SPONSORED CONTENT PRESENTED BY ALKAMI TECHNOLOGY
While generative AI (GenAI) stands poised to improve everything from risk management to profit margins, the banking world has been understandably hesitant to adopt the technology in light of ongoing regulatory changes and perspectives.
While caution is called for at this stage, financial institutions can benefit from incremental AI implementation especially when it comes to upgrading the customer experience through solutions including ChatGPT-like offerings. The key is for financial institutions to understand the AI compliance and regulatory landscape of today as well as what may transpire as AI develops to best manage potential compliance risks.
AI Raises New Legal Questions
AI adoption across the banking industry has been relatively slow in recent years, and financial institutions have been cautious about expanding implementation beyond automating menial tasks or generating predictions. S&P Global notes machine learning (ML) across the banking industry represents 18 percent of the total market. However, this usage has been primarily isolated around predictive analytics using supervised ML models across large data sets.
The potential for artificial intelligence in banking to play a larger role seems possible in the near future for financial institutions looking to take advantage of other AI strengths such as bolstering customer relations, significantly reducing response times and freeing up valuable team resources for bigger initiatives. Many regional and community financial institutions have been hesitant to embrace GenAI due to well-known errors that have been documented in the early days of the technology.
AI is also raising new legal concerns regarding data usage and how generated content is regulated. According to MIT, the majority of lawsuits surrounding GenAI are focused on data use and copyright for both system input and output. Complicating matters further for financial institutions are the inherent enhanced risks of fraud and cybersecurity concerns due to its use of confidential data in the banking industry.
The result has been a cautious approach to both AI and ML, with the majority of implementations focusing on non-customer-facing applications. This limited usage, compounded by the lack of regulation around AI, leaves new legal questions mounting while regulators work to sort matters out.
AI Compliance and Regulation that Exists Today
Importantly, the banking industry is not completely devoid of AI regulation and guidance, though existing regulations continue to shift, requiring financial institutions to be vigilant. In October 2023, President Biden issued a landmark Executive Order around AI designed to manage AI risks while also promoting innovation. The Executive Order included new standards around AI safety and security such as the announcement of new safety testing, the establishment of new standards and best practices for authenticating AI content, and the establishment of new cybersecurity programs to help fix vulnerabilities in software.
The U.S. Congress continues to introduce legislation designed to protect consumer data usage and privacy. One example, the Algorithmic Accountability Act of 2023, specifically targets GenAI systems and provides protections for people impacted by system use for decision making regarding housing, credit and education.
Additionally, in April 2023, the CFPB, along with the DOJ, FTC and EEOC, issued a joint statement declaring their commitment to enforce existing laws and regulations to mitigate the risks of AI. Their specific area of concerns included black box algorithms that make credit decisions along with algorithmic marketing and digital redlining. The CFPB followed this up in September 2023 with guidance specific to credit denials, noting legal requirements for lenders around the use of AI and providing specific, accurate reasons for credit denials.
These statements and orders only scratch the surface of the regulations financial institutions must consider when implementing AI solutions. Privacy and data protection laws also must be reviewed regularly as AI usage often includes personal information processing. What’s more, financial institutions uniquely have access to an abundance of personally identifiable information, making it critical for compliance leaders to consider all privacy and data protection laws including GLBA, CCPA/CPRA (and other evolving state regulations) and GDPR where applicable.
Another area warranting strong consideration by financial institutions is discrimination and bias. Bias is often implicit with AI since everything from data input to training algorithms and continuous learning can lead toward discrimination. Since AI is only as effective as the data and direction it receives, financial institutions must find ways to avoid a “Bias in – Bias out” situation. This can be mitigated, in part, by implementing sound compliance solutions.
Where AI Compliance and Regulation is Going
As AI regulation is not yet on solid ground, it is a fast-moving target for any compliance officer to pin down. For example, in 2023, the European Union announced the EU AI Act, the world’s first regulation around AI. The Act acknowledged AI’s benefits while outlining the risks associated with its use and creating a regulatory framework. The EU Parliament is expected to vote on the issue in 2024. This vote may help set the tone when it comes to global AI regulations, but it is unlikely similar rules will be rolled out within the next 12-24 months in the U.S.
The SEC has also made strides in addressing conflicts of interest that can arise from using AI and predictive analytics between broker-dealers and investment advisors. The goal is to limit the use of technology to allow advisors to place their own interests above their investors’ wellbeing. While the SEC’s new rules are still in the proposal stage, they point to a trend in regulating policies and procedures throughout firms to neutralize threats to bias through the use of AI.
With all of the movement toward enhanced AI regulation, financial institutions would be wise to take a two-pronged approach to their own regulatory processes. Compliance officers should evaluate ways to mitigate current risk while preparing for changes to regulations in the coming years. To do this, leadership must document and communicate any existing or foreseen risks when using AI with key stakeholders. From there, departmental contributors can help conduct security assessments and determine data usage and privacy compliance.
Financial institutions should also establish an AI program that defines and enforces acceptable use. This includes steps for overseeing and testing programs prior to launch as well as monitoring for compliance. A complete enterprise risk management program should include a thorough assessment and documentation of all third-party and vendor risks. These programs also require ongoing oversight with accountability to executive management and boards of directors to ensure everyone is well informed of the current risks and the evolving regulatory landscape. This can help organizations remain agile and able to transition as compliance and regulations advance.
AI stands to empower financial institutions more than ever before with tools that can improve efficiency while providing cost savings and a more refined consumer experience. However, with a loose regulatory framework, AI can also pose significant risks if not implemented diligently. Ever-developing AI regulatory requirements promise to make 2024 a year that will demand compliance officers keep a closer eye on AI than ever before to protect people’s data safety and security, in line with shifting national and global concerns.
Learn more about how to apply artificial intelligence in banking by visiting Alkami.com.
Sponsored content presented by Dennis Irwin, Chief Compliance Officer, Alkami
About Alkami
Alkami Technology, Inc. is a leading cloud-based digital banking solutions provider for financial institutions in the United States that enables clients to grow confidently, adapt quickly, and build thriving digital communities. Alkami helps clients transform through retail and business banking, digital account opening, payment security, and data analytics and marketing solutions. To learn more, visit www.alkami.com.
