The Board of the International Organization of Securities Commissions (IOSCO) published the report that sets out final guidance to help its members regulate and supervise the use of artificial intelligence and machine learning by market intermediaries and asset managers. IOSCO had proposed the guidance in June 2020. The guidance consists of six measures that seek to ensure that market intermediaries and asset managers have appropriate governance, controls, and oversight frameworks over the development, testing, use, and performance monitoring of artificial intelligence and machine learning.
The guidance consists of the following six measures:
- Regulators should consider requiring firms to have designated senior management responsible for the oversight of the development, testing, deployment, monitoring, and controls of artificial intelligence and machine learning. This includes a documented internal governance framework, with clear lines of accountability.
- Regulators should require firms to adequately test and monitor the algorithms to validate the results of an artificial intelligence and machine learning technique on a continuous basis. The testing should be conducted in an environment that is segregated from the live environment prior to deployment.
- Regulators should require firms to have adequate skills, expertise, and experience to develop, test, deploy, monitor, and oversee the controls over artificial intelligence and machine learning that the firm utilizes. Compliance and risk management functions should be able to understand and challenge the algorithms that are produced and conduct due diligence on any third-party provider, including on the level of knowledge, expertise, and experience present.
- Regulators should require firms to understand their reliance and manage their relationship with third-party providers, including monitoring their performance and conducting oversight. To ensure adequate accountability, firms should have a clear service-level agreement and contract in place clarifying the scope of the outsourced functions and the responsibility of the service provider.
- Regulators should consider the level of disclosure of the use of artificial intelligence and machine learning that is required by firms. Regulators should consider requiring firms to disclose meaningful information to customers and clients—about their use of artificial intelligence and machine learning—that impact client outcomes. Regulators should consider what type of information they may require from firms using artificial intelligence and machine learning to ensure that they can have appropriate oversight of those firms.
- Regulators should consider requiring firms to have appropriate controls in place to ensure that the data that the performance of the artificial intelligence and machine learning is dependent on is of sufficient quality to prevent biases and sufficiently broad for a well-founded application of artificial intelligence and machine learning.
Annexes to the report describe how regulators are addressing the challenges created by artificial intelligence and machine learning and the guidance issued by supranational bodies in this area. IOSCO members are encouraged to consider these measures carefully in the context of their legal and regulatory framework. The use of artificial intelligence and machine learning will likely increase as the technology advances, with the regulatory framework evolving in tandem to address the associated emerging risks. Going forward, IOSCO may review the report, including its definitions and guidance, to ensure that it remains up-to-date.
Keywords: International, Banking, Securities, Artificial Intelligence, Machine Learning, Fintech, Regtech, Governance, ESG, Big Data, Disclosures, IOSCO
Previous ArticleAPRA Survey Reveals Some Entities Find Regulatory Burden Too High
The Board of Governors of the Federal Reserve System (FED) published the final rule that amends Regulation I to reduce the quarterly reporting burden for member banks by automating the application process for adjusting their subscriptions to the Federal Reserve Bank capital stock, except in the context of mergers.
The European Banking Authority (EBA) published its assessment of risks through the quarterly Risk Dashboard and the results of the Autumn edition of the Risk Assessment Questionnaire (RAQ).
The Malta Financial Services Authority (MFSA) updated the guidelines on supervisory reporting requirements under the reporting framework 3.0.
The Hong Kong Monetary Authority (HKMA) published a circular, along with the reporting form and instructions, for self-assessment, by authorized institutions, of compliance with the Code of Banking Practice 2021.
The Financial Conduct Authority (FCA) decided to register European DataWarehouse Ltd and SecRep Limited as securitization repositories under the UK Securitization Regulation, with effect from January 17, 2022.
The European Commission (EC) published the Delegated Regulation 2022/25, which supplements the Investment Firms Regulation (IFR or Regulation 2019/2033) with respect to the regulatory technical standards specifying the methods for measuring the K-factors referred to in Article 15 of the IFR.
The Bank of International Settlements (BIS) published a paper that assesses the ways in which platform-based business models can affect financial inclusion, competition, financial stability and consumer protection.
The Central Bank of Egypt (CBE) published a circular with instructions on emergency liquidity assistance to banks that are unable to meet their liquidity requirements.
The European Supervisory Authorities (ESAs) published the list of identified financial conglomerates for 2021.
The Australian Prudential Regulation Authority (APRA) updated the list of authorized deposit-taking institutions, granting license to Barclays Bank PLC and Crédit Agricole Corporate and Investment Bank to operate as foreign authorized deposit-taking institutions under the Banking Act 1959.