Safeguarding AI/ML in financial sector

The rapidly evolving landscape of technological advancements and the integration of Artificial Intelligence (AI) have brought forth a paradigm shift in the financial industry, specifically within the realm of trading. Investment banks, renowned for their pioneering spirit, have swiftly harnessed the immense potential of AI to revolutionize their operations. With its unparalleled capacity to swiftly analyze massive volumes of data, make precise predictions, and automate mundane tasks, AI has emerged as an indispensable asset in the dynamic and data-centric domain of finance and trading. Leveraging advanced analytics empowered by machine learning (ML), industry leaders can evaluate risks based on a diverse range of variables, including those that may not be immediately apparent. Take, for instance, the profound impact of climate change on construction projects and borrowers’ loan repayment capacity. This necessitates banks and mortgage companies to incorporate these intricate dynamics into their lending decisions. In the insurance sector, the ability of underwriters to accurately predict the ramifications of climate change is poised to become a pivotal factor determining success or failure. Deloitte’s research has revealed that retail banks have the potential to significantly reduce processing expenses by up to 25 percent and record management costs by as much as 70 percent through the elimination of paper-based processes. This underscores the vast opportunities for digital innovation within the financial services sector, paving the way for transformative advancements. The widespread adoption of AI and ML in the financial sector has brought about numerous benefits, but it has also introduced new challenges and risks. There are unique cybersecurity threats, privacy concerns, and the need for robustness in AI/ML systems within the finance industry. Recognizing these issues is crucial for building trust, ensuring financial stability, and developing effective governance frameworks to mitigate potential harm. AI/ML systems are vulnerable to cyber threats and attacks. Manipulating data within the AI/ML lifecycle can exploit algorithm limitations, allowing attackers to evade detection, manipulate decisions, or extract sensitive information. Vigilance and constant oversight are necessary to detect and manage these threats effectively. Data poisoning attacks aim to influence ML algorithms by injecting malicious samples during training, leading to incorrect classifications or recognition of false information. Input attacks involve introducing subtle perturbations to mislead AI systems, such as manipulating images to provoke mislabeling. Model extraction or inversion attacks attempt to recover training data or the model itself, breaching privacy and copyright concerns. Membership inference attacks aim to identify if specific data instances were part of the training set. To build public trust in an AI-driven financial system and safeguard financial stability, robustness is vital. ML models need to be adaptable to structural shifts, especially in volatile environments. The Covid-19 pandemic highlighted the limitations of ML models that were not trained to handle unprecedented events. New governance frameworks should focus on quality control, performance monitoring, separation of duties, and adherence to software development best practices. As AI/ML continues to revolutionize the financial sector, addressing the cybersecurity, privacy, and robustness challenges becomes imperative. Financial institutions, regulators, and AI/ML service providers must work together to enhance oversight, fortify cybersecurity measures, safeguard privacy, and develop robust governance frameworks. By doing so, the finance industry can navigate the risks and leverage the potential of AI/ML to drive innovation while ensuring the integrity and stability of the financial system. These challenges, alongside others specific to AI implementation in financial services, necessitate diligent attention as data management practices adapt to accommodate new AI solutions. It is imperative for organizations to proactively anticipate and address these challenges in order to maintain the positive trajectory of progress. Regulators are increasingly recognizing the need to address AI/ML-specific cyber threats in the financial sector. Mitigation strategies should be incorporated into existing cybersecurity frameworks, including detection and reporting systems, protection of training data feeds, and safeguarding model and data privacy. Strengthening the regulatory framework will help maintain the integrity and trustworthiness of financial institutions. Additionally, security and regulatory considerations hold tremendous significance for financial services firms. By harnessing ML-enabled streaming data analysis, organizations can bolster fraud detection capabilities at the point of sale and swiftly adjust credit terms to enhance customer satisfaction. A unified data platform offers a comprehensive view of customer data, facilitating privacy protection, regulatory reporting, and compliance with information retention protocols. The incorporation of artificial intelligence (AI) in Nepal’s technological landscape has primarily revolved around the implementation of weak AI. The realm of AI extends to encompass ML, as evidenced by the utilization of digital platforms, smartphones, and applications such as SMS banking, internet banking, and e-wallets within the banking sector worldwide. With the increasing adoption of these applications in Nepal, they serve as additional illustrations of AI integration within the country. Nevertheless, Nepal is gradually progressing toward the advancement of AI-based programs, with educational institutions and universities actively offering courses in artificial intelligence. Notably, pioneering startup companies like Fusemachine Nepal and Paaila Technology have been at the forefront of AI and ML ventures within the Nepali market. Paaila Technology, for instance, engineered a remarkable robot dubbed Pari, which was deployed at the SBI Bank’s Dubarmarg branch in Kathmandu. Boasting facial recognition capabilities, Pari can even identify the bank’s customers. Similarly, Naulo Restaurant in Dubarmarg, Kathmandu, has also introduced Ginger, another remarkable robot deployed for various tasks. The digital transformation of Nepal’s governance system is gaining momentum, necessitating the establishment of a robust cloud storage mechanism to securely store data. This has attracted prominent international IT companies such as Deerwalk Inc, Leapfrog Technology Inc, Cotiviti Nepal, and numerous others to Nepal’s thriving tech landscape. These industry players possess immense potential to drive the advancement of artificial intelligence (AI) within the nation, primarily focusing on software product development related to health management, data management, digital healthcare solutions, and even customized AI offerings for the Nepali clientele. Simultaneously, the escalating adoption of AI in Nepal underscores the pressing need to establish regulatory frameworks and ethical guidelines for its development. To address this concern, the Nepali government sanctioned the Digital Nepal Framework 2019, which outlines a comprehensive five-year vision aimed at fostering digitalization, good governance, and overall prosperity. While this framework is a positive step forward, Nepal faces a shortage of knowledgeable experts and stakeholders capable of engaging in in-depth discussions surrounding the merits and pitfalls of AI implementation. Consequently, Nepal must rely on external support and assistance from countries possessing advanced AI expertise, as domestic awareness of AI ethics remains limited. In light of constitutional provisions and the Privacy Act 2019 of Nepal, which enshrine the right to privacy as a fundamental right, it is imperative to acknowledge that these regulations primarily focus on safeguarding citizens’ data rights. However, the existing legal framework fails to address the ethical considerations associated with the utilization of AI within the country. Additionally, Nepal lacks comprehensive legal systems specifically designed to combat the misuse of technology. In order to foster the widespread adoption of AI, the government must undertake a comprehensive reform of existing laws while simultaneously establishing new ones, aimed at promoting responsible AI practices in the nation. However, the burgeoning presence of AI-driven companies and software solutions within Nepal underscores the imperative for the government to establish proper regulations governing AI. By doing so, the government can ensure the responsible and ethical development and deployment of AI technologies within the country’s flourishing digital ecosystem.  A cybersecurity enthusiast, the author is associated with Agricultural Development Bank of Nepal