The rise of generative AI (GenAI) technologies has the potential to significantly disrupt and transform the financial services industry. From empowering staff to handle unstructured documents more quickly and accurately, providing “real-time” assurance capabilities or automating customer interactions, GenAI could drive major efficiency gains and enable new capabilities across banking, insurance, investments and more.
However, as financial institutions rush to adopt GenAI, there is a risk they will take a “gotta new hammer so I am going to start hitting things” approach – in other words, indiscriminately deploying AI without carefully considering the alignment with the overall strategy, its implications, and potential unintended consequences. Establishing robust governance frameworks and policies around GenAI will be critical for financial services organizations to realize the benefits of these powerful new tools while mitigating risks and driving responsible adoption.
What should I include in a GenAI governance framework for financial services?
- Clear criteria and processes for evaluating potential GenAI use cases and risk/materiality level, with focus on areas that deliver tangible customer/business value while aligning to the organization’s risk appetite and vision.
- Guidelines on acceptable data usage captured in prompts, including procedures for data quality checks, bias testing, and privacy protection.
- Explainable and auditable processes with clarity on each service can fail gracefully, with ongoing monitoring for model drift and anomalies.
- Defined roles and responsibilities for AI oversight, likely including assigning overall accountability, risk management, compliance, legal, and business stakeholders in addition to technical teams.
- Processes for human-in-the-loop review of high-stakes AI decisions and outputs
- Transparency to customers on how AI is being applied and recourse options if issues arise.
- Alignment to emerging industry standards and regulatory guidance on AI governance
What risks will my generative AI governance framework mitigate?
Without a well-designed governance framework, financial institutions not only open themselves up to a host of AI risks – from the often-mentioned topics of unintentional discrimination to data privacy violations to financial losses from flawed models – but also risk alienating and undermining their most valuable asset: their employees. If staff feel threatened or devalued by the introduction of GenAI tools, they may actively resist adoption and look for ways to undermine the technology rather than striving to use it as effectively as possible.
To mitigate this risk, GenAI governance frameworks must prioritise employee engagement, education, and empowerment. This means clearly communicating the goals and expected benefits of GenAI adoption to them as individuals as well as to the organisation, providing training and support to help staff understand and leverage the new tools, and actively seeking employee input and feedback throughout the implementation process. Crucially, GenAI should be framed not as a replacement for human skills and expertise, but as a complementary tool that can augment and elevate the work of financial services professionals.
By focusing on improving the quality and impact of employees’ work, and positioning them as essential partners in the responsible deployment of GenAI, financial institutions can drive internal buy-in and excitement around the technology. This, in turn, will be a critical success factor in realising the full potential of GenAI to transform the industry for the better. Conversely, neglecting the “human element” in GenAI adoption risks not only suboptimal results, but active resistance that could derail even the most technically sophisticated initiatives.
What regulatory considerations are there for generative AI technology?
For financial institutions in the UK, the pathway to GenAI adoption is further shaped by the regulatory environment, particularly for larger banks using the Internal Ratings Based (IRB) approach. The Prudential Regulation Authority’s (PRA) model risk management framework, SS1/23 from May 2023, provides valuable guidance on managing the risks associated with AI and machine learning models. This includes expectations around model development, validation, and governance processes that IRB banks will need to carefully consider as they implement GenAI where the tools impact “decisions made in relation to the general business and operational banking activities, strategic decisions, financial, risk, capital, and liquidity measurement and reporting, and any other decisions relevant to the safety and soundness of firms”.
While these guidelines are important for ensuring responsible and robust AI adoption, they may also constrain the speed at which IRB banks can deploy GenAI compared to their standardised approach counterparts. Standardised banks, which are subject to less stringent model risk management requirements, may have more flexibility to experiment with and scale GenAI solutions quickly. This could potentially give them a competitive advantage in harnessing the technology’s benefits.
However, it’s important for all financial institutions, regardless of regulatory approach, to balance the desire for rapid GenAI adoption with the need for careful governance and risk management. The PRA’s guidance provides a useful framework for considering the key issues and challenges that need to be addressed. By proactively engaging with these considerations and building robust governance processes from the start, even standardised banks can position themselves for long-term success with GenAI while mitigating potential risks and unintended consequences.
Just as importantly, strong GenAI governance can help build vital trust with customers, regulators, and society at large that financial institutions are wielding these cutting-edge tools responsibly. Given the critical role finance plays in the economy and in people’s everyday lives, setting a high bar for GenAI governance isn’t just important for any one bank’s bottom line – it’s a imperative for the industry as a whole. Financial services leaders should prioritise developing AI governance aligned to their organisation’s unique context and values while drawing upon emerging best practices. Those that do will be well-positioned to harness the transformative potential of GenAI as it reshapes the future of finance. The excitement is in the technology but the success in Finance will come not from being ahead on the latest technology but from implementing consistently and carefully.
