Skip to main content
18 Dec 2025
15 minute read

CTRL + Operational Risk: ORX Perspectives on AI in Banking

This report explores current trends and considerations regarding how banks can effectively manage new and evolving operational risks arising from Artificial Intelligence (AI)I. Using the popular ORX taxonomy as a foundation, we assess how AI reshapes existing risk landscapes by introducing novel operational risk categories and complexities to integrate within existing risk frameworks. Our report emphasises the need for updated and enhanced governance and controls, informed and enforced by specialised expertise to effectively manage AI-driven operational risks while ensuring regulatory compliance.

Sanjay Patel
Sam Mottaghi
Alexandra-Cristina Chiricuta
Devang Shah
David Thogmartin
Thomas Clifford

Key Takeaways

  • AI amplifies operational risks, but simultaneously offers powerful tools for enhanced risk mitigation.
  • Current operational risk frameworks and controls require updating to effectively handle the immediate and future challenges of increasingly AI driven organizations.
  • Based on current industry trends, most banks are integrating AI risks within their existing operational risk taxonomies rather than creating a new standalone risk type.
  • Unique risks arising from AI such as hallucinationIIand prompt injectionIII do not naturally fall within traditional and established ORX Level 1 risk categories.
  • The ORX taxonomy “AI/Machine learning (ML)” flagging provides practical guidance to track AI-related incidents without disrupting established risk practices.
  • Development of AI-ready operational risk management framework will not be straightforward, although banks can leverage their existing strong foundations that have been developed over many years.
  • Governance and accountability need to be strengthened, to ensure banks create and foster an AI risk-aware culture through clear risk leadership. This includes investing in key “no regret” actions such as AI Literacy at all levels.
  • Measuring ROI for AI initiatives is often challenging due to the pace of change, broad ranging business impacts, and longer-term benefit time horizon. Leveraging operational risk loss methodologies can provides a practical, quantitative approach to support investment decisions and strengthen business casesIV.

A new era of operational risk and reward

Over the last few years, AI in various forms, has taken the world by storm. Banks are exploring and implementing different AI use cases - from “traditional” machine learning to the latest Generative and Agentic AI solutions to drive cost efficiencies and innovation within their organisations.

However, balancing the innovation agenda, whilst effectively managing risk is a key challenge for the management teams in banks. Despite the potential for creating undeniable benefits, we see that AI has already transformed the operational risk landscape, cutting across multiple risk types and dimensions including the areas of information security (including cyber), technology & data, model, conduct, compliance and third-party risk. AI both amplifies and transforms these well-known operational risks, as well as introducing new “AI native” risks that are novel to the technology. At the same time, AI provides new opportunities to enhance operational risk processes and reduce risk exposures such as through advanced analytics and greater precision in process execution.

To better understand the impact of AI on operational risk in banking, we have taken a structured approach for our assessment and leveraged the ORX (Operational Risk eXchange) Reference Taxonomy, an industry-standard for classifying operational and non-financial risksV. Exhibit 1 provides a non-exhaustive assessment of how AI could impact risk exposures across several of the ORX Level 1 (L1) Event Types.

Exhibit 1: AI impact on ORX Level 1 risk exposure­

How can AI increase risk exposure?

The sheer volume of data and demand for real-time data pipelines can stress governance and infrastructure. Challenges with classification and handling of sensitive (unstructured) data.

How can AI reduce risk exposure?

AI can automate data classification and tagging. AI can also enhance data quality monitoring and anomaly detection [1].

How can AI increase risk exposure?

There are new kinds of model behaviours associated with generative AI, e.g. hallucination and fake content. “Blackbox” AI models can be quite  complex, non-deterministic and often lack explainability, traceability and transparency -complicating the validation effort.
 
The dynamic nature and scale of certain types of models can create greater risk of “model drift” over time.

How can AI reduce risk exposure?

AI can support creation of new scenarios for stress testing that better identify the underlying non-linear patterns in the data [2]. LLMs can also be used to support evaluations of other LLMs, a concept known as “LLM as a judge”.

AI can support automated tracking of model changes and performance drift over time.

Examples how AI can increase risk exposure

AI introduces new attack surfaces (e.g., prompt injection, adversarial inputsVI). Generative AI also enables high-fidelity impersonation (deepfakesVII) and large-scale phishing/fraud. 

 

Examples how AI can reduce risk exposure

AI-powered threat detection and response systems are engineered to identify and neutralise sophisticated deepfake attacks in real time. The "solution set" for deepfake detection primarily centres on securing the "point of interaction"
where an individual's identity is verified, or a transaction is authorised through the deployment of advanced AI algorithms that meticulously analyse video and audio streams for subtle, tell-tale cues indicative of synthetic media.

Examples how AI can increase risk exposure

Uncontrolled automation with AI can create silent process errors at high volume and process failures without clear triggers.  

 

Examples how AI can reduce risk exposure

AI-powered advanced machine learning models can be trained on historical data to detect non-linear patterns that help in automatically catching and blocking possible fraudulent transactions.

Examples how AI can increase risk exposure

Skill gaps in AI literacy or a weak AI culture can lead to over-trust, misuse, or poor monitoring of AI systems. AI may be viewed as accelerating job displacement which can impact employee morale and effectiveness.

 

Examples how AI can reduce risk exposure

Personalised learning tools to reskill and upskill employees. Many AI models require ‘human-in-the-loop’ assessment and feedback to evaluate model performance, thereby enhancing the need for human involvement and supports job retention. This, combined with improving decision support to reduce AI misuse, enables humans to focus on higher-value tasks, mitigating job displacement fears.

Examples how AI can increase risk exposure

Dependence on opaque third parties can lead to non-compliant use of AI services. Contractual risks related to responsibilities and liability in the event of failures (linked to Legal, Regulatory Compliance risks).

 

Examples how AI can reduce risk exposure

AI-driven market and company-level assessments of third-party’s financial health and other factors (e.g. security).

Use of Natural Language Processing (NLP) to identify any risky contract terms.

Use AI to highlight and quantify downstream dependencies or the lack of alternatives within the supply chain.

Examples how AI can increase risk exposure

AI may reinforce bias in client treatment or discriminatory patterns in credit/fraud decisions. E.g., even if race or gender are not input variables, AI models may still be able to infer those variables.

 

Examples how AI can reduce risk exposure

AI processing can reduce human bias from decision making, if modelled appropriately.

AI-driven fairness and bias detection tools could also help mitigate these risks[3].

Examples how AI can increase risk exposure

EU AI Act imposes challenging requirements for high-risk use cases (which e.g., includes loan provisioning). The interplay between the EU AI Act and GDPR remains a key challenge (bias testing vs processing of personal data).

 

Examples how AI can reduce risk exposure

AI-generated regulatory reports with real-time data integration.

Use AI to identify compliance gaps by continuously monitoring data, comparing real-time activities against regulatory standards, and analysing vast data sources to detect patterns which humans might miss.

When traditional controls fail: The AI blindspot

With this changing risk landscape, it is not surprising that existing controls are not equipped to address the new challenges posed by the deployment and use of AI systems. This leads to control failures that look nothing like those risks which organisations have planned to mitigate for. In a Deloitte 2024 survey, 26% of executives revealed that their organisations had experienced deepfake incidents, while 50% of respondents expected a rise in attacks over the following 12 months [4].

Exhibit 2 provides a non-exhaustive gap assessment of how AI could stress traditional controls across several of the ORX Level 1 (L1) risk types.

Exhibit 2: Control effectiveness gap analysis (not exhaustive)

Example control weaknesses raised by AI

Lack of real-time data quality monitoring or insufficient data lineage tracking can result in undetected biases or breaches [5].

 

Example improvements and evolution

Develop dynamic data lineage tracking and predictive data quality scoring controls for AI systems [6].

Example control weaknesses raised by AI

Lack of explainable AI (XAI) tools and insufficient expertise in AI model governance can lead to unaddressed vulnerabilities.

AI system’s performance degrades over time due to changes in the input data or underlying environment.

 

Example improvements and evolution

Develop XAI techniques and frameworks that address two pillars of XAI: “explanation” and “interpretation [7]. Further, some AI systems will require extensive ongoing monitoring controls to detect model and data drift. 

Example control weaknesses raised by AI

Existing cybersecurity controls, such as firewalls, may fail to detect AI-specific threats like prompt injection, deepfake-generated access, and data poisoningVIII [8].

 

Example improvements and evolution

Strengthen and develop next generation mitigating controls such as behavioural analytics and deepfake detection.

Example control weaknesses raised by AI

Controls such as manual process checks are ineffective for AI-driven processes that operate at high speed and possess self-learning behaviours.

 

Example improvements and evolution

Combine AI with rule-based systems that offer transparency into their decision-making processes.

Example control weaknesses raised by AI

Traditional training and governing oversight controls may fail to address AI-specific skill requirements or employee morale issues [9].

 

Example improvements and evolution

Develop AI literacy programs by using AI competency frameworks.

Example control weaknesses raised by AI

Traditional due diligence may not adequately assess transparency/explainability of third-party model design, training data or fine-tuning methods.

 

Example improvements and evolution

Revise third-party due diligence processes and controls including contractual requirements for model documentation and reporting.

Example control weaknesses raised by AI

Controls may not detect bias embedded in program code, prompts or unintended outcomes that still comply with surface-level rules.

 

Example improvements and evolution

Use bias detection logic and ethical AI decision framework. Implement GenAI-based conduct risk detectors.

How will operational risk management need to evolve?

As organisations become increasingly AI-driven, root causes of operational risks will shift from understanding discrete human or system failures, to deciphering complex, non-transparent algorithmic logic. Accountability will become more challenging due to the complexity of AI systems and intertwined causes of failure, especially considering how regulatory obligations are shared between providers and deployers of (high-risk) specific purpose AI systems. Furthermore, traditional governing processes will be stressed, as democratises powerful development capabilities to all employees. Exhibit 3 provides some examples of shifting root causes will demand a change in approach in operational risk management.

Exhibit 3: Examples of how AI shifts root causes of operational risk

Traditional organisation

Operational risk events often stem from human error, negligence, or misconduct. 

 

AI-driven organisation

Root causes shift toward inherent flaws in algorithms, training data, model design, and highly automated processes with limited human interaction, fundamentally changing control designs.

Traditional organisation

Failures typically occur due to immediate and observable errors such as system faults, human mistakes, or process breakdowns.

 

AI-driven organisation

AI failures may not manifest immediately; models trained on biased or incomplete data can appear to function normally until an edge case exposes the flaw.  Delays in failure can obscure the true root cause and complicate timely detection .

Traditional organisation

Failures are often attributed to single points of failure or isolated errors, with clear lines of accountability.

 

AI-driven organisation

AI-related incidents often involve multiple, interdependent and intertwined causes, such as data quality issues, model design flaws, and human oversight gaps, making diagnosis and accountability more complex than with isolated system failures.

Traditional organisation

Specialist trained resources follow traditional control environments and governing processes related to system development.

 

AI-driven organisation

Powerful low-code/no code platforms are widely available and accessible to all employees, not just technical specialists. Use of non-approved “Shadow AI” third-party tools mayalso be prevalent. Ensuring training and awareness will be an even more important risk mitigating control for organisations.

Traditional organisation

Traditional systems fail due to deterministic bugs. These are predictable and rule-based making it is easier to diagnose and resolve root cause issues.

 

AI-driven organisation

The “black box” and probabilistic nature of many AI models makes it difficult to pinpoint why a particular outcome occurred, challenging traditional root cause analysis, which depends on clear and traceable causal chains. 

The Classification Challenge: Where AI breaks traditional risk taxonomies

Effectively incorporating AI within operational risk frameworks will be an important step to managing new threats and maximising the benefits from new opportunities in a structured way. Based on current industry trends, we see that most banks are integrating AI risks as part of their existing operational risk taxonomies rather than treating them AI as a new, standalone risk type [10]. Regulators and industry bodies (e.g., ORX, Bank for International Settlements, European Banking Authority) have all stated that AI amplifies existing risks, rather than viewing AI as an entirely new risk category [11].

While the ORX taxonomy provides comprehensive coverage, AI introduces unique challenges that blur traditional risk category boundaries. This makes it difficult to map an AI risk scenario to a single ORX category, as identifying the root cause is not so straightforward.

Exhibit 4: Examples of taxonomy overlaps (AI incidents often span multiple ORX L1 risk categories)

Potential ORX Categories (could potentially fall under)

Information Security and External Fraud.

Potential ORX Categories (could potentially fall under)

People Risk, Data Management, Model Risk or Information Security Governance depending on context.

Potential ORX Categories (could potentially fall under)

People, Model Risk, Transaction Processing and Execution.

Potential ORX Categories (could potentially fall under)

Conduct Risk, Model Risk, or Data Management.

Potential ORX Categories (could potentially fall under)

Third-Party Risk, Business Continuity, or Model Risk.

There are also several 'AI native' risks that we believe do not directly map to traditional ORX Level 1 risk categories.

 

Exhibit 5: Examples of taxonomy gaps (Risk types that could be considered “AI native”)

Description

AI system produces outputs (including supposed sources) that are syntactically plausible but factually incorrect, nonsensical, or entirely fabricated.

Description

Unexpected capabilities or actions in AI system that were neither explicitly programmed nor intended. AI systems may pursue objectives that were not originally intended.

Description

Malicious inputs specifically crafted to manipulate an AI system’s behavior. An attack that manipulates an AI model's input prompt to elicit unintended or malicious outputs by bypassing its safety mechanisms.

Description

Tendency of users to attribute human qualities, such as empathy, to AI systems, which can lead to over-trust or reduced human oversight.

Description

Overreliance on AI systems can diminish human ability for critical thinking as well as human autonomy to make effective decisions when required.

The ORX Reference Taxonomy has introduced an “AI/ML” flag for classifying AI-related risks [12] to address this challenge. The flag applies across both the Event Type and the Cause & Impact dimensions of the Taxonomy. This enables institutions to flag incidents involving AI, regardless of the primary event type classification. ORX’s flagging approach is a useful practical workaround that preserves the integrity of the existing taxonomy structure while introducing a way to track AI-specific risks. However, it's not a substitute for proactive governance adjustments. Exhibit 6 illustrates an example scenario where an ML solution that incorrectly classifies transactions used for regulatory reporting leads to financial penalties and reputational damage.

Exhibit 6: Example scenario of an ML solution that incorrectly classifies transactions used for regulatory reporting

Skip to description

Operational risk management within the context of broader AI Governance

Operational AI risk management is a critical component of a larger AI Governance puzzle. The scale, impact, and complexity of AI-driven transformations, coupled with increasing regulatory pressures, demand organisations take a broad view to AI Governance. There are differing views on what constitutes AI Governance within financial services. In addition to risk management, AI Governance can include organisational structures, training and awareness, internal control systems (including model risk management), policies and guidelines, setting the tone at the top, and defining the organisation’s strategic approach to AI. In recent years, several new standards, frameworks, and a wealth of literature have been developed for risk management of AI. For example, ISO/IEC 42001 (AI Management System) and the NIST AI Risk Management Framework (RMF). Combined with existing frameworks and standards such as COSO (ERM and Internal Control) and ISO 31000 (Risk Management), these provide a comprehensive foundation for managing AI risks in a structured and consistent manner.

Exhibit 7 illustrates a conceptual framework for AI Governance, integrating key components from these standards and frameworks, while highlighting the broad-ranging themes and areas to consider when designing a detailed operating model. Human Oversight, AI Quality Management, and AI Risk Management complement one another to form a holistic AI Governance process, collectively addressing the underlying domains of People, Process and Technology.

Exhibit 7: Conceptional framework for AI Governance

Skip to description

Practical “no-regret” recommendations for risk management functions

To address the changing risk landscape driven by AI, organisations and management teams must evolve and adapt their approach to risk management.

We have identified the following practical “no-regret” recommendations organisations should consider as priority areas of investment. We have also mapped these recommendations to Exhibit 7. It is important to note that measuring ROI for AI initiatives can be challenging due to the pace of change, broad ranging business impacts, and longer-term benefit time horizon [13]. Leveraging traditional operational risk loss methodologies can provides a practical, quantitative approach to support investment decisions and strengthen business cases, especially within the risk and compliance domain.

  1. Invest in AI training and awareness (AI Literacy) at all levels - Ensure employees have the necessary skills and capabilities to take advantage of opportunities offered by AI, as well as understand the risks to use the technology responsibly. This is a critical initial and ongoing action for all organisations.
  2. Align on a common definition for AI - The term “Artificial Intelligence” (AI) is broad and can be interpreted differently across an organisation. Establishing a shared and common understanding will help to ensure consistency and enable clear scoping. The EU AI Act definition offers a widely accepted starting point for most organisations and will regardless be necessary to apply for regulatory scoping purposes.
  3. Embed AI risks explicitly within your risk taxonomy, assigning clear ownership and accountability - Formal integration of AI-related risks into the enterprise risk taxonomy ensures they are identified, managed, and monitored consistently across the organisation. Clear risk ownership promotes accountability, transparency, and effective mitigation. It also supports with providing improved oversight to the Board, which is responsible for setting risk appetite.
  4. Establish cross-organizational governance to review and scale AI use cases - A key challenge of AI is its cross-cutting nature across multiple risk domains. Enhance governance to enable cross-organisational collaboration and help to ensure that all risk domains are represented, as well increasing the efficiency of decision making to speed innovation. Risk functions can take the lead and champion the creation of these governance structures.
  5. Enhance risk identification and assessment processes - To effectively capture new and evolving AI risk, banks can integrate AI risks into the Risk and Control Self-Assessment (RCSA) and New Product Approval Process (NPAP), develop AI-specific stress test scenarios, and enhance monitoring capabilities to detect internal and external AI threats, and leverage AI in risk identification and assessment by driving ratings autonomously in near real-time [14].
  6. Update model inventories to capture all AI models - Effective risk management starts with adequate oversight of the model landscape which includes AI models. Clear definitions (Recommendation 3) and criteria will be pre-requisites for scoping models in the inventory. Adding risk tiering can support more effective risk-based controls and oversight.

Each organisation will have its own existing structures, its own technical and process debt, which will call for the right Operational Risk Management tailored to its individual needs. Just as the costs of quality rise, the later defects are discovered in the manufacturing process, even a small investment in any or all of these categories can yield great returns in terms of cost avoidance:  costs of quality, costs of compliance, costs to reputation / client loyalty.  The important point is not to leave things to chance, to apply the sound principles of enterprise risk management also to the field of AI.  Doing so will strengthen the prospects of sustainable benefits from this transformational technology.

Special thanks to Sanjay Patel for his invaluable contributions to developing this article, building on his extensive expertise in AI Governance. His contribution, insight and leadership played a key role in completing the underlying analysis and making it relevant for businesses and other institutions.

Footnotes:

I. AI includes classic machine learning techniques, generative AI    (particularly those based on large language models), and agentic AI.

II. Hallucination refers to the generation of outputs that are factually incorrect, nonsensical, or entirely fabricated.

III. Prompt injection is an attack that manipulates an AI model's input prompt to elicit unintended or malicious outputs by bypassing its safety mechanisms.

IV. Such losses can be calculated as the sum of risk severity multiplied by    frequency across all relevant risk scenarios. In a manner similar to insurance loss modelling, which takes into account factors such as rework costs, client attrition, and regulatory fines, organisations can estimate plausible magnitudes and probabilities for each risk “peril” to conduct a robust cost-benefit analysis. This approach enables a clear connection between compliance-related investments and tangible outcomes.

V. The ORX Event Type Taxonomy consists of 16 “Type 1” category risk events, expanding on Basel operational risk event types, as well as adding conduct and compliance events.

VI. Adversarial inputs are carefully crafted data samples (often imperceptibly altered) that are designed to mislead a machine learning model into making incorrect predictions or classifications.

VII. Deepfake impersonation is the use of AI-generated synthetic media to mimic a person’s likness, voice, or behaviour in order to deceive others into believing it is real.

VIII. Data poisoning is the deliberate manipulation of training data to corrupt an AI model’s learning and cause it to behave incorrectly or maliciously.                      

Sources:

  1. Generative AI in 2024 according to Gartner, "Medium", 2024.
  2. The Role of AI in Automating Stress Testing for Financial Institutions, "Research Gate", 2024
  3. Generative AI and the fight for trust report, "Deloitte", 2024
  4. Artificial Intelligence Risk Management Framework (AI RMF 1.0), "National Institute of Standards and Technology", 2023
  5. What is predictive data quality?, "Atlan", 2023
  6. Interpreting Black-Box Models: A Review on Explainable Artificial Intelligence, "Springer Nature Link", 2023
  7. 10 AI dangers and risks and how to manage them, "IBM", 2024
  8. Learning to Manage Uncertainty, With AI, "MIT Sloan Management Review", 2024
  9. GenAI risk falls under OpRisk, ORX survey finds, "Banking Risk and Regulation", 2024
  10. Regulating AI in the financial sector: recent developments and main challenges, "BIS", 2024
  11. ORX Reference Taxonomy guidance enhanced for 2023, "ORX", 2023
  12. Risk and Control Self-Assessment (RCSA) - The Ten Steps to RCSA Redemption, "Deloitte", 2025
  13. AI ROI: The paradox of rising investment and elusive returns, “Deloitte”, 2025
  14. Risk and Control Self-Assessment (RCSA) - The Ten Steps to RCSA Redemption, "Deloitte", 2025

Contact

Sam Mottaghi

Partner | Artificial Intelligence & Data
+46 70 080 23 45
Alexandra-Cristina Chiricuta

Alexandra-Cristina Chiricuta

Manager
+45 30 93 62 26
Devang Shah

Devang Shah

Senior Manager, Risk Advisory
+44 (0)20 7007 0476
David Thogmartin

David Thogmartin

Partner | aiStudio | AI & Data Analytics
+49 211 87722336
Thomas Clifford

Thomas Clifford

Partner
+45 30 93 40 31

Did you find this useful?

Yes
No

Thanks for your feedback

Your feedback is important to us

To tell us what you think, please update your settings to accept analytics and performance cookies.

Need help updating cookies?