The Board of the International Organization of Securities Commissions (IOSCO) published the report that sets out final guidance to help its members regulate and supervise the use of artificial intelligence and machine learning by market intermediaries and asset managers. IOSCO had proposed the guidance in June 2020. The guidance consists of six measures that seek to ensure that market intermediaries and asset managers have appropriate governance, controls, and oversight frameworks over the development, testing, use, and performance monitoring of artificial intelligence and machine learning.
The guidance consists of the following six measures:
- Regulators should consider requiring firms to have designated senior management responsible for the oversight of the development, testing, deployment, monitoring, and controls of artificial intelligence and machine learning. This includes a documented internal governance framework, with clear lines of accountability.
- Regulators should require firms to adequately test and monitor the algorithms to validate the results of an artificial intelligence and machine learning technique on a continuous basis. The testing should be conducted in an environment that is segregated from the live environment prior to deployment.
- Regulators should require firms to have adequate skills, expertise, and experience to develop, test, deploy, monitor, and oversee the controls over artificial intelligence and machine learning that the firm utilizes. Compliance and risk management functions should be able to understand and challenge the algorithms that are produced and conduct due diligence on any third-party provider, including on the level of knowledge, expertise, and experience present.
- Regulators should require firms to understand their reliance and manage their relationship with third-party providers, including monitoring their performance and conducting oversight. To ensure adequate accountability, firms should have a clear service-level agreement and contract in place clarifying the scope of the outsourced functions and the responsibility of the service provider.
- Regulators should consider the level of disclosure of the use of artificial intelligence and machine learning that is required by firms. Regulators should consider requiring firms to disclose meaningful information to customers and clients—about their use of artificial intelligence and machine learning—that impact client outcomes. Regulators should consider what type of information they may require from firms using artificial intelligence and machine learning to ensure that they can have appropriate oversight of those firms.
- Regulators should consider requiring firms to have appropriate controls in place to ensure that the data that the performance of the artificial intelligence and machine learning is dependent on is of sufficient quality to prevent biases and sufficiently broad for a well-founded application of artificial intelligence and machine learning.
Annexes to the report describe how regulators are addressing the challenges created by artificial intelligence and machine learning and the guidance issued by supranational bodies in this area. IOSCO members are encouraged to consider these measures carefully in the context of their legal and regulatory framework. The use of artificial intelligence and machine learning will likely increase as the technology advances, with the regulatory framework evolving in tandem to address the associated emerging risks. Going forward, IOSCO may review the report, including its definitions and guidance, to ensure that it remains up-to-date.
Keywords: International, Banking, Securities, Artificial Intelligence, Machine Learning, Fintech, Regtech, Governance, ESG, Big Data, Disclosures, IOSCO
Previous ArticleAPRA Survey Reveals Some Entities Find Regulatory Burden Too High
The Australian Prudential Regulation Authority (APRA) has published the findings of its latest climate risk self-assessment survey conducted across the banking, insurance, and superannuation industries.
The French Prudential Supervisory Authority (ACPR) published a notice related to the methods for calculating and publishing prudential ratios under the Capital Requirements Directive (CRD IV) and the minimum requirement for own funds and eligible liabilities (MREL).
The European Insurance and Occupational Pension Authority (EIOPA) published the risk dashboard based on Solvency II data and the final version of the application guidance on climate change materiality assessments and climate change scenarios in the Own Risk and Solvency Assessment (ORSA).
The European Banking Authority (EBA) and the European Central Bank (ECB) published their responses to the consultations of the International Sustainability Standards Board (ISSB) and the European Financial Reporting Advisory Group (EFRAG) on sustainability-related disclosure standards.
A Consultative Group on Risk Management (CGRM) at the Bank for International Settlements (BIS) published a report that examines incorporation of climate risks into the international reserve management framework.
The European Banking Authority (EBA) published the final guidelines on liquidity requirements exemption for investment firms, updated version of its 5.2 filing rules document for supervisory reporting, and Single Rulebook Question and Answer (Q&A) updates in July 2022.
The European Insurance and Occupational Pensions Authority (EIOPA) published Version 2.8.0 of the Solvency II data point model (DPM) and XBRL taxonomy.
The European Union published, in the Official Journal of the European Union, an opinion from the European Economic and Social Committee (EESC); the opinion is on the proposal for a regulation to amend the Capital Requirements Regulation (CRR).
HM Treasury published a draft statutory instrument titled “The Financial Services (Miscellaneous Amendments) (EU Exit) Regulations 2022,” along with the related explanatory memorandum and impact assessment.
The Australian Prudential Regulation Authority (APRA) is seeking comments, until October 21, 2022, on the introduction of CPS 230, which is the new cross-industry prudential standard on operational risk management.