The integration of artificial intelligence (AI) into the financial sector promises transformative advancements, ranging from enhanced customer assistance and personalised financial services to improved fraud detection and operational efficiency. However, the adoption of AI in the financial services landscape brings forth a complex array of legal and operational challenges.
Regulatory Framework for AI in Financial Services:
The EU AI Act represents a significant step toward regulating AI technologies across various sectors, including finance. Relative requirements have an impact on the processes on which many financial services could be built or operated.
In the financial sector, the only areas covered by high-risk AI system requirements are:
For these use cases AI Act requires rigorous maintenance of all technical documentation for compliance, monitoring of operations and incidents, specification of responsibilities, risk assessment policies and procedures.
However, the AI Act does not explicitly cover any financial services other than those mentioned above, nor other important processes based on AI models or systems, which raises the question of the specific rules to be applied in these cases.
To this end, financial institutions (with the assistance of their - internal and/or external - legal experts) should:
Integrating AI Governance with ICT Governance
The Digital Operational Resilience Act (DORA), which comes into force on 17 January 2025, requires financial institutions to maintain secure and resilient network and information systems that support their business models.
It is interesting to note that the AI Act does not specifically cover AI in investment services, while DORA lacks specific guidance on AI in investment services or, for example, collective asset management services.
Financial institutions must harmonise AI-specific regulations with the existing ICT governance framework under DORA to ensure compliance and operational resilience. This involves adopting internal rules for designing, implementing, and monitoring their digital strategy, including AI systems and data sets.
As DORA does not explicitly regulate AI systems, the AI Regulation's provisions on governance and risk management of AI (and datasets) can be used to address AI systems that are not classified as high risk, taking into account the principle of proportionality and also drawing on other important guidance from EU supervisory authorities or international organisations.
Financial institutions must ensure AI systems perform as expected throughout their lifecycle by establishing the algorithmic framework, documenting rationale and assumptions, describing expected output and quality, explaining technical trade-offs, defining responsibilities, and implementing robust risk management.
Implications for Human Resources
It is crucial to have suitably skilled human resources to manage the complex tasks involved in AI governance and ICT strategy. This includes expertise in AI development, data management, cybersecurity, and regulatory compliance. Ensuring that staff have the necessary skills and training is essential for maintaining the integrity, security, and efficiency of AI systems.
Concrete Examples of AI Applications
Robo-Advisors: these are AI-based tools that provide online financial advice with minimal human intervention, offering personalised investment strategies based on financial goals, risk tolerance, and time horizon;
Fraud Detection: AI systems are extensively used for fraud detection in banking and financial services through machine learning capable to analyze vast amounts of transaction data to identify patterns indicative of fraudulent activities; and
Credit scoring: AI is improving the accuracy of credit scoring models by being able to consider alternative data sources, such as social media activity, transaction history and even mobile phone usage patterns, alongside traditional data. This allows individuals with limited credit histories to receive a more comprehensive assessment of their creditworthiness.
Implementation outlook
AI implementation in the financial sector presents risks and challenges, including:
In the financial sector, human oversight is also critical to mitigating AI risks. Individuals should have the authority to withhold, override or reverse AI outputs and ensure the safe cessation of AI activities to address anomalies and maintain system integrity and financial stability.
In conclusion, integrating AI into the financial sector offers significant opportunities and challenges. By aligning the AI Act with existing regulations and integrating AI governance into DORA's ICT frameworks, institutions can create AI systems that are compliant, transparent, and resilient. Financial institutions must stay adaptive to evolving technology and regulatory landscapes.
For further information, please contact Giuseppe D’Agostino.
This article was published in the special AI edition of our monthly Connected newsletter, to view the full newsletter or to sign-up to receive future newsletters for the latest Regulatory & Public Affairs news and updates, see below:
Connected newsletter July 2024: Special AI edition
TO SUBSCRIBE TO OUR CONNECTED NEWSLETTER CLICK HERE