August 2024
Taiwan’s Financial Supervisory Commission Announced “Guidelines for the Use of Artificial Intelligence (AI) in the Financial Industry”
August 2024
Jane Tsai and Andrew Huang
To encourage financial institutions to effectively utilize technology in developing financial services that better serve the needs of the public, Taiwan’s Financial Supervisory Commission, based on the six (6) core principles for the application of artificial intelligence in the financial industry revealed in its “Core Principles and Related Promotion Policies for the Use of Artificial Intelligence (AI) by the Financial Industry” in October 2023, has established the “Guidelines for the Use of Artificial Intelligence (AI) in the Financial Industry” on June 20, 2024 (hereinafter “AI Guidelines”). The AI Guidelines serve as a reference for financial institutions in the adoption, application, and management of artificial intelligence. The AI Guidelines consist of seven (7) chapters. Apart from the “General Provisions” that covers common matters, the AI Guidelines are divided into six (6) chapters that outline specific regulations. The key points of each chapter are summarized as follows:
In addition to explaining the definitions related to artificial intelligence (hereinafter “AI”) and describing the AI system lifecycle (including System Planning and Design, Data Acquisition and Input, Model Building and Validation, and System Deployment and Monitoring), this Chapter lists the relevant risk assessment factors that financial institutions should evaluate for individual usage scenarios when applying AI systems, in order to implement the “risk-based” core principle. When engaging third parties to implement AI systems, the AI Guidelines advise that financial institutions are encouraged to have supervisory measures in place to clearly define the division of responsibilities for risk control between both parties, including establishing appropriate data or system migration mechanisms in case of contract termination.
Financial institutions should establish a clear management framework and comprehensive, effective risk management mechanisms and policies for all AI systems they use. They should also understand the purpose of establishing the AI system, its applicable business operations, and the responsible personnel. Additionally, they should have complete procedures for handling errors or unexpected events to fulfill both “internal responsibility” within the governance framework and the “external responsibility” involving consumers and society. After assessing the risks associated with AI systems, internal resources, and expertise, financial institutions may establish a mechanism for review and evaluation by an independent third party with AI expertise, as needed.
Financial institutions should avoid bias generated by algorithms and strive to prevent discrimination throughout the AI system lifecycle by implementing principles such as “Human-Centric” and “Meaningful Human Control.” To manage the risks of generative AI, the AI Guidelines stipulate that “if a financial institution uses generative AI developed by third parties without being able to grasp the training process and ensure the fairness of its data or computational results, the financial institution should still designate personnel to objectively and professionally manage and control the risks associated with the information produced by the generative AI.”
Financial institutions should pay attention to protecting customer or consumer information and privacy rights throughout the AI system lifecycle. They should implement data governance, properly manage and leverage their data, avoid data leakage risks, and adhere to the “data minimization principle” to prevent the collection of excessive or unnecessary sensitive information. Besides, financial institutions should respect customers’ autonomy to choose whether to use AI services. They should assess the risks to customers and the institution, evaluate the feasibility of alternatives, and consider the associated costs to decide whether to offer alternative options.
Financial institutions should ensure the robustness and safety of AI systems throughout their lifecycle. They should establish cybersecurity measures and continuously monitor the AI system to maintain overall security and stable operation. If financial institutions use AI systems developed or operated by third parties to deliver financial services, they should implement appropriate risk management and oversight of those third parties.
To enhance market trust in their AI systems, financial institutions should ensure the implementation of “Explainability” throughout the AI system lifecycle. This involves clearly explaining how the AI system operates, whether developed internally or outsourced, as well as the logic behind its predictions or decision-making processes. Besides, financial institutions should implement “Transparency” in AI system operations during its lifecycle by proactively disclosing relevant information through reports, technical documents, or website postings to keep stakeholders informed about their AI system practices.
When implementing AI systems, financial institutions should consider social and environmental factors as stakeholders, striving to balance social equity with ecological responsibility. This includes promoting the digital transformation of inclusive finance, reducing digital anxiety and the digital divide, and addressing issues related to energy consumption, such as water and electricity use. Meanwhile, financial institutions should provide appropriate education and training to employees to help them adapt to AI-driven changes, protect their job rights, and pursue sustainable and stable development.
The contents of all materials (Content) available on the website belong to and remain with Lee, Tsai & Partners. All rights are reserved by Lee, Tsai & Partners, and the Content may not be reproduced, downloaded, disseminated, published, or transferred in any form or by any means, except with the prior permission of Lee, Tsai & Partners.
The Content is for informational purposes only and is not offered as legal or professional advice on any particular issue or case. The Content may not reflect the most current legal and regulatory developments. Lee, Tsai & Partners and the editors do not guarantee the accuracy of the Content and expressly disclaim any and all liability to any person in respect of the consequences of anything done or permitted to be done or omitted to be done wholly or partly in reliance upon the whole or any part of the Content. The contributing authors' opinions do not represent the position of Lee, Tsai & Partners. If the reader has any suggestions or questions, please do not hesitate to contact Lee, Tsai & Partners.
Jane Tsai and Andrew Huang
To encourage financial institutions to effectively utilize technology in developing financial services that better serve the needs of the public, Taiwan’s Financial Supervisory Commission, based on the six (6) core principles for the application of artificial intelligence in the financial industry revealed in its “Core Principles and Related Promotion Policies for the Use of Artificial Intelligence (AI) by the Financial Industry” in October 2023, has established the “Guidelines for the Use of Artificial Intelligence (AI) in the Financial Industry” on June 20, 2024 (hereinafter “AI Guidelines”). The AI Guidelines serve as a reference for financial institutions in the adoption, application, and management of artificial intelligence. The AI Guidelines consist of seven (7) chapters. Apart from the “General Provisions” that covers common matters, the AI Guidelines are divided into six (6) chapters that outline specific regulations. The key points of each chapter are summarized as follows:
- “General Provisions” Introduces the Definition of Artificial Intelligence and Other Common Matters
In addition to explaining the definitions related to artificial intelligence (hereinafter “AI”) and describing the AI system lifecycle (including System Planning and Design, Data Acquisition and Input, Model Building and Validation, and System Deployment and Monitoring), this Chapter lists the relevant risk assessment factors that financial institutions should evaluate for individual usage scenarios when applying AI systems, in order to implement the “risk-based” core principle. When engaging third parties to implement AI systems, the AI Guidelines advise that financial institutions are encouraged to have supervisory measures in place to clearly define the division of responsibilities for risk control between both parties, including establishing appropriate data or system migration mechanisms in case of contract termination.
- Chapter 1 Requires the Establishment of Internal and External Governance and Accountability Mechanisms
Financial institutions should establish a clear management framework and comprehensive, effective risk management mechanisms and policies for all AI systems they use. They should also understand the purpose of establishing the AI system, its applicable business operations, and the responsible personnel. Additionally, they should have complete procedures for handling errors or unexpected events to fulfill both “internal responsibility” within the governance framework and the “external responsibility” involving consumers and society. After assessing the risks associated with AI systems, internal resources, and expertise, financial institutions may establish a mechanism for review and evaluation by an independent third party with AI expertise, as needed.
- Chapter 2 Emphasizes the Importance of Fairness and Human-Centric Values
Financial institutions should avoid bias generated by algorithms and strive to prevent discrimination throughout the AI system lifecycle by implementing principles such as “Human-Centric” and “Meaningful Human Control.” To manage the risks of generative AI, the AI Guidelines stipulate that “if a financial institution uses generative AI developed by third parties without being able to grasp the training process and ensure the fairness of its data or computational results, the financial institution should still designate personnel to objectively and professionally manage and control the risks associated with the information produced by the generative AI.”
- Chapter 3 Draws Attention to Privacy and Customer Rights Protection
Financial institutions should pay attention to protecting customer or consumer information and privacy rights throughout the AI system lifecycle. They should implement data governance, properly manage and leverage their data, avoid data leakage risks, and adhere to the “data minimization principle” to prevent the collection of excessive or unnecessary sensitive information. Besides, financial institutions should respect customers’ autonomy to choose whether to use AI services. They should assess the risks to customers and the institution, evaluate the feasibility of alternatives, and consider the associated costs to decide whether to offer alternative options.
- Chapter 4 Ensures System Robustness and Safety
Financial institutions should ensure the robustness and safety of AI systems throughout their lifecycle. They should establish cybersecurity measures and continuously monitor the AI system to maintain overall security and stable operation. If financial institutions use AI systems developed or operated by third parties to deliver financial services, they should implement appropriate risk management and oversight of those third parties.
- Chapter 5 Implements Transparency and Explainability
To enhance market trust in their AI systems, financial institutions should ensure the implementation of “Explainability” throughout the AI system lifecycle. This involves clearly explaining how the AI system operates, whether developed internally or outsourced, as well as the logic behind its predictions or decision-making processes. Besides, financial institutions should implement “Transparency” in AI system operations during its lifecycle by proactively disclosing relevant information through reports, technical documents, or website postings to keep stakeholders informed about their AI system practices.
- Chapter 6 Promotes Sustainable and Stable Development
When implementing AI systems, financial institutions should consider social and environmental factors as stakeholders, striving to balance social equity with ecological responsibility. This includes promoting the digital transformation of inclusive finance, reducing digital anxiety and the digital divide, and addressing issues related to energy consumption, such as water and electricity use. Meanwhile, financial institutions should provide appropriate education and training to employees to help them adapt to AI-driven changes, protect their job rights, and pursue sustainable and stable development.
The contents of all materials (Content) available on the website belong to and remain with Lee, Tsai & Partners. All rights are reserved by Lee, Tsai & Partners, and the Content may not be reproduced, downloaded, disseminated, published, or transferred in any form or by any means, except with the prior permission of Lee, Tsai & Partners.
The Content is for informational purposes only and is not offered as legal or professional advice on any particular issue or case. The Content may not reflect the most current legal and regulatory developments. Lee, Tsai & Partners and the editors do not guarantee the accuracy of the Content and expressly disclaim any and all liability to any person in respect of the consequences of anything done or permitted to be done or omitted to be done wholly or partly in reliance upon the whole or any part of the Content. The contributing authors' opinions do not represent the position of Lee, Tsai & Partners. If the reader has any suggestions or questions, please do not hesitate to contact Lee, Tsai & Partners.
