The Bank of England (BoE) published a paper on software validation and artificial intelligence in finance. The use of machine learning and artificial intelligence in finance poses growing risks for software validation to financial institutions, markets, and decision makers, making it a key priority for regulators. This paper discusses accepted software validation practices, highlights challenges to those practices introduced by artificial intelligence and potential solutions, and suggests areas of focus for developers when creating artificial intelligence-based solutions for the finance industry. The paper also discusses how practices may need to evolve to respond to these new challenges and is intended to inform policymakers and governance bodies, while also raising awareness among decision makers in financial institutions.
The paper concludes that the following key points should be borne in mind by financial institutions when developing artificial intelligence/machine learning solutions to support the provision of financial services:
- Machine learning software development is data-driven, making the technology hard to test conventionally, and the challenges are further exacerbated by end-to-end machine learning systems. Software validation may need to move from testing based on requirements to validation based on representative test datasets. These should include corner cases or tail event cases, representing scenarios not catered for by training datasets.
- Machine learning “black box” nature can make it impossible to interpret how decisions are made. Explainability techniques may help attribute which factors are most important in a decision making process, but this may not enable identifying which part of a big machine learning model framework is responsible for any undesirable model behavior. Entanglement can also mean inputs are not independent with complex interdependencies between machine learning components. Decomposing machine learning models into smaller parts to generate decisions can add clarity although such opportunities may diminish as machine learning architectures become more end-to-end.
- The characteristics of training datasets fundamentally influence machine learning model behavior, potentially replicating or amplifying dataset bias. Training datasets must be validated to ensure they are correct and representative, addressing outlier data elements and faulty labels. Datasets used for different purposes such as machine learning training, calibrating machine learning models or checking the accuracy of machine learning models should be free of common biases or flaws to ensure that they are fit for the specific use case that they are applied to. Emergent solutions exist to ensure that datasets are fit for purpose including: repeating data selection in a random way; formally documenting the composition, collection process, recommended uses, and inherent biases of datasets; development of methodologies to detect faulty or skewed datasets; and network graphs to visualize datasets and highlight data relationships graphically.
- Using parallel processing to support machine learning models can result in unintended or inconsistent outputs disruption if the ordering of computational steps and processing takes place out of sequence because of poor overall modeling framework. It is important that the machine learning models, particularly when there are interdependencies among components and different sub-models, have robust controls over the ordering of computation steps.
- Machine learning models are non-deterministic in nature. Some commentators have observed challenges associated with integrating non-deterministic machine learning models with software components that are deterministic/procedural in nature, when, for example, the output of an machine learning model changes qualitatively over time, due to re-calibration, impacting integrated software components.
The paper also provides, for consideration of the policy makers and firms’ governance bodies, a checklist for artificial intelligence software validation. The paper, however, does not focus much on application-specific challenges, which can be considered as a next step where more opinions from subject-matter experts can be incorporated. Similarly, as a next step, one can try to work on more application-specific financial regulations highlighting any gap in existing regulations in a more explicit manner. Machine learning, and artificial intelligence in general, can also help to automate a lot of the existing testing processes and may improve the existing capacity to test software, improving resilience. Therefore, creating the right framework for artificial intelligence software testing could yield wide-reaching benefits, with the appropriate regulatory focus.
Keywords: Europe, UK, Banking, Artificial Intelligence, Machine Learning, Regtech, Software Validation, Modeling Risk, Model Explainability, BoE
The Australian Prudential Regulation Authority (APRA) found that Heritage Bank Limited had incorrectly reported capital because of weaknesses in operational risk and compliance frameworks, although the bank did not breach minimum prudential capital ratios at any point and remains well-capitalized.
The Office of the Superintendent of Financial Institutions (OSFI) released the annual report for 2020-2021.
The Australian Prudential Regulation Authority (APRA) released the final Prudential Practice Guide on management of climate change financial risks (CPG 229) for banks, insurers, and superannuation trustees.
The European Banking Authority (EBA) Single Rulebook Question and Answer (Q&A) tool updates for this month include answers to 10 questions.
The European Commission (EC) has adopted a package of measures related to the Capital Markets Union.
The European Council adopted its position on two proposals that are part of the digital finance package adopted by the European Commission in September 2020, with one of the proposals involving the regulation on markets in crypto-assets (MiCA) and the other involving the Digital Operational Resilience Act (DORA).
The Prudential Regulation Authority (PRA) is proposing, via the consultation paper CP21/21, to apply group provisions in the Operational Resilience Part of the PRA Rulebook (relevant for the Capital Requirements Regulation or CRR firms) to holding companies.
The Board of Governors of the Federal Reserve System (FED) published a report that summarizes banking conditions in the United States, along with the supervisory and regulatory activities of FED.
The European Banking Authority (EBA) published the final report on draft regulatory technical standards for the calculation of risk-weighted exposure amounts of collective investment undertakings or CIUs, in line with the Capital Requirements Regulation (CRR).
The Australian Prudential Regulation Authority (APRA) recently completed two pilot initiatives in its 2020-2024 Cyber Security Strategy, which was published in November 2020.