Featured Product

    BaFin Issues Principles on Use of Big Data & Artificial Intelligence

    June 15, 2021

    BaFin published supervisory principles for the use of algorithms in the decision-making process of financial institutions. The principles are intended to promote responsible use of big data and artificial intelligence and facilitate control of the associated risks. The principles constitute preliminary ideas for minimum supervisory requirements related to the use of artificial intelligence and form the basis for discussions with various stakeholders. These principles can serve as guidance for entities under the supervision of BaFin. Additionally, BaFin and Bundesbank aim to publish a discussion paper by mid-July on the use of machine learning in Pillar 1 and Pillar 2 models; the focus will be on models that must be granted regulatory approval in the context of solvency supervision or models that are subject to prudential review.

    To formulate the principles as precisely as possible, an algorithm-based decision-making process has been broken down into two phases—development and application. The development phase examines how the algorithm is selected, calibrated, and validated. For instance, principles for the development phase relate to the relevant data strategy as well as documentation to ensure clarity for both internal and external parties. In the application phase, the results of an algorithm must be interpreted and included in the decision-making process. This can either be done automatically or by involving experts. A functioning mechanism comprising elements such as sufficient checks and feedback loops for the development phase must be established in all cases. Aside from these two phases, certain overarching principles are important for the creation and application of the algorithm and these include:

    • Clear management responsibility. Senior management must have sufficient technical expertise. Also, reporting lines and reporting formats must be structured to ensure that communication is risk-appropriate and geared to the specific requirements of the target audience, from the modeler right up to senior management. Moreover, the business-wide strategy for using algorithm-based decision-making processes should be reflected in the IT strategy. There must also be staff with the necessary technical knowledge in the independent control functions.
    • Appropriate risk and outsourcing management. Senior management is responsible for establishing a risk management system that has been adapted for the use of algorithm based decision-making processes. If applications are used by a service provider, senior management must also set up an effective outsourcing management system. Responsibility, reporting, and monitoring structures must be set out clearly within this context. Measures to minimize cyber-security risks should also be adapted if required and the complexity and data dependency of the algorithm must be considered.
    • Prevention of bias. Bias must be prevented to be able to reach business decisions that are not based on systematically distorted results, to rule out bias-based systematic discrimination of certain groups of customers, and to rule out any resulting reputational risks. This is a key principle since such biases may occur from the development of the process to its application. 
    • Ruling out of types of differentiation prohibited by law. In case of certain financial services, the law stipulates that certain characteristics may not be considered for differentiation purposes—that is, to calculate risk and prices. If conditions are systematically set out on the basis of such characteristics, there is a risk of discrimination. Such a risk also exists if these characteristics are replaced with an approximation. This would be associated with increased reputational risks and, in some cases, legal risks. In certain circumstances, BaFin might consider it necessary to take measures to address violations of statutory provisions. Companies should, therefore, establish (statistical) verification processes to rule out discrimination.

    These principles represent a milestone in the efforts of BaFin and Bundesbank to create legal and application certainty for the responsible use of big data and artificial intelligence in the financial sector. 


    Related Links

    Keywords: Europe, Germany, Banking, Big Data, Artificial Intelligence, Supervisory Principles, Cyber Risk, Algorithms, Outsourcing, Pillar 1, Pillar 2, Regtech, BaFin

    Related Articles

    ESAs Issue Multiple Regulatory Updates for Financial Sector Entities

    The three European Supervisory Authorities (ESAs) issued a letter to inform about delay in the Sustainable Finance Disclosure Regulation (SFDR) mandate, along with a Call for Evidence on greenwashing practices.

    November 15, 2022 WebPage Regulatory News

    FSB and NGFS Publish Initial Findings from Climate Scenario Analyses

    The Financial Stability Board (FSB) and the Network for Greening the Financial System (NGFS) published a joint report that outlines the initial findings from climate scenario analyses undertaken by financial authorities to assess climate-related financial risks.

    November 15, 2022 WebPage Regulatory News

    FSB Issues Reports on NBFI and Liquidity in Government Bonds

    The Financial Stability Board (FSB) published a letter intended for the G20 leaders, highlighting the work that it will undertake under the Indian G20 Presidency in 2023 to strengthen resilience of the financial system.

    November 14, 2022 WebPage Regulatory News

    ISSB Makes Announcements at COP27; IASB to Propose IFRS 9 Amendments

    The International Sustainability Standards Board (ISSB) of the IFRS Foundations made several announcements at COP27 and with respect to its work on the sustainability standards.

    November 10, 2022 WebPage Regulatory News

    IOSCO Prioritizes Green Disclosures, Greenwashing, and Carbon Markets

    The International Organization for Securities Commissions (IOSCO), at COP27, outlined the regulatory priorities for sustainability disclosures, mitigation of greenwashing, and promotion of integrity in carbon markets.

    November 09, 2022 WebPage Regulatory News

    EBA Finalizes Methodology for Stress Tests, Issues Other Updates

    The European Banking Authority (EBA) issued a statement in the context of COP27, clarified the operationalization of intermediate EU parent undertakings (IPUs) of third-country groups

    November 09, 2022 WebPage Regulatory News

    EU Finalizes Rules Under Crowdfunding Service Providers Regulation

    The European Union has finalized and published, in the Official Journal of the European Union, a set of 13 Delegated and Implementing Regulations applicable to the European crowdfunding service providers.

    November 08, 2022 WebPage Regulatory News

    OSFI Sets Out Work Priorities and Reporting Updates for Banks

    The Office of the Superintendent of Financial Institutions (OSFI) published an annual report on its activities, a report on forward-looking work.

    November 07, 2022 WebPage Regulatory News

    APRA Finalizes Changes to Capital Framework, Issues Other Updates

    The Australian Prudential Regulation Authority (APRA) finalized amendments to the capital framework, announced a review of the prudential framework for groups.

    November 03, 2022 WebPage Regulatory News

    BIS Hub and Central Banks Conduct CBDC and DeFI Pilots

    The Bank for International Settlements (BIS) Innovation Hubs and several central banks are working together on various central bank digital currency (CBDC) pilots.

    November 03, 2022 WebPage Regulatory News
    RESULTS 1 - 10 OF 8596