Poor data preparation for artificial intelligence deployments is exposing financial institutions to greater business conduct risks that could cost them as much as US$43 million per year, according to new research.
An updated report by business conduct data provider RepRisk found that such AI-related incidents are on the rise as applications are rolled out at gathering speed across the industry. Companies are experiencing two or three such incidents each year, with each costing an average of $14m in lost business and investors, regulatory fines and reputational damage, the report by the Switzerland-headquartered company stated.RepRisk’s global Business Conduct Risk Intelligence Report builds on growing awareness that despite the efficiency and productivity benefits brought by AI, the technology can also bring damaging outcomes if leaders base their decisions on bad outputs from their models.
“Everyone’s going full speed ahead for AI while, at the same time, the risks are increasing,” Alexandra Mihailescu Cichon, global head of market development at RepRisk, told Data Management Insight. “And yet banks, asset managers, and corporates may not have all the governance in place to manage it, to provide the guardrails.”
Mounting Concern
The UK report, combining risk incident data with the March survey, found that the US and UK lead the world in AI-related business conduct risk incidents, which had risen globally by 55 per cent between 2023 and 2025, according to the survey. As well, 56 per cent of the 513 C-suite leaders interviewed for RepRisk by Oxford Economics said they anticipated AI-related conduct risks would pose the greatest material non-financial challenge over the next three years. That compares with 16 per cent over the past three years. More than two-thirds said risk complexity had increased over the past year.
AI-led business conduct incidents are defined as those arising from decisions made from the misuse of AI – whether inadvertent, through negligence or deliberate.
Key risks centre on model inaccuracies, including false positives and false negatives, as well as limited transparency, explainability, and auditability. Additional concerns stem from inconsistent or opaque data inputs and evolving methodologies, which can undermine time-series comparability – highlighting the need for robust, stable approaches when data is used for ongoing monitoring and reporting.The impacts span a wide variety of real-world outcomes, typically focused on social breaches such as human rights violations, data privacy offences, racial, gender, and other biases, as well as environmental issues related to AI infrastructure.
UK Exposure
In the latest report, the UK emerged as the country that is most exposed to such risks after the US, largely due to the government’s promotion of AI adoption and the technology’s rapid integration into the national economy. The data shows the UK is twice as exposed as Italy and France and is three times more exposed than it was two years ago.
“There’s a natural correlation between adoption and risk exposure,” said Mihailescu Cichon. “But we also believe that the more it becomes embedded in workflows and decision-making, and across programmes and initiatives, the greater the risk exposure becomes.
“The surest way to avoid such exposures is to have a comprehensive data-management strategy in place to ensure that the data used by models is trustworthy before AI is adopted,” Mihailescu Cichon added.
“There are questions that clients should already be asking, very pragmatically, to help them identify data that is both trustworthy and scalable as opposed to data that may appear robust in a one-off model check or demonstration,” said Mihailescu Cichon.
The company advocates a five-pillar framework:
- Ensure the data used to train AI models is human-verified. “If you do not know what a model has learned from, you do not know its blind spots,” Mihailescu Cichon advised.
- Question the sources of data and whether they are curated and controlled. “A data provider should be able to explain to every client, ‘This is how we source our data and ensure lawful access to sources’,” said Mihailescu Cichon.
- Proof if the methodology is transparent and consistent “Every data point must be explainable, consistently assessed, and traceable to its original evidence – every single time,” she commented.
- Use state-of-the-art master data management to ensure the data can be reliably linked to entities or investment universes at scale. “Can you make sure that the risk signal matches the entity in the portfolio or lending book?” she added. “That’s already a risk if this cannot be done properly.”
- Ensure the data is auditable, reproducible, traceable and defendable. “When an asset manager decides to divest, or a bank makes a lending decision, they have to be able to trace it back and demonstrate that it is based on specific information – down to the underlying data point, its source, and how it was assessed,” she said. “All of that has to stand up to regulatory scrutiny.”
Subscribe to our newsletter
