Glossary term
Glossary term
Governance and Compliance
The amount and type of AI risk an organization is willing to accept in pursuit of objectives. It should be specific enough to guide approvals, exceptions, and escalation, clarifying where the organization refuses certain uses, requires executive approval, mandates independent validation, or allows experimentation with limited safeguards.
JPMorgan's enterprise risk appetite statement was updated in 2023 to include explicit limits on use of generative AI for client-facing communications without human review.
OpenAI's Preparedness Framework defines risk appetite thresholds across cyber, CBRN, persuasion, and model autonomy categories, with deployment restrictions tied to Critical capability levels.
ING Group's risk appetite framework explicitly addresses model risk, with documented tolerances for false positive and false negative rates across AML and credit risk models.