QA Financial Forum London | 11 September 2024 | BOOK TICKETS
Close this search box.

Software risk and compliance round-up: June


Here’s our regular review of new initiatives in compliance and regulation that affect the management of software at financial firms.

Financial Stability Board consults on toolkit for third-party risk management at financial firms

The Financial Stability Board (FSB), the international body that monitors and makes recommendations about the global financial system, has published a public consultation on its toolkit for third–party risk management at financial firms. The FSB said the toolkit has been developed: “Against a backdrop of digitalisation of the financial services sector and growing reliance of financial institutions on third-party service providers for a range of services, some of which support their critical operations.”

“These dependencies can bring many benefits to financial institutions including flexibility, innovation and improved operational resilience. However, if not properly managed, disruption to critical services or service providers could pose risks to financial institutions and, in some cases, financial stability.”

The key aims for the toolkit, according to the FSB, are to: 

  • Reduce fragmentation in regulatory and supervisory approaches to financial institutions’ third-party risk management across jurisdictions and different areas of the financial services sector.
  • Strengthen the ability of financial institutions to manage third-party risks.

  • Facilitate coordination among relevant stakeholders.

Full details available here


ESMA announces EU data strategy

The European Securities and Markets Authority (ESMA), the EU financial markets regulator, has announced a five-year data strategy designed to facilitate the use of new data-related technologies, reduce reporting compliance costs and make data more broadly available. 

The key ESMA strategy objectives are:

  • Become an enhanced data hub

  • Ensure access to data of public interest

  • Promote data-driven supervision

  • Increase data collaboration

  • Increase the efficiency of data policy

  • Facilitate data use

Full article available here


EU financial supervisors consult on DORA

The European Supervisory Authorities (ESAs) – the combined agencies covering the banking, insurance, pensions and securities markets across the EU – have launched a public consultation on the first batch of draft technical standards for the EU’s Digital Operational Resilience Act (DORA). 

The act, which entered into force on January 16th  2023, aims to enhance the digital resilience of entities across the EU financial sector and will apply from 17 January 2025. The ESAs, which are composed of the European Banking Authority (EBA), the European Insurance and Occupational Pensions Authority (EIOPA) and the European Securities and Markets Authority (ESMA), were tasked with jointly developing 13 policy documents that will form the framework for DORA.

Full article available here

The consultation, details of which can be found here, is open to all interested stakeholders and runs until September 11, 2023.


AI: Banks should “Take it steady” advises OCC

Banks should innovate with AI with caution, and should involve risk professionals in their innovation planning, said the head of the Office of the Comptroller of the Currency (OCC), Michael J. Hsu, at a recent risk and compliance conference in Seattle, hosted by the American Bankers Association.

Hsu went on to outline key regulatory principles for regulating AI innovation:

  • Innovate in stages: “Innovating in stages requires discipline. The concept is simple: start with what can be controlled, expand only when ready, monitor carefully, adjust, and repeat.”

  • Build the brakes while building the engine: “Risk and compliance professionals need to be at the innovation table and have their voices heard. In the technology space, speed to market is an important factor in innovation. Slowing things down is seen as anti-innovative. Structurally and culturally, this casts the risk and compliance functions as barriers to innovation.”

  • Engage regulators early and often. Hsu said this can be achieved by: “Giving risk and compliance professionals a seat at the innovation table from the get-go and heeding their input. Empowering them to identify risks and risk mitigants will help ensure that the products and services that result will be safe, sound, fair, and trusted.”

Full article available here


Singapore on the use of generative AI in the financial sector

Speaking at the recent policy and technology Point Zero Forum in Zurich, the Singaporean deputy prime minister Heng Swee Keat commented on the use of generative AI in the financial sector. He outlined three core principles of his government’s strategy: “Achieve the safe and responsible deployment of GenAI in FinTech”. These are:

  • Mobilise collective action to build a safe and responsible AI ecosystem: “Back in 2018, the Monetary Authority of Singapore (MAS) developed the Fairness, Ethics, Accountability, Transparency (or FEAT for short) principles with the financial industry, to provide guidance on the responsible use of AI by financial institutions. This work was continued through the Veritas Consortium, involving 31 industry players, to translate and operationalise these principles. With the benefit of iterations and road-testing over the past few years, the consortium will now release a Veritas Toolkit 2.0, to support financial institutions in integrating the FEAT principles into their internal risk governance.” (full article on Veritas Toolkit 2.0 available here)

  • Examining the risks and opportunities of GenAI for the financial sector, under the new Project MindForge: “This project will bring the data resources and domain expertise of the banking sector, together with the top AI companies’ state-of-the-art technologies and advanced algorithms. We will take an action-oriented approach of use case studies, prototyping and pilots to aid in the learning and translation process.”

  • The launch of an AI resource platform for the financial sector, jointly developed by MAS and Google Cloud, to upskill workers in the financial sector: “The one-stop resource platform will consolidate comprehensive resources, including datasets and use cases, to accelerate AI development for the financial industry. By adopting a spirit of open-source sharing and creation, we hope that this platform can enable: Individuals to tap on available data to demonstrate their skills and solutions, and land a role within the financial sector; Smaller enterprises to level up their capabilities and gain confidence to explore new possibilities; and FinTechs and financial institutions to showcase their market-ready solutions to clinch business opportunities and funding.”

Full details available here


UK to host first global AI summit

The British government has announced that it will host the first global AI summit this autumn. The summit, which will bring together leading technology companies, academic experts and representatives from various countries, aims to agree safety measures to evaluate and monitor the most significant risks from AI.

Commenting on the announcement, UK prime minister Rishi Sunak said: “No one country can do this alone. This is going to take a global effort. But with our vast expertise and commitment to an open, democratic international system, the UK will stand together with our allies to lead the way.”

Full details available here


France sees AI regulation before the end of the year

French digital minister, Jean-Noel Barrot, claims that principles “for the regulation of AI in G7 countries and like minded countries” will begin to emerge before the end of the year. His comments come after French President Emmanuel Macron called for AI regulation, saying: “From my point of view I think we do need a regulation and all the players, even the U.S. players, agree with that. I think we need a global regulation.”

Barrot also went on to say that he thought that the EU legal stance around AI was too strong: “My worry is that in the recent past few weeks, the EU Parliament has taken a very sort of strong stance on AI regulation, using in some sense this AI act as a way to try and solve too many problems at once.”

[Image Source: Financial Stability Board]