Key Points:
- Existing financial regulations indirectly apply to artificial intelligence (AI) in the financial services industry.
- The European Commission issued the proposed Artificial Intelligence Act (AI Act) in April 2021.
- The AI Act takes a risk-based approach to AI regulation, categorizing AI systems into prohibited uses, high-risk systems, transparent AI applications, and everything else.
- The financial services sector falls into a gray area in the AI Act, leaving room for interpretation.
- Governance and compliance requirements, penalties for non-compliance, and the role of national authorities are outlined in the AI Act.
- The AI Act could become a blueprint for AI regulations worldwide, but challenges remain in defining AI and implementing a regulatory framework.
Is artificial intelligence (AI) currently regulated in the financial services industry? “No” tends to be the intuitive reply. However, a deeper look reveals that bits and pieces of existing financial regulations implicitly or explicitly apply to AI. These include the treatment of automated decisions in GDPR, algorithmic trading in MiFID II, algorithm governance in RTS 6, and provisions of various cloud regulations.
While these statutes are forward-looking, they were written before the recent explosion in AI capabilities and adoption. Discussions about AI-specific regulations have been ongoing, and various bodies have published white papers and guidance, but no official regulations have been implemented.
In April 2021, the European Commission issued its proposed Artificial Intelligence Act (AI Act) which applies to all sectors. The act takes a risk-based approach to AI regulation, categorizing AI systems into prohibited uses, high-risk systems, transparent AI applications, and everything else. However, the financial services sector falls into a gray area in the act’s list of sensitive industries.
Governance and compliance requirements, penalties for non-compliance, and the role of national authorities are outlined in the AI Act. The act also introduces a detailed, comprehensive governance framework, including the establishment of the European Artificial Intelligence Board to oversee national authorities. The act aligns with GDPR and MiFID II in terms of penalties for non-compliance.
While the AI Act could become a blueprint for AI regulations worldwide, challenges remain. The act’s definition of AI is overly broad and could capture any business software, and the proposed regulatory framework may not be optimal. Interpretation and implementation will be crucial at the industry level, and consistent guidance across EU member countries is necessary.
Despite these challenges, AI regulation is expected to have a positive impact on the financial services sector by providing clarity and addressing pressing challenges.