Risk Management - Information Security, Data protection and AI

Throughout the course, interactive group exercises will encourage participants to apply theoretical concepts, collaborate on problem-solving, and gain hands-on experience with AI tools to enhance security practices and data protection strategies.
Structured around the latest EU directives—GDPR, DORA, NIS2, and the AI Act—the course follows a cohesive storyline that mirrors the journey of a financial institution striving to modernize its operations while maintaining compliance and managing risk. Participants will engage with realistic scenarios, simulating decisions and challenges faced by banking risk managers in the digital era.
In an increasingly digital and interconnected financial landscape, banking professionals must navigate the complexities of information security, data protection, and the responsible use of artificial intelligence (AI). This course is designed to equip seasoned banking professionals with the knowledge and practical skills needed to address emerging risks related to data management and AI implementation.

As part of the global certification program of the House of Training in Risk Management in banking, this course aims at:

• Enhancing understanding of the EU regulatory framework for data protection, cybersecurity, and AI, with a focus on GDPR, DORA, NIS2, and the AI Act
• Equipping participants with practical skills to identify, assess, and mitigate risks related to data security and AI applications within the financial sector
• Developing competence in leveraging AI tools responsibly and efficiently for risk management while ensuring compliance and data protection

Part 1 – Setting the Context
This part lays the groundwork by introducing the three core pillars of the course: Information Security, Data Protection, and Artificial Intelligence. The objective is to build a shared foundation before engaging in hands-on activities. Content is tailored to non-technical professionals, focusing on strategic and risk management implications in the banking sector.

1. Introduction to Information Security

• Definition and scope: Confidentiality, Integrity, Availability (CIA triad)
• Threat landscape in banking: phishing, ransomware, insider threats
• Traditional security controls and best practices
• Focus: Identification and mitigation of cyber risks within enterprise risk frameworks

2. Introduction to Data Protection

• Core concepts: personal data, lawful processing, consent
• GDPR essentials: data subject rights, breach notifications, accountability
• Application to banking environments
• Focus: Compliance risk, reputational exposure, and privacy governance

3. Introduction to Artificial Intelligence

• Definition and key AI capabilities: machine learning, NLP, automation
• Use cases in finance: credit scoring, fraud detection, compliance monitoring
• Regulatory considerations: EU AI Act and high-risk systems
• Ethical and governance concerns
• Focus: AI-related risks—bias, opacity, compliance, and operational impact

Part 2 – Interactive Main Module: AI Disrupting InfoSec & Data Protection
Participants explore how AI tools are reshaping risk management practices in cybersecurity and data protection. Through collaborative group exercises and real-time demos, participants learn to evaluate risks, leverage AI tools, and present practical insights.

1. AI Research Sprint – Group Work

Each group investigates one of the following real-world challenges using AI tools:

• Group 1: How AI is used to detect and prevent cyber threats
• Group 2: How AI enhances or complicates data protection and compliance
• Group 3: Risks of using AI tools (e.g., ChatGPT) in regulated banking environments
• Group 4: AI automation in compliance reporting and risk monitoring

Recommended Tools: ChatGPT, Perplexity, Gamma.AI
2. Presentation Preparation

• Groups prepare a 5-minute presentation using Gamma.AI or slide tools
• Focus: risk identification, AI application, mitigation proposals

3. Group Presentations and Peer Discussion

• Each group presents (5 minutes + 2 minutes Q&A)
• Peer feedback and trainer-facilitated discussion on risk implications and controls

4. Real-Time AI Demonstration

Trainer demonstrates how to use AI tools for common risk and compliance tasks:

• Summarizing a data breach report
• Drafting a DPIA (Data Protection Impact Assessment)
• Crafting ethical AI prompts that avoid bias or privacy risks

5. Wrap-Up and Reflections

• Summary of key insights
• Open discussion: How can AI be responsibly integrated into a bank’s risk strategy?
• Interactive poll via Mentimeter: What’s your biggest takeaway from today?

This module is part of the Risk Management Certification. To obtain their certificate, candidates must complete 11 days of training in Risk Management and pass the exam for each course.