Sebastian Fritz-Morgenthal,Bernhard Hein,Jochen Papenbrock

DOI: https://doi.org/10.3389/frai.2022.779799

2022-02-28

Frontiers in Artificial Intelligence

Abstract:This perspective paper is based on several sessions by the members of the Round Table AI at FIRM 1 , with input from a number of external and international speakers. Its particular focus lies on the management of the model risk of productive models in banks and other financial institutions. The models in view range from simple rules-based approaches to Artificial Intelligence (AI) or Machine learning (ML) models with a high level of sophistication. The typical applications of those models are related to predictions and decision making around the value chain of credit risk (including accounting side under IFRS9 or related national GAAP approaches), insurance risk or other financial risk types. We expect more models of higher complexity in the space of anti-money laundering, fraud detection and transaction monitoring as well as a rise of AI/ML models as alternatives to current methods in solving some of the more intricate stochastic differential equations needed for the pricing and/or valuation of derivatives. The same type of model is also successful in areas unrelated to risk management, such as sales optimization, customer lifetime value considerations, robo-advisory, and other fields of applications. The paper refers to recent related publications from central banks, financial supervisors and regulators as well as other relevant sources and working groups. It aims to give practical advice for establishing a risk-based governance and testing framework for the mentioned model types and discusses the use of recent technologies, approaches, and platforms to support the establishment of responsible, trustworthy, explainable, auditable, and manageable AI/ML in production. In view of the recent EU publication on AI, also referred to as the EU Artificial Intelligence Act (AIA), we also see a certain added value for this paper as an instigator of further thinking outside of the financial services sector, in particular where “High Risk” models according to the mentioned EU consultation are concerned.

English Else

Catarina Souza

DOI: https://doi.org/10.69554/sokx4074

2023-01-01

Abstract:The rapid adoption of Artificial Intelligence (AI) among financial institutions in recent years creates several opportunities, but also presents significant risks that require adequate risk management. Despite advances in recent years, AI regulation remains fragmented. This creates a challenge for financial institutions when looking for guidance on how to address the emerging risks presented by the use of AI. Given the complexity and speed of revision, AI models tend to propagate and amplify existing model risk. This grants them the potential to be more harmful, and raises important model ethics concerns. This paper discusses how the existing model risk management framework can offer important lessons for financial institutions on how to tackle these emerging risks. Additionally, the paper explores possible enhancements to the model risk management framework in order to address the unique challenges posed by AI models. These include adapting governance and policies, including model ethics considerations; enhancing model risk identification and classification; and updating model life cycles, with an emphasis on data management, model development, validation and monitoring. While the author agrees that AI risks are diverse in nature, the focus of the paper is on the risks derived from the use and development of AI models.

Xiangyu Qi,Yangsibo Huang,Yi Zeng,Edoardo Debenedetti,Jonas Geiping,Luxi He,Kaixuan Huang,Udari Madhushani,Vikash Sehwag,Weijia Shi,Boyi Wei,Tinghao Xie,Danqi Chen,Pin-Yu Chen,Jeffrey Ding,Ruoxi Jia,Jiaqi Ma,Arvind Narayanan,Weijie J Su,Mengdi Wang,Chaowei Xiao,Bo Li,Dawn Song,Peter Henderson,Prateek Mittal

2024-05-30

Abstract:The exposure of security vulnerabilities in safety-aligned language models, e.g., susceptibility to adversarial attacks, has shed light on the intricate interplay between AI safety and AI security. Although the two disciplines now come together under the overarching goal of AI risk management, they have historically evolved separately, giving rise to differing perspectives. Therefore, in this paper, we advocate that stakeholders in AI risk management should be aware of the nuances, synergies, and interplay between safety and security, and unambiguously take into account the perspectives of both disciplines in order to devise mostly effective and holistic risk mitigation approaches. Unfortunately, this vision is often obfuscated, as the definitions of the basic concepts of "safety" and "security" themselves are often inconsistent and lack consensus across communities. With AI risk management being increasingly cross-disciplinary, this issue is particularly salient. In light of this conceptual challenge, we introduce a unified reference framework to clarify the differences and interplay between AI safety and AI security, aiming to facilitate a shared understanding and effective collaboration across communities.

Cryptography and Security,Artificial Intelligence

Haosen Xu,Kaiyi Niu,Tianyi Lu,Siyang Li

DOI: https://doi.org/10.51594/estj.v5i8.1363

2024-08-02

Engineering Science & Technology Journal

Abstract:This study examines the application of artificial intelligence (AI) in enhancing risk management within financial services. Through comprehensive analysis, the research reveals that AI technologies, particularly machine learning, and deep learning models, significantly improve the accuracy and efficiency of risk assessment and management processes. AI-powered credit risk models demonstrate a 20% increase in predictive accuracy compared to traditional methods, while market risk management sees a 30% improvement in anomaly detection speed and precision. The study also highlights a 60% reduction in false positives for fraud detection and a 40% increase in accurate favorable rates. Despite these advancements, challenges persist, primarily in data quality and model interpretability. The research projects that by 2028, AI will be integral to risk management in over 80% of large financial institutions, potentially reducing risk-related losses by 25% and improving operational efficiency by 35%. The study concludes by emphasizing the need for strategic implementation and responsible AI use, outlining future research directions, including the long-term impact on systemic risk, ethical implications, and the potential of quantum machine learning in risk modeling. Keywords: Artificial Intelligence, Financial Risk Management, Machine Learning, Regulatory Compliance.

Eren Kurshan,Hongda Shen,Jiahao Chen

DOI: https://doi.org/10.48550/arXiv.2010.04827

IF: 5.414

2020-10-09

Machine Learning

Abstract:AI systems have found a wide range of application areas in financial services. Their involvement in broader and increasingly critical decisions has escalated the need for compliance and effective model governance. Current governance practices have evolved from more traditional financial applications and modeling frameworks. They often struggle with the fundamental differences in AI characteristics such as uncertainty in the assumptions, and the lack of explicit programming. AI model governance frequently involves complex review flows and relies heavily on manual steps. As a result, it faces serious challenges in effectiveness, cost, complexity, and speed. Furthermore, the unprecedented rate of growth in the AI model complexity raises questions on the sustainability of the current practices. This paper focuses on the challenges of AI model governance in the financial services industry. As a part of the outlook, we present a system-level framework towards increased self-regulation for robustness and compliance. This approach aims to enable potential solution opportunities through increased automation and the integration of monitoring, management, and mitigation capabilities. The proposed framework also provides model governance and risk management improved capabilities to manage model risk during deployment.

Martin Kretschmer,Tobias Kretschmer,Alexander Peukert,Christian Peukert

DOI: https://doi.org/10.48550/arXiv.2311.14684

2023-11-03

Computers and Society

Abstract:The development and regulation of multi-purpose, large "foundation models" of AI seems to have reached a critical stage, with major investments and new applications announced every other day. Some experts are calling for a moratorium on the training of AI systems more powerful than GPT-4. Legislators globally compete to set the blueprint for a new regulatory regime. This paper analyses the most advanced legal proposal, the European Union's AI Act currently in the stage of final "trilogue" negotiations between the EU institutions. This legislation will likely have extra-territorial implications, sometimes called "the Brussels effect". It also constitutes a radical departure from conventional information and communications technology policy by regulating AI ex-ante through a risk-based approach that seeks to prevent certain harmful outcomes based on product safety principles. We offer a review and critique, specifically discussing the AI Act's problematic obligations regarding data quality and human oversight. Our proposal is to take liability seriously as the key regulatory mechanism. This signals to industry that if a breach of law occurs, firms are required to know in particular what their inputs were and how to retrain the system to remedy the breach. Moreover, we suggest differentiating between endogenous and exogenous sources of potential harm, which can be mitigated by carefully allocating liability between developers and deployers of AI technology.

Jakub Breier,Adrian Baldwin,Helen Balinsky,Yang Liu

DOI: https://doi.org/10.48550/arXiv.2012.04884

2020-12-09

Cryptography and Security

Abstract:Adversarial attacks for machine learning models have become a highly studied topic both in academia and industry. These attacks, along with traditional security threats, can compromise confidentiality, integrity, and availability of organization's assets that are dependent on the usage of machine learning models. While it is not easy to predict the types of new attacks that might be developed over time, it is possible to evaluate the risks connected to using machine learning models and design measures that help in minimizing these risks. In this paper, we outline a novel framework to guide the risk management process for organizations reliant on machine learning models. First, we define sets of evaluation factors (EFs) in the data domain, model domain, and security controls domain. We develop a method that takes the asset and task importance, sets the weights of EFs' contribution to confidentiality, integrity, and availability, and based on implementation scores of EFs, it determines the overall security state in the organization. Based on this information, it is possible to identify weak links in the implemented security measures and find out which measures might be missing completely. We believe our framework can help in addressing the security issues related to usage of machine learning models in organizations and guide them in focusing on the adequate security measures to protect their assets.

Dominik Hintersdorf,Lukas Struppek,Kristian Kersting

DOI: https://doi.org/10.48550/arXiv.2308.09490

IF: 5.414

2023-08-18

Machine Learning

Abstract:The field of artificial intelligence (AI) has experienced remarkable progress in recent years, driven by the widespread adoption of open-source machine learning models in both research and industry. Considering the resource-intensive nature of training on vast datasets, many applications opt for models that have already been trained. Hence, a small number of key players undertake the responsibility of training and publicly releasing large pre-trained models, providing a crucial foundation for a wide range of applications. However, the adoption of these open-source models carries inherent privacy and security risks that are often overlooked. To provide a concrete example, an inconspicuous model may conceal hidden functionalities that, when triggered by specific input patterns, can manipulate the behavior of the system, such as instructing self-driving cars to ignore the presence of other vehicles. The implications of successful privacy and security attacks encompass a broad spectrum, ranging from relatively minor damage like service interruptions to highly alarming scenarios, including physical harm or the exposure of sensitive user data. In this work, we present a comprehensive overview of common privacy and security threats associated with the use of open-source models. By raising awareness of these dangers, we strive to promote the responsible and secure use of AI systems.

Petar Radanliev,David De Roure,Rob Walton,Max Van Kleek,Rafael Mantilla Montalvo,La’Treall Maddox,Omar Santos,Peter Burnap,Eirini Anthi

DOI: https://doi.org/10.1007/s42452-020-03559-4

2020-10-06

SN Applied Sciences

Abstract:Abstract We explore the potential and practical challenges in the use of artificial intelligence (AI) in cyber risk analytics, for improving organisational resilience and understanding cyber risk. The research is focused on identifying the role of AI in connected devices such as Internet of Things (IoT) devices. Through literature review, we identify wide ranging and creative methodologies for cyber analytics and explore the risks of deliberately influencing or disrupting behaviours to socio-technical systems. This resulted in the modelling of the connections and interdependencies between a system's edge components to both external and internal services and systems. We focus on proposals for models, infrastructures and frameworks of IoT systems found in both business reports and technical papers. We analyse this juxtaposition of related systems and technologies, in academic and industry papers published in the past 10 years. Then, we report the results of a qualitative empirical study that correlates the academic literature with key technological advances in connected devices. The work is based on grouping future and present techniques and presenting the results through a new conceptual framework. With the application of social science's grounded theory, the framework details a new process for a prototype of AI-enabled dynamic cyber risk analytics at the edge.

Jona Klemenc,Holger Trittenbach

DOI: https://doi.org/10.48550/arXiv.2301.12151

2023-01-28

Abstract:Regulation, legal liabilities, and societal concerns challenge the adoption of AI in safety and security-critical applications. One of the key concerns is that adversaries can cause harm by manipulating model predictions without being detected. Regulation hence demands an assessment of the risk of damage caused by adversaries. Yet, there is no method to translate this high-level demand into actionable metrics that quantify the risk of damage. In this article, we propose a method to model and statistically estimate the probability of damage arising from adversarial attacks. We show that our proposed estimator is statistically consistent and unbiased. In experiments, we demonstrate that the estimation results of our method have a clear and actionable interpretation and outperform conventional metrics. We then show how operators can use the estimation results to reliably select the model with the lowest risk.

Machine Learning,Artificial Intelligence

Ritwik Gupta,Leah Walker,Rodolfo Corona,Stephanie Fu,Suzanne Petryk,Janet Napolitano,Trevor Darrell,Andrew W. Reddie

2024-09-26

Abstract:Current regulations on powerful AI capabilities are narrowly focused on "foundation" or "frontier" models. However, these terms are vague and inconsistently defined, leading to an unstable foundation for governance efforts. Critically, policy debates often fail to consider the data used with these models, despite the clear link between data and model performance. Even (relatively) "small" models that fall outside the typical definitions of foundation and frontier models can achieve equivalent outcomes when exposed to sufficiently specific datasets. In this work, we illustrate the importance of considering dataset size and content as essential factors in assessing the risks posed by models both today and in the future. More broadly, we emphasize the risk posed by over-regulating reactively and provide a path towards careful, quantitative evaluation of capabilities that can lead to a simplified regulatory environment.

Computers and Society,Artificial Intelligence

Jörg Osterrieder,O. Kulkarni,Stephen Lin,Ali Hirsa,Branka Hadji Misheva

DOI: https://doi.org/10.2139/SSRN.3795322

2021-03-01

Abstract:Artificial Intelligence (AI) has created the single biggest technology revolution the world has ever seen. For the finance sector, it provides great opportunities to enhance customer experience, democratize financial services, ensure consumer protection and significantly improve risk management. While it is easier than ever to run state-of-the-art machine learning models, designing and implementing systems that support real-world finance applications have been challenging. In large part because they lack transparency and explainability which are important factors in establishing reliable technology and the research on this topic with a specific focus on applications in credit risk management. In this paper, we implement two advanced post-hoc model agnostic explainability techniques called Local Interpretable Model Agnostic Explanations (LIME) and SHapley Additive exPlanations (SHAP) to machine learning (ML)-based credit scoring models applied to the open-access dataset offered by the US-based P2P Lending Platform, Lending Club. Specifically, we use LIME to explain instances locally and SHAP to get both local and global explanations. We discuss the results in detail and present multiple comparison scenarios by using various kernels available for explaining graphs generated using SHAP values. We also discuss the practical challenges associated with the implementation of these state-of-art eXplainabale AI (XAI) methods and document them for future reference. We have made an effort to document every technical aspect of this research, while at the same time providing a general summary of the conclusions.

Computer Science,Business,Economics

David Piorkowski,Michael Hind,John Richards

DOI: https://doi.org/10.48550/arXiv.2209.06317

IF: 14.4

2022-09-13

Artificial Intelligence

Abstract:Although AI-based systems are increasingly being leveraged to provide value to organizations, individuals, and society, significant attendant risks have been identified. These risks have led to proposed regulations, litigation, and general societal concerns. As with any promising technology, organizations want to benefit from the positive capabilities of AI technology while reducing the risks. The best way to reduce risks is to implement comprehensive AI lifecycle governance where policies and procedures are described and enforced during the design, development, deployment, and monitoring of an AI system. While support for comprehensive governance is beginning to emerge, organizations often need to identify the risks of deploying an already-built model without knowledge of how it was constructed or access to its original developers. Such an assessment will quantitatively assess the risks of an existing model in a manner analogous to how a home inspector might assess the energy efficiency of an already-built home or a physician might assess overall patient health based on a battery of tests. This paper explores the concept of a quantitative AI Risk Assessment, exploring the opportunities, challenges, and potential impacts of such an approach, and discussing how it might improve AI regulations.

Sanjeev Prakash,Selvakumar Venkatasubbu,Bhargav Kumar Konidena

DOI: https://doi.org/10.60087/jklst.vol1.n1.p176

2023-01-30

Abstract:Machine Learning (ML) revolutionizes prediction processes, making them more cost-effective and precise. As the volume and diversity of financial data continue to grow, ML becomes increasingly valuable. One significant implication for regulators is the banking sector's growing reliance on ML methods for decision-making, which inherently lack full understanding by their creators. Consequently, regulators across all levels will increasingly encounter ML models that are challenging to fully grasp.Regulatory scrutiny is affected as supervisors must assess model risk. ML models incorporate numerous and intricate features, requiring examiners to comprehend their implications for transparency and associated operational risks. Moreover, utilizing historical data to train models may raise concerns related to fair lending practices. Already, some banks and FinTech firms employ ML across various banking services, including fraud detection, risk management, and pricing.Policy formulation may also feel the impact through two main channels: operational risk and market behavior. ML directly influences model risk, a subset of operational risk. Banks, bound by model risk management regulatory guidance established in April 2011, may find certain aspects of this guidance challenging to apply to ML tools due to their opaque nature. Furthermore, ML could potentially alter market behavior for certain liquid assets.

Jiyan He,Weitao Feng,Yaosen Min,Jingwei Yi,Kunsheng Tang,Shuai Li,Jie Zhang,Kejiang Chen,Wenbo Zhou,Xing Xie,Weiming Zhang,Nenghai Yu,Shuxin Zheng

DOI: https://doi.org/10.48550/arXiv.2312.06632

2023-12-12

Abstract:The expanding application of Artificial Intelligence (AI) in scientific fields presents unprecedented opportunities for discovery and innovation. However, this growth is not without risks. AI models in science, if misused, can amplify risks like creation of harmful substances, or circumvention of established regulations. In this study, we aim to raise awareness of the dangers of AI misuse in science, and call for responsible AI development and use in this domain. We first itemize the risks posed by AI in scientific contexts, then demonstrate the risks by highlighting real-world examples of misuse in chemical science. These instances underscore the need for effective risk management strategies. In response, we propose a system called SciGuard to control misuse risks for AI models in science. We also propose a red-teaming benchmark SciMT-Safety to assess the safety of different systems. Our proposed SciGuard shows the least harmful impact in the assessment without compromising performance in benign tests. Finally, we highlight the need for a multidisciplinary and collaborative effort to ensure the safe and ethical use of AI models in science. We hope that our study can spark productive discussions on using AI ethically in science among researchers, practitioners, policymakers, and the public, to maximize benefits and minimize the risks of misuse.

Artificial Intelligence

Jake van der Laan

DOI: https://doi.org/10.2139/ssrn.4242175

2022-01-01

SSRN Electronic Journal

Abstract:The now prevalent use of Artificial Intelligence (AI) and specifically machine learning driven models to automate the making of decisions raises novel legal issues. One issue of particular importance arises when the rationale for the automated decision is not readily determinable or traceable by virtue of the complexity of the model used: How can such a decision be legally assessed and substantiated? How can any potential legal liability for a ”wrong” decision be properly determined?A key informant to any analysis in these cases is the extent to which the model in question is “explainable”.This paper seeks to provide (1) an introductory overview of the technical components of machine learning models in a manner consumable by someone without a computer science or mathematics background, (2) a summary of the Canadian response to the explainability challenge so far, (3) an analysis of what an ”explanation” is in the scientific and legal domains, and (4) a preliminary framework for analyzing the sufficiency of explanation of a particular model and its prediction(s).

Huzaifa Sidhpurwala,Garth Mollett,Emily Fox,Mark Bestavros,Huamin Chen

2024-11-19

Abstract:This paper explores the rapidly evolving ecosystem of publicly available AI models, and their potential implications on the security and safety landscape. As AI models become increasingly prevalent, understanding their potential risks and vulnerabilities is crucial. We review the current security and safety scenarios while highlighting challenges such as tracking issues, remediation, and the apparent absence of AI model lifecycle and ownership processes. Comprehensive strategies to enhance security and safety for both model developers and end-users are proposed. This paper aims to provide some of the foundational pieces for more standardized security, safety, and transparency in the development and operation of AI models and the larger open ecosystems and communities forming around them.

Computers and Society,Artificial Intelligence,Computation and Language

Brian Judge,Mark Nitzberg,Stuart Russell

DOI: https://doi.org/10.1093/polsoc/puae020

IF: 10.104

2024-05-29

Policy and Society

Abstract:Abstract This article examines the challenges of regulating artificial intelligence (AI) systems and proposes an adapted model of regulation suitable for AI’s novel features. Unlike past technologies, AI systems built using techniques like deep learning cannot be directly analyzed, specified, or audited against regulations. Their behavior emerges unpredictably from training rather than intentional design. However, the traditional model of delegating oversight to an expert agency, which has succeeded in high-risk sectors like aviation and nuclear power, should not be wholly discarded. Instead, policymakers must contain risks from today’s opaque models while supporting research into provably safe AI architectures. Drawing lessons from AI safety literature and past regulatory successes, effective AI governance will likely require consolidated authority, licensing regimes, mandated training data and modeling disclosures, formal verification of system behavior, and the capacity for rapid intervention.

political science,public administration

Pim N H Wassenaar,Jordi Minnema,Jelle Vriend,Willie J G M Peijnenburg,Jeroen L A Pennings,Anne Kienhuis,Pim N.H. Wassenaar,Willie J.G.M. Peijnenburg,Jeroen L.A. Pennings

DOI: https://doi.org/10.1016/j.yrtph.2024.105589

IF: 3.598

2024-02-01

Regulatory Toxicology and Pharmacology

Abstract:Risk assessment of chemicals is a time-consuming process and needs to be optimized to ensure all chemicals are timely evaluated and regulated. This transition could be stimulated by valuable applications of in silico Artificial Intelligence (AI)/Machine Learning (ML) models. However, implementation of AI/ML models in risk assessment is lagging behind. Most AI/ML models are considered 'black boxes' that lack mechanistical explainability, causing risk assessors to have insufficient trust in their predictions. Here, we explore 'trust' as an essential factor towards regulatory acceptance of AI/ML models. We provide an overview of the elements of trust, including technical and beyond-technical aspects, and highlight elements that are considered most important to build trust by risk assessors. The results provide recommendations for risk assessors and computational modelers for future development of AI/ML models, including: 1) Keep models simple and interpretable; 2) Offer transparency in the data and data curation; 3) Clearly define and communicate the scope/intended purpose; 4) Define adoption criteria; 5) Make models accessible and user-friendly; 6) Demonstrate the added value in practical settings; and 7) Engage in interdisciplinary settings. These recommendations should ideally be acknowledged in future developments to stimulate trust and acceptance of AI/ML models for regulatory purposes.

pharmacology & pharmacy,toxicology,medicine, legal