Key Challenges of Regulating AI
Alec Crawford Founder & CEO of Artificial Intelligence Risk, Inc.
The rapid evolution of Artificial Intelligence (AI) within the financial sector, particularly with Generative AI (Gen AI) and large language models (LLMs), necessitates a comprehensive regulatory framework. Recognizing the transformative potential and widespread adoption of AI technologies, it is clear that existing regulations are often inadequate to manage the complexities these technologies introduce. In some cases, AI agents may need to be treated more like employees than computer programs. Our forthcoming white paper, recently submitted to the Office of the Comptroller of the Currency, advocates for a principles-based approach that is adaptable across all financial institutions and sustainable as AI continues to evolve. The goal is to foster innovation while ensuring consumer protection and financial stability.
Risks and Challenges of Gen AI in Financial Services
The integration of Gen AI into financial services brings both opportunities and challenges. Key risks include:
Data Privacy Breaches: Gen AI's need for large datasets heightens the risk of data breaches. Robust data protection measures and compliance with regulations like GDPR are critical.
Biases in AI Decision-Making: AI models can perpetuate biases from historical data. Addressing this requires diverse datasets, regular audits, and explainable AI (XAI) to ensure transparency and accountability.
Need for Robust Risk Management Frameworks: Comprehensive data governance, transparency, continuous monitoring, and collaboration with regulators are vital. Institutions must adopt AI GRCC platforms to manage these risks effectively.
The exhibit below looks at near-term and longer-term risks. A comprehensive regulatory framework needs to encourage addressing long-term as well as near-term risks.
Exhibit: Sample Risk Tiering Analysis for AI
Key Considerations: AI Responsibility, Resources, and Reporting
Responsibility: Oversight of AI governance should rest with the Board and senior executives, possibly supported by a Chief AI Officer (CAIO). They must ensure alignment of AI strategies with ethical standards and manage potential conflicts of interest.
Resources: Institutions must allocate sufficient resources to manage AI risks, involving not just technologists but also risk, compliance, and ethics experts.
Reporting: Regular reporting of AI activities to senior management and the Board is essential. Institutions must ensure adherence to ethical guidelines and policies as AI systems evolve, treating AI agents increasingly like employees.
AI Regulation Should Be Principles-Based
In an upcoming white paper, we lay out a principles-based approach to regulate AI with transparent operations, fair and ethical practices, secure and private systems, reliable performance, and risk ranking and mitigation among the key principles. The non-deterministic nature of Gen AI creates brand new model evaluation challenges.
A principals-based approach is critical because regulations will need to deal with financial institutions across the spectrum:
Tiny community to giant global banks.
Those with modest adoption of AI all the way to early adopters that treat AI agents as “employees”
Financial institutions employing AI in “low risk” versus “high risk” activities.
Clearly, a single set of rules will simply not work.
Nevertheless, one of our key recommendations is the establishment of centralized control and monitoring for AI applications within financial institutions. This involves developing or buying an AI governance, risk, compliance, and cybersecurity (AI GRCC) platform, akin to an operating system for AI. This platform will centralize management of AI models, providing flexibility in creating AI tools, allocating resources, and ensuring regulatory compliance. Centralized oversight will help manage emerging risks effectively.
Conclusion
While Generative AI offers significant benefits, it also poses complex risks requiring diligent management. By implementing comprehensive risk management frameworks aligning with regulatory principles and best practices, and fostering AI literacy, financial institutions can responsibly harness AI's power, protecting themselves, their customers, and the financial system.
Copyright © 2025 Artificial Intelligence Risk, Inc.
Comments