Evaluating AI Business Risks: Considerations for Risk Managers

by John Jenkins

January 13, 2025

A recent MarshMcLennan memo highlights key steps for risk managers to take in order to effectively implement an artificial intelligence strategy and manage the risks associated with it. The memo says that starting point is to clarify where responsibility for AI risk management lies within the organization. Marsh notes that this is often ambiguous, but that it is essential to define ownership and accountability for AI risk. It recommends the use of a cross-functional AI governance team to accomplish this objective.

Once responsibility for AI risk management has been appropriately allocated, risk managers should evaluate the potential risks of AI tools. This excerpt discusses some of the key considerations in the risk evaluation process:

Organisations need to understand the impact of AI on their risk profile. For instance, reliance on large datasets for training AI models can heighten the risk of non-compliance with data protection laws, especially if sensitive information is mishandled or inadequately protected.

Additionally, algorithmic bias can lead to unfair or discriminatory outcomes, potentially damaging the organisation’s reputation and resulting in legal repercussions. Regulatory non-compliance becomes a critical concern, as organisations must navigate evolving laws and guidelines surrounding AI use, particularly in regions with stringent data protection regulations, like the EU. These changes brought about by AI necessitate a comprehensive reassessment of existing risk management strategies to address the unique challenges posed by AI technologies.

To effectively mitigate and transfer the risks associated with AI implementation, risk managers should first conduct a thorough AI risk assessment that includes data-handling practices, algorithmic fairness, and regulatory compliance. They should evaluate how these risks affect their existing insurance portfolio, ensuring coverage and limits are sufficient. They should then consider transferring any remaining risks through insurance. By proactively addressing AI risks, risk managers can help their organisations harness the benefits of AI while minimising potential downsides.

Marsh’s memo also highlights the need for companies to implement comprehensive AI training and communications programs that provide employees with the skills needed to work alongside AI systems, and to establish metrics to monitor the impact of AI tools.