IOSCO Issues Guidance on Artificial Intelligence and Machine Learning

The guidance consists of the following six measures:

• Regulators should consider requiring firms to have designated senior management responsible for the oversight of the development, testing, deployment, monitoring, and controls of artificial intelligence and machine learning. This includes a documented internal governance framework, with clear lines of accountability.
• Regulators should require firms to adequately test and monitor the algorithms to validate the results of an artificial intelligence and machine learning technique on a continuous basis. The testing should be conducted in an environment that is segregated from the live environment prior to deployment.
• Regulators should require firms to have adequate skills, expertise, and experience to develop, test, deploy, monitor, and oversee the controls over artificial intelligence and machine learning that the firm utilizes. Compliance and risk management functions should be able to understand and challenge the algorithms that are produced and conduct due diligence on any third-party provider, including on the level of knowledge, expertise, and experience present.
• Regulators should require firms to understand their reliance and manage their relationship with third-party providers, including monitoring their performance and conducting oversight. To ensure adequate accountability, firms should have a clear service-level agreement and contract in place clarifying the scope of the outsourced functions and the responsibility of the service provider.
• Regulators should consider the level of disclosure of the use of artificial intelligence and machine learning that is required by firms. Regulators should consider requiring firms to disclose meaningful information to customers and clients—about their use of artificial intelligence and machine learning—that impact client outcomes. Regulators should consider what type of information they may require from firms using artificial intelligence and machine learning to ensure that they can have appropriate oversight of those firms.
• Regulators should consider requiring firms to have appropriate controls in place to ensure that the data that the performance of the artificial intelligence and machine learning is dependent on is of sufficient quality to prevent biases and sufficiently broad for a well-founded application of artificial intelligence and machine learning.

Annexes to the report describe how regulators are addressing the challenges created by artificial intelligence and machine learning and the guidance issued by supranational bodies in this area. IOSCO members are encouraged to consider these measures carefully in the context of their legal and regulatory framework. The use of artificial intelligence and machine learning will likely increase as the technology advances, with the regulatory framework evolving in tandem to address the associated emerging risks. Going forward, IOSCO may review the report, including its definitions and guidance, to ensure that it remains up-to-date.

Related Links

• Press Release (PDF)
• Report (PDF)

Keywords: International, Banking, Securities, Artificial Intelligence, Machine Learning, Fintech, Regtech, Governance, ESG, Big Data, Disclosures, IOSCO