As the European Union (EU) introduces its Artificial Intelligence (AI) Act, UK banks need to prepare for major regulatory changes that could affect their operations.
We created this guide in accordance with the EU AI Act, and after various discussions (prompt threads) with Revvy, our GenAI GPT trained by Revvence on finance systems transformation and related topics. The guide explains the key points that UK banks should be aware of and how they can prepare to adhere to the new regulations.
The EU AI Act, as outlined in the European Parliament legislative resolution of 13 March 2024, establishes consistent rules on artificial intelligence (AI) to guarantee the secure and reliable development, deployment, and usage of AI systems within the European Union.
1. Creditworthiness and Risk Assessments:
AI-based creditworthiness assessments by banks are considered high-risk AI use cases and will need to comply with heightened requirements for such AI applications.
2. Customer Interaction and Data Privacy:
AI systems interacting with customers or handling sensitive data must ensure transparency, non-discrimination, and privacy protection.
3. Operational and Strategic Impacts:
Banks must evaluate their AI strategies, ensuring alignment with the Act’s requirements and fostering a culture of compliance and innovation.
The EU AI Act establishes a clear timeline for compliance that banks need to follow:
Here, we outline a checklist for UK banks to follow to be prepared for the EU AI regulation.
Understanding Regulatory Requirements
Familiarisation:
| Action: |
Designate a task force comprising legal, compliance, IT, and business unit leaders. |
| Steps: |
- Schedule a series of workshops to review the EU AI Act. - Develop a detailed presentation on the Act’s provisions, focusing on definitions, risk tiers, and obligations. - Distribute reading materials and summaries of the Act to all relevant stakeholders. |
| Tools: |
- Use compliance management software to track training and understanding across teams. - Utilise GenAI for personalised learning modules and interactive Q&A sessions. |
| Outcome: |
All relevant personnel should thoroughly understand the EU AI Act within two months. |
Identifying Differences and Requirements:
| Action: |
Conduct a gap analysis. |
| Steps: |
- Compare current AI practices with the requirements of the EU AI Act. - Identify discrepancies and areas needing change. |
| Tools: |
- Compliance audit tools and AI system inventory spreadsheets. - GenAI can assist in generating detailed reports and analysing large compliance data sets. |
| Outcome: |
A comprehensive report detailing gaps and required changes. |
Risk Management and Classification
Mapping AI Systems:
| Action: |
Create an inventory of all AI systems. |
| Steps: |
- Conduct interviews with department heads to identify AI usage. - Compile a list of all AI systems, including those in development. |
| Tools: |
- Inventory management software and AI asset tracking systems. - Leverage GenAI to automate data collection and validation processes. |
| Outcome: |
A complete and up-to-date inventory of AI systems. |
Classifying AI Systems by Risk Level:
| Action: |
Develop a classification framework. |
| Steps: |
- Define criteria for risk levels based on the EU AI Act. - Classify each AI system according to these criteria. |
| Tools: |
- Risk assessment matrices classification guidelines. - GenAI can be used to develop predictive risk assessment and classification models. |
| Outcome: |
All AI systems are classified into risk categories. |
Governance and Monitoring
Establishing Governance Process:
| Action: |
Form an AI governance committee. |
| Steps: |
- Define the roles and responsibilities of the committee. - Develop governance policies and procedures aligned with the EU AI Act. |
| Tools: |
- Governance frameworks policy management tools. - Utilise GenAI to draft governance documents and ensure they are updated with the latest regulations. |
| Outcome: |
A formalised AI governance structure. |
Continuous Monitoring:
| Action: |
Implement AI monitoring systems. |
| Steps: |
- Set up monitoring tools to track AI performance and compliance. - Schedule regular reviews and audits. |
| Tools: |
- AI monitoring software audit management systems. - GenAI can help automate the monitoring process and provide real-time compliance insights. |
| Outcome: |
Continuous oversight and timely identification of compliance issues. |
Adopting Strategic Management Practices
Raising Awareness:
| Action: |
Develop an internal communication strategy. |
| Steps: |
- Create informative materials about the impact of the EU AI Act. - Conduct training sessions for all employees. |
| Tools: |
- Intranet platforms, training software. - GenAI can assist in creating engaging training content and interactive learning experiences. |
| Outcome: |
Increased awareness and understanding among all staff. |
Developing Responsibility Lines:
| Action: |
Define and document roles and responsibilities. |
| Steps: |
- Outline clear responsibilities for compliance, IT, and business units. - Ensure each role is aware of their specific tasks related to the Act. |
| Tools: |
- Responsibility assignment matrices and RACI charts. - GenAI can help streamline the documentation process and ensure clarity in role assignments. |
| Outcome: |
A clear understanding of individual and departmental responsibilities. |
Federated Governance Approach
Exploring Governance Models:
| Action: |
Evaluate centralised vs. federated governance models. |
| Steps: |
- Assess the pros and cons of each model for your organisation. - Pilot the chosen model in a few departments before a full rollout. |
| Tools: |
- Governance model assessment tools pilot program management software. - GenAI can provide simulations and scenario analyses to determine the best governance approach. |
| Outcome: |
A well-suited governance model that ensures transparency and accountability. |
Continuous Learning and Adaptation
Staying Updated:
| Action: |
Subscribe to regulatory updates and industry newsletters. |
| Steps: |
- Identify key sources for updates on AI regulations. - Assign team members to monitor these sources and report back. |
| Tools: |
- Subscription services, news aggregators. - GenAI can automate the aggregation and summarisation of regulatory updates. |
| Outcome: |
Up-to-date knowledge of regulatory changes. |
Participating in Educational Initiatives:
| Action: |
Engage in industry training and webinars. |
| Steps: |
- Identify relevant webinars and training sessions. - Encourage staff to participate and share learnings. |
| Tools: |
- Webinar platforms and learning management systems. - GenAI can recommend personalised learning paths and track progress. |
| Outcome: |
Continuous professional development and readiness for compliance. |
The UK has not yet adopted the EU AI Act. The European Parliament formally adopted it in March 2024, and it is currently being endorsed by the European Council. However, the UK is taking a different approach to AI regulation.
The UK government has indicated that it prefers to implement sector-specific measures combined with overarching principles from its national AI strategy rather than enacting comprehensive legislation like the EU AI Act. This approach aims to support AI innovation while addressing regulatory needs within specific sectors.
The UK government has identified AI technology as a key priority for national growth. It has published responses and roadmaps to develop the AI ecosystem. However, there is still uncertainty about whether the UK will update its product liability rules to explicitly cover AI systems liability, as the EU has done.
Businesses operating in or interacting with the EU must understand and comply with the EU AI Act, which has an extraterritorial reach similar to the GDPR. UK banks and companies providing AI systems or services used within the EU will need to adhere to the regulations outlined in the EU AI Act.
Revvence can help in several valuable ways: