Deloitte has released a report from the Asia Pacific Centre for Regulatory Strategy (ACRS), 'Generative AI: Application and Regulation in Asia Pacific', which surveys the risks associated with the use of Generative AI in the financial services sector, the direction of regulations in the Asia-Pacific region, and provides recommendations for companies in the financial services industry to prepare for compliance with rapidly evolving laws and regulations.

ACRS interviewed 12 experts from Deloitte with expertise in technology and law across the Asia-Pacific (AP) region to understand how, as Generative AI ("GenAI") technology advances, policymakers and regulators will review the current AI usage framework to mitigate new technological risks that may arise from GenAI and ensure that the technology remains suitable for the objectives of the financial services sector.

Recent significant advancements in artificial intelligence (AI) technology over the past 12 months, such as the widespread adoption of GenAI technologies through various tools like OpenAI's Chat GPT and Google's Bard AI, have led to rapidly changing risks identified by regulators in the Asia-Pacific region regarding the legal governance of AI. While transparency, accountability, fairness, robustness, privacy, and data security remain critical considerations, concerns about bias and intellectual property have prompted regulators to balance the benefits of technological innovation with consumer protection.

The financial services industry is undergoing a major transformation and disruption, with GenAI changing the approach to service delivery. However, like other changes, regulatory scrutiny and attention regarding AI will increase. Currently, financial service providers face escalating new risks, such as bias, governance, accountability, and data protection throughout the AI lifecycle, as well as regulatory and strategic risks. Deloitte's latest report recommends that financial service providers prepare for the future and establish an AI governance framework to identify and manage AI-related risks appropriately and swiftly.

This report highlights the following key points:

  • Financial service providers should prepare for upcoming GenAI regulatory requirements.
  • Financial service providers that have implemented or are considering AI applications should begin developing an AI governance framework to support improved risk management and future regulatory compliance. They must be accountable for the outcomes generated by GenAI applications.
  • Financial service providers should assess factors contributing to customer vulnerability, such as education, income, or age, and ensure that the use of GenAI applications does not lead to bias or discrimination against these vulnerable customers, whether intentionally or unintentionally.
  • Financial service providers should identify stakeholders involved in collecting, storing, and processing customers' personal data and ensure that these parties comply with data protection requirements.
  • As copyright protection for the import and export of GenAI data remains unclear, financial service providers should assume that any data or queries input into GenAI applications may become public information. This serves as guidance for establishing governance boundaries to prevent unintentional disclosure of intellectual property or copyright infringement.
  • Financial service providers that have adopted or plan to adopt GenAI applications should invest in acquiring skilled personnel and provide AI technology training for employees, including board members and senior executives, to enhance understanding of key risks and responsibilities in mitigating those risks.

Akihiro Matsuyama, Risk Advisory Leader at Deloitte Asia Pacific, commented on the report, stating, "Although AI regulations and laws are still in the early stages of development or implementation in most jurisdictions, financial service providers must take a measurable approach by quickly establishing their own AI governance framework and taking action to understand, identify, and manage AI-related risks. The private sector must collaborate with regulators and lawmakers to share knowledge and industry experiences to facilitate the process of establishing criteria and drive consensus on the future path of AI."

Mr. Wong Nai Seng, Regulatory Strategy Leader at Deloitte Asia Pacific, added, "AI technologies like GenAI have significant potential to enhance efficiency and drive digital transformation within financial service providers. However, the risks associated with using such technologies should be the primary consideration, as the regulatory landscape surrounding AI technology continues to evolve both globally and within Southeast Asia. Financial service providers should be cautious in considering the adoption of AI technology to assess how the associated risks align with existing risks and their overall risk management framework."

You can read the full report and find more insights at Generative AI: Application and Regulation in Asia Pacific | Deloitte China | Financial Services