Journal of Operational Risk

Marcelo Cruz

Editor-in-chief

Welcome to the second issue of Volume 21 of The Journal of Operational Risk. We continue to receive papers on the impact of artificial intelligence (AI) on financial institutions. This issue contains a paper by a team from Commerzbank showing how they validate their AI models for customer support, while another paper uses AI to comb through hundreds of papers on enterprise risk management (ERM) implementation to provide a consolidated view of the subject. The final paper in the issue, by an expert from Citigroup, proposes a framework for global governance for Generative AI (GenAI). In upcoming issues we will publish more papers discussing AI and its impact on financial institutions’ risk management.

Despite the quick adoption of AI by financial institutions, regulations have not adapted at the same pace. In the United States, for example, there is a political dispute between states and the federal government over who should be responsible for supervision and regulation. On December 11, 2025, the White House issued an executive order to create a singular national policy framework for AI. To accomplish this, the executive order seeks to limit state-level regulation through a mixture of proactive litigation and restrictions on previously allocated federal funding. It also directs the Special Advisor for AI and Crypto and the Assistant to the President for Science and Technology to prepare a legislative recommendation establishing a uniform federal policy framework that preempts certain conflicting state AI laws. Finally, it directs the Federal Trade Commission to issue guidance on applying the standards on unfairness and deception from the 1914 Federal Trade Commission Act to AI models, potentially preempting state bias laws. For now, banks are using good old model risk management for AI models, but this is clearly insufficient. We hope to see a lot of discussion in these pages on how/if AI should be regulated.

RESEARCH PAPERS

In the issue’s first paper, “The key role of accounting intelligence and risk management in the practical economy: a new insight into company profitability”, Ping Chen, Yuechao Zhu, Huihua Zheng and Shanqiu Liu suggest that in a world with fast-paced technological advancements and ever-changing international geopolitics, ERM is becoming even more important and valuable. However, in their view, there is a clear lack of understanding of the connections between risk factors, and as most of the available data comes from Europe and United States, there is also a lack of empirical analysis of the differentiation mechanisms in emerging market economies. Chen et al’s study aims to close this gap by using partial least squares structural equation modeling and response surface methodology to explore the example of a Malaysian financial industry. Their results show that ERM significantly improves both financial performance and nonfinancial performance, although the technology investment compensation system is weak. These findings indicate that the moderating effect of accounting intelligence enhances the effectiveness of ERM. By embedding ERM into a dynamic capability framework, the study provides a new perspective on the complex relationship between ERM and enterprise performance and should serve as a reference for understanding ERM practices in emerging markets.

The second paper in the issue, “Model validation of a generative-artificialintelligence- based avatar for customer support in banking” by Jochen Gerhard, Martin Gombert, Björn Henrich and James Smith, presents an innovative validation approach for a GenAI-based avatar named Ava, designed to handle customer inquiries in the banking sector. Classical model validation frameworks fall short when applied to GenAI models due to the opaque, black-box nature of such models. This paper introduces a systematic framework of guardrails that emphasize trustworthiness, including rigorous testing, real-time monitoring, scenario assessment and effective governance. Using Commerzbank’s Ava as a case study, the framework provides insights into achieving trustworthy AI in highly regulated sectors, balancing innovation and compliance. The authors’ validation approach ensures Ava adheres to principles of human oversight, fairness, transparency and reliability, which are vital for safe use in financial services.

In “Determinants of enterprise risk management implementation: evidence from multinational corporations across the three lines of defense”, our third paper, Roopa MN and Priti Bakhshi note that ERM is frequently regarded as an effective tool to handle interrelated risks in an environment of increased risk complexity. However, the factors that contribute most to the successful deployment of ERM are still unclear, and there is conflicting information regarding the usefulness of the practice. One of the main factors contributing to these disparate outcomes is the challenge of identifying businesses that have adopted ERM. The authors carried out a systematic literature review of 151 articles from international peer reviewed journals. In a pilot study and subsequent analysis, ADANCO 2.2.1 was used as a statistical tool to examine 309 survey responses across the three lines of defense in multinational corporations. The authors’ findings, which will be useful to organizations that have begun ERM deployment, deepen understanding of the influencing factors in the acceptance of ERM among ERM implementers, senior executives and boards of directors. The authors catalog these key factors and propose a conceptual model for ERM implementation, making a strong case for ERM adoption by firms.

Finally, in the issue’s fourth paper, “A global governance framework for generative artificial intelligence in financial risk management: empirical insights on mitigating hallucination and opacity in the augmented intelligence era”, Krishan Kumar Sharma highlights that while the integration of GenAI into financial risk functions offers significant efficiency gains, it introduces nondeterministic risks that challenge traditional supervisory oversight. Unlike traditional econometric models, GenAI systems use transformer-based architectures to synthesize unstructured data, potentially mitigating operational frictions in cross-jurisdictional risk data aggregation and reporting. However, the stochastic nature of these systems fundamentally disrupts the “static validation” and “periodic review” assumptions inherent in deterministic frameworks such as the Federal Reserve Guidance SR 11-7 and the Basel Committee on Banking Supervision’s Standard 239. This paper assesses GenAI applications across market, credit and operational risk stripes, utilizing a methodology grounded in organizational control theory and a global systemically important bank case study. Sharma proposes a six-pillar governance framework anchored in the theory underlying the National Institute of Standards and Technology AI Risk Management Framework and the Committee of Sponsoring Organizations of the Treadway Commission Internal Control–Integrated Framework. Effective deployment requires an architectural shift from output-based backtesting to continuous supervisory overlays and radical prompt auditability. Empirical validation via a controlled pilot on 100 financial excerpts (using a GPT-4 snapshot to control for model drift) demonstrates that structured governance reduces the hallucination rate from 14.2% to 3.1% (p < 0:001). Sharma’s findings suggest that while legacy infrastructure remains a primary hurdle to implementation, aligning GenAI with robust model risk management principles will facilitate the transition toward strategic, augmented risk oversight.