ABA makes suggestions to NIST on generative AI governance

In a letter today, the American Bankers Association encouraged the National Institute of Standards and Technology to develop a complement to its existing AI Risk Management Framework to address the unique opportunities and challenges presented by generative AI, and to continue to follow an industry-agnostic, customizable and nonbinding approach. The Biden administration last year issued an executive order directing NIST to develop guidelines and best practices for AI development and implementation.

ABA suggested NIST consider the banking industry’s approach as a possible solution for other industries given that banks are at the forefront of the responsible AI movement due to the mature and flexible risk management framework at their core, which is subject to oversight by regulatory agencies. The association also requested that NIST develop voluntary standards in harmony with existing regulatory requirements concerning the use of AI, including third-party risk management, model risk management and cybersecurity.

ABA further requested that NIST clarify what outputs should be subject to AI governance, and that it define “red-teaming”—often associated with ethical hacking—as the term is used in many ways and lack of clarity could raise concerns. The association also said it supports efforts to advance global technical standards that accommodate the risk management needs that are technology-neutral, risk-based and tailored to use cases.