The New York Department of Financial Services has made one thing clear: when AI systems fail inside a regulated institution, the question of who owned that risk will land on specific desks. CCO AI governance responsibilities, CISO accountability for cybersecurity controls, and CRO obligations around risk appetite are no longer soft organizational questions. Under NYDFS’s evolving AI guidance, they carry regulatory weight. This post maps each executive role to its distinct obligations.
How NYDFS defines the CCO’s AI governance mandate
The Chief Compliance Officer’s role in AI governance is not about understanding the technology. It is about ensuring the institution has a documented, enforced compliance posture that maps AI use to applicable regulatory requirements — NYDFS Part 500, DFS cybersecurity regulations, and any sector-specific guidance the department issues.
Under NYDFS expectations, CCO AI responsibilities cluster around three areas:
- Policy ownership. The CCO is accountable for maintaining written AI governance policies that define permissible use cases, prohibited applications, and the review process for new AI deployments. These policies must be living documents.
- Regulatory mapping. Every AI system in production should be traceable to a compliance determination. The CCO’s team needs to document which regulatory requirements each system implicates — fair lending, data privacy, cybersecurity, model risk — and confirm that controls exist for each.
- Third-party oversight. NYDFS has been explicit that regulated entities cannot outsource compliance accountability to vendors. The CCO must ensure that vendor AI systems are subject to the same governance standards as internally built models.
The CISO’s role: embedding AI into the cybersecurity control framework
The CISO’s lane is narrower and more technical than the CCO’s, but no less consequential. CISO AI cybersecurity strategy is about extending the institution’s existing cybersecurity program to cover the attack surface and operational risks introduced by AI systems.
NYDFS Part 500 already requires covered entities to maintain a cybersecurity program. AI systems are information systems. That means the CISO owns their inclusion in:
- Threat modeling and vulnerability assessment. AI models can be attacked through adversarial inputs, data poisoning, model inversion, and prompt injection. The CISO must ensure these threat vectors are included in the institution’s annual penetration testing and vulnerability management programs.
- Access controls and data governance. Training data, model weights, inference endpoints, and API keys are all high-value targets. The AI governance control framework the CISO maintains should specify who can access each layer.
- Incident response integration. AI-specific failure modes — model drift, a compromised inference API, a data pipeline breach — need to be reflected in the institution’s incident response plan.
- Change management for model updates. The CISO should have a seat at the table when models are retrained on new data or when third-party model providers push updates.
CRO responsibilities: AI risk appetite, governance committee, and escalation paths
Chief Risk Officer AI governance sits at the intersection of strategy and structure. The CRO’s job is to ensure the institution has made explicit, board-approved decisions about how much AI risk it is willing to carry and has built the organizational machinery to enforce those limits.
AI risk appetite statement. The CRO’s foundational deliverable. It should define which AI use cases the institution will and will not pursue, what concentration limits apply, and what residual risk thresholds trigger escalation. Vague language about “responsible AI” does not satisfy a NYDFS examiner. Quantified limits and documented rationale do.
AI governance committee structure. The CRO typically chairs the institution’s AI governance committee — the body responsible for approving new AI deployments, reviewing ongoing model performance, and escalating material risks to the board. A functional committee includes representation from compliance, technology, legal, and the relevant business lines, and meets quarterly at minimum with documented minutes.
Escalation paths. NYDFS expects board-level awareness of material AI risks, which means the CRO must translate technical and operational risk signals into language that a board risk committee can act on.
Regulatory reporting: AI risk metrics the CCO and CISO must track
NYDFS examiners do not accept narrative assurances. The CCO and CISO should be tracking:
- Model inventory completeness. What percentage of AI systems in production are documented?
- Model validation coverage. Of the models in inventory, what percentage have been validated within the required review cycle?
- Third-party AI vendor assessment status. How many third-party AI vendors are in scope, and how many have completed the institution’s vendor risk assessment?
- Cybersecurity control coverage for AI systems. What percentage of AI systems are covered by penetration testing, access control reviews, and incident response playbooks?
- Incident and near-miss tracking. How many AI-related incidents or near-misses occurred in the reporting period, and what remediation was completed?
- Escalation timeliness. When AI risk events were identified, how long did it take to escalate to the governance committee and the board?
Assigning ownership: a RACI for CCO, CISO, and CRO
The most common failure mode in AI governance is not that no one cares — it is that multiple people think someone else owns a given task. Adapt the following to your institution’s structure.
| Activity | CCO | CISO | CRO | Board |
|---|---|---|---|---|
| AI use policy development and maintenance | R/A | C | C | I |
| Model inventory maintenance | R | C | A | I |
| Cybersecurity controls for AI systems | C | R/A | I | I |
| Third-party AI vendor risk assessments | R/A | C | C | I |
| AI risk appetite statement | C | I | R/A | A |
| AI governance committee (chair) | C | C | R/A | I |
| Regulatory mapping of AI use cases | R/A | C | C | I |
| Incident response for AI events | C | R/A | I | I |
| Board-level AI risk reporting | C | C | R/A | I |
| AI governance audit framework design | R | C | A | I |
| Penetration testing coverage for AI | C | R/A | I | I |
| Regulatory reporting AI risk metrics | R | C | A | I |
R = Responsible, A = Accountable, C = Consulted, I = Informed
The CCO and CRO share accountability on several items intentionally. What matters is that accountability is documented and that the committee has a process for resolving disputes when priorities diverge. The CISO’s accountability is concentrated in cybersecurity controls and incident response.