On Friday (May 13), national and international public officials provided testimony in a public hearing hosted by the House Committee on Financial Services about the use of artificial intelligence (AI) for effective RegTech.
Kevin Greenfield, deputy comptroller for Operational Risk Policy at the Office of the Comptroller of the Currency (OCC) explained what the agency is doing to supervise and assist banks that are using AI tools to facilitate regulatory compliance, commonly referred to as RegTech.
Greenfield said the OCC supports national banks and federal savings associations exploring safe and sound uses of AI.
RegTech can increase bank productivity and improve accuracy in analysis, decision making to support risk management and regulatory compliance monitoring and internal controls, Greenfield said in his remarks.
One area where the development of AI is significantly helping both banks and regulators to mitigate risks is in fraud prevention — AI increases the effectiveness of anti-money laundering and the countering of terrorist financing (AML/CFT) monitoring activities and helps to identify and mitigate the risk of fair lending violations.
The agency has the tools to intervene if banks’ use of AI is not properly managed, but the agency’s approach for the moment is to focus on high-risk activities and to rely on banks to develop safe AI tools.
“The OCC expects bank management and each bank’s board of directors to understand the impact and associated risks of enabling technologies, including on their bank’s financial performance, strategic planning process, risk profiles, and traditional banking models,” said Greenfield.
The OCC follows a risk-based supervision model focused on safe, sound and fair banking practices, as well as compliance with laws and regulations. This supervision has a two-prong analysis.
On the one hand, it should analyze the impact that AI could have on a bank’s risk profile. For instance, if a bank seeks to try new RegTech activities, it should analyze the impact of these activities on banks’ risk profiles and the effectiveness of banks’ governance and risk management systems.
On the other hand, the bank should ensure that the new AI tool complies with current rules, particularly fair lending and other consumer protection requirements. For instance, if the data set used by an algorithm is biased, or some of the elements of the algorithm is not accurate, it could yield unfair results.
The agency has been working with banks and other institutions to implement techniques that could mitigate these potential risks. One promising use of AI relates to using alternative data, such as utility or rent payments as opposed to loan payments in traditional credit models or AI applications, Greenfield explains. This is different from the use of synthetic data, another promising technique used by some firms to minimize biases and discriminatory outcomes. Synthetic data allows algorithms to be trained using a purpose-generated data set with “fake” data that replicates a real data set but without identifiable personal data.
Participants in this workstream of alternative data are working to build a utility that will enable financial institutions to share customer permissioned data — including alternative data that includes information not typically found in the consumer’s credit files — to be the basis of credit decisions for people who previously lacked opportunities. Using alternative data in AI applications may improve the speed and accuracy of credit decisions and may help firms evaluate the creditworthiness of consumers who may not otherwise obtain credit in the mainstream credit system, Greenfield argued.
But the OCC is not only encouraging banks and financial institutions to develop AI solutions for RegTech. The agency is also committed to exploring the use of AI to improve insights into its supervisory, policy staff and risk analysis teams as part of the agency’s supervisory system upgrade.
“We recognize that these technologies rely on quality data to generate unique insights. Accordingly, the OCC has developed and is in the process of deploying a strong data governance program. We are concurrently enhancing our technology architecture which will include upgraded network and security capabilities,” Greenfield said.