AI Legislations Gain Traction: What Does it Mean for AI Risk Management?

5/5 (3)

5/5 (3)

It’s been barely one year since we entered the Generative AI Age. On November 30, 2022, OpenAI launched ChatGPT, with no fanfare or promotion. Since then, Generative AI has become arguably the most talked-about tech topic, both in terms of opportunities it may bring and risks that it may carry.

The landslide success of ChatGPT and other Generative AI applications with consumers and businesses has put a renewed and strengthened focus on the potential risks associated with the technology – and how best to regulate and manage these. Government bodies and agencies have created voluntary guidelines for the use of AI for a number of years now (the Singapore Framework, for example, was launched in 2019).

There is no active legislation on the development and use of AI yet. Crucially, however, a number of such initiatives are currently on their way through legislative processes globally.

EU’s Landmark AI Act: A Step Towards Global AI Regulation

The European Union’s “Artificial Intelligence Act” is a leading example. The European Commission (EC) started examining AI legislation in 2020 with a focus on

  • Protecting consumers
  • Safeguarding fundamental rights, and
  • Avoiding unlawful discrimination or bias

The EC published an initial legislative proposal in 2021, and the European Parliament adopted a revised version as their official position on AI in June 2023, moving the legislation process to its final phase.

This proposed EU AI Act takes a risk management approach to regulating AI. Organisations looking to employ AI must take note: an internal risk management approach to deploying AI would essentially be mandated by the Act. It is likely that other legislative initiatives will follow a similar approach, making the AI Act a potential role model for global legislations (following the trail blazed by the General Data Protection Regulation). The “G7 Hiroshima AI Process”, established at the G7 summit in Japan in May 2023, is a key example of international discussion and collaboration on the topic (with a focus on Generative AI).

Risk Classification and Regulations in the EU AI Act

At the heart of the AI Act is a system to assess the risk level of AI technology, classify the technology (or its use case), and prescribe appropriate regulations to each risk class.

Risk levels of proposed EU AI Act

For each of these four risk levels, the AI Act proposes a set of rules and regulations. Evidently, the regulatory focus is on High-Risk AI systems.

Four risk levels of the AI Act

Contrasting Approaches: EU AI Act vs. UK’s Pro-Innovation Regulatory Approach

The AI Act has received its share of criticism, and somewhat different approaches are being considered, notably in the UK. One set of criticism revolves around the lack of clarity and vagueness of concepts (particularly around person-related data and systems). Another set of criticism revolves around the strong focus on the protection of rights and individuals and highlights the potential negative economic impact for EU organisations looking to leverage AI, and for EU tech companies developing AI systems.

A white paper by the UK government published in March 2023, perhaps tellingly, named “A pro-innovation approach to AI regulation” emphasises on a “pragmatic, proportionate regulatory approach … to provide a clear, pro-innovation regulatory environment”, The paper talks about an approach aiming to balance the protection of individuals with economic advancements for the UK on its way to become an “AI superpower”.

Further aspects of the EU AI Act are currently being critically discussed. For example, the current text exempts all open-source AI components not part of a medium or higher risk system from regulation but lacks definition and considerations for proliferation.

Adopting AI Risk Management in Organisations: The Singapore Approach

Regardless of how exactly AI regulations will turn out around the world, organisations must start today to adopt AI risk management practices. There is an added complexity: while the EU AI Act does clearly identify high-risk AI systems and example use cases, the realisation of regulatory practices must be tackled with an industry-focused approach.

The approach taken by the Monetary Authority of Singapore (MAS) is a primary example of an industry-focused approach to AI risk management. The Veritas Consortium, led by MAS, is a public-private-tech partnership consortium aiming to guide the financial services sector on the responsible use of AI. As there is no AI legislation in Singapore to date, the consortium currently builds on Singapore’s aforementioned “Model Artificial Intelligence Governance Framework”. Additional initiatives are already underway to focus specifically on Generative AI for financial services, and to build a globally aligned framework.

To Comply with Upcoming AI Regulations, Risk Management is the Path Forward

As AI regulation initiatives move from voluntary recommendation to legislation globally, a risk management approach is at the core of all of them. Adding risk management capabilities for AI is the path forward for organisations looking to deploy AI-enhanced solutions and applications. As that task can be daunting, an industry consortium approach can help circumnavigate challenges and align on implementation and realisation strategies for AI risk management across the industry. Until AI legislations are in place, such industry consortia can chart the way for their industry – organisations should seek to participate now to gain a head start with AI.

Get your Free Copy
Navigating the Financial Frontier: Point Zero Forum 2023

5/5 (1)

5/5 (1)

After the resounding success of the inaugural event last year, Ecosystm is once again partnering with Elevandi and the State Secretariat for International Finance SIF as a knowledge partner for the Point Zero Forum 2023. In this Ecosystm Insights, our guest author Jaskaran Bhalla, Content Lead, Elevandi talks about the Point Zero Forum 2023 and how it is all set to explore digital assets, sustainability, and AI in an ever-evolving Financial Services landscape.

The Point Zero Forum is returning for its second edition between 26 to 28 June 2023 in Zurich, Switzerland. The inaugural Forum held in June 2022 attracted over 1,000 leaders and featured more than 200 esteemed speakers from Europe, Asia Pacific, the USA, and MENA. The Forum represents a collaboration between the Swiss State Secretariat for International Finance (SIF) and Elevandi and is organised in cooperation with the BIS Innovation Hub, the Monetary Authority of Singapore (MAS), and the Swiss National Bank.

As we gear up for this year’s Point Zero Forum, let’s take a moment to reflect on some of the pivotal developments that have shaped the Financial Services industry since the previous Forum and also moulded the three key themes that will take centre stage this year: Sustainability, Artificial Intelligence (AI), and Digital Assets.

COP27, the rise of blended finance and the groundbreaking Net-Zero Public Data Utility

In November 2022, the Government of the Arab Republic of Egypt hosted the 27th session of the Conference of the Parties of the UNFCCC (COP27), with a view to accelerate the transition to a low-carbon future. In the build-up to COP27, Ravi Menon, the Managing Director of the MAS spoke at the inaugural Transition Finance towards Net-Zero conference and shared with the audience that the world is currently not on a trajectory to achieve net-zero emissions by 2050. And according to the UN Emissions Gap report 2021, based on the current policies in place, the world is 55% short of the emissions reduction target for 2030. He also elaborated on the significant role that blended finance can play in tackling climate change, a theme that widely resonated with the global leaders at COP27. To enable easy and transparent reporting on climate commitments, the Climate Data Steering Committee (CDSC) outlined the next steps on its recommended plans for the Net-Zero Data Public Utility (NZDPU) at COP 27. NZDPU aims to aid efforts to transition to a net-zero economy by addressing data gaps, inconsistencies, and barriers to information that slow climate action.

The Point Zero Forum 2023 will deep-dive into the data, technologies, and capital and risk management solutions that can accelerate the fair transition towards a low-carbon future.

Panel Discussion Highlight: The opening panel discussion, “Data for Net-Zero: Views from the Climate Data Steering Committee,” scheduled for 26 June, will feature members of the CDSC, which include the Financial Conduct Authority, the MAS, Glasgow Financial Alliance for Net Zero (GFANZ), and the Swiss State Secretariat for International Finance. The panel will discuss the role of new technologies and collaborative platforms in promoting greater accessibility of transition data and innovative business models.

The launch of ChatGPT by OpenAI and its record for the fastest 100M monthly active users

The launch of ChatGPT by OpenAI on 30 November, 2022 led to widespread adoption by users globally – eventually setting the record for the fastest-growing, active users, hitting 100M monthly active users by Feb 2023. While on one hand users rushed to share enormous efficiency gains achieved by the use of ChatGPT, on the other hand ChatGPT soon became a disruptive tool to spread fake news.

The Point Zero Forum 2023 will deep-dive into Generative AI’s potential for enhancing efficiency, improving risk management, and providing better customer experience in the Financial Services industry, while highlighting the need for ensuring fair, ethical, accountable, and transparent use of these technologies.

Panel Discussion Highlight: The session “Breaking New Ground with Generative AI: Project MindForge”, scheduled for 27 June, will feature global leaders from NVIDIA, the MAS, Citigroup and Bloomberg. The panel will discuss the opportunities of Generative AI for the Financial Services sector.

MiCA regulation gets adopted by the EU lawmakers and sets a precedent for digital asset regulations

More than 2.5 years after it was first proposed, the EU Markets in Crypto-Assets (MiCA) regulation was approved in April 2023 by EU Parliament. While there is still work to be done to implement MiCA and measure its success, and to answer open questions around regulation for out-of-scope assets (like DeFI and NFTs), the digital assets industry is keenly observing whether MiCA could serve as a template for global crypto regulation. In May 2023, the International Organization Of Securities Commissions (IOSCO), the global standard setter for securities markets, also joined the global discussion on digital asset regulation by issuing for consultation detailed recommendations to jurisdictions across the globe as to how to regulate crypto assets.

The Point Zero Forum 2023 will do a stocktake on key global regulatory frameworks, market infrastructure, and use cases for the widespread adoption of digital assets, asset tokenisation, and distributed ledger technology.

Panel Discussion Highlight: The sessions “State of Global Digital Asset Regulation: Navigating Opportunities in an Evolving Landscape” and “Interoperability and Regulatory Compliance: Building the Future of Digital Asset Infrastructure”, scheduled on 26 and 27 June respectively, will feature global leaders from both public sector (such as the MAS, Bank of Italy, Bank of Thailand, U.S. Commodity Futures Trading Commission, EU Parliament) and private sector organisations (such as JP Morgan, Sygnum, SBI Digital Assets, Chainalysis, GBBC, SIX Digital Exchange). The discussions will centre around digital asset regulations and key considerations in the rapidly evolving world of digital assets.

Point Zero Forum - Registration

Register here at Receive 10% off the Industry Pass by entering the code ‘JB10’ at check out. (Policymakers, regulators, think tanks, and academics receive complimentary access/ Founders of tech companies (incorporated for less than 3 years) can apply for a discounted Founder’s Pass)

Organisational Resilience: Compliance Risk Strategy for 2023

5/5 (1)

5/5 (1)

There are a number of updates to regulations that will impact organisations in 2023. They will create new requirements for businesses to follow, new areas of risk, and more money and time spent adjusting to these changes.

Compliance strategies help cement trust in professional partnerships and vendor relationships. Whether organisations are trying to qualify for cyber insurance, or simply looking to obey the law and avoid fines, they are up against increasingly tough compliance measures. It is no longer sufficient to be compliant only once in a year, scramble in the two weeks before the audit, and then forget about it for the rest of the year.

What compliance tech trends should IT management adopt as they build and refine their technology roadmaps?  

Let’s look at some regulatory and technology trends.

Regulations to Watch

European Union Digital Operational Resilience Act (DORA). The EU is applying regulatory pressure on the financial services industry with its Digital Operational Resilience Act (DORA)DORA is a “game changer” that will push firms to fully understand how their IT, operational resilience, cyber and third-party risk management practices affect the resilience of their most critical functions as well as develop entirely new operational resilience capabilities.

One key element that DORA introduces is the Critical Third Party (CTP) oversight framework, expanding the scope of the financial services regulatory perimeter and granting the European Supervisory Authorities (ESAs) substantial new powers to supervise CTPs and address resilience risks they might pose to the sector.

Germany’s Supply Chain Due Diligence Act (SCDDA). On January 1, 2023, the Supply Chain Due Diligence Act took effect. It requires all companies with head offices, principal places of business, or administrative headquarters in Germany – with more than 3,000 employees in the country – to comply with core human rights and certain environmental provisions in their supply chains. SCDDA is far-reaching and impacts multiple facets of the supply chain, from human rights to sustainability, and legal accountability throughout the third-party ecosystem. It will address foundational supply chain issues like anti-bribery and corruption diligence.

From 2024, the number of employees will be lowered from 3,000 to 1,000. And Switzerland, The Netherlands, and the European Union also have similar drafts of regulation in the books.

PCI DSS 4.0. Payment Card Industry Data Security Standard (PCI DSS) is the core component of any credit card company’s security protocol.  In an increasingly cashless world, card fraud is a growing concern. Any company that accepts, transmits, or stores a cardholder’s private information must be compliant. PCI compliance standards help avoid fraudulent activity and mitigate data breaches by keeping the cardholder’s sensitive financial information secure.

PCI compliance standards require merchants to consistently adhere to the PCI Standards Council’s guidelines which include 78 base requirements, more than 400 test procedures, and 12 key requirements.

Looking at how PCI has evolved over the years up to PCI 4.0, there is a departure from specific technical requirements toward the general concept of overall security.  PCI 4.0 requirements were released in March 2022 and will become mandatory in March 2024 for all organisations that process or store cardholder data.

The costs of maintaining compliance controls and security measures are only part of what businesses should consider for PCI certification. Businesses should also account for audit costs, yearly fees, remediation expenses, and employee training costs in their budgets as well as technical upgrades to meet compliance standards.

Tech Trend Changes

Zero Trust presents a shift from a location-centric model to a more data-centric approach for fine-grained security controls between users, systems, data, and assets. Zero Trust as a model assumes all requests are from an open network and verifies each request this way. PCI 4.0 does not mention Zero Trust architecture specifically, but it is evident that the Security Standards Council is going that way as a future consideration.

Passwordless authentication has gained a lot of attention and traction recently. large tech providers such as Google, Apple, and Microsoft, are introducing passwordless authentication based on passkeys. This is a clear sign that the game is about to change. As the PCI DSS focuses on avoiding fraudulent activity, so does newer authentication protocol approaches to verify and confirm identity.

Third-party risk management is quickly evolving into third-party trust management (TPTM), with the SCDDA creating a clear line in the sand for global organisations. TPTM is a critical consideration when standing up an enterprise trust strategy. Enterprise trust is a driver of business development that depends on cross-domain collaboration. It goes beyond cybersecurity and focuses on building trusted and lasting third-party relationships across the core critical risk domains: security, privacy, ethics & compliance, and ESG.

Final thought – Cyber Insurance in 2023

If some of these compliance drivers lead to a desire for financial protection,  cyber insurance is one mitigation element for strategy to address C-level concerns. But wait – this is not as easy as it used to be.

Five years ago, a firm could fill out a one-page cyber insurance application and answer a handful of questions. Fast forward to today’s world of ransomware attacks and other cyber threats – now getting insurance with favourable terms, conditions, pricing, coverage and low retention is tough.

Insurance companies prefer enterprises that are instituting robust security controls and incident response plans — especially those prepared to deep dive into their cybersecurity architectures and with planned roadmaps. In terms of compliance strategy development, there needs to be a risk-based approach to cybersecurity to allow an insurer to offer a favourable insurance option.

The Future of Finance: FinTech Innovations & Collaborations

5/5 (2)

5/5 (2)

Innovation and collaboration are the cornerstones of FinTech success stories. Successful FinTechs have identified market gaps and designed innovative solutions to address these gaps. They have also built an ecosystem of partners – such as other FinTechs, large corporates and financial services organisations – to deliver better customer experiences, create process efficiencies and make compliance easier.  

As FinTechs have become mainstream over the years the innovations and the collaborations continue to make technology and business headlines.

Here are some recent trends:

  • The Growth of Cross-border Finance. Globalisation and the rise of eCommerce have created a truly global marketplace – and financial agencies such as the MAS and those in the EU are responding to the need.
  • Transparency through Smart Contracts. As businesses and platforms scale applications and capabilities through global partnerships, there is a need for trusted, transparent transactions. Symbiont‘s partnership with Swift and BNB Chain‘s tie-up with Google Cloud are some recent examples.
  • Evolution of Digital Payments. Digital payments have come a long way from the early days of online banking services and is now set to move beyond digital wallets such as the Open Finance Association and EU initiatives to interlink domestic CBDCs.
  • Banks Continue to Innovate. They are responding to market demands and focus on providing their customers with easy, secure, and enhanced experiences. NAB is working on digital identity to reduce fraud, while Standard Chartered Bank is collaborating with Bukalapak to introduce new digital services.
  • The Emergence of Embedded Finance. In the future, we will see more instances of embedded financial services within consumer products and services that allows seamless financial transactions throughout customer journeys. LG Electronics‘ new NFT offering is a clear instance.

Read below to find out more.

previous arrowprevious arrow
next arrownext arrow
previous arrow
next arrow

Download The Future of Finance: FinTech Innovations & Collaborations as a PDF

Access More Insights Here
Achieving Sustainability: The Tide is Turning

5/5 (2)

5/5 (2)

In this blog, our guest author HE Jo Tyndall, delivers a message of hope for the future and talks about initiatives across all levels to combat climate change and biodiversity loss. “The pieces of the puzzle that will create a sustainable future are all there – it is time to start fitting them together.”

If, like me, you have watched Sir David Attenborough’s “witness statement” (A Life On Our Planet), it is easy to despair of the wanton, wilful destruction humanity has wreaked on the Earth, and to be horrified that so much of this has happened in one man’s (admittedly long) lifetime. The images he conjures – of distressed orangutans, starving polar bears, floods, fires and droughts, and of rampant deforestation – underscore how ubiquitous, urgent and overwhelming the climate change and biodiversity crises are.

But Sir David ends with a message of hope, and it is this I want to emphasise. Everywhere we look, there are green shoots of hope, many growing into sturdy saplings. They are coming thick and fast, and they are becoming mainstream – no longer relegated to the tick-box margins of policy or practice. The pieces of the puzzle that will create a sustainable future are all there – it is time to start fitting them together.

Political Signals Create a Ripple Effect

First, and foremost, in 2015 we got the Paris Agreement (and subsequently its rulebook). This was no mean feat. It set climate goals, gave us global rules for being transparent and accountable, and put governments on a path of continuous improvement to reach those collective goals. It is easy to dismiss global treaties as just words on paper, but this is to ignore the profound ripple effect those words have already had. (The Agreement held firm despite the US withdrawal – but the fillip when it re-joins will be welcome.)  

The political signals set the first ripples off as governments needed climate policies to meet their Paris undertakings. The European Green Deal aims for a sustainable EU economy, with no net greenhouse gas emissions by 2050, decoupling economic growth from resource use. The UK will host next year’s UN Climate Change Conference of the Parties (COP26) – and has doubled its climate finance for the period 2021-2025.

In September this year, China – the world’s largest emitter of greenhouse gases – announced it would achieve carbon neutrality by 2060. Japan and Korea, too, have upped their mid-century targets to bring net emissions to zero.  

The New Zealand Government has set a legislated goal for the country to be carbon neutral by 2050; has amended our Emissions Trading System (ETS) to ensure price signals encourage a move to low carbon; set up a green investment fund; invested heavily in research into reducing emissions from livestock production; and, most recently, made carbon-related financial disclosures mandatory for specified companies, banks, insurers and investment managers. We have also made it our mission to encourage governments to phase out fossil fuel subsidies (some US$400bn each year) that promote excessive consumption.  

The Ripples Reach Cities and Businesses…

The political signals have flowed through to regional and local government. The C40 group (cities around the world working towards sustainability goals) now has 96 participating members – with many cities finding opportunities to collaborate with others in the network on joint projects.

It is becoming obvious that fossil fuel industries are at a disadvantage against increasingly cost-competitive renewable energy. Governments are working out how to manage a ‘just transition’ for the energy sector, while forward-leaning energy companies are re-shaping their business models in anticipation of a low carbon future.

Political signals encourage businesses to factor climate change into their planning and investment decisions. Businesses everywhere have read the political tea leaves and we see weekly announcements of pledges for carbon neutrality, ethical investing, green financing and so on. Whether it is Blackrock or NZ Super Fund making environmental, social, and governance (ESG) considerations integral to their investments, or Ikea’s IWAY (its ESG code of conduct for itself and its suppliers), business is showing a deeper commitment to sustainability than ever before. 

Some industries will have to be more invested than others in emissions reduction, but this opens a world of opportunity and innovation. Energy & Utilities companies are implementing waste-to-energy solutions – Singapore’s Integrated Waste Management Facility (IWMF) is set to be the world’s largest energy recovery facility – and adoption of carbon capture, utilisation and storage (CCUS) facilities is at last gathering momentum across energy systems. Industries like aviation and maritime, too, have to play a key role in a circular economy.

… And Individuals (the Last – and First – Pieces of the Puzzle)

The ripples have spread to individuals – people like you and me. I know there are still plenty of climate deniers around. But mindsets are changing – and when that happens, the ripples become a tidal wave of real change. If we each start thinking we can do it and we will do it, the change will happen. If we make it clear, in our preferences as consumers, and in our expectations of the businesses we buy from or invest in, the change will happen.

The numbers who recognise we must live within our planetary boundaries are growing, values are changing (especially in light of the pandemic), and our low-carbon future is a high-tech one – not hemp shirts and home-made candles (unless of course these are your thing). Digital is a critical part of the story. Blockchain and distributed ledger technology (DLT) is being used to cater to a new generation of consumers, conscious of buying what is good for the world in the face of climate change and biodiversity loss. Food products are being branded using track-and-trace capabilities of Blockchain for ‘farm to fork’ visibility. 

Who doesn’t want to breathe clean air, have lower energy bills, and eat safe and healthy food? Maybe we will see more initiatives like America’s Pledge, bringing together an entire ecosystem committed to fighting climate change, growing the economy, and protecting public health – an ecosystem of states, cities, businesses, universities, and citizens.

We now have the rules, the policy tools, the technologies, and – increasingly – we have the will to act. As we re-build our economies, our businesses, and our lives, let us re-build better. So, I would echo Sir David Attenborough’s optimism – it is just that we do not have his (95 years) lifetime left to put things right.

Singapore FinTech Festival 2020: Impact Summit

For more insights, attend the Singapore FinTech Festival 2020: Impact Summit which will cover topics tied to climate change and sustainability to build a better future

Get Access