Will the EU Artificial Intelligence Act stifle plans to implement artificial intelligence in the banking sector?

By Steve MorganMarket leader in the banking industry, Pegasystems

ANDAs we enter the second quarter of the year, it is positive that banks are growing rapidly, implementing more and more technology applications to automate their services and provide more efficient and secure solutions to both their employees and customers. Machine learning (ML), artificial intelligence (AI) and, more recently, generative artificial intelligence (GenAI) are playing a key role in driving innovation in this sector.

The growing trend of using AI solutions is accompanied by a wave of new regulations that aim to ensure that the technology is safe, responsible and ethical. The first of them to enter into force is the EU Artificial Intelligence Act (EU AI Act), which received final approval of the European Parliament in March 2024.

Once such regulations come into force, it will be important for banks to be properly prepared to meet the new requirements and keep pace with the competition. Failure to do so may result in high financial penalties and loss of reputation. So what impact will the EU’s new AI law have on the sector and its current AI adoption plans?

Breakdown of the EU Artificial Intelligence Act

The EU’s Artificial Intelligence Law, which will come into force next year, is the world’s first comprehensive legal framework for artificial intelligence. Its main goal is to encourage the reliable use of AI in Europe and beyond by ensuring that AI systems respect fundamental rights, security and ethical principles, with particular attention to the potential risks associated with powerful AI models.

Like other EU regulations, the Act adopts a risk-based approach to ensure that companies and their products comply with the law before they are placed on the public market. The regulation directly affects not only technology companies, but every other sector that uses artificial intelligence to some extent, from manufacturing to education and, of course, banking.

Consequences for the industry

The basis of the EU’s AI legal act is to assess the potential risks of AI use cases. In particular, the European Commission (EC) lists such systems deemed to be high risk, including artificial intelligence technologies used in creditworthiness checks, which may reject a customer’s loan. In addition, the new regulation provides guidance on how financial services use artificial intelligence for pricing and risk assessment in life and health insurance. Despite this, much work still needs to be done by standards organizations and national authorities to impose new AI governance and risk management requirements and standards on how banks and other financial institutions use AI.

The EU Artificial Intelligence Bill also aims to tackle generative AI and Large Language Models (LLMs) such as OpenAI’s GPT-4, to allay any concerns about how these powerful but new forms of AI may impact people’s lives. Additionally, The European Union has launched a new European Office for AI continue to support the development and use of trustworthy artificial intelligence. Its main objective will be to enforce and closely monitor rules relating to general-purpose artificial intelligence systems used directly or indirectly by financial services companies. Moreover, the Artificial Intelligence Office will strive to support international cooperation while creating the basis for a single European AI governance system.

While the AI ​​Office was established to support and guide the use of artificial intelligence, financial institutions should remember that they are solely responsible for any tools and services they provide, including AI-based decision-making. They should therefore ensure that all solutions follow the relevant guidelines to avoid problems.

Compliance is at the heart of operations

With new regulations proposed and existing ones adjusted, the stakes for compliance have never been higher. This increased regulatory scrutiny requires enterprises to constantly monitor new regulations and ensure their AI services are compliant with the latest changes. Any oversights could potentially result in high financial penalties and reputational damage.

For example, regarding the EU Artificial Intelligence Act, companies using operating systems banned by the new law will be subject to financial penalties of up to €35,000,000, or up to 7 percent of their annual turnover. Interestingly, this is considered to be the toughest penalty for non-compliance in the EU to date and even exceeds the Art. General Data Protection Regulation (GDPR).

Such high penalties leave no room for error; therefore, companies need to stay up to date with new requirements. All partners and third-party technology providers should also, wherever possible, make regulatory compliance a priority in their programs support companies on their journeys.

Moreover, the inability to comply with such regulations directly affects the company’s reputation. As a consequence, customers may lose faith in its capabilities, which ultimately leads to financial losses.

Acclimatization to the new regulatory framework

While the new EU regulation may not directly apply to banks operating outside the region, it will still impact many financial services markets outside the EU, including the UK. It will become part of the plan for other countries to develop and apply their own regulations. In the UK, for example, regulators are expected to focus on mainstreaming fairness and transparency in the Financial Conduct Authority’s (FCA) new Consumer Charges Regulation and the use of artificial intelligence.

Naturally, existing regulations will also adapt depending on the increase in the use of artificial intelligence by banks and other entities. Financial services organizations have been using this technology for many years in credit processes, claims management, anti-money laundering (AML) and fraud detection. However, as demand increases and AI continues to rapidly develop, regulators will need to consider whether existing regulations are sufficient to address current applications of AI, or whether they can be improved rather than replaced.

While the EU’s Artificial Intelligence Act aims to ensure trust and security, there have already been some concerns that the regulation may stifle innovation and that the sector should push for bolder adoption of AI. Countries such as the UK may also seek to move away from the EU’s Artificial Intelligence Act as an opportunity to lead international competition.

There is no doubt that the public formulation of AI regulations will be political, but it is in everyone’s interest to ensure that regulations are consistent and aligned internationally to avoid confusion and burdensome controls. Moreover, whether some places like it or not, there is an expectation that markets outside the EU should follow the EU’s Artificial Intelligence Act, if not directly copy it – otherwise Brussels’ influence on regulatory best practices, such as GDPR.

The reality is that some banks and financial institutions that have been working with AI applications to streamline workflows for many years are taking no risks in implementing more robust AI technologies. They remain cautious, especially when it comes to how generative AI uses sensitive data or engages in direct interactions with customers. We focus and should always focus on results for both the customer and the bank.

The real goal is to deliver results and improve, not undermine, business processes. The sector will welcome new regulations, such as the EU’s Artificial Intelligence Act, as they propose clearer guidelines and guardrails on what can and cannot be done with this revolutionary technology. So it’s at its best it’s worth staying vigilant and working with trustworthy technology partners who share the same priorities and understand the importance of proactively implementing compliance measures at an early stage.