Pitfalls of implementing AI in financial services

 

 Implementing AI in financial services creates opportunities but it has its risks and pitfalls as well, certainly if it’s implemented without policy, guidelines and planning.

With some help from AI 😊 we’ve made a summary of issues to be addressed, to avoid mistakes in using artificial intelligence and to implement it in such a way that the organisation and employees profit from it.

Apart from the more technical aspects – relevant for decision makers, compliance officers and staff responsible for implementing and running the AI engines – there’s the question about what the ‘average’ client-facing, operational or supporting staff member needs to know and understand about artificial intelligence in general and the AI used in the organisation specifically.

 

That’s where i-KYC comes in with our e-learnings like the “AI Awareness in the Financial Sector” course. The training provides an overview of artificial intelligence, its application in financial services and focuses on what employees in various roles need to be aware of when dealing with AI.

 Apart from the risks outlined in the rest of this article staff awareness on the topic of AI is crucial and all-staff training is a must to raise that awareness.

 

The biggest pitfalls of using AI in financial services revolve around algorithmic bias, which could cause discrimination in decisions on lending, pricing or client acceptance and potentially creates a lack of transparency if "black box" models are used, preventing understanding how decisions are made. Bear in mind that the model might not at all be hidden but might be defined in such a complex way that operational or compliance staff do not get a good grasp of the decision parameters.

Other major risks include data privacy breaches, high development costs, regulatory compliance hurdles and too many staff just not knowing enough about the risks and impact of the use of AI in the organisation.

 

As indicated in the introduction, we have listed the main risks and pitfalls in more detail below.

1. Algorithmic Bias and Discrimination

-        Perpetuating Inequality: AI models trained on historical data can inherit and even amplify existing biases, leading to discriminatory outcomes in lending, insurance, and risk management.

-        Hidden Bias – only found once results after implementation are analysed

2. "Black Box" Opacity and Lack of Transparency

-       Unexplainable Decisions: Many advanced AI systems act as "black boxes," making it difficult to understand, explain and justify decisions, which is critical for audits and regulatory compliance.

-       Erosion of Trust: A 2024 survey found that 89% of financial firms cited the lack of transparency as the main barrier to AI adoption, as staff find it harder to trust non-transparent systems and explain outcomes to customers. 

3. Data Privacy and Security Vulnerabilities

-        High-Value Targets: AI systems process vast amounts of sensitive financial data, making them a potential target for cybercriminals.

-        Data Poisoning: training data can be manipulated or altered, potentially compromising AI models and leading to data breaches or incorrect outcomes. 

4. Over-reliance and Loss of Human Oversight 

-        "All-Green" Fraud Scams: AI systems can fail to detect fraud when scammers manipulate customers into voluntarily moving funds, as the transaction looks "normal" to the AI.

-        Errors in Judgment: Relying entirely on automated tools without human oversight (or a "human-in-the-loop" approach) can lead to mistakes in approving transactions or client assessments. 

5. Regulatory and Compliance Challenges

-        Evolving Regulations: As AI technologies advance, regulatory frameworks struggle to keep pace, creating ambiguity and compliance risks.

-        Legal Consequences: Failure to comply with regulations, such as the EU AI Act or local data protection laws, can result in severe fines, reputational damage, and operational bans. 

6. Data Quality and "Hallucinations" 

-        "Garbage In, Garbage Out": Inconsistent, fragmented, or low-quality data leads to inaccurate AI insights and erroneous financial predictions.

-        Hallucinations: Generative AI tools can create fabricated information or incorrect, yet confident, financial insights, causing significant risks when used in investment decisions. 

 

To address these pitfalls, institutions can prioritise several risk mitigating measures, to name a few think of:

-       Implementing models that allow for clear audit trails.

-       Actively remove bias from training data and use diverse datasets.

-       Requiring human review for decisions like loan approvals and large, non-standard payments.

-       Establishing internal AI ethics boards and strict data security protocols. 

And of course… train all staff and ensure awareness is taken seriously.

Single Family Offices in Singapore

Another session in parliament was held in Singapore discussing the matter of Single Family Offices or SFOs.

While the sector is clearly buoyant and continues to grow, last year’s money laundering scandal has triggered concerns expressed in the city parliament.

Although ‘all SFOs applying for MAS tax incentives are required to open accounts with financial institutions (FIs) in Singapore and are subject to the FIs’ due diligence procedures and MAS screening the tax incentive applicants for adverse reports and money laundering or terrorism financing risks, quite a few questions remain:

-        What’s the reason these SFOs want to come here in the first place? Do we understand the underlying reasons for setting up in Singapore? Only then proper government policy and measures can be implemented.

-        Related to that is the question if we want this in Singapore. Are these really the organisations that create jobs and add value to the country?

-        All SFOs should have an account relation with an MAS regulated FI – but do they indeed?

-        Given last year’s money laundering scandal in which it proved that controls in major banks were faulty, is the financial sector stringent enough to deal with these high-risk organisations?

In summary: do the benefits of having all these SFOs outweigh the costs and are the measures to mitigate all financial crime risks sufficient and worth it?

Either way, SFOs will need to get their AML/CFT framework in order and will need to ensure the financial crime awareness and knowledge of Singapore regulations of all staff are thoroughly assessed and continuously updated to effectively mitigate risks associated with money laundering and terrorist financing.

This approach is essential given Singapore's stringent AML laws and the evolving nature of financial crimes, which require ongoing training and compliance efforts across all levels of staff within financial institutions.

Reactions and thoughts are welcome and of course we’re happy to discuss your requirements and offer our services

Read the original article from FinewsAsia here 

The new Payment Services Act in Singapore

 The Monetary Authority of Singapore (MAS) last week (finally) introduced amendments to the Payment Services Act (PS Act) and its subsidiary legislation to expand the scope of payment services regulated by MAS, and to impose user protection and financial stability-related requirements on digital payment token (DPT) service providers - read the  MAS notice here

 

Many consultants, lawyers and auditors have given their take on the immediate implications for the market. See for instance this article by ClyDeco or this interview with Chris Holland which is particularly concise and helpful.

We’re not a law firm and I have no intention of outdoing the summaries that others already have published, but let me make a few observations about timelines and what is required from the firms affected.

By May 3 this year payment service providers – dealing with Digital Payment Tokens or more traditional modes of payment – that are currently not regulated need to indicate to MAS if they will apply for a license or will cease their (to be regulated) activities in Singapore.

That means that each PSP had 19 (!) working days (and counting) to make an impact assessment. The regulation had been pending for years so many firms are well prepared but there will be companies panicking to get their act together. A thorough, yet fast, risk assessment and impact analysis will be required likely with external help from a specialist consultant.

Assuming a positive decision is taken and the PSP decides to apply for a license - and notifies MAS of that decision – another 5 months of hard work lie ahead because by October 3, 2024 that license application needs to be submitted. Followed by an attestation done by an external auditor latest early January 2025 to demonstrate that the PSP is indeed compliant.

From our experience it is first of all of key importance not to underestimate the work to be done and focus on the following 5 areas.

1.    Start building your management information beginning with collecting and organising data from 2022 and 2023, using the same data set to build up in 2024 and 2025. This to be able to demonstrate relevant information on clients and transactions for internal use but also to be used towards the regulator and the compulsory audit in January 2025.

2.    Do a thorough yet fast risk assessment and plan the implementation of short-term risk mitigation measures.

3.    Review and update the design of your AML Program.

4.    Make a training plan and ensure all staff is trained.

5.    Implement and monitor progress on an ongoing basis.

Most likely you need help with this, given the short timeframe. Keep in mind that you don’t just need advise, you need to build something that works. Operational compliance is key.

Trace Together and other government apps

 

The announcement – summarised by the Straits Times here is of course good news and not really surprising. Although I guess it’s news because many people would not have been surprised if the government would have announced that they keep the data a little longer…. for whatever reason.

But that didn’t happen.

 However, just a few weeks ago there was a public outcry over the new EZ link card mostly focused on the fact that it was inconvenient and not needed.

Comments related to the government not having put enough efforts into explaining the need. But maybe there was no need at all, at least not from the point of view of the average public transport user.

Then there is the Singapore HealthHub app in which (on the back of the vaccination drives during the pandemic) not only the covid vaccinations but essentially all personal medical data, appointments and what have you are registered.

All properly secured via the SingPass app but still… I assume the government has access to these data as well.

Then… over the weekend I wanted to go for a swim at one of the Swimming Centres – you used to be able to pay cash or with your (old style) EZ link card but that is no longer possible. You need to register (with SingPass or a photo-id) on the ActiveSG app.. another  government controlled app, with all sorts of personal (behavioural) data.

So maybe there is no master plan from the  Singapore government around or behind all this…. Fact is though that apps – government controlled or government supported apps – contain a lot of data that – when combined and/or used for unintended purposes could pose all sorts of dangers.

 

 

Any thoughts? Am I overthinking things here or seeing ghosts??

Find us at www.i-kyc.com or mail us at info@i-kyc.com

Singapore as tax haven

 

This article is a week old and I’ve been pondering what to think and make of it. It’s always good news if perpetrators are caught, but something just feels amiss here.

I’ve worked for and with financial institutions most of my working life and I’ve tried to do what’s right for the institution I worked for, its customers and society at large. But even when I had senior positions, I was never acting on my own. I was an employee, firmly embedded in organisation structures, reporting lines, policies, procedures, controls and all these other things that employees in an organisation deal with.  

Yet this article only briefly mentions the organisation the person worked for and it looks like it’s something done by an individual on his own. While MAS and other regulators indeed also include the individual responsibility and accountability of employees, every regulatory framework I know is built around what a Financial Institution as a whole needs to do.

Maybe I’m missing something but it would seem logical that the institution that this person was working for would be under scrutiny in the first place. Instead of making it look like an individual acting completely in isolation.

Any thoughts? Am I missing something here?

Find us at www.i-kyc.com i-KYC or mail us at info@i-kyc.com

KYC – Know Your Customer is not only relevant for banks

We’ve talked about it before but this article https://www.straitstimes.com/singapore/courts-crime/jail-for-2-nominee-directors-whose-shell-companies-laundered-almost-20m-in-scam-profits highlights the point again. Money launderers will go to the weakest link into the financial system and if that is a bank, great they will go there, but if banks have strengthened their #AML and #CFT controls and have sound #FCC Financial Crime Compliance processes in place, criminals will look for other points of entry into the financial system.

They will use corporate service providers, lawyers, real estate agents, suppliers of luxury goods, yacht brokers and car dealers to help them clean the dirty proceeds of crime.

So it’s only a matter of time for regulators to step in and strengthen regulations and controls over non-FIs. Be prepared and train your organisation. 

Mail us at info@i-kyc.com or find  more information on www.i-kyc.com

A candid – although short – interview with outgoing MAS MD Ravi Menon on money laundering

 A candid – although short – interview with outgoing MAS MD Ravi Menon on money laundering https://www.bloomberg.com/news/videos/2023-11-02/singapore-central-bank-on-battling-money-laundering-video

Some key points we picked up:

-          on the question ‘is this just the tip of the iceberg’ his answer is not conclusive – but I believe the consensus in the market would be that with so much money flowing into Singapore there must be more going on – happy to hear opposing views though….

-          Menon talks about that when ‘dirt is found in the house it needs to be cleaned’ – yes, it needs to be cleaned and thoroughly at that, but no mention is made of additional measures of prevention

-          interesting as well that – finally – it is recognised that the real estate sector (and other luxury segments in the economy) need to do more in the fight against money laundering.

Regulators focus – of course – on regulations. But it’s not just policy and guidelines that fight financial crime. Much more it is the operational practises in financial and non-financial institutions that stop criminals entering the financial system. Only then can an organisation achieve operational compliance. And it all starts with training and awareness…

 

Want to know more? Read more on our website at www.i-kyc.com or contact us at info@i-kyc.com