Financial firms must think beyond China AI regulation

Alex Roberts February 18, 2022 09:58

Artificial intelligence (AI) has had a profound impact on China’s growth and development in recent years and – as one of the country’s national priorities outlined in 2020’s Five Year Plan – is sure to continue as a key economic driver for decades to come.

For financial institutions in China, AI is no longer a “nice-to-have”. It has become a necessity in order to remain not just competitive but relevant at all in an increasingly digitised world. Its use paves the way to more opportunities for growth and diversification in a market that has been swollen by the multi-dimensional platforms that are able to attack traditional financial services with expansive offerings at the touch of a screen.

Indeed, the deployment of AI has been rapid in China’s financial services industry, which has embraced this new technology to support a wide range of activities, from risk management, customer onboarding and engagement to trading, portfolio management and robo-advisory.

But despite this dynamic and disruptive technology, AI poses unique legal and ethical challenges for financial firms. These stem in no small part from certain features of the underlying machine-learning techniques and its deployment in consumer-facing scenarios. It is essential for the financial sector to keep up with the law and regulations of AI as they develop, as well as look holistically at how existing legal frameworks can present potential regulatory hurdles before technology-specific regimes arrive.

Proliferation of AI Regulation in China

There are various existing regulatory frameworks around governance, control and risk management, outsourcing, data protection and cybersecurity against which the compliance of any potential AI deployment in China will need to be assessed.

The regulation of AI in the country is mainly governed by the Government’s Next Generation AI Development Plan. Launched in 2017, the plan sets out China’s grand strategy to be the world’s “premier AI innovation centre” by 2030 and marked the beginning of a string of policies released by the mainland Chinese authorities to boost the development of the AI industry, in particular by fostering R&D and creating more commercial applications for the technology.

One such policy is the China AI Governance Principles, released in 2019, which underlines the responsibilities of AI developers, users and other relevant parties and the traceability of AI systems. Chinese financial legislators have taken accountability and transparency of AI systems into consideration when formulating financial regulations and industry standards based on these principles.

China’s central bank, the People’s Bank of China (PBoC), has also released a series of industry standards on artificial intelligence and fintech. Last year, the PBoC issued the Personal Financial Information Protection Technical Specification, setting out requirements for financial institutions to regularly assess the safety of external automated tools used to share, transfer, or entrust personal financial information.

In March 2021, the PBoC released further specifications for evaluating artificial intelligence algorithms in financial applications. Applying to financial institutions, algorithm providers and third-party security evaluation institutions, these recommendatory guidelines prescribe additional detailed evaluation criteria on security, interpretability and accuracy of AI algorithms, aiming to eliminate the “black box” effect that is often a concern with the technology and promote continuity of AI systems.

The Era of Heightened Data Security Has Arrived

Advancements in AI are underpinned by data; naturally, this heightens the focus on data protection. For instance, data privacy and the use of personal information are top-of-mind considerations when it comes to implementing AI. Financial institutions should prioritise the data governance practices – what data should be used, how it should be modelled and tested, and whether the outcomes derived from the data are correct – to minimise the potential for consumer harm.

Central to this objective will be achieving compliance with the new Personal Information Protection Law that came into force in China on 1 November 2021. On the one hand, the legislative resemblance of China’s first comprehensive data protection law to the European Union’s GDPR – as well as an increasing number of copycat markets’ regimes around the globe – will ease the compliance burden of many international businesses that have already dedicated resources to become GDPR-compliant; however, on the other hand, violation of the new law’s requirements for data controllers which adopt automated decision-making systems that may influence data subjects’ interests, carry fines up to 50 times higher than the sanctions of the processor law, the Cybersecutiy Law. Financial institutions deploying these tools must conduct personal data security impact assessments before their deployment and ensure that there are readily accessible channels for customers to object to such automated decision-making. One example of this is the automated decisions empowered by AI and big data analysis relating to personal credit or loan limits.

Adaptability to Future Regulations is Key

Financial regulators typically engage in a technology-neutral approach when enforcing their rulebooks. It is up to companies to map their latest innovations in AI against existing laws and regulations and adapt to new developments as they emerge. With the known regulatory practices and data privacy concerns in China in particular, financial institutions need to be on the front-foot to comply with existing and future AI regulations, taking a progressive and ethical approach to anticipate the future impact of AI technologies and regulators’ likely supervisory reaction.

There is an ongoing responsibility and consumer obligation to be considered at every stage in the process of technology adoption. Before firms even adopt an AI tool at the design stage, building in compliance by design should be a key objective. Once the necessary tools are adopted, ongoing monitoring procedures and clear communication with internal and external stakeholders – not least customers – are essential.

Indeed, those offering financal services across multiple market must fully consider the implications and compatibility of new products and services with the evolving legal frameworks across various jurisdictions. There are regulatory synergies but also divergences that require these financial institutions especially to get their compliance structuring right from the beginning to take full advantage of AI and its applications.

-- Contact us at [email protected]

Alex Roberts

TMT Counsel, Linklaters