The widespread integration and growing complexity of Artificial Intelligence (AI) and Machine Learning (ML) within financial services requires a corresponding and equivalent evolution in risk governance models. As firms continue to integrate AI and ML within their core activities, new operational risks will emerge along with enhanced regulatory scrutiny. For these reasons, firms require robust governance frameworks to manage these risks and maintain compliance.
What are the Key Risks of Algorithms in Trading and Investing Decisions?
Firms using AI for decision-making must manage several critical risks:
- Data Bias: AI models rely on their training data, which can be flawed or biased depending on where it is sourced from. As a result, the model may pick up inherent biases or inaccurate information, which could cause significant reputational and legal issues if not identified and rectified.
- Model Complexity and Explainability: The “black box” nature of many AI models presents challenges for transparency and oversight. This lack of explainability is a significant concern for auditors and regulators who require transparent and auditable decision-making processes
- Model Drift: The performance of AI models can deteriorate over time, while market dynamics require continuous monitoring and recalibration. Algorithms that were once fully accurate can drift, become unreliable and generate low-quality outcomes if not recalibrated
- Ethical Concerns: There is a much wider debate about the ethics of AI, but for financial services in particular, the use of advanced models raises questions about the potential for unexpected behaviours or outputs that could cause market instability
What are the Governance Expectations for AI and Model Risk Management?
One outcome of the evolving expectations of the current regulatory landscape is that firms require a dynamic and comprehensive approach to AI governance. The traditional approach of passive legacy systems is no longer fit-for-purpose. Firms must now demonstrate robust governance practices in the following ways:
- Rigorous model validation
- Comprehensive documentation and auditability
- Clear accountability
Rigorous model validation
Models will require stringent, independent validation before being utilised within financial services firms. This process must continue with ongoing checks throughout the model’s entire lifecycle. The scope of validation includes verifying the quality and integrity of data inputs, assessing the model’s conceptual soundness and its alignment with regulatory principles, and continuous performance monitoring against pre-determined, firm-specific KPIs.
Comprehensive documentation and auditability
Firms are required to create a complete and auditable record of the entire model lifecycle. This record must document the model’s design rationale, data inputs, testing outcomes, any limitations and a comprehensive overview of the processes involved. This documentation is essential for internal review functions and must be available to external regulators upon request.
Clear accountability
Firms must assign a single, named owner who is ultimately accountable for each model. This individual will typically be a senior figure in the business and is responsible for the overall performance and risk profile of the model. They will then assign specific operational responsibilities for the processes within the model’s lifecycle. For example, model developers are responsible for the build, validators for internal review and data stewards for data integrity.
Regulatory Expectations and Best Practice for Firms
Regulators such as the Prudential Regulation Authority (PRA) and the European Central Bank (ECB) are now connecting AI risk management to operational resilience frameworks. Firms are therefore expected to demonstrate that they are prepared for and can manage the operational impact of a malfunctioning AI model. The FCA, in particular, are moving toward specific guidance to ensure AI use is fair and promotes market integrity. Firms must be proactive in their response to the views of the regulators and take action to avoid non-compliance. Best practices for firms include embedding risk controls early, assigning clear model ownership, monitoring performance over time, and promoting a culture of responsible AI development. The integration of AI into financial markets is accelerating while formal regulations are still evolving. Firms are expected to move beyond considering AI and ML as niche requirements and now embed them properly within robust model risk management frameworks. Effectively meeting this challenge will require firms to focus on the fundamentals of good governance through rigorous validation, comprehensive documentation and a clear single point of ownership for each model. The most forward-thinking strategy is to foster a culture of responsible AI development. This will ensure that as the rules become more defined, the firm is already operating well ahead of the required baseline. Have questions regarding AI and financial markets?
Get in touch with Novatus Global today and one of our experts will be happy to assist.
