How are you making sure that AI projects are not unnecessarily delayed by overly stringent compliance requirements?

We've implemented a rapid risk assessment process (<24 hours) and have ongoing engagement on the highest risk projects.

We've adopted a use case approach to establish sanctioned transactions or initiatives that wouldn't be showstoppers. We identify specific AI use cases, whether for problem-solving or data analytics, and sanction them within certain limitations. This allows us to start projects with prescribed criteria, working within a vetted jurisdiction. We also invite stakeholders to be part of the steering committee for these projects, ensuring they have ownership and contribute as equal partners. They understand the business drivers and help enable the work, ensuring their requirements are met. We create specific legal language for contracts and have established SLAs with legal for quick responses. Procurement and legal work closely together to ensure quick turnarounds while crossing all T's and dotting all I's. While there may be delays, involving these parties early and making them part of the process minimizes them. Once they understand the business drivers and security reviews are complete, we proceed with rollouts. These steps help the organization acclimate to AI and identify gaps to bridge.

Last year, we established a digital enablement team to address this very issue. Initially, when AI started gaining traction in 2023, we had a moratorium—no one was allowed to use AI, including tools like ChatGPT. Gradually, we worked with legal, finance, and IT to ease these restrictions. The digital enablement team was crucial in this transition. We encouraged everyone to share their AI ideas, detailing how they were using AI within the organization and whether they should be using it. This initiative allowed us to gain visibility into AI usage and helped individuals navigate the AI landscape. We set up a core team to review each idea weekly, deciding whether to reject it, invest in it, prototype it, or collaborate with a vendor. This structured approach helped us eliminate unnecessary projects while maintaining compliance without causing delays. We ensured that every idea was heard and vetted tools to see if they fit our ecosystem, considering factors like legality and financial feasibility.