. Link
ISO. ISO/IEC 42001: 2023: Information Technology – Artificial Intelligence - Management System. Link
Regulation (EU) 2024/1689 of the European Parliament and of the Council of 13 June 2024 on artificial intelligence, Official Journal of the European Union L 2024/1689 (12 July 2024). Link
Model Risk Management
Board of Governors of the Federal Reserve: Supervisory Governance on Model Risk Management, SR 1-7, April 4, 2011. Link
Office of the Comptroller of the Currency, Comptrollers Handbook, Model Risk Management, August 2021. Link
American Bankers Association, The Model Risk Playbook: Essentials for Banks and Fintechs, Brought to you by Wolf & Co, PC, July 21, 2025. Link
Data Governance Risk
DAMA-DMBOK. Data Management Body of Knowledge. Revised Edition. Technis Publications (Basking Ridge, N.J.), 2024.
EDM Council. Global Data Management Benchmark Report. 2023. Link
Basel Committee on Banking Supervision. Principles for effective data aggregation and risk reporting. 2014. Link
Basel Committee on Banking Supervision. Progress in adopting the Principles for effective risk data aggregation and risk reporting. November 2023. Link
Third Party/Vendor Risk
Office of the Comptroller of the Currency. OCC Bulletin 2023-17: Third-Party Relationships – Interagency Guidance on Risk Management. Washington, DC: OCC, June 6, 2023. Link
Bank of England. SS2/21: Outsourcing and Third Party Risk Management. March 29, 2021. Link
Financial Conduct Authority. FG 16/5: Guidance for firms outsourcing to the “cloud” and other third-party IT services. July 2016. Updated September 2019. Link
Privacy & Cyber Security Risk
National Institute of Standards and Technology. Cybersecurity Framework 2.0. February 26, 2024. Link
EU Cyber Resilience Act. December 12, 2024. Link
Office of the Comptroller of the Current. Cybersecurity and Financial System Resilience Report. July 2025. Link
International Organization for Standardization. ISO 27001, Information security, cybersecurity and privacy protection — Information security management systems — Requirements. Edition 3, 2022. Link
Fraud Prevention Risk
Office of the Comptroller of the Currency (OCC). Federal Bank Regulatory Agencies Seek Comment to Address Payments and Check Fraud. June 16, 2025. Link
Office of the Comptroller of the Currency (OCC). OCC Bulletin 2019-37. Operational Risk: Fraud Risk Management Principles. July 24, 2029. Link
David L. Cotton, Sandra Johnigan, Leslye Givarz. COSO (Committee of Sponsoring Organizations of the Treadway Commission) and ACFE (Association of Certified Fraud Examiners). Fraud Risk Management Guide. 2nd Edition. March 2023. Link
Processing Risk
Basel Committee on Banking Supervision. Revisions to the Principles for the Sound Management of Operational Risk. March 31, 2021. Link
Federal Financial Institutions Examination Council. Retail Payment Systems IT Examination Handbook. Washington, DC: FFIEC, April 2016. Link
Federal Financial Institutions Examination Council. Wholesale Payment Systems IT Examination Handbook. Washington, DC: FFIEC, July 2004. Link
Office of the Comptroller of the Currency. OCC Bulletin 2012-16: Mobile Payments Risk Management. Washington, DC: OCC, April 2012. Link
European Central Bank, Eurosystem. The Revised Payment Services Directive (PSD2) and the transition to Stronger Payments Security. March 2018. Link
System/Technology Risk
Federal Reserve Board. SR 98-9 (SUP): Assessment of Information Technology in the Risk-Focused Framework for Supervision of Large and Complex Banking Organizations. Federal Reserve Board, October 1, 2025. Link
Federal Reserve Board. Supervisory Policy and Guidance Topics: Information Technology Guidance. Federal Reserve Board, updated September 5, 2023. Link
Federal Financial Institutions Examination Council (FFIEC). FFIEC Information Technology Examination Handbook: Development, Acquisition, and Maintenance. FFIEC and member agencies, 2024. Link
Intellectual Property Risk
U.S. Securities and Exchange Commission. Intellectual Property and Technology Risks Associated with International Business Operations, Division of Corporation Finance
Securities and Exchange Commission, CF Disclosure Guidance: Topic No. 8, December 19, 2019. LinkWorld Intellectual Property Organization (WIPO), Artificial Intelligence and Intellectual Property. Link
World Economic Forum, Here’s Who Owns What When it Comes to AI, October 10, 2025. Link
Conduct Risk
Financial Conduct Authority. Transforming Culture in Financial Services. Discussion Paper DP 18/2. March 2018. Link
U.S. Securities and Exchange Commission. Regulation Best Interest: The Broker-Dealer Standard of Conduct. July 12, 2019. https://www.sec.gov/rules-regulations/2019/06/s7-07-18#34-86031final
Financial Conduct Authority. PS22/9: A New Consumer Duty. July 27, 2022. https://www.fca.org.uk/publications/policy-statements/ps22-9-new-consumer-duty
Compliance Risk
Board of Governors of the Federal Reserve, R 08-8 / CA 08-11: Compliance Risk Management Programs and Oversight at Large Banking Organizations with Complex Compliance Profiles. Link
Basel Committee on Banking Supervision. Compliance and the Compliance Function in Banks. Basel, Switzerland: Bank for International Settlements, April 2005. Link
U.S. Department of the Treasury, Financial Crimes Enforcement Network (FinCEN). Anti-Money Laundering and Countering the Financing of Terrorism National Priorities. Washington, DC: FinCEN, June 2021. Link
Financial Crimes Enforcement Network (FINCEN), Anti-Money Laundering and Countering the Financing of Terrorism National Priorities, June 30, 202. Link
FFIEC BSA/AML Examination Manual, 2014. Link
Operational Resilience
Basel Committee on Banking Supervision. Principles for Operational Resilience. March 2021. Link
Board of Governors of Federal Reserve. SR 20-24: Interagency Paper on Sound Practices to Strengthen Operational Resilience. November 2, 2020. Link
Financial Conduct Authority. Operational Resilience: insights and observations for firms. May 28. 2024. Link
Financial Conduct Authority. PS21/3 Building Operational Resilience. March 29, 2021. Link
Office of the Comptroller of the Currency. Cybersecurity and Financial System Resilience Report. July 2025. Link
Official Journal of the European Union. REGULATION (EU) 2022/2554 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on digital operational resilience for the financial sector and amending Regulations (EC) No 1060/2009, (EU) No 648/2012, (EU) No 600/2014, (EU) No 909/2014 and (EU) 2016/1011, December 14, 2022. Link