Australia warns banks and insurers to prepare for escalating risks posed by AI

The Australian financial regulator has urged banks and financial institutions to take urgent steps to align their governance, risk management and operational resilience practices with increasing risks posed by the scale of AI adoption.

 

The Australian Prudential Regulation Authority said in a letter to banks, insurers, and pension funds that the universal adoption of artificial intelligence to power a multitude of sectoral use cases has introduced major risks that organisations are not prepared to manage in the short term.

 

The financial regulator said a review of how AI was being deployed and governed by the financial sector revealed that organisations’ information security practices were woefully underequipped to deal with the challenges posed by the rising deployments.

 

APRA said that banks, insurance companies and other financial institutions have evolved the use of AI from experimental use to deploying the technology in more operationally embedded and customer-facing applications. These organisations are also using AI in areas such as software engineering, claims triage, loan application processing, fraud and scam disruption, customer interaction and insight generation.

 

However, boards presently lack the required technical literacy needed to understand multifarious risks posed by AI deployments or to manage AI related risks.

 

The regulator warned that financial institutions cannot afford to treat AI as just another technology. If they continue to do so, they will miss key factors like the distinct characteristics of predictive systems, adaptive behaviour in models, and ethical considerations such as inherent bias, and privacy and data risks. 

 

“The AI revolution presents tremendous opportunities for banks, insurers and superannuation trustees to deliver improved efficiency and enhanced customer services. We are already beginning to see these benefits materialise. But we cannot be blind to the risks of such powerful technology – whether in our own hands or the hands of those with malign intent,” said APRA Member Therese McCarthy Hockey.

 

“What we’ve observed from our supervisory engagement is that while AI adoption is continuing apace, the systems and processes required to safely govern its use aren’t keeping up. Likewise, the speed at which entities can identify and patch vulnerabilities needs to operate much faster, commensurate with the AI-accelerated threat.

 

“While we are not proposing to introduce additional requirements at this stage, we expect to see a significant improvement in how entities are closing the gaps between the power of the technology they are using and their ability to monitor and control it,” she added.

 

APRA has advised organisations in the finance, insurance and superannuation sectors to create an inventory of AI tooling and AI use cases, ensure human involvement in high-risk decisions, train their staff of AI misuse, limitations and risks, and shoulder ownership and accountability across the AI lifecycle, from design and development through to deployment, monitoring and decommissioning.