How to Prepare for Upcoming AI Regulatory Frameworks
August 4, 2022
Advances in technology have had a significant impact on the financial services industry. For the most part, the impact has been positive. Technology has allowed us to bank from anywhere in the world and initiate payments remotely without having to write a check or go into a branch. Advancements in payments alone have changed how we shop, how we pay for meals at restaurants, and how we split our bar tab after a round of drinks after work. In general, these advances have improved speed, convenience, access, security, and the overall customer experience.
What has allowed this transformation in financial services is the digitization of data and the digitalization of processes. Banking has been around for thousands of years. The more current, branch-based, analog business model of banking remained relatively unchallenged for hundreds of years. Things began to change with the advent of digital banking in the 1960s with the introduction of cards and ATMs. In the 1980s, digital networks connected merchants with banks allowing for a more real-time banking experience. However, digital banking didn’t really take off until the 1990s with increased digitization of data, creation of online banking products, and the rise of the Internet.
In 1994, Banque Direct and ING Direct launch as the first digital banks, 13 years before the iPhone is introduced. This represented a turning point in the industry. For the first time, customers can access their accounts remotely from a computer with an Internet connection and conduct most of their financial transactions without having to ever set foot in a branch. Since then, digital banking and neobanking have become the fastest growing segment of financial services and technology has continued to transform the industry.
Today, we can interface with our banks through chatbots, our banks let us know when we have had unusual activity to thwart potential fraud, and loan decisions are made within minutes (even seconds) as opposed to days. This is all due to the aforementioned digitization of data and digitalization of processes and with an added layer of artificial intelligence or AI. AI has created efficiencies through automation, cost savings, and a reduction in errors. However, the risks associated with financial services transactions is not removed simply with the introduction of an algorithm. Consumers are supportive of these new capabilities when there is a benefit, but there is a concern with the growing utilization of AI in general. And not just with consumers. Regulators have taken note and have started having discussions around potentially regulating such activity.
There are 3 key players in the AI regulatory space: China, the European Union, and the United States all of whom have proposed frameworks for AI at a very general level. Currently, none of these frameworks create direct regulatory obligations for financial services firms but the fact that frameworks have been developed means regulations are under consideration. To remain competitive, financial services companies will continue to explore the use of AI. Given this, how can you prepare for the eventual regulatory oversight of this activity?
First, ensure your firm is maintaining compliance with existing requirements through a thorough mapping of regulatory obligations to your critical processes. Mitigate risks of noncompliance with requirements through implementation of key controls and monitor changes to regulatory requirements as this may create a need to change your controls.
There are many existing laws that could have an impact on your implementation or utilization of AI and represent existing requirements that must be taken into consideration. For example:
CCPA and GDPR
If underlying data driving predictive analytics is personally identifiable information of a consumer, the use of it could be restricted.
Underlying data critical to AI models could be deleted by a customer if data falls within CCPA or GDPR protections. This could impact effectiveness or accuracy of those models over time.
ECOA
Automated credit decisioning using AI must still conform with Equal Credit Opportunity Act requirements not only at launch but as the model learns and evolves. Thus, ongoing monitoring is key.
EEOA
There have been notable cases of unintended discrimination as part of hiring practices using AI models. Again, introduction of algorithms does not remove the risk associated with a process and all laws and regulations still apply.
Second, make sure there is a process in place to risk assess new activities, such as the introduction of AI technology to a critical process or system. Depending on the size of your organization, this process could be formal or informal but should include representation from key stakeholders and subject matter experts who can appropriately assess the risk of the new activity to the organization and who can determine collectively which controls to put in place to manage the risk. This should include testing of any models for bias or any other unintended outcome.
Third, governance, governance, governance. Once new technology is introduced, it is important to monitor execution, perform periodic testing and audits, and provide transparency into performance to critical stakeholders and oversight groups or committees. It is one thing to catch an error prior to launch, but what will really come back to bite you are errors once in production, especially if not caught and addressed quickly. Therefore, ongoing monitoring and oversight is critical.
As you have probably determined by now, managing risks associated with the introduction and utilization of AI is not so different than managing risks associated with the introduction of any new technology or as part of ongoing risk management efforts once the technology is in production. The unknown for now are the specific regulatory requirements around AI above and beyond existing laws and regulations. For this, remain up to date with respect to emerging regulations in this space. Subscribe to a legal and regulatory change management solution such as Compliance.ai to automate this activity for you.
Asif Alam is the Chief Executive Officer at Compliance.ai. A leader in shaping disruptive technology, his experience includes building products using AI and natural language processing for GRC, payments, lending, risk, trading, and new solutions, from Fortune 500 companies to startups.
In his most recent role, he served as the Chief Strategy Officer of ThoughtTrace, unlocking new revenue streams and markets, and reignite portfolio growth. ThoughTrace was then acquired by Thomson Reuters in 2021.
He brings more than 20 years of management and business experience; increasing profitability, unlocking new revenue streams and markets, and reignite portfolio growth for companies like Thomson Reuters, Crux Informatics, and Finastra. Asif is a forward-thinking expert driving engagement via client forums, public presentations, and white papers.
Cesar Lee is a Principal at WRV, a venture capital fund focused on early-stage investments in hardware, semiconductor, and other technology-related companies. Previously, he was an investment professional at Riverwood Capital, a technology-focused, late-stage venture capital, and private equity fund. He began his career at RBC Capital Markets, where he was part of the Mergers & Acquisitions group for two years and the Equity-linked & Derivatives group for one year. While at RBC, Cesar spent a majority of his time working on M&A advisory transactions for technology companies.
Cesar’s investment experience includes buyouts, later stage, early stage and seed rounds. Cesar has completed transaction in the U.S., Latin America, and Asia, and in technology sectors including data centers, software, semiconductors, consumer electronics, robotics, big data, and internet.
Maria Devassy is a RegTech, Content, and Technology leader with over 20 years of experience helping companies bridge the gap between technology, product, and business. Maria has held leadership positions with MetricStream, KPMG, Oracle Corporation, and other technology companies. She has launched several successful RegTech products, business partnerships, and advised Fortune 100 clients on risk management, audit, advisory, and compliance business across Industries.
Hugh Cadden is a recognized expert in derivative financial and trading markets including futures, options, and swaps. Hugh is currently a senior consultant and expert with OnPoint Analytics, Inc. an economic, finance and statistical consultancy specializing in expert testimony for complex litigation. He has been specializing in the organization, operation, and regulation of financial and trading markets for over 40 years. Hugh’s experience includes both the public and private sectors and he has held senior level positions with the U.S. Commodity Futures Trading Commission including serving as Director of the Division of Trading and Markets and Deputy Director of Enforcement. He has been qualified as an expert on financial and trading market matters before the Commodity Futures Trading Commission, the Securities and Exchange Commission, the U.S. Tax Court, Financial Industry Regulatory Authority, National Futures Association, American Arbitration Association and federal courts.
Drake Ross is a former bank regulator who specialized in compliance with consumer protection regulations while at the OCC, FDIC, and OTS. While at these agencies, he provided extensive training and guidance and developed materials to ensure full comprehension and proper application of rules, laws, policies, and guidance, and served as a Subject Matter Expert in numerous areas. Because of his expertise, he often presented at agency and industry events. He also played a significant role in successful windup of the 2008 IndyMac Bank failure, where because of his extensive knowledge of the FDIC deposit insurance regulations, he was called upon to administer highly-complex insurance determinations.
Carliss Chatman is an Assistant Professor of Law teaching Contracts, Agency and Unincorporated Entities, Corporations, and Transactional Skills. Her work is influenced by over two decades of service on non-profit boards and involvement with community organizations. Through leadership positions, she has developed expertise in corporate governance and non-profit regulation. She has also been instrumental in strategic planning and fundraising efforts. Prior to law teaching, Professor Chatman was a commercial litigation attorney in Houston, Texas. In practice, she focused on trial law, appeals and arbitration in pharmaceutical, health care, mass torts, product liability, as well as oil, gas, and mineral law. In addition to negotiating settlements and obtaining successful verdicts, Professor Chatman has also analyzed and drafted position statements regarding the constitutionality of statutes and the impact of statutory revisions for presentation to the Texas Legislature.
Sign me up for all regulatory updates
Get access to EITL Forum recordings
Mariam is an Operating Principal at Cota Capital. Mariam has experience providing guidance on strategic and operational planning to Venture and Growth stage companies. Prior to Cota Capital, Mariam spent her career in management consulting as a Director at KPMG. She has experience leading global transformation programs and developing innovative service offerings for Fortune 500 companies in the Technology sector. Mariam has an MBA from UCLA’s Anderson school of management with an emphasis in Finance and Entrepreneurship. She has a Bachelors in Science in Finance and a Bachelors in Science in Economics from Santa Clara University.
Chris Callison-Burch is an Associate Professor in Computer and Information Science Department at the University of Pennsylvania. His research interests include natural language understanding and crowdsourcing. He has served the Association for Computational Linguistics as the General Chair for the ACL 2017 conference, as an action editor for the Transactions of the ACL, as an editorial board member for the Computational Linguistics journal, and an officer for NAACL (the North American chapter of the ACL) and for SIGDAT (the special interest group for linguistic data and corpus-based approaches to natural language processing)
Tom Ladt is an experienced executive and investor. Tom has lead and served on the boards of several public and private companies serving highly regulated industries such as technology, healthcare, real estate, and food processing. Tom has also served in key governmental roles and on numerous community boards.
Jeroen Plink is a global executive with a proven track record of developing and growing businesses, teams, and technologies with innovation and passion. Jeroen was CEO of Practical Law US during its acquisition by Thomson Reuters. He now serves on numerous boards and acts as a strategic consultants for start-ups.
Global Legal and Compliance executive with 15+ years of success in the SaaS technology and financial services industries. Partner to the CEO and executive team in corporate transactions, business development, product expansion, and regulatory navigation during periods of intense growth and organizational change. An advocate of effective risk management that starts with sound business practices and putting the customer first.
Richard Dupree has held multiple Risk, Compliance and Operations positions at regional, national, and global financial services firms including Wells Fargo, Silicon Valley Bank, Bank of the West and BNP Paribas. Rick currently advises FinTechs and RegTechs and sits on industry panels, contributes to industry whitepapers, thought leadership efforts, and speaks at industry seminars on Risk and Compliance challenges faced by banks and FinTechs.
Brian advises clients on legal and regulatory compliance in the financial, tech, and procurement sectors. His passion is helping businesses succeed in heavily regulated environments. As counsel and trusted advisor to businesses of all sizes, and as a former regulator, policymaker, and federal official, Brian acutely understands the unintended burdens that even well-intentioned government requirements can put on innovation and business growth, as well as how to create policies that strike the right balance.
Brian served as National Ombudsman in the Obama Administration, leading the federal Office of Regulatory Enforcement Fairness in assisting hundreds of startups, entrepreneurs, and small business owners in every industry and every state.
Dr. Marsha Ershaghi Hames is Managing Director of Strategy & Development at LRN, a leader in advising and educating organizations about ethics and regulatory compliance, as well as corporate culture, governance and leadership. With the focus of inspired behavior versus required behavior, LRN is a leading voice in the industry for companies to build ethical cultures instead of “check-the-box” compliance approaches. She’s advised Department of Justice corporate monitors on successful program transformation under CIAs (Corporate Integrity Agreements. With over 20 years of experience in leading multinational ethics and compliance strategies, Marsha has become a highly sought-after thought leader on leading Corporate Compliance and Ethics practices.
Carla Carriveau is currently the Senior Managing Counsel at Wealthfront, an automatic investment service firm in Redwood City, California. Carla was previously Senior Counsel, Division of Trading and Markets, at the United States Securities and Exchange Commission. As a former regulator with over 15 years of experience in helping small businesses navigate legal and regulatory needs in the financial services sector, Carla advises Compliance.ai on financial services regulation, the regulatory landscape and industry practices.
