The Croatian Financial Services Supervisory Agency reported that its President of the Board, Ante Žigman, spoke at an international conference in Malta on operational resilience and said the use of artificial intelligence does not change firms' existing business responsibilities. In the panel discussion, he said senior management must be aware of AI-related risks, ensure those risks have been addressed, and manage AI as a new type of operational risk within firms' control frameworks. The discussion focused on operational risks linked to AI, including inaccurate audits, hallucinations, unauthorised actions, and effects on data, privacy and security. Žigman said the European Union Artificial Intelligence Act sets basic control rules and risk-based application areas, while autonomous systems' access to corporate and personal data should be subject to regular approval procedures under existing cyber risk management and General Data Protection Regulation requirements. He also said management should define procedures and responsibilities for operations, risk management and oversight during AI development and implementation, with enhanced monitoring of AI process outcomes based on each firm's measured risk and the system's classification under the EU act.
Croatian Financial Services Supervisory Agency 2026-03-09
Croatian Financial Services Supervisory Agency highlights senior management accountability for AI operational risk at Malta conference
The Croatian Financial Services Supervisory Agency's President, Ante Žigman, emphasized at a Malta conference that AI does not alter firms' business responsibilities and should be managed as a new operational risk. He highlighted the importance of senior management addressing AI-related risks and aligning with the European Union Artificial Intelligence Act's control rules. Žigman also stressed the need for defined procedures and enhanced monitoring of AI within firms' risk management frameworks.