Understanding and Managing AI/ML Risks in Financial Services

Over recent years, the exponential growth in business applications, regulatory interest, and research in artificial intelligence (AI) and machine learning (ML) has brought AI discussions to the forefront in financial services. AI's potential to enhance customer experience and operational efficiencies has made it a key area of focus. This article aims to provide a foundation for broader AI/ML governance and risk management efforts.

Defining AI and ML

While there is no universally accepted definition of AI, it is broadly understood as a branch of computer science that simulates intelligent behavior in machines. Machine learning, a subset of AI, involves algorithms that process large data sets and learn from them. This article focuses on the use and potential risks related to machine learning, although the overarching discussion applies to AI more broadly.

AI in Financial Services

AI's use in financial institutions is growing as technological barriers fall and its benefits and risks become clearer. The Financial Stability Board highlighted four key areas where AI could impact banking:

1. Customer-facing Uses: Expanding access to financial services and offering innovative delivery channels.
2. Back-office Operations: Enhancing capital optimization, model risk management, stress testing, and market impact analysis.
3. Trading and Investment Strategies: Identifying new price movement signals and anticipating client orders.
4. Compliance and Risk Mitigation: Using AI for fraud detection, capital optimization, and portfolio management.

Risk Categorization

Various research and discussions have covered AI-related risks. It is crucial for financial services firms to categorize these risks effectively. The suggested approaches include data-related risks, AI/ML attacks, testing and trust issues, and compliance risks.

Data Related Risks

• Learning Limitations: AI systems lack human judgment and context, making them as effective as their training data and scenarios.
• Data Quality: Poor data quality can limit AI's learning capability and negatively impact its inferences and decisions.

Potential AI/ML Attacks

• Data Privacy Attacks: Attackers could infer sensitive training data, compromising privacy.
• Training Data Poisoning: The contamination of training data can affect the AI's learning process and output.
• Adversarial Inputs: Malicious inputs designed to bypass AI classifiers.
• Model Extraction: Stealing the AI model itself, which could be used to create additional risks.

Testing and Trust

• Incorrect Output: Dynamic AI systems may change over time, leading to gaps in testing coverage.
• Lack of Transparency: AI's "black box" nature can lead to trust issues.
• Bias: AI systems can amplify biased outcomes, leading to discrimination and compliance issues.

Compliance

• Policy Non-Compliance: As AI matures, its impact on existing policies must be considered. Regulatory bodies are increasingly interested in AI deployments in the financial industry.

AI Governance

Effective AI governance involves clear definitions, system inventory, policy and standards updates, and a comprehensive framework. A governance framework should include monitoring and oversight, third-party risk management, and the establishment of roles and responsibilities such as an ethics review board and a center of excellence.

Interpretability and Discrimination

Interpretability (understanding AI decisions) and discrimination (unfairly biased outcomes) are critical risks. Existing legal frameworks address discrimination, and AI systems must be designed to comply with these regulations. Improving interpretability can mitigate many risks, such as incorrect decisions and regulatory non-compliance.

Common Practices to Mitigate AI Risk

• Oversight and Monitoring: Establishing thorough monitoring processes and maintaining an inventory of AI systems.
• Addressing Discrimination: Manual reviews by compliance teams and using de-biasing algorithms.
• Enhancing Interpretability: Ensuring AI explanations are reliable and useful to facilitate understanding and compliance.

AI/ML offers significant opportunities for financial services but also introduces unique risks. Effective governance, risk management, and compliance practices are essential to harness AI's benefits while mitigating potential harms. Financial institutions can responsibly adopt AI technologies by focusing on these areas and improving financial outcomes for consumers and businesses.