InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
CFTC subcommittee issues report on responsible AI use
On May 2, a CFTC subcommittee on Emerging and Evolving Technologies issued a report on the responsible use of artificial intelligence (AI) by exchanges, clearinghouses, futures commission merchants, brokers, and data repositories, among others, interested in using AI in financial markets. The report examined AI use cases in financial services, reviewed the risks of AI for CFTC-registered entities, and set out five recommendations for the CFTC: (1) the CFTC should host a public roundtable discussion with industry leaders; (2) the CFTC should define and adopt an AI risk management framework to assess consumer harms and benefits of AI use by CFTC-registered entities; (3) the CFTC should create an inventory of existing AI regulations and identify gaps where staff guidance or rulemaking would be needed; (4) the CFTC should establish a process to align its policies with other federal agencies; and (5) the CFTC should increase staff participation in domestic and international dialogues around AI.
FHFA issues guidance for third-party provider relationships
On September 28, FHFA released Advisory Bulletin AB 2018-08, which provides guidance to Fannie Mae and Freddie Mac, the Federal Home Loan Banks, and the Office of Finance (regulated entities) on the evaluation and management of risks associated with third-party provider relationships. (FHFA defines a third-party provider relationship as a “business arrangement between a regulated entity and another entity that provides a product or service.”)
The bulletin sets forth the structure and describes the features of the third-party provider risk management programs that FHFA expects regulated entities to establish. With respect to governance, the bulletin recommends such programs address: (i) the responsibilities of the board and senior management; (ii) policies, procedures, and internal standards; and (iii) the implementation of a reporting system to ensure management and the board are adequately informed. The bulletin also specifies that an effective program include policies and procedures that cover each of the following phases of a third-party provider relationship life cycle: (i) Risk Assessment; (ii) Due Diligence in Third-Party Provider Selection; (iii) Contract Negotiation; (iv) Ongoing Monitoring; and (v) Termination. The bulletin suggests that regulated entities should ensure that their third-party risk management corresponds with the level of risk and complexity of their third-party relationships and notes that not every aspect of the bulletin may apply to every relationship.