Any new federal laws of artificial intelligence in the financial services sector should preempt state requirements and clearly exclude banks from duplicative obligations, the American Bankers Association and 21 state bankers associations said today in a joint letter to the U.S. Treasury Department. They also called for updated model risk management guidance from the banking regulators to clarify expectations in the wake of changes, “but only after an appropriate notice and comment period.”
In June, the Treasury Department issued a request for information on the use of AI in financial services. In their letter, the associations said that banks have employed AI in a responsible manner for decades and are leveraging that mature risk management framework as they begin implementing generative AI technologies. They also offered recommendations for policymakers. One was to encourage international and multijurisdictional cooperation to pass laws pertaining to AI that are risk-based and industry-focused.
“Lately, state legislatures have been scrambling to pass laws pertaining to the development and use of AI and GAI,” they said. “However, Congress must assert its leadership over this issue and pass AI-specific laws that clearly preempt burgeoning state requirements while recognizing banks’ unique status as the only industry examined for compliance with model risk management expectations.”
Another recommendation was for model risk management guidance to be more reflective of bank operations, and to make applicability to AI usage more obvious.
“Existing model risk guidance from the prudential agencies establishes standards for the use of third-party models used by banks, but banks may not have the ability to fully oversee all AI that third parties use to provide services,” the associations said. “Updated guidance should clearly delineate the responsibilities when banks use third-party AI and GAI.
“Crucially, however, such updates must be developed through a notice and comment period to ensure that the proposed clarifications reflect the current state of technology, industry practice, consumer interests, etc.,” they added.
The associations urged other actions, including the development of a standards-setting organization with certifications that would aid with due diligence of third-party developers of AI. In addition, the letter provided an overview of existing laws, regulations, and guidance applying to AI activity; a survey of use cases and opportunities; and a detailed examination of risks associated with AI applications.
