The ABA’s Vision for AI Risk Management: What Financial Institutions Need to Know

Key Takeaways:

• The ABA supports a unified federal AI risk management framework, with strong preemption of state regulations to avoid conflicts and ensure consistency for financial institutions.
• AI regulations should apply to all parties in the ecosystem, including third-party providers, to ensure clear accountability and transparency throughout the process.
• Regulatory bodies should focus on evaluating model outcomes, not just technical details, making it easier for auditors to assess AI systems without deep coding expertise.
• Policymakers are encouraged to promote voluntary standards like model cards and certifications to support collaboration across sectors and foster responsible AI practices.
• Financial institutions must stay updated on evolving AI regulations and take proactive steps to meet new requirements, ensuring compliance and effective risk management

The American Bankers Association’s (ABA’s) comment letter to the National Science Foundation outlines a vision of how the federal government can build a regulatory program around artificial intelligence (AI) that promotes, rather than hinders, innovation. The letter includes four key recommendations. Do these align with your organization’s AI-related business objectives?

1.Legislation: “Congress must pass comprehensive laws establishing an AI risk management framework with strong preemptions of state requirements and which do not create duplicative or inconsistent obligations for banks.”

2. Regulation: “Agencies should identify clear regulatory outcomes and objectives, while enabling regulated entities the ability to deploy effective risk management techniques based on common sense and best practices. Agencies must have a perspective on the entire AI ecosystem rather than merely isolating the regulated entities, using existing authorities to address risks wherever they arise. Additionally, regulators must be transparent about the ways they utilize AI themselves.”

3. Supervision: “The Federal Reserve (Fed), the Office of the Comptroller of the Currency (OCC), and the Federal Deposit Insurance Corporation (FDIC) should update model risk management guidance, subject to a notice and comment period. Moreover, field examiners must be trained not to focus on granular matters such as LLM’s code but rather on the inputs, outputs, and outcomes of models.”

4. Other Measures: “Policymakers should encourage the adoption of voluntary standards and frameworks where possible to encourage cross-sector collaboration. For example, this could include model cards to allow for explainability without divulging confidential commercial information, or certifications to help demonstrate sufficient maturity of policies and procedures.”