Description

Companies are deploying conversational LLMs without understanding their inherent risks, leading to reputational and financial damage from issues like hallucinations and prompt injections. Standard governance has failed, and generic frameworks like NIST RMF or ISO 31000 are unfit for the specific, unpredictable nature of LLM outputs. This session argues for a fundamental mindset shift: instead of seeking a one-size-fits-all solution, companies must adopt a standard for creating their own bespoke risk frameworks. Drawing on direct experience in the finance sector, we will introduce the EDICT framework—a set of principles for building internal protocols that are Exhaustive, Dynamic, Integrable, Cross-team, and Transferrable. We will provide practical guidelines for applying these principles based on company size and maturity. The goal is to demonstrate how a shared risk management “”skeleton,”” adapted with specifics unique to your operations, is the only realistic way to maximize utility while ensuring safety and compliance.