Financial Institutions Are Mishandling AI Contracting Warns Shared Assessments CEO

ProcessUnity TPRM Survey Banner Ads - 5 weeks

Event Q&A

AI Clauses Are Broken and Financial Institutions Are Left to Clean Up the Mess

Shared Assessments CEO Andrew Moyad reveals how financial institutions are blindly adding AI clauses to contracts without understanding existing obligations. In this provocative conversation, he warns that rushing into AI legal frameworks without proper reflection may do more harm than good. Moyad calls for smarter governance, nuanced risk management, and a more grounded understanding of what AI actually changes—and what it doesn’t.

Jul 30, 2025

Andrew Moyad, Chief Executive Officer, Shared Assessments

Tags: Vendor and Third Party Risk AI and Technology (including Fintech)

The views and opinions expressed in this content are those of the thought leader as an individual and are not attributed to CeFPro or any other organization

As financial institutions rush to integrate artificial intelligence, many are making a critical mistake—adding AI-specific contractual clauses without first understanding the legal and regulatory structures already in place.

Andrew Moyad, CEO of Shared Assessments, argues that the AI "checklist" approach is misguided and risks creating legal and operational blind spots. Instead, he emphasizes the importance of re-evaluating existing GDPR-standard clauses and technical control measures before layering on new AI-specific terms.

Moyad also challenges the assumption that AI needs entirely new governance models. He warns against the activity trap of adding “exhibits and extras” just to appear compliant, rather than designing a contract that reflects the actual risks and realities of AI usage. He notes that in many cases, the real problem lies not with the vendor but with how a company’s own employees are using AI tools—often without appropriate oversight or data governance. This interview pushes the conversation from theoretical compliance to real accountability in an era of automated decision-making.

Andrew Moyad Bio

Andrew Moyad is the Chief Executive Officer of Shared Assessments. Andrew is an accomplished leader and trailblazer in third party risk management. As a practitioner and a senior risk management executive he has driven a culture of accountability and diligence in safeguarding information. Andrew has more than 25 years in risk management and information security. He has contributed greatly to the transformation and advancement of risk management as a strategic function that intersects with and helps guide all aspects of organizations. Most recently Andrew served as Senior Vice President Vendor Risk Management at Blackstone where he led a team of risk professionals responsible for overseeing all phases of the vendor lifecycle at the firm including risk assessments control diligence contract reviews financial checks performance monitoring issue tracking and management reporting. Prior to Blackstone he served as a director and global head of vendor risk management and BlackRock and Senior Vice President for Citigroup where he was a Business Information Security Officer in Global Fixed Income and led third party risk assessments for several years. Andrew holds a Bachelor of Arts Degree in Natural Sciences from Harvard University and a Master of Science Degree in Information Systems from the Stevens Institute of Technology.