DE
With its latest survey, FINMA has issued a clear signal: Artificial Intelligence (AI) has become a firmly embedded part of day-to-day operations in the Swiss financial market – particularly within banks and insurance companies. It’s most commonly used for process optimisation, claims handling, front-office tasks, and risk management. The spectrum ranges from rule-based systems to self-learning models that increasingly influence decisions.
Progress is evident – but uneven. While technological innovation moves ahead and initial use cases go live, governance often lags behind. FINMA is direct in its assessment: Many institutions lack clear internal frameworks, responsibilities are undefined, and the implications of AI on risk exposure, accountability, and regulatory compliance are not being addressed in a structured way.
The result is a structural gap – between technological potential and institutional control. AI is being deployed, but often without formal integration into organisational oversight. Control mechanisms are fragmented, reactive, or siloed within specific departments, with little alignment to overarching GRC structures. This poses significant operational, reputational, and regulatory risks, particularly for critical use cases.
Widespread Adoption, Limited Structure
Despite the growing use of AI, many institutions still lack a comprehensive management model. According to FINMA, around 50% have embedded AI into an explicit strategy – yet implementation remains inconsistent. Existing governance frameworks typically focus on data protection, cybersecurity, or data management, while specific challenges related to algorithmic systems – such as explainability, bias, or automation risks – are often overlooked.
The following chart from the FINMA report illustrates which areas AI is currently being used in – with banks leading the way, and a strong concentration in process optimisation and broadly defined “Other Applications”.
Chart: Number of AI applications by area and type of institution. Source: 187 institutions with approved AI use cases.
This broad and partly undefined pattern of use highlights the pressing need for a structured, institution-specific AI governance framework – one that goes beyond IT or data protection, and addresses the full organisational, ethical, and regulatory dimensions of AI.
Governance Is Not Optional – It’s Fundamental
FINMA has made it clear: it is closely monitoring how institutions handle AI and will increasingly factor this into its supervisory activities. At the same time, the upcoming EU AI Act is set to introduce a binding regulatory framework – one that will also affect Swiss companies with cross-border operations.
In this evolving landscape, organisations face critical questions:
-
How can AI-related risks be identified and managed at an early stage?
-
How can AI be embedded into existing GRC structures?
-
How can transparency and auditability be ensured for AI-driven decisions?
-
How can regulatory requirements be met in a fast-moving environment?
These are not just technical questions. They go to the heart of organisational control and must therefore be addressed at the management level.
An Integrated Approach: Swiss GRC and AI Governance
At Swiss GRC, we’ve long been focused on how governance structures must evolve to keep pace with technological developments. In our view, AI does not require a separate governance world – it needs to be embedded into existing enterprise control systems.
Swiss GRC’s AI GRC Module is a fully integrated component of our established GRC Toolbox, and works seamlessly with:
-
Enterprise Risk Management
-
Internal Control System (ICS)
-
Business Continuity Management (BCM)
-
Third Party Risk Management (TPRM)
-
Data Protection & Information Security (ISMS)
-
Internal Audit
This integrated approach provides a 360-degree view of AI-related risks – methodologically robust, practically tested, and fully aligned with current and upcoming regulatory frameworks.
Abbildung: Dashboard des AI GRC Moduls in der GRC Toolbox
Conclusion: Use AI – But Keep It Under Control
The FINMA survey makes one thing clear: AI is already in widespread use – but governance has not caught up. The challenge is real: AI deployment is accelerating, but risk management, control mechanisms, and oversight structures are not developing at the same pace. This creates a tension between technological advancement and corporate accountability – with potential consequences for system integrity, regulatory compliance, and trust in automated decision-making.
Now is the time to rethink governance – not as an afterthought, but as a strategic foundation for secure, transparent, and future-ready AI implementation.
Swiss GRC helps organisations establish exactly this foundation: integrated, practice-oriented, and seamlessly connected to their existing GRC structures.
Curious how AI Governance could look in your organisation?
Book a conversation with our expert team today. Schedule a meeting.
