AI in the Workplace and Managing Risk
By Styskal, Wiese & Melchione
June 3, 2025
Use of Artificial Intelligence (AI) has become increasingly ubiquitous with the advent of tools such as ChatGPT, CoPilot, and ZestAI. These are being used in the workplace to assist with a variety of tasks and decisions from creating marketing content to notes summarization to making loan decisions. While these can be very helpful tools for promoting efficiency and effectiveness, there are also important risks to consider as with any new technology. This post is intended to help leaders start thinking through risk management practices needed for AI use in the workplace.
Types of AI
To begin with, let’s draw an important distinction between two types of AI:
- Generative AI: Tools that help create content or distill content into notes or summaries
- Predictive AI: Tools that help process data to come to decisions or predictions
While Generative AI poses its own set of risks, Predictive AI – especially when used for “Consequential Decisions” (as defined under applicable law) within the contexts of employment, financial or lending services, or insurance – faces potentially higher risks with regards to violations of anti-discrimination law and consumer rights.
Financial institutions using AI should have an AI risk management program addressing general risk management principles with targeted approaches for each type of AI based on their uses and impacts.
Generative AI as a Workplace Tool
Below are some common ways that employees use generative AI, and their potential risks:
| Use | Example | Potential Risks |
| Performing research | Using a chatbot to research a new NCUA regulation | Validity and reliability of results |
| Generating notes and summaries | Using an AI Companion to generate minutes for a board meeting | Validity and reliability of results, compliance with recording/wiretapping laws, efficacy of use as official record |
| Producing outward communication | Using an image generator to produce marketing materials | Potential copyright/trademark/license violations |
How can a business manage these risks?
One good place to start is by either updating or creating an Acceptable Use Policy (AUP) for company-provided AI tools. Your AUP may include elements such as:
- List of approved tools, with a process for requesting authorization for new tools
- List of prohibited uses (e.g. use that violates other technology policies, entering customer information or other personally identifiable information, etc.)
A note for Credit Unions (CU) regarding adopting an AUP: It is typically not necessary for a CU board to vote on an AUP as this is an operational-level policy.
Financial institutions should also have a designated Committee or Department and process for vetting and contracting AI tools.
Using Predictive AI for Decision Making
Now let’s look at some common ways that financial institutions use predictive AI, and their potential risks:
| Use | Example | Potential Risks |
| Making lending decisions | Using AI credit decisioning to automate decisioning | Algorithmic discrimination, adverse action notice, data privacy |
| Making hiring decisions | Using an automated employment decision tool to help screen, assess, and interview job candidates | Bias and discrimination, transparency with candidates, regulatory requirements (e.g. New York City’s Local Law 144) |
Using AI to make decisions comes with an even more complex set of risks in terms of outcomes and impacts than the previous examples of using generative AI as a workplace tool. This is especially true with AI technology that is customer facing or uses customer data.
Regulatory bodies have been taking notice of adverse effects on customers, especially regarding discrimination and bias. In April 2023, the CFPB, DOJ, EEOC, and FTC issued a Joint Statement communicating that existing legal authorities apply to use of automated systems, and that innovation does not exempt users from the existing expectations for non-discrimination under the law. They outlined common problems potentially arising from automated systems like dataset issues resulting in unfairness, discriminatory use, content inaccuracies resulting in liability issues, and the potential for revealing personal information that could be used for identity theft.
Additionally, in the spring of 2024 Colorado passed Senate Bill 24-205 (aka the “Artificial Intelligence Act”) focused specifically on consumer protection in the context of AI. The primary goal of this bill is to protect consumers from potential harm caused by algorithmic discrimination affecting a consumer’s access to or cost of essential services. The Act comes with a complex list of requirements that apply to both the developers and deployers of the technology and takes effect on February 1, 2026.
To further complicate emerging federal and state guidance, there have also been counterarguments to regulating AI. For example, the Spring 2025 “One Big Beautiful Bill Act” includes an AI law moratorium on the States. Although the results of these types of federal and state regulations cannot yet be known, SW&M is keeping track of the changing landscape and legal rulings so that we can bring this knowledge to our clients.
Due to the complexity of the compliance issues regarding using AI for decision making, we recommend reaching out to SW&M to discuss the nuances of your particular use. We have developed a suite of documents to support your risk management program that can help you take advantage of the benefits of AI while managing your legal exposure.
In Conclusion: Risk Management for a New Technology
Although the regulatory landscape for AI is still emerging, there is every reason to be thoughtful and considerate about adopting any new technologies in your workplace. Implementing at least the same level of risk management with AI as with other technologies is prudent, and tailoring those risk management policies and practices to the nuances of the variety of AI tools available will allow you to harness their power while mitigating potentially novel risks both in the practical and regulatory realms.