Tom Curry

Federal banking regulators are taking a closer look at artificial intelligence, largely driven by the financial industry’s expanding use of AI.  

On March 29, the Federal Reserve Board, the Consumer Financial Protection Bureau, the Federal Deposit Insurance Corp., the National Credit Union Administration and the Office of the Comptroller of the Currency announced a request for information in what can be viewed as both an attempt to better understand AI’s use and a signal of the first step towards formal rulemaking and greater regulatory scrutiny during the examination and supervision process. 

Generally, AI’s risks are similar to those posed by any process, tool or model that may result in operational risks, including internal process or control weaknesses, cybersecurity threats, information technology breakdowns, third party risk and model risk. AI can also create or magnify consumer compliance risks in the areas of unlawful discrimination, unfair, deceptive or abusive acts or practices, and personal privacy. Comments on the RFI’s specific request may lead to further information gathering, the development of new supervisory policies or formal regulation. 

Kate Henry

Potential Benefits, Potential Pitfalls 

The RFI’s purpose is multifold, but the agencies are primarily seeking to better understand the financial industry’s use of AI, including machine learning, and the challenges in developing, adopting, and managing AI. From a regulatory standpoint, the agencies are seeking information as to the level of governance, risk management, and control financial institutions have placed over AI, and whether any supervisory policy clarifications would be appropriate.  

The RFI initially cites the benefits of AI and its potential for greater efficiency, enhanced performance and cost reduction for financial institutions, especially in regulatory compliance areas. Potential consumer and business advantages include more accurate, lower-cost and faster underwriting as well as greater customization of products and services. Consumers and small businesses may have greater access to credit that was not possible under traditional credit underwriting. 

However, the bulk of the RFI focuses on the potential prudential and consumer compliance risks posed by AI. The RFI’s specific request for comments center on areas of explainability, broader or more intensive data usage and dynamic updating. 

Armand J. Santaniello

“Explainability” refers to the ability of financial institutions to understand and explain the means through which AI processes information and generates results. A lack of explainability presents a number of risks to financial institutions, including an inability to ensure the soundness of an AI process that could create an unknown or otherwise preventable risk from occurring. The concept of explainability is not new. The OCC and the Federal Reserve Board have long required banks to validate significant internal models, particularly internal capital models.   

The RFI also underscores the importance of data usage in the implementation of AI in the financial industry. Here, the banking regulators have essentially raised a “garbage in, garbage out” concern. They explain that, because AI processes depend heavily on the integrity of the data sets provided, AI processes would also reflect any inherent deficiencies in those given data sets, which could amplify the data inaccuracies and perpetuate incorrect conclusions. As such, the RFI underscores the importance of understanding deficiencies in data sets, and elicits comment regarding the financial industry’s processes and procedures to safeguard against the perpetuation of errors within data sets. 

Can Regulators Keep Up? 

Dynamic updating is the process by which AI continuously evolves as it captures new training data and incorporates newly “learned” patterns into its processing components. This unique characteristic of some AI technologies could make it difficult to track, verify and review AI processes and procedures to ensure that they are functioning correctly and accurately. The potential concern is that AI may inappropriately process new data and incorporate bias into its learning processes. The RFI solicits comment from industry participants to understand certain safeguards that could be developed and implemented to ensure that dynamic updating could be managed effectively. 

Key players in the financial industry have generally seen the RFI as a promising next step in the modernization of the financial industry, and the use of technology in the furthered improvement of certain financial tools. On April 22, several prominent trade associations commented on the RFI, expressing support for regulators in the effort to further understand the use of AI in the financial services industry and reiterating “the significance of the topic” alongside “the complex technical nature of the information requested.” 

As various stakeholders continue to consider the questions posed by the RFI, the financial services industry will undoubtedly continue to look for ways to incorporate AI, machine learning and other technological advantages to increase access to the efficiency of financial services. The question is whether these five agencies will be able to keep pace and successfully adapt the regulatory framework to address AI’s potential shortcomings.   

Thomas J. Curry is a partner in Nutter’s corporate and transactions department. Kate Henry and Armand J. Santaniello are associates in Nutter’s corporate and transactions department. Curry is former U.S. comptroller of the currency and all are members of the firm’s banking and financial services group.