Responsible AI in financial services

There are three key reasons why organizations need to implement Responsible AI:

1. Regulation

The regulatory landscape surrounding AI is rapidly evolving. Organizations need to comply with emerging regulations or face significant legal penalties, fines and sanctions. The most significant regulation to date is the EU AI Act. Non-compliance can result in fines of up to €35m or 7% of global turnover.

2. Reputation

Customers place a high value on fairness and transparency. AI failures, such as data misuse, algorithmic discrimination or unethical AI practices leading to societal harm can erode trust, damage an organization’s reputation and lead to commercial losses.

3. Realization

Responsible AI isn’t just about mitigating risk – it enables organizations to realize value. There’s a close relationship between highly trusted and high-performing technologies. Beyond enhancing trust and reducing risks, AI technology can improve decision-making, operational efficiency and customer satisfaction, and support long-term growth through innovation.

Yet many financial services organizations lack control over the deployment of AI and are finding it challenging to assess the risks from their AI systems in a changing regulatory environment. Many organizations have also recognized a growing need to upskill their employees in AI.

The European Commission’s EU AI Act is now in effect. It puts the EU at the forefront of AI regulation and innovation, and aims to unify rules for the development, market placement, and use and adoption of AI, while addressing associated risks. It also introduces a risk classification system for AI.

Most financial services organizations using AI will likely be in the “General Purpose AI” (posing systemic risk) category. This covers any AI system trained with large amounts of data using self-supervision at scale. Systems capable of competently performing a wide range of tasks can pose risks that may have significant negative impact on public health, safety, security, fundamental rights, or society as a whole.

Any financial services organization that uses AI must meet mandatory requirements for risk management, data governance, human oversight and more. Actions required include:

• Creating an inventory of all AI systems developed or deployed and embedding compliance in all functions responsible for these systems.
• Assessing and categorizing the in-scope AI systems to determine their risk classification and identify what compliance requirements apply.
• Embedding compliance in all functions responsible for the AI systems along the value chain throughout their lifecycle.
• Developing and executing a plan to ensure that the appropriate accountability and governance frameworks, risk management and control systems, quality management, monitoring, and documentation are in place.