BIS: Regulating AI in the Financial Sector - Recent Developments and Main Challenges

• The BIS’s paper provides a comprehensive analysis of how artificial intelligence (AI) is being integrated into the financial industry, the associated risks, and the regulatory challenges.
• AI Use in Financial Institutions - Financial institutions use AI in areas like customer support (e.g., chatbots), fraud detection (including AML/CFT), and underwriting (credit and insurance); Generative AI (gen AI) is gaining traction for operational efficiency but faces cautious adoption in customer-facing and high-risk activities due to concerns about customer acceptance, overreliance on third-party models, and regulatory uncertainties.
• Risks Associated with AI - Microprudential Risks: Model risk, operational failures, and cybersecurity vulnerabilities; Conduct Risks: Bias in decision-making and fairness in outcomes; Macroprudential Risks: Systemic risks from dependencies on third-party providers, interconnectedness, and concentration in the AI service market.
• Regulatory Challenges: Existing frameworks address many AI-related risks, but specific challenges require targeted guidance, especially in areas like governance, data management, and model explainability; Disparities in AI definitions and regulatory approaches across jurisdictions hinder global understanding and harmonization.
• Policy Themes and Guidance: Recent regulatory guidance emphasizes reliability, accountability, fairness, ethics, and data privacy/security; There is increasing focus on sustainability and intellectual property issues, particularly as they relate to gen AI; A risk-based and proportionate regulatory approach is encouraged to balance innovation with risk mitigation.
• Emerging Regulatory Focus Areas: Strengthening governance frameworks, including clear role allocation and human oversight in AI decision-making; Addressing expertise gaps within financial institutions to manage AI-related risks; Ensuring data governance addresses AI's unique challenges, including privacy and security; Regulating new players and multi-layered AI business arrangements to close potential gaps.

Original source: https://www.bis.org/fsi/publ/insights63.pdf