AI: Governance and Oversight – Navigating the New Frontier of Financial Services

In the last decades, we’ve seen artificial intelligence (AI) move from being a fringe technology to a central component of firms’ operations. While complex models are now commonly deployed to assist with things like financial crime detection, credit scoring, risk assessment, customer engagement, personalized banking, algorithmic trading and even compliance, AI offers a new frontier even as the management of those models comes under increased scrutiny.

It is not just in the first line of defence that AI offers firms opportunities for development; when it comes to oversight processes, for instance, AI has the potential to reduce human error and dramatically increase the scale, speed and depth of data that can be analyzed, leading to better customer outcomes and tighter adherence to regulatory rules.

This approach promises to transform traditional compliance methodologies, shifting the focus from manual, reactive processes to proactive, data-driven strategies. However, this shift is not without its challenges. Firms must carefully manage the risks associated with AI, including overreliance on the technology, data privacy, algorithmic bias and cybersecurity, ensuring that the deployment of AI adheres to stringent regulatory standards and ethical guidelines.

As such, the successful integration of AI into operational and oversight functions will depend on a firm's ability to foster a culture of continuous learning and adaptation, ensuring that technological advancements are leveraged in a manner that is both responsible and aligned with the overarching goals of regulatory compliance and consumer protection.

In simple terms, it’s a “who watches the watcher” scenario. If AI is deployed to aid firms with operational or customer-facing processes, internal decision-making or regulatory compliance, AI itself must also be overseen in a robust way to ensure those rigorous standards are met. Doing so, will require firms to ensure that decision-making throughout the implementation process is documented and signed off. It may well be that the difference between regulatory intervention and successful ongoing operation comes down to who is in the room as the first decisions are made, and who is accountable for the end-to-end processes being put in place.

Legislation For Regulating the Use of AI

The EU AI Act, which is progressing towards finalization, seeks to address the challenges of regulating the area of AI. It introduces a comprehensive regulatory framework for the use of AI across all sectors, including financial services, setting a precedent for global AI regulation. For financial firms, this Act categorizes AI systems based on their risk levels, imposing stringent requirements on high-risk applications, such as those used in credit scoring, fraud detection and compliance.

Firms will need to ensure their AI applications are transparent, explainable and governed by robust accountability mechanisms. This will necessitate a thorough review and potential redesign of AI systems to comply with enhanced data governance, risk management and documentation standards.

The UK’s journey toward AI regulation, while currently less advanced than in Europe, is also underway. New rules on model risk management for banks (SS1/23) come into effect from April 2024, which tackle some of the issues attached to the lack of explainability and interpretability of complex models. However, the UK Senior Manager and Conduct Regime (SMCR) regulations will already require Senior Managers to take reasonable steps to ensure accountability and responsibilities for the systems and controls of a firm, very much covering the use of AI and other such models.

Transparency and Accountability

In response to these regulatory challenges, financial services firms will have to enhance their risk practices, including where model risk management (MRM) are already in place, integrating principles specifically tailored to address the nuances of AI and machine learning (ML) technologies.

This entails a thorough reassessment of governance frameworks and senior management accountabilities, alongside model identification, development and validation processes to ensure opaque “black boxes” do not exist within firms’ control environment. These developments mark a significant shift in regulatory philosophy, moving towards a more holistic understanding of model-based risk that encompasses the unique attributes of AI.

As firms grapple with these regulatory demands, the focus will increasingly be on establishing comprehensive governance frameworks that not only comply with current regulations but are also adaptable to future advancements in AI, ensuring that compliance stays in lockstep.

As financial firms incorporate AI more deeply into their operations, the path forward will redefine how they manage compliance and interact with customers. The introduction of the EU AI Act and forthcoming UK regulations presents an opportunity for these firms to not just meet new standards, but to lead in the ethical and transparent use of AI technology. Success in this landscape will depend on a firm's ability to innovate responsibly, ensuring that advancements in AI enhance customer experiences and risk management without compromising ethical values. If this can be achieved, the financial services sector can secure a future where technology and compliance work hand in hand to support both industry growth and consumer trust.

The rapid emergence of artificial intelligence is likely to accelerate with a profound impact across sectors. AI will be a crucial tool in risk management, helping to detect and prevent issues and problems, from cybercrimes to financial irregularities, while posing its own set of risks. Regulators are scrambling to keep up. Interested in reading more of Kroll’s top trends for 2024? Explore here.

How Kroll Can Help

Kroll’s leading practices covering financial services governance, risk and compliance and data insights and forensics advise and support financial services clients across all areas of governance, risk management, compliance, investigations, disputes and legal operations with advanced technologies and subject matter expertise. Our unique approach to governance and data risk allows us to best address the critical issues facing your organization from forensic collection and analysis of complex data sources to implementing governance frameworks and assessing regulatory compliance.