On March 29, 2021, the Federal Reserve Board, the Consumer Financial Protection Bureau, the Federal Deposit Insurance Corporation, the National Credit Union Administration, and the Office of the Comptroller of the Currency (collectively, the Agencies) announced a request for information (RFI) aimed at a variety of stakeholders on the growing use of artificial intelligence (AI) by financial institutions. RFIs are often the Agencies’ first step towards formal rulemaking, particularly in new and emerging policy areas. RFIs also can signal greater regulatory scrutiny during the examination and supervision process.
The RFI’s purpose is multifold. The Agencies are seeking a better understanding of the financial industry’s use of AI, including machine learning, and the challenges in developing, adopting, and managing AI. From a regulatory standpoint, the Agencies are seeking information on the level of governance, risk management, and control financial institutions have placed over AI, and whether any supervisory policy clarifications would be appropriate.
The RFI initially cites the benefits of AI and its potential for greater efficiency, enhanced performance, and cost reduction for financial institutions, especially in regulatory compliance areas. Potential consumer and business advantages include more accurate, lower-cost, and faster underwriting as well as greater customization of products and services. Consumers and small businesses may have greater access to credit that was not possible under traditional credit underwriting.
However, the bulk of the RFI focuses on the potential prudential and consumer compliance risks posed by AI. The Agencies generally do not view these risks as being unique to AI. AI’s risks are similar to those posed by any process, tool, or model that may result in operational risks, including internal process or control weaknesses, cybersecurity threats, information technology breakdowns, third party risk, and model risk. AI can also create or magnify consumer compliance risks in the areas of unlawful discrimination, unfair, deceptive, or abusive acts or practices, and personal privacy. Consequently, the RFI’s specific request for comments center on areas of explainability, broader or more intensive data usage, and dynamic updating. Comments on the RFI’s specific request may lead to further information gathering, the development of new supervisory policies, or formal regulation.
The RFI was published in the Federal Register on March 31, 2021. Comments must be received by June 1, 2021.