Impact of AI on the Financial Sector and Supervision

The Impact of AI on the Financial Sector and Supervision

2 DNB | AFM The Impact of AI on the Financial Sector and Supervision

▪ Artificial Intelligence (AI) is gaining momentum worldwide in the financial sector, including in the Netherlands. AI brings substantial opportunities as well as risks. On the one hand, AI can lead to better service for customers and more personalized products, offering institutions the chance to increase revenue and reduce costs. On the other hand, there are risks, including in the areas of data quality, data protection, explainability, incorrect results, discrimination and exclusion, and a higher degree of dependence on third parties.

▪ Financial institutions are expected to use AI responsibly. The objectives of supervision and the standards institutions must meet are independent of the technology used. They apply fully even when AI is applied. The use of AI is part of existing processes and services that are supervised by the AFM and DNB on the basis of applicable financial legislation and regulations.

▪ AI has implications for the way the AFM and DNB conduct supervision. In order to assess the use of AI by institutions, the AFM and DNB will need to expand their knowledge in this area. Supervisory methods and procedures will need to be developed or adapted in certain cases to take new techniques into account. Supervision will focus, among other things, on risk management surrounding the use of AI applications, the modalities of those applications, and the outcomes.

▪ Depending on the application of AI, additional requirements may be necessary. An existing example of this is the rules governing algorithmic trading on the capital market. At present, such concretizations in legislation for the responsible use of AI are limited. As the use and importance of AI for the financial sector increase, the normative framework should be clarified or specified. This is preferably done harmonized at the European level, also for the sake of supervisory convergence and a level playing field.

▪ A good balance must be found in legislation and regulation between, on the one hand, the responsible use of AI and, on the other hand, room for innovation.

▪ The European AI Act designates AI systems used for creditworthiness assessments of natural persons and for premium determination and risk assessment for life and health insurance as high risk. This means that additional requirements will apply to the development and controlled, responsible use of these AI applications. The requirements largely align with existing rules for risk management and governance. For other AI applications, institutions are encouraged to voluntarily comply with requirements for high-risk AI systems, among other things by following European guidelines for trustworthy AI. The AFM and DNB endorse this.

▪ The AI Act will require financial institutions that apply AI to pay extra attention to the good protection of fundamental rights. For high-risk applications, it is mandatory for institutions to assess the possible effect on the fundamental rights of individuals or groups.

▪ To the extent that AI is used for financial services, the starting point of the AI Act is that existing financial supervisors also take responsibility for supervising the rules of the Act. In the Netherlands, these are the AFM and DNB. Both at European and national level, broad coordination and cooperation between supervisors on AI is desirable, also given the specific risks of AI systems regarding fundamental rights.

Main Messages

3 DNB | AFM The Impact of AI on the Financial Sector and Supervision

Summary The rapid development of artificial intelligence (AI) presents challenges for the AFM and DNB in supervision. AI is gaining momentum worldwide, also in the financial sector. AI brings many opportunities, but also significant risks for institutions and society. When AI risks materialize, this can have an impact on the financial solidity and integrity of institutions, and on customer interests and the relationships between market parties on financial markets. These developments pose the question for the AFM and DNB of how responsible use of AI in the financial sector can be secured and how supervision on AI can be designed. Supervision aims to ensure that institutions adequately manage the risks of AI applications while leaving sufficient room for innovation within the legislation and regulation. AI changes quickly and regulation changes with it. The results of this report therefore do not offer ready-made answers to the issues presented. The purpose of the report is to formulate starting points and points of attention for designing supervision on AI.

AI essentially involves computer systems that perform tasks usually requiring human intelligence, or that surpass it. AI applications are advanced statistical approaches to large amounts of data with which predictions, recommendations, and new content can be generated. Influenced by an exponential increase in computing power and data and progress in computer science, AI application possibilities have taken off greatly. The rise of generative AI, where new content can be created, marks a new phase in the evolution of AI.

Dutch financial institutions have been using AI for some time and are experimenting with more advanced AI models, which suggests that the use of AI will increase further in the coming years. AI is used, for example, for fraud prevention and detection, combating money laundering and terrorist financing, and cybercrime, credit assessments, and identity verification. AI also helps employees work more efficiently. For instance, automatic summaries of telephone conversations with customers are created at institutions. Dutch institutions indicate that they attach great importance to using AI ethically, and that they do not test the boundaries of what is allowed and possible according to current and upcoming legislation and regulation. Many institutions also indicate that they are currently hesitant about using generative AI, although they do see the potential of this technology. Some are gradually using generative AI for supporting processes, and in the future, new use cases are expected to be discovered that financial institutions will use in their operations. Competitive considerations could also lead to financial institutions using more AI in the future. If they are too hesitant in this regard, this could potentially have a negative impact on their competitive position compared to foreign financial institutions and non-financial parties also operating in the Dutch market.

AI offers substantial opportunities for both customers and financial institutions. AI offers possibilities to use data more intelligently (efficiently). This allows, for example, products to be offered that better match the individual needs of the customer. AI can also enable faster service and potentially lower the threshold for access to financial services. AI offers financial institutions the opportunity to increase revenue by attracting new customer groups, increasing cross-selling opportunities, and optimizing prices. Behind the scenes, AI can lead to more efficient processes, which can reduce costs for institutions. Additionally, AI can help financial institutions assess risks better and more consistently, provided they have qualitatively good and complete data and models that are explainable and verifiable. Finally, AI has the potential to improve defense against cyberattacks and make the fight against financial-economic crime more effective and efficient.

However, the use of AI applications is also associated with risks that can have an impact on financial institutions and their customers. These risks therefore also fall within the supervisory domain of the AFM and DNB. AI can, for example, lead to socially undesirable outcomes, such as discrimination and exclusion, which can be the result of using biased (prejudiced) data or data of insufficient quality. The fact that large amounts of data must be processed also leads to risks in the areas of security and data protection. Advanced AI models can also make complex decisions that are not clearly explainable, thereby undermining the explainability and transparency of financial outcomes. Furthermore, the use of AI by financial institutions can lead to dependency risks, partly because there is currently only a limited group (mostly non-European) technology parties that can supply AI technology. Other risks are inadequate governance frameworks and the high power consumption of AI.

A good balance must be found in legislation and regulation between, on the one hand, the responsible use of AI and, on the other hand, room for innovation. It is difficult to assess what the impact of AI on the financial sector will be in the coming years. A scenario analysis regarding developments in the development of regulation and innovation in AI applications underscores the importance of balance. A scenario in which a balance is achieved between growing innovation and adapting regulation seems to offer the most favorable outcome. Conversely, scenarios in which there is an imbalance between regulation and innovation seem to lead to less favorable results. This emphasizes the importance of a proactive and adaptive attitude by policymakers and supervisors. Regulation must be able to create a framework for accountability and transparency while simultaneously leaving enough room for innovation and rapid developments in AI products and services.

The objectives of supervision and the standards institutions must meet are independent of the technology institutions use and apply fully even when AI is applied. Institutions are expected to use AI in a responsible manner. AI systems must not endanger the financial solidity and integrity of financial institutions. Nor may the use of AI lead to customer interests and the pure relationships between market parties being affected. The existing supervisory framework is also applied by the AFM and DNB to AI systems. For example, institutions must meet the requirements of honest and controlled management. To this end, they must establish adequate risk management, which also includes the risks of using AI. Standards for customer interests, such as the duty of care, standards regarding product development and distribution, and standards to prevent over-indebtedness, also apply when using AI.

AI will have consequences for the way the AFM and DNB conduct supervision. In order to assess the use of AI by institutions, the AFM and DNB will need to expand their knowledge in this area. Supervisory methods and procedures will need to be developed or adapted in certain cases to take new techniques into account. Supervision will focus, among other things, on decision-making and risk management surrounding the use of AI applications, the modalities of those applications, and the outcomes. As the use and importance of AI for the financial sector increase, the AFM and DNB will intensify their supervision of how institutions manage the risks of using AI. For example, DNB is conducting a thematic investigation this year into the use of AI by insurers.

Further guidance, and in certain cases specific regulation, may be necessary to provide institutions with clarity and enable effective supervision. Specific references to AI systems in current regulation are limited. In a few areas, AI is explicitly part of financial (sectoral) regulation. Examples include rules on algorithmic trading on capital markets, specific requirements for the use of AI in consumer lending, and rules for automated advice. With a view to, among other things, legal certainty, it may be desirable to clarify further in policy statements, and where necessary in specific regulation, what can be expected of an institution in other areas. Regulation for internal models of banks and insurers sets many specific requirements that AI models must also meet, which sometimes makes the application of certain AI models difficult. If these models prove to have added value, adjustment of the current normative framework may be necessary.

The European AI Act provides additional requirements for the controlled and responsible use of AI for creditworthiness assessments of natural persons and premium determination and risk assessment for life and health insurance. These AI applications are designated as high risk. This means that requirements apply for, among other things, risk management, data quality, technical documentation, human oversight, robustness, and transparency for users, in line with existing rules for risk management and governance. Institutions must also assess the effects of these AI systems on the fundamental rights of individuals or groups. For applications that do not pose a high risk according to the AI Act, the Act recommends complying as much as possible with the requirements for high-risk systems. The AFM and DNB endorse this.

Regulation for the use of AI in the financial sector will remain fragmented, which requires clarification of normative frameworks and close cooperation between supervisors. At the European level, good alignment must be made between the sectoral supervisory frameworks and the AI Act, which supplements them. The European Supervisory Authorities (ESAs) can provide further clarification where necessary. To prevent supervision itself from becoming fragmented, and also because of the accumulated sectoral expertise and experience, the supervisory role resulting from the AI Act is in principle vested in the existing financial supervisors, insofar as it concerns financial services. It is expected that the current distribution of supervision between the AFM and DNB will be followed.

Broad coordination of AI supervision is also desirable at the national level. AI applications can be found everywhere in the public and private sector. Even outside the financial sector, existing regulatory frameworks are already applied, such as AI applications in healthcare. The risks of AI systems are best assessed in their specific context. This requires sectoral expertise, which sets limits to the extent to which the fulfillment of norms can be uniformed. Taking these limits into account, cooperation between supervisors is desirable for effective and efficient supervision.

7 DNB | AFM The Impact of AI on the Financial Sector and Supervision

Table of Contents Main Messages 2 Summary 3 Introduction 8 1 AI in the Financial Sector 9 1.1 What do we understand by AI? 9 1.2 Current applications in the financial sector 11 1.3 Opportunities of AI in the financial sector 14 1.4 Risks of AI in the financial sector 17 1.5 Future scenarios for AI in the financial sector 21 2 Supervision on AI and Legislation 24 2.1 Objectives of supervision on AI 24 2.2 Legal framework & supervision on AI 25 2.2.1 Supervisory framework general 26 2.2.2 Supervisory framework specific to AI 27 2.3 AI Act 29 2.4 AI in the financial sector and the protection of fundamental rights 34

8 DNB | AFM The Impact of AI on the Financial Sector and Supervision

Introduction In recent years, artificial intelligence (AI) has made significant developments. Especially due to the breakthrough of generative AI, which can generate new content, many people have begun to realize the direct added value of AI in their work or private environment. The possibilities for increasing productivity and innovative product development led innovation departments of organizations worldwide to look at what AI could offer them, and numerous young companies entered the market with new applications. Financial institutions have been using systems and models in which AI is applied for some time. The use of AI brings risks as well as opportunities for financial institutions and society as a whole.

For example, AI models that use inadequate data can lead to an incorrect assessment of risks, and models may contain 'biases' that lead to the disadvantage of customer groups. The use of AI can therefore have an impact on the financial solidity and integrity of institutions and on customer interests. It therefore falls within the domain of the supervision of the AFM and DNB on the financial sector. The supervision of the AFM and DNB focuses on the responsible use of AI, where the benefits that AI can offer can be utilized while the risks are adequately managed.

The AFM and DNB face similar issues regarding supervision on AI. The technological developments in the financial sector, and the future implementation of the European AI Act, prompt the AFM and DNB as supervisors to think about the requirements set for the use of AI in the financial sector, and the design of supervision on it. AI changes quickly and legislation and regulation change with it. The results of this report therefore do not offer ready-made answers to the issues presented. The purpose of the report is to formulate starting points and points of attention for designing supervision on AI. The AFM and DNB are happy to engage in dialogue with the sector, their customers, authorities, and other stakeholders about the opportunities and risks of AI.

The structure of this report is as follows. Chapter 1 provides a general description of what is understood by AI in the report and what forms AI can take. Subsequently, an overview is given of current AI applications in the financial sector and the opportunities and risks that arise. Chapter 2 discusses the supervisory tasks regarding AI. The current supervisory frameworks are outlined, and the future changes in supervision on AI with the arrival of the AI Act are explained here. The own use of AI applications by the AFM and DNB (supervision with AI), and the impact that broad changes in the economy due to AI can have on the financial sector, are excluded from this report.

9 DNB | AFM The Impact of AI on the Financial Sector and Supervision

There are many different ways to explain what AI entails, but the AFM and DNB adhere to the definition used in the AI Act (paragraph 1.1). Financial institutions are currently already applying AI models in various areas (paragraph 1.2), including monitoring transactions to prevent money laundering and terrorist financing and making processes more efficient. They are also experimenting a lot with AI, which suggests that the use of AI will increase significantly in the coming years. The use of AI in the financial sector brings many opportunities, both for customers and for financial institutions (paragraph 1.3). At the same time, the use of AI also leads to new risks that can have an impact on the way financial institutions treat their customers and on their financial solidity (paragraph 1.4). The future influence of AI depends, among other things, on developments in innovations and regulation. Various future scenarios also have diverse implications for supervision on the financial sector (paragraph 1.5).

1 AI in the Financial Sector 1.1 What do we understand by AI? AI essentially involves computer systems that perform tasks usually requiring human intelligence. There is discussion in science, politics, and practice about the precise definition of AI, also referred to as artificial intelligence. The AFM and DNB follow the definition proposed by the OECD (Organisation for Economic Co-operation and Development) and adopted in the European Union's AI Act, because this largely determines the scope of policy and regulation.

1 OECD (2023), Updates to the OECD’s definition of an AI system explained 2 The Dutch text of the AI Act is not yet final. The translation of the definition will likely take this form: “a machine-based system that is designed to operate with varying levels of autonomy and that may exhibit adaptiveness after deployment and that, for explicit or implicit objectives, infers from the input it receives how to generate outputs such as predictions, content, recommendations, or decisions that can influence physical or virtual environments”.

The definition of an AI system in the AI Act is: “a machine-based system designed to operate with varying levels of autonomy, that may exhibit adaptiveness after deployment and that, for explicit or implicit objectives, infers, from the input it receives, how to generate outputs such as predictions, content, recommendations, or decisions that can influence physical or virtual environments”.

There are different forms of AI, which are explained in Box 1. The forms differ in the degree of autonomy and the learning element in the AI system.

10 DNB | AFM The Impact of AI on the Financial Sector and Supervision

Box 1 Explanation of the different types of AI AI is a broad concept that can manifest in different forms. In fact, AI applications are advanced statistical approaches to data with which predictions, recommendations, and new content can be generated. Distinctions are made, among other things, between machine learning and deep learning. The recently strongly emerging Generative Artificial Intelligence (GenAI), which is capable of generating new content (such as ChatGPT and Midjourney), is a trend within deep learning. See Figure 1.

Figure 1 Relationship between different forms of AI Artificial Intelligence Machine Learning Deep Learning General Purpose Models Generative AI Large Language Models Machine learning