Treasury Department Issues Request for Information on Uses, Opportunities, and Risks of Artificial Intelligence in the Financial Services Sector

[35744]

June 17, 2024

TO: ICI Members
Investment Company Directors
Bank, Trust and Retirement Advisory Committee
Broker/Dealer Advisory Committee
Chief Information Security Officer Committee
Internal Sales Managers Roundtable
Investment Adviser and Broker-Dealer Standards of Conduct Working Group
Investment Advisers Committee
Operations Committee
Pension Committee
Pension Operations Advisory Committee
Sales and Marketing Committee
SEC Rules Committee
Securities Operations Advisory Committee
Small Funds Committee
Technology Committee
Transfer Agent Advisory Committee SUBJECTS: Compliance
Financial Stability
Intermediary Oversight
Investment Advisers
Operations
Privacy
Risk Oversight
Technology & Business Continuity RE: Treasury Department Issues Request for Information on Uses, Opportunities, and Risks of Artificial Intelligence in the Financial Services Sector

 

On June 12, 2024, the Department of the Treasury ("Treasury") published in the Federal Register a request for information on uses, opportunities, and risks of artificial intelligence (AI) in the financial services sector.[1] The RFI uses a broad definition AI,[2] which Treasury views as encompassing "a wide range of models and tools that utilize data, patterns, and other informational inputs to generate outputs—including statistical relationships, forecasts, content, and recommendations—for a given set of objectives."[3]

The RFI seeks (1) comment on the uses of AI in the financial services sector and the opportunities and risks presented by developments and applications of AI within the sector and (2) input on the potential opportunities and risks of financial institutions' use of AI and how AI may affect impacted entities. Comments on the RFI are due August 12. ICI plans to respond to the RFI and will separately reach out to members regarding next steps.

The RFI defines a "financial institution" to include "any company that facilitates or provides financial products or services" including, among others, banks, insurance companies, non-bank financial companies, asset managers, broker-dealers, and investment advisers.[4] While the RFI does not explicitly include investment companies in this definition, we think it is likely they would be included as "non-bank financial companies."[5] The RFI defines "impacted entities" as "consumers, investors, financial institutions, businesses, regulators, end-users, and any other entity impacted by financial institutions' use of AI."[6]

The RFI highlights prior and ongoing engagement by Treasury and other financial regulators to understand the development and application of AI within the financial services sector.[7] The RFI also discusses the potential use of AI as a tool to facilitate compliance with anti-money laundering (AML) requirements, noting recent initiatives by Treasury's Financial Crimes Enforcement Network (FinCEN) to encourage innovative approaches to AML compliance.[8] It also notes that the Financial Stability Oversight Council (FSOC) identified the use of AI in financial services as a vulnerability in its 2023 annual report.[9] Treasury explains that through the RFI, it "seeks to increase its understanding of how AI is being used within the financial services sector and the opportunities and risks presented by developments and applications of AI within the sector, including potential obstacles for facilitating responsible use of AI within financial institutions, and recommendations for enhancements to legislative, regulatory, and supervisory frameworks applicable to AI in financial services."[10]

Treasury states that it is interested in gaining insights into the uses of AI by financial institutions with respect to the provision of products and services, risk management, capital markets, internal operations, customer service, regulatory compliance, and marketing. While Treasury acknowledges that "AI has the potential to offer improved efficiency and enhanced capabilities" across the outlined use cases, it believes AI also can present a variety of challenges, including to existing risk mitigation strategies, consumer protection and data privacy (including use of AI to inform decisions to offer financial products and services), for oversight (including use of third-party service providers for business operations),[11] and explaining AI-assisted or AI-generated decisions. Citing a speech earlier this year by SEC Chair Gensler, the RFI states that "[p]otential risks associated with AI use for impacted entities may include bias, discrimination, monoculture, concentration, fraud, herding, hallucinations, explainability, conflicts, reputational risk, and data privacy risks, among others."[12]

The RFI includes 19 questions soliciting comments on three broad areas: (1) general use of AI in financial services, including use cases, types of models being employed, and variability in use and access to AI across financial institutions; (2) actual and potential opportunities and risks related to use of AI in financial services, including opportunities and risks on impacted entities, particularly as it relates to bias, discrimination and privacy; and (3) further actions to advance responsible innovation and competition within the financial services sector with respect to the use of AI. For your convenience, we have attached a list of the questions in an appendix to this memorandum.

 

Dorothy M. Donohue
Deputy General Counsel - Securities Regulation

Kimberly R. Thomasson
Assistant General Counsel - Markets, SMAs & CITs

 Notes

[1] Request for Information on Uses, Opportunities, and Risks of Artificial Intelligence in the Financial Services Sector, 89 Fed. Reg. 50048 (Jun. 12, 2024) (RFI) available at https://www.govinfo.gov/content/pkg/FR-2024-06-12/pdf/2024-12336.pdf.

[2] The RFI adopts the definition of AI utilized in White House Executive Order 14110 on Safe, Secure, and Trustworthy Development of AI:

A machine-based system that can, for a given set of human-defined objectives, make predictions, recommendations, or decisions influencing real or virtual environments. Artificial intelligence systems use machines and human-based inputs to perceive real and virtual environments; abstract such perceptions into models through analysis in an automated manner; and use model inference to formulate options for information or action.

[3] RFI at 50050.

[4] RFI at 50049 and n.1 (defining "financial institutions" to include, to the extent applicable, banks, credit unions, insurance companies, non-bank financial companies, financial technology companies, asset managers, broker-dealers, investment advisers, other securities and derivatives markets participants or intermediaries, money transmitters, and any other company that facilitates or provides financial products or services under the regulatory authority of the federal financial regulators and state financial or securities regulators).

[5] Title I of the Dodd-Frank Act generally defines a "US nonbank financial company" as a company, other than a bank holding company and certain other specified types of entities, that is (i) incorporated or organized under the laws of the United States or any State; and (ii) predominately engaged in financial activities. The Board of Governors of the Federal Reserve System, in adopting rules under Title I of the Dodd-Frank Act, stated that "[t]he Board believes that it is clear that open-end investment companies, such as mutual funds including money market funds, as well as closed-end investment companies, engage in financial activities as defined in section 4(k) of the BHC Act" and thus would be considered nonbank financial companies for purposes of Title I of the Dodd-Frank Act. Definitions of ''Predominantly Engaged In Financial Activities'' and ''Significant'' Nonbank Financial Company and Bank Holding Company, 78 Fed. Reg. 20756, 20761 (Apr. 5, 2013).

[6] RFI at 50049.

[7] See, e.g., Treasury, Managing Artificial Intelligence-Specific Cybersecurity Risks in the Financial Services Sector (Mar. 27, 2024) available at https://home.treasury.gov/system/files/136/Managing-Artificial-Intelligence-Specific-Cybersecurity-Risks-In-The-Financial-Services-Sector.pdf; CFTC, CFTC Staff Releases Request for Comment on the Use of Artificial Intelligence in CFTC-Regulated Markets (Jan. 25, 2024) available at https://www.cftc.gov/PressRoom/PressReleases/8853-24; CFTC, Responsible Artificial Intelligence in Financial Markets (May 2, 2024) available at https://www.cftc.gov/PressRoom/PressReleases/8905-24; SEC, Conflicts of Interest Associated with the Use of Predictive Data Analytics by Broker-Dealers and Investment Advisers (Jul. 26, 2023) available at https://www.sec.gov/files/rules/proposed/2023/34-97990.pdf; OCC, FRB, FDIC, CFPB and NCUA, Request for Information and Comment on Financial Institutions' Use of Artificial Intelligence, Including Machine Learning (Mar. 31, 2021) available at https://www.federalregister.gov/documents/2021/03/31/2021-06607/request-for-information-and-comment-on-financial-institutions-use-of-artificial-intelligence. 

[8] RFI at 50050. In 2018, FinCEN and the federal banking agencies issued a joint statement on innovative efforts to combat money laundering and terrorist financing, which encouraged banks to use existing tools or adopt new technologies, including AI, to identify and report money laundering, terrorist financing, and other illicit financial activity. See FinCEN, FRB, FDIC, NCUA, and OCC, Joint Statement on Innovative Efforts to Combat Money Laundering and Terrorist Financing (Dec. 3, 2018) available at https://www.fincen.gov/news/news-releases/joint-statement-innovative-efforts-combat-money-laundering.

[9] See FSOC, Annual Report (2023), available at https://home.treasury.gov/system/files/261/FSOC2023AnnualReport.pdf.

[10] RFI at 50051.

[11] The RFI explains that many financial institutions rely on third-party providers for business operations, including the use of AI. Treasury believes this reliance may exacerbate third-party and related risks. Treasury notes, in this regard, that the SEC "has taken steps to update its expectations for third-party risk management for investment advisers" with its 2022 proposal on investment adviser outsourcing. RFI at 50052-53.

[12] RFI at 50051.