Anil Sood currently leads the AI Governance practice at EY Canada. Connect with him on LinkedIn. The views expressed here are personal.
The influence of artificial intelligence (AI) on the financial services industry has been remarkable in recent years. Indeed, the previous year ushered in an unprecedented wave of advanced generative AI products, paving the way for substantial productivity improvements in banking institutions. AI technology unquestionably leaves an indelible mark by enhancing efficiency, reducing human error and offering an unrivaled ability to process and analyze vast quantities of data in a timely and accurate manner. However, accompanying these advancements are unique risks and challenges, highlighting the increasing need for an AI governance framework in banking institutions more than ever.
External Risks
Banks encounter myriad external risks when implementing AI applications. On the one hand, banks are subject to regulatory risks, which can be broadly categorized into three sectors: global regulations, local regulations and international standards. In terms of global regulations, the EU AI Act has instituted punitive consequences for inappropriate use of AI. Coming to local regulations, many U.S. states have some sort of legislation surrounding AI. Besides global and local regulations, there are several independent international standards, such as those from the OECD, that while not obligatory, set the general tone for best practices that organizations should follow.
On the other hand, banks must tackle adversarial threats, such as cybersecurity issues, which include hacking and data breaches. Additionally, external risk may arise from dependence on third-party AI solution providers, which could significantly impact the security and operational robustness of the AI applications deployed in banks.
Finally, misuse, perceived bias or breaches in data privacy in AI systems can cause substantial reputational damage for a bank, especially concerning outward-facing AI applications in banks. Regular bias audits and safeguards against data privacy breaches are vital for managing these reputational risks emanating from AI systems, which often utilize extensive pools of customer data.
Decentralized Policy
The AI risk universe is significantly broader than other types of risk, such as model risk, credit risk and market risk. AI risk encapsulates various risk types, including data risk, model risk and cybersecurity risk, all of which require simultaneous attention. Therefore, to establish effective AI governance practices, it is imperative to ensure that the guidelines for these ancillary controls are not only well-aligned with each other but also substantively contribute to the overarching goal of effective AI risk management.
Without a centralized AI governance framework, differing guidelines across diverse control functions may undermine the effectiveness of AI governance, resulting in a lack of cohesion and alignment within the organization’s AI governance best practices. Another significant concern arises from the broad distribution of AI governance responsibilities across several control functions, potentially leading to disparities, errors or overlooked liabilities. This dispersion can create ambiguity regarding which department is accountable for negative outcomes or errors, consequently slowing down the rectification process due to the need for extensive consultations and agreements among various control functions.
Complex Technology
With the advent of large language models (LLMs) in the past year, the complexity of AI models has increased manifold. It’s not that AI models were simple before—for instance, sophisticated fraud models deployed in banks often relied on deep learning techniques; however, LLMs have elevated the scale and complexity to an entirely new level. These models are progressively being deployed in areas such as customer service, notably in chatbots. Given that such chatbots interact with customers directly, it’s imperative to have a governance framework that establishes suitable standards for key aspects, such as transparency and accountability.
Similarly, the use of sophisticated deep learning models in credit adjudication processes raises the issue of explainability. While AI can expedite this process and potentially even make better decisions than human underwriters, the challenge lies in explaining how these decisions have been reached.
The lack of explainability can give rise to serious implications. For instance, if an AI-based automated credit adjudication system denies a loan application, the applicant has a legal right to know why they were denied credit. Without comprehending the AI’s decision-making process, it would be challenging for banks to provide this explanation. Furthermore, the opacity of these models can make it difficult to detect potential biases or discriminatory practices.
Conclusion
In conclusion, the rapid adoption of AI within banking institutions necessitates a robust governance framework to ensure effective risk management, transparency and accountability. The expanding landscape of AI risk highlights the pressing need for comprehensive and cohesive governance practices. Moreover, centralizing an AI governance framework can mitigate disparities that may arise from varying guidelines across different control functions. Given the recent surge in complexity of AI models used in customer service and credit adjudication processes, an AI governance framework is crucial in ensuring compliance with existing regulations and maintaining stringent control measures.
While embracing AI is important, it is equally necessary to establish a robust AI governance framework. This not only shields the banking institutions from external risks and potential legal complications but also cultivates a trust-centric relationship with clients and customers that enhances the institution’s reputation. Indeed, in today’s digitized financial landscape, AI governance frameworks have become indispensable for banking institutions.
The information provided here is not investment, tax or financial advice. You should consult with a licensed professional for advice concerning your specific situation.
Forbes Finance Council is an invitation-only organization for executives in successful accounting, financial planning and wealth management firms. Do I qualify?
