Skip links

The EU AI Act: help or hindrance to Financial Services?

Jump To Section

The EU AI Act

The explosion of Artificial Intelligence (AI) and its capabilities has taken the world by storm. In fact, it would not be too much of a stretch to suggest that most people have now heard of AI and its business impact thanks to the coverage across mainstream media outlets, as well as potential doomsday scenarios predicted by Elon Musk. We have also seen the rise of ‘deep fakes’ where celebrity’s voice and/or image has been replicated by AI (Taylor Swift being perhaps the most notable), fooling many into believing they are video or the image of the person themselves. This has provoked serious concerns around AI and its potential use by fraudsters. It is against this backdrop that the EU AI Act has come into being, with the aim to help regulate the use of AI technology in the European Union. The Act in its current form requires producers of AI to meet strict standards for transparency, accountability, and human supervision. Although yet to become law, the Act intends to set clear legal requirements for the use and creation of AI tools.

The Financial Services industry in the EU and across the world is already strictly regulated and compliance is a fundamental tenet to operate. By contrast, some critics of the Act have suggested it is too open for interpretation. So, will the Act be a help or a hindrance to the financial services sector?

Expected to come into force in the summer of 2024, the EU AI Act has wide-reaching consequences for AI use within Financial Services organisations. The Act aims to standardise the rules for AI usage, development, market spread and adoption. The wide scope of the Act has the potential to impact developers and deployers of AI systems based in the EU but also much further, to businesses with an office within the EU, as well as international companies that produce systems that are used within the EU.

Within the Financial Services Industry, multiple models are used to assess use cases ranging from individuals applying for loans, when checking their suitability for a financial product through to complex pricing models for Financial Instruments. These models require internal review and validation and must have the appropriate documentation that can be shared with the regulator where required. It is in these scenarios that the use of AI is viewed as particularly problematic unless properly regulated, due to the potential for bias in the technology’s development as well as the explainability of model outputs.

Striking the right balance

One challenge for European lawmakers lies in the very definition of AI. In fact, draft versions of the EU AI Act have already seen its definition amended several times. Having clarity on what AI is, will be central to the Act’s effectiveness.

Well-documented concerns around the potential for institutional and societal biases to be embedded in the creation of AI is also a key issue that the EU AI Act aims to address. After all, AI is only as good as the data with which it is fed, and if that data contains ingrained biases against gender, disability, age or other social demographics, then the output that AI creates will also have these biases, unless carefully constructed safeguards are put in place.

These valid concerns are again countered with the desire to take advantage of all that innovation through AI has to offer. We are yet to see compelling evidence that governance frameworks and conformity assessments will limit innovation. I would argue there is a compelling argument for creators and users of AI to say how it will be used, as will be required under the Act. The challenge will be the burden of reporting for those Financial Services organisations using AI.

Evaluation of risk

For those working in Financial Services, it is critical to understand that the Act broadly categorises AI into several categories based on their level of risk for societal harm. ‘Unacceptable risks’ are AI systems which will be prohibited under the Act. This includes systems that deploy subliminal techniques beyond a person’s consciousness to influence behaviour, systems that exploit vulnerabilities within a specific group of people and potentially discriminate based on a person’s age, disability, or socio-economic backgrounds.

‘High risk’ uses of AI are classified as those scenarios that could put the life and health of individuals at risk if something goes wrong. These scenarios will now require a conformity assessment.

‘Lower risk’ are systems where there are several transparency requirements such as the need to let users know that part of a screening process is undertaken using AI. With these systems, disclosure of AI use is required.

Finally, the ‘minimal’ or ‘no risk’ category of AI use, includes video games and spam filters, which will be subject to voluntary codes of conduct under the Act. The key challenge for lawmakers and indeed financial services is the potentially subjective nature of what activity or scenario falls within these risk categories.

As an example, the use of real-time facial recognition using AI at ATMs or in High Street banks would be considered an unacceptable risk. This use of AI would be perceived as too far reaching due to the public nature of the AI use and impact on people’s right to privacy. Facial recognition to access a banking app on a personal mobile phone, which is classified as private usage, would not be considered unacceptable under the Act, however.

Whilst self-regulation has been proposed by some AI producers as an alternative to the Act, this comes with its own issues. A particular concern is that a self-regulatory body would not have the teeth needed to effectively tackle immoral AI use and creation – we have seen this as a common complaint with press self-regulation in the UK for example. There is also concern around bias towards AI producers and a self-preservation mindset that would see an allowance for bending of the rules and so a lack of protection for the end consumer.

With the EU AI Act, there may be some merit in creating a separate regulatory body to oversee AI production, this would need to be a coordinated effort across the EU and an effort that would require strong levels of harmonisation with the UK as well as US regulators. This is important not only to ensure that the general principles around what constitutes unacceptable risk, high risk, minimal and no risk is understood, but also that the regulatory burden on individual downstream providers of AI systems is not so onerous as to prevent them from innovating and developing more effective AI solutions for the marketplace.

In its current form the EU AI Act puts a lot of obligation on providers. The Act also classifies those clients who use large language models as providers if they modify the AI programme which they are using. This can prove problematic, with clients then subject to the same regulatory burden as providers. This changes the dynamic as well as the economic use case for AI.

How should the finance sector prepare for the EU AI Act?

Financial Services Institutions must start thinking about AI in a co-ordinated way, much like we saw with the introduction of GDPR regulations. Unlike GDPR, however, we are not currently seeing organisations reviewing their operations in such a stringent manner. I would certainly expect to see the role of Chief AI Officer being introduced to help ensure compliance with the Act and what will be undoubtably more complete frameworks over time.

There is a very clear need to establish a formal AI governance structure within businesses that includes ownership of the comprehensive risk management framework which will be required to comply with the requirements of the Act. It is important to raise awareness and communicate effectively about the Act, not just internally, but also throughout your ecosystem of providers and clients.

Financial Services Institutions need to begin the process of assessing their technical landscape and thinking about their future technology, AI and data road map, to better understand how they will be impacted by the introduction of the EU AI Act. These institutions will need to identify which areas of their operating model will be most impacted and so will require prioritisation and focus, as well as the necessary remedial actions that will be required to comply with the Act.

The introduction of the EU AI Act represents a crucial step towards regulating the burgeoning field of AI within the Financial Services sector and beyond. As the Act approaches implementation, it is crucial that Financial Institutions adapt and take note of its requirements, ensuring compliance while also taking advantage of the innovations AI-driven solutions have to offer. The Act not only sets out to mitigate the risks associated with AI, such as biases and privacy concerns, but also encourages transparency and accountability. Financial institutions must therefore establish robust governance frameworks that can manage these new regulations effectively and position themselves to be as frictionless as possible in adhering to new Regulatory frameworks.

This article is also published in the Global Banking & Finance Review.

Picture of Vikas Krishan

Vikas Krishan

Suggested Reading

Ready to Unlock Your Enterprise's Full Potential?

Michael Woodall

Chief Growth Officer of Financial Services

Michael Woodall, as the Chief Growth Officer of Financial Services at Altimetrik, spearheads the identification of new growth avenues and revenue streams within the financial services sector. With a robust background and extensive expertise, Michael brings invaluable insights to his role.

Previously, Michael served as the Chief of Operations and President of the Trust Company at Putnam Investments, where he orchestrated strategic developments and continuous operational enhancements. Leveraging strategic partnerships and data analytics, he revolutionized capabilities across investments, retail and institutional distribution, and client services. Under his leadership, Putnam received numerous accolades, including the DALBAR Mutual Fund Service Award for over 30 consecutive years.

Michael’s dedication to industry evolution is evident through his involvement with prestigious organizations such as the DTCC Senior Wealth Advisory Board, ICI Operations Committee, and NICSA, where he served as Chairman and now holds the position of Director Emeritus. Widely recognized as an industry luminary, Michael frequently shares his expertise with various divisions of the SEC, solidifying his reputation as a seasoned presenter.

At Altimetrik, Michael plays a pivotal role in driving expansion within financial services, leveraging his expertise and Altimetrik’s Digital Business Methodology to ensure clients navigate their digital journey seamlessly, achieving tangible outcomes and exponential growth.

Beyond his corporate roles, Michael serves as Chair of the Boston Water & Sewer Commission, appointed by the Mayor of Boston, and is actively involved in various philanthropic endeavors, including serving on the board of the nonprofit Inspire Arts & Music.

Michael holds a distinguished business degree from Northeastern University, graduating with distinction as a member of the Sigma Epsilon Rho Honor Society.

Anguraj Kumar Arumugam

Chief Digital Business Officer for the U.S. West region

Anguraj is an accomplished business executive with an extensive leadership experience in the services industry and strong background across digital transformation, engineering services, data and analytics, cloud and consulting.

Prior to joining Altimetrik, Anguraj has served in various positions and roles at Globant, GlobalLogic, Wipro and TechMahindra. Over his 25 years career, he has led many strategic and large-scale digital engineering and transformation programs for some of world’s best-known brands. His clients represent a range of industry sectors including Automotive, Technology and Software Platforms. Anguraj has built and guided all-star teams throughout his tenure, bringing together the best of the techno-functional capabilities to address critical client challenges and deliver value.

Anguraj holds a bachelor’s degree in mechanical engineering from Anna University and a master’s degree in software systems from Birla Institute of Technology, Pilani.

In his spare time, he enjoys long walks, hiking, gardening, and listening to music.

Vikas Krishan

Chief Digital Business Officer and Head of the EMEA region

Vikas (Vik) Krishan serves as the Chief Digital Business Officer and Head of the EMEA region for Altimetrik. He is responsible for leading and growing the company’s presence across new and existing client relationships within the region.

Vik is a seasoned executive and brings over 25 years of global experience in Financial Services, Digital, Management Consulting, Pre- and Post-deal services and large/ strategic transformational programmes, gained in a variety of senior global leadership roles at firms such as Globant, HCL, Wipro, Logica and EDS and started his career within Investment Banking. He has developed significant cross industry experience across a wide variety of verticals, with a particular focus on working with and advising the C-Suite of Financial Institutions, Private Equity firms and FinTech’s on strategy and growth, operational excellence, performance improvement and digital adoption.

He has served as the engagement lead on multiple global transactions to enable the orchestration of business, technology, and operational change to drive growth and client retention.

Vik, who is based in London, serves as a trustee for the Burma Star Memorial Fund, is a keen photographer and an avid sportsman.

Megan Farrell Herrmanns

Chief Digital Officer, US Central

Megan is a senior business executive with a passion for empowering customers to reach their highest potential. She has depth and breadth of experience working across large enterprise and commercial customers, and across technical and industry domains. With a track record of driving measurable results, she develops trusted relationships with client executives to drive organizational growth, unlock business value, and internalize the use of digital business as a differentiator.

At Altimetrik, Megan is responsible for expanding client relationships and developing new business opportunities in the US Central region. Her focus is on digital business and utilizing her experience to create high growth opportunities for clients. Moreover, she leads the company’s efforts in cultivating and enhancing our partnership with Salesforce, strategically positioning our business to capitalize on new business opportunities.

Prior to Altimetrik, Megan spent 10 years leading Customer Success at Salesforce, helping customers maximize the value of their investments across their technology stack. Prior to Salesforce, Megan spent over 15 years with Accenture, leading large transformational projects for enterprise customers.

Megan earned a Bachelor of Science in Mechanical Engineering from Marquette University. Beyond work, Megan enjoys playing sand volleyball, traveling, watching her kids soccer games, and is actively involved in a philanthropy (Advisory Council for Cradles to Crayons).

Adaptive Clinical Trial Designs: Modify trials based on interim results for faster identification of effective drugs.Identify effective drugs faster with data analytics and machine learning algorithms to analyze interim trial results and modify.
Real-World Evidence (RWE) Integration: Supplement trial data with real-world insights for drug effectiveness and safety.Supplement trial data with real-world insights for drug effectiveness and safety.
Biomarker Identification and Validation: Validate biomarkers predicting treatment response for targeted therapies.Utilize bioinformatics and computational biology to validate biomarkers predicting treatment response for targeted therapies.
Collaborative Clinical Research Networks: Establish networks for better patient recruitment and data sharing.Leverage cloud-based platforms and collaborative software to establish networks for better patient recruitment and data sharing.
Master Protocols and Basket Trials: Evaluate multiple drugs in one trial for efficient drug development.Implement electronic data capture systems and digital platforms to efficiently manage and evaluate multiple drugs or drug combinations within a single trial, enabling more streamlined drug development
Remote and Decentralized Trials: Embrace virtual trials for broader patient participation.Embrace telemedicine, virtual monitoring, and digital health tools to conduct remote and decentralized trials, allowing patients to participate from home and reducing the need for frequent in-person visits
Patient-Centric Trials: Design trials with patient needs in mind for better recruitment and retention.Develop patient-centric mobile apps and web portals that provide trial information, virtual support groups, and patient-reported outcome tracking to enhance patient engagement, recruitment, and retention
Regulatory Engagement and Expedited Review Pathways: Engage regulators early for faster approvals.Utilize digital communication tools to engage regulatory agencies early in the drug development process, enabling faster feedback and exploration of expedited review pathways for accelerated approvals
Companion Diagnostics Development: Develop diagnostics for targeted recruitment and personalized treatment.Implement bioinformatics and genomics technologies to develop companion diagnostics that can identify patient subpopulations likely to benefit from the drug, aiding in targeted recruitment and personalized treatment
Data Standardization and Interoperability: Ensure seamless data exchange among research sites.Utilize interoperable electronic health record systems and health data standards to ensure seamless data exchange among different research sites, promoting efficient data aggregation and analysis
Use of AI and Predictive Analytics: Apply AI for drug candidate identification and data analysis.Leverage AI algorithms and predictive analytics to analyze large datasets, identify potential drug candidates, optimize trial designs, and predict treatment outcomes, accelerating the drug development process
R&D Investments: Improve the drug or expand indicationsUtilize computational modelling and simulation techniques to accelerate drug discovery and optimize drug development processes