FINMA Guidance 08/2024 Governance and Risk Management when using Artificial Intelligence


Your contacts

The use of artificial intelligence (AI) in the financial market is on the rise, presenting both opportunities and risks. FINMA emphasizes in its new Guidance 8/2024 the need to properly identify, calibrate, and manage these risks. While there are no specific laws on AI in Switzerland, existing regulatory requirements concerning governance and risk management also apply to AI. This is in line with the technology-neutral and principle-based financial market regulation. 

To adapt the current compliance, risk management and internal control system (ICS) to AI, FINMA-supervised institutions using AI are required to develop AI risk awareness by specifically addressing AI in their processes, identifying, weighting, assessing and managing the specific AI risks they face. This requires a clear understanding of the AI solutions used, no matter whether they are internal or outsourced solutions.  

FINMA has shared its findings regarding the risks typically arising from AI. Conceptually, these risks are operational risks, arising during the whole value chain of AI products/services. It starts with making sure that the data quality is not incomplete, inaccurate, unrepresentative or outdated. Certain data such as unstructured data can distort the quality assessment. Furthermore, the decentralization of processes poses challenges in assigning responsibility due to the autonomous actions of these systems. As several solutions are outsourced, the applicable regulatory outsourcing requirements must be complied with.  

Generally, not only does the output need to be checked, but the way applications function needs to be understood by financial institutions (explainability), in order that the relevant risks can be identified and assessed. Finally, the potential failures as well as vulnerabilities to cybersecurity and IT risks, along with business continuity risks, need to be anticipated. Data protection risks are also relevant, even if according to FINMA, supervised institutions are already considering these risks as opposed to other risks related to the models. 

Once the risks are identified, they must be weighted to address their materiality. FINMA names, on a non-exhaustive basis, certain factors that lead to a higher materiality or lead to a higher likelihood of materialisation of risks. Amongst them, FINMA refers to the potential impact on compliance, on the balance sheet, the legal and reputational impact, the number of customers affected and their profile (retail or institutional), the importance of the product/s affected, what are the expected consequences of potential failures, the complexity, predictability and explainability of processes, as well as the possibility to monitor them. Furthermore, the type of data used (unstructured data, integrity, personal data etc.) are to be weighted as well.  

In a third step, appropriate mechanisms must be defined to identify and assess the specific risks on an ongoing basis. For this purpose, performance indicators, data quality tests and stability and robustness of systems are reviewed, as well as fallback mechanisms, adversarial tests, stress tests and backtests must be implemented on an ongoing basis. 

From a governance perspective, the following measures should be implemented to identify, mitigate and control the risks around AI: central management and accountability, independent review by skilled personnel, third party contractual and liability management, training of employees, definition of models for testing and establishment of a policy and documentation standards.  

As the understanding of AI-related risks is still evolving, FINMA will continue to refine its expectations on governance and risk management. In conclusion, the FINMA Guidance underscores the importance of diligent risk management related to AI, stressing the need for financial institutions to implement strong governance practices, accurately classify risks, ensure data quality, perform adequate testing and monitoring, document processes, explain AI application results, and conduct independent reviews. 

Disclaimer: This Newsletter is only a descriptive overview and is not intended to be used as legal advice. MLL Legal does accordingly not assume any liability in connection with the contents of this Newsletter. Please feel free to contact us if you would like to seek legal advice. 


Share post



most read


Highlights

MLL Legal

MLL Legal is one of the leading law firms in Switzerland with offices in Zurich, Geneva, Zug, Lausanne, London and Madrid. We advise our clients in all areas of business law and stand out in particular for our first-class industry expertise in technical-innovative specialist areas, but also in regulated industries.

MLL Legal

Newsletter

Much is still unclear in relation to liability questions around AI tools.

Read our latest post about “Liability during the Lifecycle of an AI Tool” and download our white paper.

Show article.

Our Story

MLL Legal is a leading Swiss law firm with a history that dates back to 1885. The firm has grown both organically and by means of strategic mergers, the latest of which took place on 1st July 2021 between Meyerlustenberger Lachenal and FRORIEP.

The merger establishes MLL Legal, a combined new entity as one of the largest commercial law firms in Switzerland with 150 lawyers in four offices in Switzerland and two offices abroad, in London and Madrid serving clients seeking Swiss law advice.

Our firm has a strong international profile and brings together recognised leadership and expertise in all areas of law affecting commerce today, with a focus on high-tech, innovative and regulated sectors. 

About us

Publications

Click here for our latest publications

COVID-19

Read all our legal updates on the impact of COVID-19 for businesses.

COVID-19 Information

Job openings

Looking for a new challenge?

Our talented and ambitious teams are motivated by a common vision to succeed. We value open and straightforward communication accross all levels of the organisation in a supportive working environment.

Job openings

Firm News

Click here for our latest firm news.

Our Team

The regulatory and technological landscape continually require businesses to adapt and evolve.
Our 150+ lawyers are continuously innovating and striving for improvement in everything they do. We embrace new ideas and technologies, combining our wealth of expertise with creative thinking and diligence. With our hands-on approach, we implement viable solutions for the most complex legal challenges.

Our Team.

LexCast – the podcast series by MLL NexGen

Smart legal education on the go. The LexCast hosted by MLL NexGen provides legal insights in a short format that allows listeners to educate themselves on and about legal issues wherever they are and whenever they find the time.

Listen to our podcast series – stay tuned.

MLL Legal on Social Media

Follow us on LinkedIn.