As we move ahead into 2024, while the banks go on to experiment with generative AI, they also have to be aware of how the regulators will scrutinize how they are going to use AI. A specific challenge is how the effect of the EU’s AI Act on banks’ AI ambitions will become much clearer over the coming months.
The EU AI Act, which is going to become enforceable in 2025, happens to be the world’s first-ever overall legal framework on AI. It looks to foster trustworthy AI across Europe and beyond by making sure AI systems respect fundamental rights, safety, as well as ethical principles, as well as specifically targeting the potential risks when it comes to powerful AI models.
The new law has clear relevance to the financial services sector. At the heart of new regulations happens to be an assessment of how risky AI use cases can go on to be. Notably, AI system which have been identified as high-risk, such as AI technology used within credit checks that could go on to deny a customer a loan, have been cited by the European Commission. Similarly, how AI is being used to direct pricing as well as risk assessment in life and health insurance could very well be subject to the new law.
There is still work to be done by standardization organizations as well as by national authorities to apply any new AI governance and also risk management requirements, and standards to how banks and other institutions make use of AI.
On generative AI as well as large language models such as OpenAI’s GPT-4, the new act attempts to answer anxieties about how these powerful but very new AI forms could affect people’s lives. A new AI Office happens to be established, which is going to be responsible for enforcing as well as overseeing the new rules for general-purpose AI systems used directly or indirectly by certain financial services companies. It is very important to note that financial institutions go on to be responsible for tools in addition to the services they outsource, like AI-powered decision-making.
Of course, in certain financial services markets, such as the UK, the new EU Act will not apply at all. How these other jurisdictions develop regulatory regimes to monitor AI adoption in the financial services sector will go on to vary. In the UK, it is very likely that regulators will lean on the new Consumer Duty Regulation and then apply its focus on fairness as well as transparency to how AI is put into use.
As a matter of fact, how existing regulations will go ahead and accommodate the rise in AI adoption by banks as well as others is an important point. AI has been pretty widely used by financial services organizations for some years now, such as in credit processes, anti-money laundering, claims management, and fraud detection. This use of AI hasn’t gone unnoticed by regulators, so as AI transitions, there will be a case for asking if the existing rules are sufficient or require enhancement rather than being replaced.
Some might as well argue that existing and new rules, such as the EU AI Act, stifle innovation, and the sector should be more prominent in its adoption of AI. The UK may also try to diverge from the EU AI Act for a sort of national competitive advantage.
Apparently, there is going to be some political game play on how AI regulations are going to be framed publicly, but it is in everyone’s interests that there happens to be consistency on regulations globally as well as an alignment to avoid confusion and onerous checks. Also, if it is liked or not in certain places, it is indeed likely that markets outside of the EU are going to follow, if not completely copy, the EU AI Act in another incidence of the Brussels Effect when it comes to regulatory best practices like GDPR.
Banks, that have been using AI for many years so as to automate workflows used in everyday banking, are not putting themselves at risk with the adoption of more powerful AI technologies. They are exhibiting caution, specifically in how generative AI makes use of sensitive data or might become involved when it comes to direct interactions with customers. The focus will, and apparently should always be, be on outcomes for both customers and the bank. Getting the exact outcome as well as optimizing rather than undermining business processes is the real objective. New rules such as the EU AI Act are indeed going to be welcomed by the sector due to how they set clearer guidelines along with guardrails on what can very well be done or not done, taking into account this transformative technology.