AI regulation: What finance leaders should know

For finance leaders, developments in AI are exhilarating. As of July, 71% of European CEOs said that AI is already being used for setting strategy in their companies, notes an EY survey.

Dazzling as generative AI tools like ChatGPT, Dall-E, and Google Bard can be, executives fear what will happen when the regulators (inevitably) lower the boom.

A safe starting point, says Ahsan Shah, Billtrust’s Senior Vice President of Data Analytics and AI, is to imagine the regulatory future as an extension of existing best practices around data privacy, consumer protection, the use of PII (personally identifiable information) and cybersecurity governance.

“Generative AI,” says Shah, “is simply adding another layer of complexity to the same requirements that already exist.” He suggests looking at the AI compliance of the future “as a new chapter in the [existing] regulatory book.”

When asked about upcoming regulatory concerns, only around a quarter of CFOs said they are focusing on AI management and ethics, according to a 2023 Deloitte survey.

One possible explanation for this relative indifference is that AI is a nascent technology, and the regulatory future has yet to gel. What’s more, it may not be the regulators who set future standards but business coalitions or even individual political or technology leaders.

Consider a few (of many) opening moves:

• In March 2021, the Federal Reserve, the Consumer Financial Protection Bureau (CFPB), the Federal Deposit Insurance Corporation (FDIC), the Office of the Comptroller of the Currency (OCC), and the National Credit Union Administration (NCUA) issued a request for information on financial institutions’ use of AI. The RFI offers some important clues to what five of the major financial regulators deem important.
• Spain created the first AI regulatory body in the European Union on August 22: the Spanish Agency for the Supervision of Artificial Intelligence, or AESIA. In addition, the EU is on the brink of issuing the world’s first comprehensive AI law, the AI Act.
• On June 6, the CFPB published an issue spotlight on the use of AI chatbots in banking. (Last year, it was noted, approximately 37% of the US population interacted with a bank’s chatbot.)
• This summer, President Joe Biden secured an agreement from seven tech leaders, including Amazon, Google, OpenAI, and Microsoft, to put in place voluntary safeguards for the future development of AI.

In the absence of regulatory direction, consider establishing your own rules and standards for AI as it applies to your business.

“Companies that say, ‘Let me wait for regulators before I do anything,’ are going to fall behind,” contends Shah. On the other hand, companies that move too quickly run serious risks, too.

“You have to find this little middle ground,” he says. “Ask yourself: Where can I apply AI with the right guardrails to help my business?”

Here are a few places to start with AI:

• Focus on operational efficiencies. “If you expose your customers to AI, then you have a lot more regulatory compliance,” says Shah. A safer bet is to sharper your AI practices by tackling internal processes and limiting the exposure of customers and their data to AI.
• Don’t assume risk by using AI unnecessarily. Generative AI still has some wrinkles (a reliance on unverified information and a propensity for systems to “hallucinate” are two concerns among many). For this reason, Shah frowns on using AI to furnish concrete numbers, such as the dollar amount of a future payment, especially when this information can easily and accurately be supplied by non-AI applications.
• Work closely with your fintech partners. Keeping up with the latest regulatory rumblings is arguably a full-time job. Shah therefore recommends piggybacking on the research of fintech providers like Billtrust.

Communicating with fintech partners that are creating sandboxes and other AI simulations can bring a wealth of benefits. Now is a great time to experiment with generative AI. Learn. Discover best practices for a number of regulatory possibilities.