Blog

CCO and CISO Guide to AI Governance Responsibilities Under NYDFS

A practical breakdown of CCO AI governance responsibilities, CISO cybersecurity accountability, and CRO risk obligations under NYDFS—with a RACI map you can use immediately.

9 min read

The New York Department of Financial Services has made one thing clear: when AI systems fail inside a regulated institution, the question of who owned that risk will land on specific desks. CCO AI governance responsibilities, CISO accountability for cybersecurity controls, and CRO obligations around risk appetite are no longer soft organizational questions. Under NYDFS’s evolving AI guidance, they carry regulatory weight. This post maps each executive role to its distinct obligations.

RelatedNYDFS AI Guidance for Banks: A CCO and CISO Compliance Reference


How NYDFS defines the CCO’s AI governance mandate

The Chief Compliance Officer’s role in AI governance is not about understanding the technology. It is about ensuring the institution has a documented, enforced compliance posture that maps AI use to applicable regulatory requirements — NYDFS Part 500, DFS cybersecurity regulations, and any sector-specific guidance the department issues.

Under NYDFS expectations, CCO AI responsibilities cluster around three areas:

  • Policy ownership. The CCO is accountable for maintaining written AI governance policies that define permissible use cases, prohibited applications, and the review process for new AI deployments. These policies must be living documents.
  • Regulatory mapping. Every AI system in production should be traceable to a compliance determination. The CCO’s team needs to document which regulatory requirements each system implicates — fair lending, data privacy, cybersecurity, model risk — and confirm that controls exist for each.
  • Third-party oversight. NYDFS has been explicit that regulated entities cannot outsource compliance accountability to vendors. The CCO must ensure that vendor AI systems are subject to the same governance standards as internally built models.

The CISO’s role: embedding AI into the cybersecurity control framework

The CISO’s lane is narrower and more technical than the CCO’s, but no less consequential. CISO AI cybersecurity strategy is about extending the institution’s existing cybersecurity program to cover the attack surface and operational risks introduced by AI systems.

NYDFS Part 500 already requires covered entities to maintain a cybersecurity program. AI systems are information systems. That means the CISO owns their inclusion in:

  • Threat modeling and vulnerability assessment. AI models can be attacked through adversarial inputs, data poisoning, model inversion, and prompt injection. The CISO must ensure these threat vectors are included in the institution’s annual penetration testing and vulnerability management programs.
  • Access controls and data governance. Training data, model weights, inference endpoints, and API keys are all high-value targets. The AI governance control framework the CISO maintains should specify who can access each layer.
  • Incident response integration. AI-specific failure modes — model drift, a compromised inference API, a data pipeline breach — need to be reflected in the institution’s incident response plan.
  • Change management for model updates. The CISO should have a seat at the table when models are retrained on new data or when third-party model providers push updates.

CRO responsibilities: AI risk appetite, governance committee, and escalation paths

Chief Risk Officer AI governance sits at the intersection of strategy and structure. The CRO’s job is to ensure the institution has made explicit, board-approved decisions about how much AI risk it is willing to carry and has built the organizational machinery to enforce those limits.

AI risk appetite statement. The CRO’s foundational deliverable. It should define which AI use cases the institution will and will not pursue, what concentration limits apply, and what residual risk thresholds trigger escalation. Vague language about “responsible AI” does not satisfy a NYDFS examiner. Quantified limits and documented rationale do.

AI governance committee structure. The CRO typically chairs the institution’s AI governance committee — the body responsible for approving new AI deployments, reviewing ongoing model performance, and escalating material risks to the board. A functional committee includes representation from compliance, technology, legal, and the relevant business lines, and meets quarterly at minimum with documented minutes.

Escalation paths. NYDFS expects board-level awareness of material AI risks, which means the CRO must translate technical and operational risk signals into language that a board risk committee can act on.


Regulatory reporting: AI risk metrics the CCO and CISO must track

NYDFS examiners do not accept narrative assurances. The CCO and CISO should be tracking:

  • Model inventory completeness. What percentage of AI systems in production are documented?
  • Model validation coverage. Of the models in inventory, what percentage have been validated within the required review cycle?
  • Third-party AI vendor assessment status. How many third-party AI vendors are in scope, and how many have completed the institution’s vendor risk assessment?
  • Cybersecurity control coverage for AI systems. What percentage of AI systems are covered by penetration testing, access control reviews, and incident response playbooks?
  • Incident and near-miss tracking. How many AI-related incidents or near-misses occurred in the reporting period, and what remediation was completed?
  • Escalation timeliness. When AI risk events were identified, how long did it take to escalate to the governance committee and the board?

Assigning ownership: a RACI for CCO, CISO, and CRO

The most common failure mode in AI governance is not that no one cares — it is that multiple people think someone else owns a given task. Adapt the following to your institution’s structure.

ActivityCCOCISOCROBoard
AI use policy development and maintenanceR/ACCI
Model inventory maintenanceRCAI
Cybersecurity controls for AI systemsCR/AII
Third-party AI vendor risk assessmentsR/ACCI
AI risk appetite statementCIR/AA
AI governance committee (chair)CCR/AI
Regulatory mapping of AI use casesR/ACCI
Incident response for AI eventsCR/AII
Board-level AI risk reportingCCR/AI
AI governance audit framework designRCAI
Penetration testing coverage for AICR/AII
Regulatory reporting AI risk metricsRCAI

R = Responsible, A = Accountable, C = Consulted, I = Informed

The CCO and CRO share accountability on several items intentionally. What matters is that accountability is documented and that the committee has a process for resolving disputes when priorities diverge. The CISO’s accountability is concentrated in cybersecurity controls and incident response.

Brine

Build, hire, and govern every AI system in your environment.

Describe a workflow in plain English and Brine builds it, runs it on your data, and governs every step — costing and attributing each action to its agent and model, with a pre-dispatch cap that holds a step before it overspends and a signed audit trail as standard.

Scope a pilot More resources