AI Governance Framework Icon

Regulatory References

Regulations, standards, and frameworks mapped to the FINOS AI Governance Framework risks and mitigations.

Canada AI & Financial-Sector Regulatory References

Canadian regulatory framework for AI in capital markets and financial services, spanning securities, prudential, privacy and human rights obligations.

EU AI Act

Regulation (EU) 2024/1689 establishing harmonised rules on artificial intelligence across the European Union.

FFIEC IT Examination Handbook

The FFIEC IT Examination Handbook booklets covering architecture, development, management, and security of financial institution IT systems.

ISO/IEC 42001

International standard specifying requirements for establishing, implementing, maintaining and continually improving an AI management system.

NIST AI 600-1

NIST's framework for managing risks specific to generative AI, covering twelve risk categories from CBRN information to value chain integrity.

NIST SP 800-53 Rev 5

NIST's catalogue of security and privacy controls for information systems and organisations.

OWASP LLM Top 10

The ten most critical security risks for applications built on large language models, published by OWASP.

OWASP ML Security Top 10

The ten most critical security risks for machine learning systems, published by OWASP.

SR 11-7: Model Risk Management

Federal Reserve and OCC supervisory guidance on model risk management, covering development, validation, and governance of models.