Guidelines on the Responsible Use of Artificial Intelligence in Financial Services

FINTECH SERIES GUIDANCE NOTES 4 September 2025

2

PRINCIPLES FOR THE RESPONSIBLE USE OF ARTIFICIAL INTELLIGENCE (AI) IN FINANCIAL SERVICES 1.0 INTRODUCTION 1.1 Artificial intelligence (‘AI’) involves the use of technology to perform tasks that traditionally required human intelligence. In a recently published article1 , McKinsey defines AI as “a machine’s ability to perform the cognitive functions we usually associate with human mind”. 1.2 The OECD notes that there is no universally accepted definition of AI. Furthermore, it emphasizes that there is no clear boundary distinguishing AI systems from non-AI machine-based systems, which may exhibit some characteristics typically associated with AI. 1.3 AI is believed by thought leaders and policymakers to be the next stage in the evolution of human thought and capability. The AI landscape is rapidly changing, and it will continue to act as a technological trailblazer for the foreseeable future. The financial services sector is also not spared by the AI revolution. The potentials of AI in financial services indeed transcend the mere enhancement of existing processes. It effectively paves the way for the development of cutting-edge financial applications 1 What is AI (Artificial Intelligence)? | McKinsey “artificial intelligence” means algorithms designed by individuals that, given a goal, act in the physical or digital world by perceiving their environment, interpreting the collected structured or unstructured data, reasoning on the knowledge derived from this data and deciding the best action to take, according to pre-defined parameters, to achieve the given goal. https://www.fscmauritius.org/media/101852/annex-1-128_the-financial-services-robotic￾and-artificial-intelligence-enabled-advisory-services-rules-2021.pdf

3 that can, for instance, address the challenges of risk assessment and management, fraud detection, credit evaluation and high-frequency trading, amongst others. 1.4 As a forward-looking regulator, the Financial Services Commission, Mauritius (‘FSC’) is observing an appetite for the adoption of AI within established financial services institutions and new fintech entities respectively. It is foreseen that the use cases of AI is fast evolving in line with the development of new methods and techniques, in financial service sectors. 1.5 This Fintech Series Guidance Notes No 4 (Guidance) explores key considerations surrounding the use of artificial intelligence (AI) in the insurance, wealth management and Non-Banking Financial Institutions (NBFIs) with an emphasis on both consumer protection and best practices. The International Association of Insurance Supervisors (IAIS) has reaffirmed that the existing Insurance Core Principles (ICPs) remain appropriate and effective for managing associated risks. At this stage, the introduction of new standards is not being proposed. 1.6 The objective is to assist insurance, wealth management and Non-Banking Financial Institutions (NBFIs) by outlining sound practices. This Guidance is not intended to serve as a prescriptive or exhaustive checklist. Rather, its primary aim is to ensure that the deployment of AI supports fair customer outcomes and upholds existing governance, risk management, and internal control frameworks, thereby avoiding the need for new structures unless clearly justified. 1.7 The FSC is a firm advocate for the responsible and ethical use of AI in the financial services sector. It has, as such, deemed it important to issue this Guidance with the following objectives, mainly to:

4 1.7.1 Create awareness about the concept of AI as well as its potential use cases, benefits and risks; and 1.7.2 provide guidance to licensees by setting out nine (9) key and non-binding principles for the responsible and ethical use/implementation of AI technologies in practice (see Appendix). 1.8 This Guidance should not be construed as legal advice. It neither derogates nor restricts the powers vested upon the Commission by statute and should be read together with the relevant Acts and the Data Protection Act 2017, as well as Principles and Circulars issued by the Commission. 1.9 This paper notes that increasing application of AI can heighted the role of and the risk from third parties like AI model vendors. Figure 1: Artificial Intelligence and its different elements Artifical intelligence Machine learning (ML) Deep learning (DL) GenAI

5 2.0 TYPES OF ARTIFICIAL INTELLIGENCE 2.1 Traditional AI and Generative AI are the most common and prominent types of AI that are used in the financial services sector, nowadays. 2.2 Traditional AI2 which is also often coined as narrow AI or weak AI, focuses on performing specific tasks intelligently. Traditional AI includes applied AI3 , explainable AI4 , reinforcement learning, robotics, autonomous agents and expert systems. These AI-driven systems excel at performing well defined tasks within a narrow scope and relies on machine learning5 , data processing techniques and rule-based systems to accomplish tasks within its predefined domain. 2.3 In contrast, Generative AI (GenAI)6 describes algorithms that can be used to create new content, including audio, code, images, text, simulations, and videos. According to the International Monetary Fund7 , GenAI represents a significant leap forward in AI technology. GenAI is a form of advanced AI that can create new content and solutions by synthesising data and learning from interactions. When used within the financial 2 “Traditional AI system are adept at learning from data to make decisions or predictions within predefined rules”- The Difference Between Generative AI And Traditional AI: An Easy Explanation For Anyone (forbes.com) 3 “Applied AI refers to the use of specific AI techniques and technologies to address practical problems and tasks”. 4 “Explainable AI focuses on developing AI models and systems that can provide explanations for their decisions and outputs. This type of AI is crucial for building trust, transparency, and accountability in AI-driven systems, especially in high-stakes domains”. 5 “Machine learning is a branch of artificial intelligence (AI) and computer science that focuses on the use of data and algorithms to enable AI to imitate the way that humans learn, gradually improving its accuracy”- What Is Machine Learning (ML)? | IBM 6 “Generative AI” - https://www.mckinsey.com/featured-insights/mckinsey-explainers/what-is-generative-ai 7 Generative Artificial Intelligence in Finance in: FinTech Notes Volume 2023 Issue 006 (2023) (imf.org)

6 services sector, GenAI is capable, for example, of generating predictive financial models and innovative solutions. 3.0 USE OF AI IN THE FINANCIAL SERVICES SECTOR 3.1 Based on a survey of 151 financial institutions across 33 countries conducted by the World Economic Forum and the Cambridge Centre of Alternative Finance8 , it was found that a significant number of financial services institutions are massively adopting AI, with 85% already using it in some capacity and 77% anticipating that it will be crucial to their operations within the next two years. 3.2 In January 2024, NVIDIA published its fourth annual “State of AI in Financial Services Report” which shows that 91% of financial services institutions and companies are either assessing AI or already using it, hence confirming a high adoption rate within the industry. NVIDIA’s report furthermore highlights that GenAI has gained considerable attention in the financial services sector, representing a notable trend compared to other industries. 3.3 With the ability of AI to process large amounts of data in ways that humans cannot, it is creating new opportunities for the financial services sector. For instance, AI is being used in the areas of: • Advisory services (Robo-advisors) • Wealth management (AI-powered portfolio optimisation solutions) • Trading (Natural Language Processing (NLP) for Market Analysis and algorithm trading) • Insurance (predictive modelling techniques) 8 WEF_AI_in_Financial_Services_Survey.pdf (weforum.org)

7 • AML/CFT and fraud detection (algorithms that analyse transaction data and customer behaviour patterns to identify suspicious activities) • Risk management (machine learning models that analyse historical market data and identify patterns to predict potential risks) • Customer services (AI-driven chatbots and virtual assistants). 4.0 POTENTIAL BENEFITS OF AI USE IN THE FINANCIAL SERVICES SECTOR 4.1 The financial services sector can largely benefit from the adoption of AI technologies in their day-to-day operations, namely in terms of: a) Improved regulatory compliance - AI can assist financial services institutions in meeting their regulatory compliance responsibilities by automating data gathering procedures, enhancing decision-making speed and quality, and increasing the institutional capacity to satisfy regulatory standards. b) Improved revenue and value - Recent statistics attest that AI has the potential to increase the financial services sector’s revenue by 34%. Moreover, in a video released by McKinsey, it has been mentioned that banking and other financial services companies can generate more than $250 billion in value by applying AI technologies in their financial processes9 . c) Improved decision-making - Advanced analytics and machine learning models can be applied in decision-making by providing valuable insights, automating processes, and enabling more accurate predictions, resulting in more specialised and effective services to customers of financial services, generally. 9 Derisking machine learning in banking (mckinsey.com)

8 d) Improved financial inclusion - AI technologies can be used to develop financial education programmes that are tailored to the needs of the financially illiterate and underserved section of the population, thus contributing to financial inclusion. e) Develop training/ knowledge: Over time, Insurance and Non-Banking Institutions should foster a deep understanding of AI technologies to effectively oversee the use and challenge their outputs when the need arises. This can be achieved by taking a forward-looking approach to supervisors, covering the following: • what is an AI system, • how is it deployed, • what are the potential risks. The training should be regularly reviewed and updated given the developing nature of the AI. 4.2 Other material benefits of adopting AI in the financial services sector are, inter alia, costs saving from improved efficiency, better consumer experience and retention, better investment evaluation and forecasting, and improved risk mitigation including through better cyber security and data protection measures. 5.0 GOVERNANCE THROUGH HUMAN OVERSIGHT AND ASSIGNED MANAGEMENT ACCOUNTABILITY 5.1 At a fundamental level, the development, implementation, and oversight of AI systems across their life cycle should not change existing supervisory expectations. For instance, Boards should continue to ensure that insurers maintain a clearly defined and documented governance framework, with an effective separation between oversight functions and management responsibilities.

9 However, there are several inherent characteristics of AI systems that necessitate particular attention, which include but are not limited to: • Establishing Accountability Throughout the AI System Lifecycle: Clearly defining responsibility for the AI system across its entire life cycle—spanning design, approval, development, procurement, deployment, monitoring, and decommissioning. This may involve the use of a comprehensive responsibility matrix that outlines roles at each stage, supported by a structured handover process to ensure continuous accountability. Particular attention should be given to scenarios where, for example, a data scientist is initially responsible for deployment, but ongoing responsibility shifts to business units as the AI system evolves and adapts to new policyholder data. • Developing Essential Baseline Expertise: When AI is used in critical decision￾making processes, it is essential that Board members and/or senior management possess a solid understanding of its risks and limitations. This enables them to critically assess AI outputs and evaluate their alignment with the insurer’s overall business strategy. Such expertise should also include awareness of the broader opportunities and threats posed by AI within the insurance sector, and how these may impact the insurer’s strategic direction and long-term viability. • Ensuring Effective Human Oversight: For insurers that rely heavily on AI in areas that significantly influence consumer outcomes, it is crucial to have sufficient expertise at the Board level to ensure that AI solutions are consistently effective and protective against consumer harm. More generally, senior management should ensure that appropriate training is disseminated throughout the organization so that all staff understand the risks associated with AI and their respective roles in managing them. • Addressing the Limitations of Human Oversight: Many AI systems used by insurers are sourced from third-party service providers and often come with limited

10 access to their underlying infrastructure, code, or the provenance of training data. These constraints can hinder the effectiveness of human oversight. In addition to standard risk management practices—such as conducting due diligence and third￾party assessments—insurers should, where appropriate, consider measures such as system redundancy, monitoring of AI inputs and outputs through mechanical controls, and the implementation of "kill switches" that can deactivate the AI system under predefined conditions. 6.0 FAIRNESS AND BIAS MITIGATION 6.1 AI systems enable the consolidation and analysis of a wide range of datasets to support decision-making. As a result, users of AI systems must implement robust data governance processes. These systems can be vulnerable to biases and stereotypes embedded in training data or secondary data sources. If not properly managed, such biases may be inadvertently encoded into AI protocols, resulting in unfair or discriminatory outcomes. Additionally, AI can be used to exploit consumers’ behavioural tendencies— such as their willingness to pay or reluctance to compare options at contract renewal— potentially leading to unethical or unfair practices. 6.1.1 Fairness by design AI system that are harmful or abusive, treat consumers unfairly or do not respect fundamental rights, including the right to non-discrimination, should not be brought to the market. To prevent this, insurers should adopt a fairness by design approach that embeds fairness considerations within the AI governance and risk management system.

11 Considering this, the AI users should ensure the “establish and implement policies and processes on the fair treatment of customers, as an integral part of their business culture. The companies may consider the following: ▪ Governance: effective governance includes several elements: ➢ Developing a corporate culture that includes relevant ethical and fairness principles that provide accountability and guide the responsible adoption of AI within the organisation; ➢ Regular training on ethical AI practices for staff involved in AI deployment to ensure alignment with the insurer’s fairness objectives. ➢ Integrating teams in a way that allows for effective challenge and the avoidance of group think. ▪ Continuous monitoring and auditing of AI systems to detect and mitigate biases: Using advanced techniques such as adversarial testing and anomaly detection. ▪ Transparency and explainability: Being able to meaningfully explain how decisions are made to be able to identify any potential biases in the process. 7.0 TRANSPARENCY 7.1 Transparency is related to fairness and non-discrimination since transparency is prerequisite for revealing problems with explainability and ensuring accountability. The Insurance and non-banking businesses should ensure that insurers and intermediaries “act with due skill, care and diligence when dealing with customers”. It also highlights the importance of treating customers fairly and providing clear, timely and adequate information allowing them to make informed decisions. The transparency is the key to building trust and ensuring accountability by understanding the unique risks to end users of AI, such as the potential for lawful discrimination.

12 7.2 Respect for confidentiality and IP. Firms must balance transparency with trade secret protection and legal obligations. In sensitive areas like fraud detection, disclosures to consumers may be limited. Firms using third-party AI systems should secure sufficient documentation and assurances regarding model behaviour and compliance. 8.0 SECURITY 8.1 Unlike traditional systems that rely on explicitly programmed rules and logic, AI systems—particularly foundation models—learn from large-scale datasets by identifying patterns and relationships across diverse domains. These systems are capable of addressing complex tasks that involve non-linear and intricate patterns beyond the capabilities of traditional models. Moreover, certain AI applications can dynamically update their predictions and adapt in response to new data over time. These fundamental differences underscore the need for enhanced safeguards, particularly in relation to model validation (especially for models that evolve post￾deployment) and the governance of data storage and usage. 8.2 Robustness testing should be treated as a continuous process, allowing insurers to adapt their testing strategies as AI technologies evolve. The use of automated monitoring tools that detect significant shifts in data distribution and trigger alerts can support a proactive approach, enabling timely model recalibration. Wherever possible, expected outcomes should be defined in advance to support objective evaluation. In cases where insurers rely on third-party AI systems, any material findings from robustness assessments should be shared with the system provider or developer to facilitate prompt corrective action, where appropriate.

13 8.3 Maintaining up-to-date security practices is critical as threats evolve. Regular updates of security tools for AI systems, alongside continuous staff training on new risks, are essential. 9.0 RISKS OF AI USE IN THE FINANCIAL SERVICES SECTOR 9.1 The adoption of AI technologies in the financial services sector presents a unique set of risks and challenges. Stakeholders have expressed concerns for a variety of reasons, including a shortage of AI-related skills in the workforce, limited access to quality data, budgetary constraints, and a general lack of trust in the potential benefits of AI. Other notable barriers include the limited availability of platforms and AI tools, the opacity of AI algorithms (Black Box 10), regulatory and compliance complexities, outdated legacy systems, and insufficient support from senior management. 9.2 The key challenges that are associated with AI technologies include: a) Bias and Discrimination - Discrimination, unfairness, inaccuracies, and bias exist in AI-driven environment. Indeed, AI-driven identification, profiling and automated decision making can lead to discriminatory or biased outcomes. People can be misclassified, misidentified, or judged negatively, and such errors or biases may disproportionately affect certain demographic characteristics. The issue of bias and discrimination has been underscored by internationally recognised organisations such as the World Economic Forum and the Cambridge Centre for Alternative Finance, which accordingly stressed that using AI can lead to unfair decision making in the financial industry, whereby clients are discriminated based on race, gender, social class, or other factors.

14 b) Data Protection and Data privacy - PWC has provided supporting facts and statistics in a recent study10 , which highlighted that around 63% of surveyed respondents believe that data privacy is an important concern which hinders the AI adoption in the financial services sector. In fact, AI users are often unable to fully understand the types and amount of data their devices, networks or platforms are generating. A large amount of data collected may be related to sensitive and confidential information, and which require additional security measures to avoid misuse or wrong exploitation. c) Systemic risk - AI can potentially introduce systemic risk in the financial services sector through various channels, including flawed model predictions, biased data, lack of transparency in decision-making processes, concentration of power among firms with advanced AI capabilities, cybersecurity vulnerabilities, and the proliferation of high-frequency trading algorithms. Poor-quality data and opaque AI systems could also lead to inaccurate assessments of risk and market dynamics, exacerbating financial instability. d) Other threats - The de-skilling of employees, job displacement and the high cost of trial and error are some of the other threats and challenges of AI. e) Concentration risks - Insurers often procure or outsource AI systems from a limited pool of service providers. A failure at one of these providers, or a cyberattack targeting their AI systems or datasets, can compromise the operational and cyber resilience of insurers, potentially leading to systemic risk. For example, if multiple insurers rely on the same third-party provider, a major IT 10 https://www.pwc.de/de/future-of-finance/how-mature-is-ai-adoption-in-financial-services.pdf

15 outage at that provider could simultaneously impact a significant portion of the insurance sector. 9.3 With the notable threats and challenges that AI is bringing to the financial services sector, it is therefore important that stakeholders remain vigilant in order to tackle the underlying concerns swiftly. The adoption of AI could be hindered if the connected challenges are not addressed timely and appropriately. Indeed, according to the “AI Revolution” report published by the Alan Turing Institute11, it has been rightly emphasised that it is important to have an in-depth understanding of AI, its capabilities, and its implications to fully exploit its potentials and reduce associated risks. 10.0 AI INITIATIVES IN MAURITIUS 10.1 As outlined in the Government Programme 2024–2029, Mauritius continues to leverage its strategic location between Africa and Asia to position itself as a reputable centre for Artificial Intelligence (AI) development. The Government is actively fostering a vibrant digital innovation ecosystem through targeted initiatives that attract global technology leaders while nurturing local talent. Mauritius is not only prioritising AI but also embracing other transformative technologies such as blockchain and robotics, recognising their potential to drive inclusive economic growth, enhance public services, and elevate the quality of life for all citizens. These efforts reflect the Government’s unwavering commitment to making Mauritius a leader in technological innovation within the region and beyond. 11 https://www.turing.ac.uk/sites/default/files/2023-09/full_publication_pdf_0.pdf

16 11. INTERNATIONAL COLLABORATION INITIATIVES 11.1 International institutions, financial regulators, fintech start-ups and business alliances are undertaking numerous collaboration initiatives to foster innovation and development of AI in the financial services sector. Some of the noteworthy examples are as follows: a) United Nations (UN): On 21 March 2024, the General Assembly of the UN approved a first-of-its-kind resolution on AI by consensus. The resolution was adopted by 193 countries that are part of the UN, including Mauritius, thereby setting out a global approach for using AI in a safe, secure and trustworthy manner12 . b) International Monetary Fund (IMF): IMF has published a report entitled “Fintech notes” in August 202313 , whereby it provided detailed information on generative AI in finance and the risk considerations. The IMF has also sought collaboration from regulators, industry professionals, and academics to exchange best practices for ethical AI adoption and to create a framework for AI governance and risk management. c) European Securities and Markets Authority (ESMA): ESMA, i.e. the financial markets regulator and supervisor for the European Union, monitors the use of AI and Big Data in the financial services sector across member states, as part of its mandate to monitor and assess trends in innovative financial services 14. More broadly, ESMA monitors developments in the use of AI for investment strategies. 12 https://apnews.com/article/united-nations-artificial-intelligence-safety-resolution-vote￾8079fe83111cced0f0717fdecefffb4d 13 FTNEA2022002.pdf 14 https://www.esma.europa.eu/esmas-activities/digital-finance-and-innovation

17 d) UK Government: The UK government and financial regulators have taken a pro￾innovation approach to the use of AI in the financial services sector. The UK Financial Conduct Authority along with the Alan Turing Institute have launched a secondment scheme to collaborate and tackle some common practical challenges associated with the use of AI in financial markets15 . Moreover, the Ada Lovelace Institute came up with a proposal to regulate AI in the UK16 . e) Monetary Authority of Singapore (MAS): MAS has co-partnered with Google Cloud to advance capabilities in Generative AI technology17 . MAS has also launched an “AI in Finance” Challenge as part of its 2023 Global FinTech Hackcelerator18 . f) Alliance for Innovative Regulation (AIR): AIR has recently kicked off a series of initiatives to explore the potential impact of GenAI on financial regulation and the end users of financial services19. Through their efforts, AIR aspires to cultivate a cohesive GenAI community within the financial services sector, bringing together regulators, innovators, academia and other stakeholders. The FSC Mauritius also participated in the AIR NextGenAI Tech Showcase. 12. BEST PRACTICES AND PRINCIPLES FOR THE USE OF AI 12.1 International standards governing the use of AI have gained considerable attention by the standard setting agencies since recent years. The Financial Stability Institute (FSI) 15 Building better foundations in AI | FCA 16 The Ada Lovelace Institute in 2023 | Ada Lovelace Institute 17 Google Cloud, MAS forge partnership to enhance AI capabilities in financial sector - FinTech Global 18 MAS Launches AI in Finance Challenge for the 2023 Global FinTech Hackcelerator 19 NextGenAI | Alliance for Innovative Regulation. (regulationinnovation.org)

18 has, for instance, emphasised the development of frameworks and principles on AI governance and use by financial services institutions. 12.2 Similarly, other international bodies and jurisdictions have gradually been developing and issuing principles for the ethical and responsible use of AI. Notable examples are as follows: a) UNESCO was the first international institution that came up with global standards on AI ethics. In November 2021, the Recommendation on the Ethics of Artificial Intelligence framework was launched, and the framework was adopted by all 193 member states. One of its primary objectives is to protect data, going far beyond what governments and online businesses are already doing to ensure greater protection for people by assuring transparency, agency, and control over their personal data. The Recommendation expressly forbids the use of AI systems for mass surveillance and social scoring. b) The Organisation for Economic Co-operation and Development (OECD) has established a set of AI Principles20 that offer specific recommendations for public policy and strategy, highlighting the need for ethical and reliable AI systems. c) The UK government has adopted a principle-based approach to regulating AI21 . It has set out five cross-cutting principles that will underpin the UK’s AI regulatory approach, supervised by sector regulators such as the Financial Conduct Authority, the Bank of England and Prudential Regulation Authority. 20 Artificial intelligence - OECD 21 https://assets.publishing.service.gov.uk/media/64cb71a547915a00142a91c4/a-pro-innovation-approach-to-ai￾regulation-amended-web-ready.pdf

19 d) The European Union (EU): The EU has taken a pioneering step by introducing the first-ever legal framework on AI22, which addresses the risks of AI and positions Europe to play a leading role globally. The objective of the AI Act is accordingly to ensure that Europeans can trust what AI has to offer. The AI Act sets out more general regulatory compliance requirements that are applicable to the financial services sector. e) European Commission (EC): On 20 March 2024, the EC has put forward a set of guidelines23 to support the European research community in their responsible use of generative artificial intelligence in all domains, including financial services. The guidelines effectively offer guidance to researchers, research organisations, and research funders to ensure a coherent approach across Europe. f) The International Association of Insurance Supervisors (IAIS): IAIS is developing a Draft Application Paper on the supervision of artificial intelligence. This paper aims to provide guidance in situations where the practical application of existing principles and standards may differ, or where interpreting these standards presents challenges for AI-based products or systems. Benchmarking against this paper will help promote a consistent international approach to AI supervision, while taking into account sector-specific considerations. The FSC Mauritius, as a member of the IAIS, has actively contributed to the working group responsible for drafting the AI supervision paper. g) The US Securities and Exchange Commission (SEC) Investor Advisory Committee has submitted its recommendations on setting up ethical guidelines 22 EU AI Act: first regulation on artificial intelligence | Topics | European Parliament (europa.eu) 23https://research-and-innovation.ec.europa.eu/news/all-research-and-innovation-news/guidelines-responsible￾use-generative-ai-research-developed-european-research-area-forum-2024-03-20_en

20 for AI and algorithmic models used by investment advisers and financial institutions.24 The Committee highlighted that the use of AI does not change the fiduciary duty of investment advisers and encouraged the US SEC to consider three key tenets (namely governance and oversight, equity, and consistent and persistent testing) in developing its guidance to investment advisers on the use of AI. h) The Monetary Authority of Singapore has taken steps to promote the responsible use of AI by financial institutions and in this respect, released five white papers detailing assessment methodologies for the Fairness, Ethics, Accountability, and Transparency (FEAT) principles. 12.3 With the same objectives of ensuring that licensees of the non-banking financial services sector of Mauritius use AI in responsible, ethical and beneficial ways, the FSC has come up with a set of “Principles for the responsible use of AI” (please refer to Appendix). These Principles consist of nine (9) high-level principles that licensees and their associated stakeholders are advised to consider when developing, deploying, and using AI technologies. 12.4 An explicit reference to the Data Protection Act 2017 (DPA)25 shall be included wherever data protection obligations are addressed in this Guidance, to ensure clarity regarding the statutory framework applicable to licensees’ responsibilities. 24 https://www.sec.gov/files/20230406-iac-letter-ethical-ai.pdf 25 Data Protection Act 2017

21 In accordance with Section 38 of the DPA, which sets out safeguards for automated decision-making and profiling that produce legal effects or similarly significant consequences for individuals, licensees are required to ensure the following: • Data subjects are informed of the existence of such automated decision￾making processes; • Meaningful information is provided on the logic, criteria, and significance of the underlying decision-making; • Appropriate mechanisms are in place to allow individuals to obtain human intervention, express their views, and contest the outcome. Furthermore, in line with Section 34 of the DPA, licensees must conduct a Data Protection Impact Assessment (DPIA) prior to the implementation of any AI system likely to present a high risk to the rights and freedoms of data subjects. The DPIA should function as a systematic process to identify, evaluate, and mitigate potential data protection risks associated with AI-driven processing activities. 13 Way Forward 13.1 The aforesaid “Principles for the responsible use of AI” that have been put forward by the FSC, are expected to contribute progressively and in a non-binding way, towards building a culture of ethical conduct and compliance amongst licensees. 13.2 As a forward looking and responsible regulator of the insurance, wealth management sector and other NBFIs, the FSC will continue to closely monitor the on-going developments in the field of AI, both locally and internationally and will further upgrade/revisit its existing regulatory guidance and parameter, whenever there is a necessity, to address the corresponding benefits and risks arising from the use of AI by its licensees.

22 Appendix PRINCIPLES FOR THE RESPONSIBLE USE OF ARTIFICIAL INTELLIGENCE IN THE NON￾BANKING FINANCIAL SERVICES SECTOR OF MAURITIUS

1. Fairness and Bias Mitigation: Identify and mitigate biases in AI algorithms and datasets to ensure prevent unfair and discriminatory outcomes. Perform regular audits to assess and address any biases in AI models.

2. Transparency: Promote transparency in AI systems by providing clear and understandable information on how algorithms are used for decision-making purposes. Provide a clear channel for customers to engage, seek information and raise concerns regarding AI-based services. Establish an effective grievance redress mechanism and complaint system to promptly address customer’s complaints relating to AI-driven decisions.

3. Accountability: Establish procedures for monitoring AI systems. Implement mechanisms for clear accountability in the event of AI-related errors or malfunctions.

23 4. Privacy: Ensure compliance with data protection laws. Implement privacy-preserving techniques and practices to minimise the risk of unauthorised access or misuse of sensitive information. Ensure that Data subjects are clearly informed of the existence of such automated decision-making processes; Ensure meaningful information is provided regarding the logic, criteria, and significance of the decision-making process; and Mechanisms are in place to allow individuals to obtain human intervention, express their views, and contest the outcome of such decisions. Implement of a Data Protection Impact Assessment (DPIA). 5. Security: Implement robust cybersecurity measures to protect AI systems from potential threats and attacks. Regularly assess and update security measures to address emerging threats and vulnerabilities. 6. Environmental Sustainability: Explore and adopt AI technologies that align with environmental sustainability goals. Consider the environmental impact of AI systems and infrastructure, including energy consumption and resource usage. 7. Human￾Centricity: Prioritise AI systems that enhance human capabilities and decision-making rather than replacing or undermining them. Ensure the inclusion of human oversight in critical decision￾making processes.

24 Invest in ongoing training and development programs for staff involved in AI systems to ensure their skills and knowledge remains up to date to emerging technologies. 8. Continuous Monitoring and Evaluation: Implement ongoing monitoring and evaluation processes to assess the ethical and societal impact of AI systems over time. Regularly review and update AI systems to safeguard data integrity, accuracy, relevance and transparency in processes. 9. Compliance and Ethics: Stay informed and comply with relevant laws and regulations governing the use of technology including AI in financial services. Implement risk management processes and measures to tackle regulatory changes, enhance fraud prevention and AML/CFT requirements. Align AI based decisions to the licensee’s usual ethical standards, values, and code of conducts.

25