[ad_1]
European Union (EU) legislation on Artificial Intelligence (AI) has confirmed the increasing diffusion and integration of AI into a wide range of activities across various sectors globally. This has underlined the need for AI adoption within technology-specific legislative and regulatory frameworks. This development becomes more important as AI finds its way into high-risk areas like finance. According to International Data Corporation, according to the forecast for 2022-26, the two industries that will emerge as the largest AI investors are banking and retail. Additionally, the McKinsey Global Institute estimates that GenAI (a subset of AI technologies) could add between $200–300 billion of value annually to the global banking sector, amounting to 2.8–4.7% of total industry revenues.
Globally, with the advent of LLM-led GenAI, banks are increasingly deploying AI in front-end operations, in addition to its application in back-end operations. In the Indian banking context, the FS AI Adoption Survey 2021 highlighted the four most implemented AI uses in banks: chat automation, fraud detection, AI virtual assistants and customer profiling and segmentation. The survey findings are confirmed by the Reserve Bank of India’s growing acceptance of AI. Its 2023-24 annual report outlines its agenda for 2024-25 to “enhance supervisory capabilities” in micro-data analysis using AI and machine learning. Apart from this, the Reserve Bank of India (RBI) is also exploring the possibility of incorporating AI in risk management.
Although there are many benefits of employing AI in banking operations, there are also risks in the use of AI in a sector as high-stakes and highly vulnerable as banking. The challenges posed by AI can be divided on the basis of programming, governance and cyber security.
With regard to programming, one of the most important concerns is “black box” algorithms. This means a lack of transparency in automated decision making. The process and elements taken into account by the model to reach a decision are hidden in confidentiality. Its opacity cannot be penetrated by the model developers themselves. This is worrying because AI will be employed in critical functions such as credit scoring, risk management or even fraud detection areas of banking operations. Another consequence of relying on AI-powered decision making is the tendency for bias in algorithms. As well as discrimination based on protected characteristics, a Council of Europe study has highlighted the potential for AI to lead to unfair discrimination, which falls outside the scope of existing laws. This includes the invention of news categories that may be based on an unfair criterion or criteria that indirectly discriminate against protected characteristics. As a result, for example, loan applications of individuals belonging to a particular group may be rejected. Where AI makes such errors, governance issues of accountability exist. Its autonomous nature creates complications in assigning responsibility for any misconduct or erroneous decision taken by it. With the opaqueness of the model, clear determination of the liability of the bank or developer is difficult without proper regulatory oversight.
Apart from the above risks, the most visible threat of unsupervised inclusion of AI is to the cyber security of the country. This threat can be represented in targeted and decentralized attacks. The targeted threat of AI is person-centric. It enables social engineering which includes deep spoofing, voice emulation, phishing etc. within its scope. This type of synthetic media manipulates individuals into disclosing sensitive information to fraudsters through deceptive, near-authentic communications. The disclosures could help bad actors gain unauthorized access to victims’ bank accounts and conduct fraudulent transactions. Whereas, the object of a decentralized AI-led attack is a financial institution. Specifically, GenAI can facilitate more sophisticated cyberattacks in the form of new malware code, corrupting the training data of AI models, and identifying vulnerabilities in an institution’s network through AI-based tools. Is, etc. With a complex, interdependent balance of banking systems, an AI-powered cyber attack on one institution could lead to a domino effect that could damage a country’s financial stability. Therefore, to protect the financial well-being of individuals, the use of AI in the banking sector should be promoted with regulatory measures.
While international research on the impact of AI on the financial sector, particularly banking, is growing, multilateral development is largely limited to the general use of AI, with the G7’s Hiroshima AI Process, the AI Convention and UN resolutions prominent. At the national level, countries such as Australia, Japan, and the United Kingdom rely on their existing regulatory frameworks to regulate AI operations in the banking sector. Notably, in the United States, a presidential executive order was issued to regulate the development of AI based on eight guiding principles, primarily focused on safety, security, consumer protection, and civil rights. The order orders executive agencies and departments to formulate guidelines or clarify existing rules to monitor the use of AI in the light of broad principles. Pursuant to this, the Treasury Department published a report listing best practices for financial institutions to manage AI-related cybersecurity and fraud risks.
An important development in the financial regulatory arena governing AI has been the enactment of the EU Artificial Intelligence Act. The Act characterizes AI systems used to analyze creditworthiness of individuals and assess risk management in health and life insurance as high risk. It subjects high-risk AI systems to certain mandatory requirements of transparency, compliance assessment, disclosure, human oversight and data governance. Although the scope of the Act is limited to financial services, it serves as a starting point for countries like India towards regulating AI-led banking operations.
In India, a void still exists in the legislative scenario in this aspect. The RBI is believed to have underlined the need for safe use of AI in its recent publications but a specific oversight mechanism, official guidelines or policy is absent. Like its counterparts around the world, India is also relying on its existing technology-agnostic regulatory framework to address any adverse consequences of AI-powered banking services. The said framework includes the Banking Regulation Act, Information Technology Act, IT Rules, Data Protection Act, Indian Judicial Code among others.
With AI rapidly changing into new and better versions, its integration into the Indian banking sector will also increase manifold. In this backdrop, India’s existing legal and regulatory framework will have to be redesigned to specifically address the impact of AI on the Indian banking system. While technology should be allowed to develop, it should be within conscious and uncontrolled limits of regulation to ensure that a system as vital as banking that holds enormous public trust does not collapse.
This article is written by Nikita, Research Fellow, National Institute of Public Finance and Policy (NIPFP), LAMP Fellow (Batch 2018-19).
[ad_2]
