BOSTON–The good news: Financial institutions have only begun to scratch the surface of generative AI. The bad news? So have fraudsters.
That’s according to Christian Crisan of Splunk, a provider of compliance solutions, who walked a World Credit Union Conference audience through a number of issues related to AI.
The Risks
First, some of the risks around bias and fairness. Crisan urged CUs to be aware of:
- Regulatory Scrutiny. “Gen AI has a large language model behind it. The data can be gated or ungated, but if you inherit the data you inherit any bias that’s in it. Regulators are going to have a significant interest in how those models were built and how are you evaluating your decisions. “
- Privacy. “AI models require access to large amounts of data. What do we do about data privacy and data security? That is a big concern. You still have to meet local and global regulations.”
- Black Box Models. “There needs to be some transparency and that is a challenge,” Crisan said. “Regulators can ask organizations to explain how AI systems are making decisions. You have to have a very good understanding.
Operational Concerns
Crisan said every CU needs to keep in mind the challenges around integrating AI models and solutions with existing systems. “It can be challenging, and then there is the people component. Where do you find that skilled workforce to implement and maintain and fine tune the systems?”
AI Opportunities
Despite all that, in Crisan’s opinion the “opportunities far outweigh the challenges.”
He said he sees opportunities in:
Regulatory Compliance
- Enhanced monitoring and reporting. “AI can automate the routine tasks. And you can monitor activities in real time”
- Improved risk management
- Enhanced data management
- Training and education. “We can use Gen Ai to create training programs.”
Financial Crime
- Fraud detection and prevention. “Every dollar saved from being lost can go directly to the P&L.”
- Anti-money laundering
- Cybersecurity. “Has this member ever tried to buy crypto at three in the morning?” Crisan asked of a scenario that non-AI tech is unlikely to catch.
Regulatory Technology
- Compliance solutions
- Reporting
“Embrace generative AI across the business,” Crisan advised. “Craft thoughtful generative AI policies without sacrificing innovation. If you resist the trend, I think the risk is being left behind. But adopting this without looking at risks is a big mistake.”
Crisan said only about 35% of organizations develop policies and plans for business use cases, but all should do so.
Additional Recommendations
Additional recommendations shared by Crisan include:
- Have a good set of controls
- Have an up-to-date view of your assets. “I know asset inventory is boring but it is very much needed.”
- Communicate to your board in ways that highlight the value of the investment.
Getting Ahead
What are companies doing to get ahead of the compliance wave?
According to Crisan:
- They’re making it part of everyone’s job, with 91% saying their teams make compliance part of their daily work.
- They’re training for it, with 88% ramping up compliance training for the security team.
- They’re dedicating entire teams to it.
- They are in lockstep with legal and compliance teams.
- They are running simulation exercises to understand the gaps