AI governance · Compliance · Literacy

I make AI governance work in the building, not just in the binder.

Frameworks only work when the workforce understands them.

I work at the intersection of AI governance, compliance and organisational capability. As Head of AI and Transaction Data Governance at Swift, I lead the design of an EU AI Act-compliant, ISO 42001-aligned governance framework, chair executive-level governance forums, and direct enterprise-wide AI literacy and technical upskilling across global functions.

My background spans two decades in environments where getting data governance wrong isn't an option: financial crime compliance at Swift, and before that leading data analytics and OSINT teams at the UK Foreign and Commonwealth Office on counter-terrorism and counter-proliferation work.

Erin Thornton

What I do

Three things, done properly

Visibility

Making AI visible

You cannot govern what you cannot see. I build the visibility layer — inventory, use-case registration and clear ownership — that turns scattered, unregistered AI activity into something an organisation can steer. For agentic AI, ownership and cataloguing come first: no owner, no oversight.

Proportion

Risk and opportunity trade-offs

Governance should speed the right work up and slow the risky work down. I triage AI use by risk and apply oversight in proportion, and I read AI regulation at the level of the statute, not the summary — turning it into operating instructions a business can act on, from the deployer position, where most organisations actually sit.

Capability

AI literacy as a control

Literacy is a control, not a nice-to-have. When people understand what they're accountable for, fewer things go wrong upstream. I design literacy by role: what a senior sponsor decides, what a builder controls and what a second-line reviewer must catch are three different briefs.

Governing agentic AI

Five dimensions

Most governance was designed for AI as a tool people use, not AI as a capability people own and answer for.

I directed the development of a five-dimension model for governing agentic AI, commissioned and built to my direction and stress-tested against the leading international frameworks.

01Authority
02Autonomy
03Intent
04Persistence
05Orchestration

Currently working on

  • A regulator-ready AI governance framework, compliant with the EU AI Act and aligned with ISO 42001.
  • How AI incidents get caught, escalated and stood down — including the regulatory notification clock, and where the lifecycle usually breaks: monitoring, triage and decommissioning after go-live.
  • Enterprise-wide AI literacy and specialised upskilling for second-line functions, software development and senior leadership.
  • Workforce strategy for the future of work: how roles, tasks and skills change as human-AI collaboration models mature.

Career

Where this comes from

  • 2025 – present

    Head of AI and Transaction Data Governance, Swift

    AI governance framework design, executive-level AI Governance Council, enterprise AI literacy, and workforce strategy for human-AI collaboration.

  • 2023 – 2024

    Senior Data Analyst — Customer Success, Swift

    Data standards and design best practice; analytics dashboards and end-to-end data pipelines supporting global product self-onboarding.

  • 2020 – 2022

    Global Lead of Diversity and Inclusion, Swift

    Led Swift's multi-year D&I roadmap across 27 locations. Designed and ran the STAR Programme, a women's professional development programme at Sibos — an enduring legacy of my time leading D&I.

  • 2016 – 2020

    Data Skills Lead — Financial Crime Compliance, Swift

    Led a multi-disciplinary data science, engineering and analysis team; defined screening policies and automated assurance frameworks for financial crime compliance products.

  • 2004 – 2016

    UK Foreign and Commonwealth Office

    Head of Data Analysis, leading multi-disciplinary big data and OSINT teams on political, counter-terrorism and counter-proliferation work; earlier roles across data analytics, counter-terrorism and compliance.

Erin Thornton with a group of STAR Programme participants at Sibos
The STAR Programme at Sibos

Credentials: LSE Certificate in AI Law, Policy and Governance · ICA Specialist Certificate in Financial Crime Risk and New Technology · BA (Hons) Philosophy, First Class, Durham University.

Away from work: playing music, singing, hill walking and painting.

Let's talk

I'm always interested in talking to others working on AI governance, assurance and capability-building — whether that's a conference, a working group, or a conversation. Get in touch.