ACPR published a discussion paper on the governance of artificial intelligence in finance. In this paper, ACPR has proposed four principles for evaluating artificial intelligence algorithms and tools—namely, data management, performance, stability, and explainability. ACPR also recommends the governance concerns that need to be taken into account, as early as the design phase of an algorithm. These concerns involve the integration of artificial intelligence into traditional business processes; the impact of this integration on internal controls; the relevance of outsourcing (partially or fully) the design or maintenance phases; and the internal and external audit functions. The comment period for this discussion paper ends on September 04, 2020.
The governance of artificial intelligence algorithms requires careful consideration of the validation of each decision-making process. The regulatory compliance and the performance objectives of these algorithms are only achievable through a certain level of explainability and traceability. In the discussion paper, ACPR recommends focus on the following aspects of governance concerns:
- Integration of artificial intelligence into business processes. This involves ascertaining whether the artificial intelligence component fulfills a critical function, by dint of its operational role or of the associated compliance risk and whether the engineering process follows a well-defined methodology throughout the machine learning lifecycle (from algorithmic design to monitoring in production), in the sense of reproducibility, quality assurance, architectural design, auditability, and automation.
- Human-algorithm interactions. Those can require a particular kind of explainability, intended either for internal operators who need to confirm or reject an algorithm’s output, or for customers who are entitled to understand the decisions impacting them or the commercial offers made to them. Besides, processes involving artificial intelligence often leave room for human intervention, which is beneficial or even necessary, but also bears new risks. Such new risks include the introduction of biases into the explanation of an 4 algorithm’s output, or a stronger feeling of engaging one’s responsibility when contradicting the algorithm than when confirming its decisions.
- Security and outsourcing. Machine learning models are exposed to new kinds of attacks. Furthermore, strategies such as development outsourcing, skills outsourcing, and external hosting should undergo careful risk assessment. More generally, third-party risks should be evaluated.
- Initial and continuous validation process. This process must often be re-examined when designing an artificial intelligence algorithm intended for augmenting or altering an existing process. For instance, the governance framework applicable to a business line may in some cases be maintained, while, in other cases, it will have to be updated before putting the artificial intelligence component into production. Continuous validation process. The continuous monitoring of machine learning algorithm, for instance, requires technical expertise and machine-learning-specific tools to ensure the aforementioned principles are followed over time (appropriate data management, predictive accuracy, stability, and availability of valid explanations).
- Audit. For internal and external audits of artificial-intelligence-based systems in finance, exploratory work led by the ACPR suggests adopting a dual approach. The first facet combines analysis of the source code and data with methods for documenting artificial intelligence algorithms, predictive, models and datasets. The second facet leverages methods providing explanation for an individual decision or for the overall behavior of the algorithm; it also relies on two techniques for testing an algorithm as a black box: challenger models (to compare against the model under test) and benchmarking datasets, both curated by the auditor.
Comment Due Date: September 04, 2020
Keywords: Europe, France, Banking, Insurance, Governance, Artificial Intelligence, Fintech, Machine Learning, Regtech, Outsourcing Arrangements, ACPR
Previous ArticleACPR Publishes Version 2.1.0 of the CREDITHAB Taxonomy
The European Commission (EC) published the Delegated Regulation 2022/786 with regard to the liquidity coverage requirements for credit institutions under the Capital Requirements Regulation (CRR).
The European Banking Authority (EBA) published the final draft regulatory technical standards specifying the criteria to identify shadow banking entities for the purposes of reporting large exposures.
The European Insurance and Occupational Pensions Authority (EIOPA) published a report assessing insurers' exposure to physical climate change risks
The Network for Greening the Financial System (NGFS) published two reports to aid central banks and regulators in their oversight of the financial sector and in their central bank operations
The European Commission (EC) published the results of a public consultation, held in October 2021, on the review of the Web Accessibility Directive.
The Monetary Authority of Singapore (MAS) and the SC-STS are jointly consulting, until June 10, 2022, on setting adjustment spreads for the conversion of legacy SOR contracts to SORA reference rate.
The Office of the Superintendent of Financial Institutions (OSFI) published the strategic plan for 2022-2025 and the departmental plan for 2022-23.
The European Banking Authority (EBA) is consulting, until August 31, 2022, on the draft implementing technical standards specifying requirements for the information that sellers of non-performing loans (NPLs) shall provide to prospective buyers.
The European Council and the Parliament reached an agreement on the revised Directive on security of network and information systems (NIS2 Directive).
The European Banking Authority (EBA) published the final draft regulatory technical standards specifying information that crowdfunding service providers shall provide to investors on the calculation of credit scores and prices of crowdfunding offers.