A. Žigman panellist at an international conference in Malta

The President of the Board of the Croatian Financial Services Supervisory Authority (Hanfa), Ante Žigman, participated last week in the international Governance, Risk, Compliance and ESG Conference held in Malta.

The event was organised by the Malta Stock Exchange in collaboration with the Malta Financial Services Authority. Mr Žigman participated in the panel discussion entitled "Operational Resilience: Creating an Effective Operational Risk Management Framework".

Markets are evolving rapidly, regulatory expectations are intensifying, and innovation is redefining how the financial sector operates. In such a dynamic environment, the event brought together experts and leaders from the financial sector, regulators and policymakers, in order to open a constructive dialogue on the opportunities and challenges faced by the sector.

The panel discussion focused on managing operational risks, particularly those posed by artificial intelligence (AI). The discussion addressed the regulatory perspective and the risks arising from the use of AI, including the possibility of inaccurate audits, hallucinations, unauthorised actions, and impact on data, privacy, and security.

In his opening remarks, Žigman said that the EU Artificial Intelligence Act has enabled the regulation of the basic control rules and of the key areas of risk posed by AI in practice. The areas of its application are explicitly described by risk category, which makes it impossible for any risk assessment step to be ignored. Business responsibilities are clear and are not changed by the application of AI technologies. However, it is crucial to monitor and check whether the senior management are aware of the risks, how the risks have been addressed, and whether they actually manage this new type of operational risk.

He noted that monitoring the development of solutions is probably one of the biggest current challenges, given the complexity of the technology and the continuous learning process and development of the AI system. "Access to data by autonomous systems, both corporate and, even more so, personal data, must undergo regular approval procedures, as is already the case in the usual cyber risk management chain and under the GDPR," he added.

During the development and implementation process, as with any other business process or tool, it is essential for management to define the procedures and responsibilities relating to operations, risk management, and oversight, in order to ensure proper business compliance.
AI business process outcomes must be subject to enhanced oversight and monitoring, depending on the level of risk measured within the company / supervised entity, as well as in terms of classification under the EU Artificial Intelligence Act.

Strengthening international cooperation remains crucial for addressing common challenges and achieving sustainable growth, technological advancement, and resilience, as well as for understanding the implications of unconventional risks and exploring ways to mitigate them.

Photo: MFSA