Regulators Have A Message For Your AI Strategy

With two recent publications, regulatory bodies on both Luxembourg and EU levels give AI developers and AI users ample material to digest—and act upon.

In December 2018, two papers about AI were published. One, by the European Commission's High-Level Expert Group on Artificial Intelligence, is a draft of ethical guidelines for trustworthy AI. By February 2019, more than 500 comments had been submitted regarding these guidelines, reflecting the AI community's enormous interest in them. The other, by the CSSF, is a white paper about opportunities, risks, and recommendations regarding AI.

Although the papers take slightly different directions—the CSSF paper focuses on AI use cases, inherent risks, and opportunities while the European Commission's regards the trustworthiness of AI systems—they conceptually share a few common denominators. They both:

provide the foundation for an ongoing dialogue between all AI stakeholders (including regulators, AI developers, and deploying organizations) are not legally binding (per se) provide practical guidance and point towards focus areas in which binding legislation is already implemented or is likely to be implemented in the not-so-distant future In this article, I want to distill four of the themes inherent in these two papers. These themes may not always be obvious to organizations, even those already engaging with AI in the financial sector. For any organizations using or eying technologies like intelligent process automation, chatbots, robo-advisors, as well as AI-enabled fraud detection or credit scoring—and that probably includes most financial organizations—these two papers are worth paying attention to.

1. Data privacy: how GDPR affects the scope of your AI strategy

   One of the key drivers of AI's exponential growth over the past decade has been the increasing availability of data, especially data pertaining to individuals. It is therefore understandable that both the CSSF and the European Commission, in their papers, highlight the application of article 6 of the General Data Protection Regulation (GDPR). According to this article, the processing of individuals' data is only permissible if it has a legal basis. For example, it would be lawful for the purposes of Anti Money Laundering (AML) procedures. In all instances, organizations needfrom the beginningto draft their business cases with this legal criterion in mind, as losing a substantial part of input data at a later stage could compromise the...