Unpacking the EU's AI Code of Practice

Welcome to Banking on AI Governance, where we discuss the latest thinking in developing AI governance systems. In this edition, OpenAI prepares to launch autonomous AI agents, but what impact will this have on decision-making and governance? Nvidia lays out its vision for financial services - how can you transform data centres into AI factories responsibly? And as the US Treasury Department issues a warning on the rise of AI-driven fraud - are you ready for the challenge? All of this and more, with our focus of the week - unpacking the EU’s AI Code of Practice.

This Week in AI Governance

• OpenAI’s Autonomous AI Agent
• Nvidia’s Vision for Financial Services
• The Rise of AI-Driven Fraud

OpenAI’s Autonomous AI Agent

OpenAI has announced the upcoming release of its latest AI innovation, ‘Operator,’ set to debut in January 2025. This cutting-edge tool is designed to automate various online tasks for users, including software development, email management, and scheduling. By integrating into web browsers, Operator aims to simplify and streamline digital interaction, learning user preferences over time for enhanced customisation and efficiency. The announcement aligns with a growing trend in AI development toward creating agentic systems - AI tools capable of autonomously managing complex, multi-step tasks. Industry leaders like Anthropic and Google are developing similar AI agents, signalling a shift towards integrating such technologies into everyday workflows.

The launch of Operator carries significant implications for productivity and efficiency, particularly for companies exploring advanced AI integration. However, it also raises governance questions. Leaders in AI governance must address concerns regarding bias, transparency, and ethical use, particularly as these systems gain autonomy. Looking forward, Operator’s release highlights the urgency for robust regulatory frameworks to guide AI use. International cooperation and ethical design principles will be essential to manage innovation and maintain public trust. This development underscores the transformative potential of AI tools, while also emphasising the need for thoughtful governance.

Nvidia’s Vision for Financial Services

Nvidia is set to revolutionise financial services, with a generative AI strategy designed to upgrade traditional data centres into high-performance AI factories. This initiative integrates Nvidia’s hardware, software, and services to meet the complex computational demands of the financial sector. At the core of Nvidia’s strategy are AI factories, optimised for generative AI workloads. According to Malcolm deMayo, Nvidia’s global vice president for financial services, traditional data centres lack the capability to handle the scale and speed required by advanced AI applications. These AI factories leverage accelerated computing to enable tasks like risk management, fraud detection, and enhanced customer service. Nvidia’s full-stack platform underpins its approach, combining NIM microservices with cutting-edge computing technologies. This platform facilitates the seamless deployment of AI solutions, enabling financial institutions to enhance operational efficiency and explore new revenue opportunities.

Strategic partnerships play a pivotal role in this transformation. Collaborations with firms like Kyndryl and Tata Consultancy Services aim to simplify AI adoption and tailor solutions for specific industry needs, such as customer support and fraud prevention. BNY Mellon’s deployment of Nvidia’s DGX SuperPOD infrastructure demonstrates how financial institutions are harnessing this technology, identifying hundreds of use cases to boost productivity. As these technologies transform operational landscapes, governance frameworks will need to evolve to manage collaborative partnerships and ensure that third-party providers like Nvidia adhere to industry-specific standards. By proactively addressing these challenges, leaders in AI governance can ensure that the integration of generative AI aligns with governance frameworks and enhances trust in financial systems.

The Rise of AI-Driven Fraud

The US Treasury Department’s Financial Crimes Enforcement Network (FinCEN) has issued a critical alert highlighting the escalating risk of deepfake technology in financial fraud. This warning underscores the sophistication of AI-generated deepfakes and their misuse in targeting banks and credit unions. Deepfakes, which create hyper-realistic audio or visual content, are being used to manipulate identity verification processes. Fraudsters employ these techniques to forge identity documents, create synthetic identities by combining fake images with stolen data, and mimic voices during phone transactions. These methods enable criminals to bypass traditional security measures and commit financial crimes.

FinCEN reports a notable rise in suspicious activity linked to deepfake fraud, signalling an urgent need for financial institutions to act. Recommended strategies include enhanced due diligence, such as scrutinising customer identity documents for inconsistencies, monitoring for red flags like unusual geographic access patterns, and training staff to identify potential deepfake threats. For leaders in AI governance, this alert highlights the importance of proactive measures. Financial institutions must invest in detection technologies, update security protocols to address AI-driven fraud, and educate both staff and customers alike. Through enhanced vigilance and innovation, banks can strengthen defences against deepfake fraud, preserving trust and system integrity.

Unpacking the EU’s AI Code of Practice

The EU is making progress in developing a General-Purpose AI (GPAI) Code of Practice. A cornerstone of the AI Act, the Code is aimed at fostering ethical, transparent, and responsible AI use by providing a governance framework for AI models, particularly those with systemic risks. The process began with a consultation phase in July 2024, drawing nearly 430 submissions from industry leaders, academics, and civil society. This broad engagement underscores the EU’s commitment to inclusivity in addressing the challenges of AI governance. In September 2024, the European Commission appointed 13 experts to lead drafting efforts, organising them into four pillars focused on transparency, risk assessment, mitigation, and governance. A plenary session later that month brought together nearly 1,000 stakeholders to align objectives and timelines.

The Code will undergo iterative development, with stakeholders contributing feedback through mid-2025. Its provisions will focus on ensuring transparency, addressing systemic risks, mitigating bias, and aligning AI use with governance standards. Small and medium-sized enterprises will also be offered simplified compliance pathways to foster participation without undue burden. Finalisation is expected by May 2025, with implementation set to begin by August. The EU’s AI Office will oversee compliance and regularly update the Code to accommodate evolving technologies and global standards. Positioned as a global benchmark, the GPAI Code is a key step toward harmonising AI innovation with regulatory standards.

While the Code primarily targets developers of AI models, banks and financial institutions are impacted due to their reliance on such systems to power AI applications. Banks often fine-tune or deploy general-purpose AI models, and the Code’s requirements for accountability will indirectly influence how these systems are used downstream. In this article, I'll provide an overview of the Code and discuss governance considerations. I'll also highlight its relationship to existing regulation and outline the challenges and opportunities it presents to banks and financial institutions.

To continue reading this article, subscribe for full access on Substack today.

Leadership Takeaways

• The GPAI Code of Practice is built around transparency, risk assessment, technical risk mitigation, and governance mechanisms.
• Detailed documentation of AI functionality, training data, and intended uses is central to ensure accountability and user trust.
• Compliance measures will scale with the complexity of the AI system, easing the burden on small and medium-sized enterprises.
• The Code prioritises identifying and mitigating systemic risks, such as algorithmic bias and cascading failures.
• AI developers must implement technical measures to prevent issues like misclassification and operational disruptions.
• Provisions for incident reporting, whistleblower protections, and public transparency aim to strengthen accountability.
• The Code embeds fairness and inclusivity in AI design, requiring bias audits and measures to prevent discrimination.
• Positioned as a global benchmark, the Code will likely influence international AI governance standards.
• Although targeting AI developers, the Code is relevant to downstream industries that rely on general-purpose AI models.
• The Code will undergo continuous updates to align with emerging technologies and evolving global standards.
• Finalisation is expected by May 2025, with implementation beginning in August 2025, providing time for organisations to align with the requirements.

That's it for this week's edition of Banking on AI Governance. Subscribe now, and if you like what you read today, please like and share it with your network to help me reach a wider audience. Have a good day, a great week, and I'll see you again soon.