What Is AI Risk Appetite?
AI Risk Appetite is the level and type of AI-related risk that an organisation is willing to accept in pursuit of its objectives, formally approved by the board or governing body.
AI Risk Appetite — the level and type of AI-related risk that an organisation is willing to accept in pursuit of its objectives, formally approved by the board or governing body.
AI risk appetite translates abstract governance commitments into operational guidance. A board-level AI risk appetite statement defines which AI use cases are permitted, which require enhanced controls, and which are prohibited — regardless of technical capability. Without a defined risk appetite, AI deployment decisions are made by individual teams with no organisational reference point. APRA, the FCA, and EBA all expect regulated firms to have documented AI risk appetite linked to their broader risk framework.
Source: APRA CPS 220; FSB AI/ML report (2017)
Plain-language explanation
AI risk appetite translates abstract governance commitments into operational guidance. A board-level AI risk appetite statement defines which AI use cases are permitted, which require enhanced controls, and which are prohibited — regardless of technical capability. Without a defined risk appetite, AI deployment decisions are made by individual teams with no organisational reference point. APRA, the FCA, and EBA all expect regulated firms to have documented AI risk appetite linked to their broader risk framework.
See where you stand on AI governance
Take the free 7-question maturity assessment and get a personalised action plan.
Free assessment — 3 minutes →