Artificial intelligence: decisions should be understandable
Speech-based assistants like Siri or Alexa can take commands, interpret and give answers. Digital bank advisors recognize from a conversation the age, gender, income, marital status and occupation of the customer and put it into context. While the customer is online at home, his loan application can be processed using software robots. Artificial intelligence also estimates the risks, such as the likelihood of default. AI thus ensures greater security and considerable information gain in risk control.
However, regulatory requirements play an important role in the use of AI. They create the framework conditions for the proper handling of intelligent systems. A tricky task will be to reconcile the AI solutions with the standards of banking supervision. This will require completely new and specific regulations for the use of artificial intelligence.
AI decisions must remain traceable
When using AI, banks should be careful to always be able to trace how and why they come to their conclusions. With increasing automation and intelligence of the systems, there is a growing opportunity for AI solutions to make decisions or make recommendations that are difficult or impossible to understand. For example, in the case of risk control of credit risk, credit counselors should work with the coordinators of the AI solutions to develop a reporting to control decisions. This excludes that they are in need of explanation.
Apply process documentation to AI solutions
In order to avoid such scenarios in the banking industry, banking supervision makes regulatory demands. For banks, these often seem like annoying obligations that they have to fulfill. Especially with the example of AI these requirements should not be understood as obstacles, but as self-protection of the individual institutes, the banking industry and the entire national economy.
The duty to process documentation is an important requirement that will help contain risks from the use of AI. It ensures that banks have all information essential for risk management available to decision-makers in full and exact form. The entire documentation process should be an integral part of risk management. All essential formulas, parameters, methods, procedures, actions, determinations and decisions should be documented. The documentation is to be written according to the requirements of traceability, verifiability, completeness and correctness, to be read in MaRisk and GoBD. It also provides a basis for the review of risk management by banking supervision.
In order to do justice to banking supervision, it makes sense to document the functioning of AI applications completely and comprehensibly. Artificial intelligence also works by defining formulas, parameters, variables and computational algorithms.
AI-Documentation in principle is not difficult to write. In risk management, time intervals, default probabilities and confidence levels can be documented. Artificial intelligence also has the ability of interpretation. This can lead to difficulties in meeting regulatory requirements if they are used unchecked. Institutions should therefore review results through scenario analysis and backtesting, and log calculation results, such as risk correlations, default and loss probabilities, and default and loss levels.
Regulation of AI applications is under discussion
The project to make AI applications more transparent and comprehensible is already known today under the heading Explainable AI (XAI). The process documentation alone is not sufficient to explain AI applications. Regulatory requirements are still incomplete today. New regulations specifically for AI applications are already being discussed by the BaFin (Federal Financial Supervisory Authority), as can be seen in recent publications on Big Data and Artificial Intelligence. It is therefore an advantage for banking institutions to systematically incorporate mechanisms in their upcoming AI expansion stages in order to keep track of what their systems are doing.
The regulation of AI applications for banking supervisors and auditors will thus become a separate topic block in order to keep the risks in the banking industry under control even in the age of the AI. Documenting the objectives and approach of artificial intelligence and logging the data that AI uses to derive correlations will be a beginning. More complex approaches, including AI controlling AI, are already in progress.