AI in financial services survey results shine light on third party risks and AI governance

The Bank of England and Financial Conduct Authority have released the results of their latest survey on artificial intelligence in UK financial services. Now in its third edition, the survey shares feedback from regulated firms on how they are using AI today and how they expect to use it in the future. The survey provides a useful benchmark for firms to compare their AI adoption and concerns relative to the industry as a whole.

Firms rely more on AI providers

One theme emerging from this year’s survey is firms’ exposure to third parties when using AI. The number of AI use cases recorded as third party implementations is significantly higher than the previous 2022 survey.

Reliance on external providers also impacts the degree to which firms understand the AI they are using. Respondents noted a less understanding of third party models compared to those that they develop internally.

Cybersecurity was ranked by respondents as the highest potential systemic risk for AI, both now and in the future. The second highest risk was critical third party dependencies.

It is no surprise then that respondents to the survey raise operational resilience and cybersecurity as one of the highest regulatory constraints for adopting AI, second only to data protection concerns.

The survey also finds that a high proportion of firms rely on the same small group of cloud, model and data providers. Those providers should take note of the UK’s incoming critical third party regime.

Differing approaches to AI governance

According to the survey, there is no one-size-fits-all approach to managing AI risks. Firms use a variety of approaches to AI governance. For example, when assessing third party AI products, some firms use existing frameworks whereas others apply additional AI-specific considerations. 

Many firms report that they have some form of AI framework, principles, guidelines or best practice and that they have appointed someone who is accountable for that framework. Most firms allocate this accountability to executive leadership.

Making the most of AI

Firms use AI across their business. According to the survey, Operations and IT is the area with the largest percentage of AI use cases. Legal has one of the smallest proportions of use cases relative to other functions but has the highest demand for foundation models (a form of generative AI).

Firms expect the benefits of AI to grow for all areas of their business over the next three years. The areas with the largest expected increase in benefits are operational efficiency, productivity and cost base. Over a third of respondents said they expect to use AI for customer support in the next three years.

This may explain why firms are interested in the interaction between AI and the FCA’s Consumer Duty which requires firms to deliver good outcomes for retail customers and sets specific rules on consumer support. The Consumer Duty sits high on the list of regulatory constraints. Firms are primarily worried about the high regulatory burden and lack of clarity of current regulation, suggesting regulators may need to do more to clarify their expectations for AI in financial services.

Background

The survey is based on 118 responses, predominantly from UK banks but also insurers, international banks and some asset managers. The results offer valuable insights into the current landscape of AI adoption within the financial sector, highlighting the areas where firms are concentrating their efforts in AI deployment. They also show an uptake in the number of firms using or planning to use AI compared to the 2022 results demonstrating how important the technology has become in a short amount of time.

Looking ahead 

Firms can use the survey responses to gauge their own AI implementation relative to others in the industry. The results can also suggest clues about regulators’ future actions in this area.

For example, the 2019 survey highlighted the need for further dialogue on matters revolving around AI between private and public sector, which was later addressed with the establishment of the Artificial Intelligence Public-Private Forum and, more recently, the Bank of England’s AI Consortium. 

The growing dependence of regulated firms on third party providers and the increase in perceived third party dependency risk is addressed in part by the critical third party regime but the survey results could prompt further questions about firms’ own operational resilience.

The results are also relevant to the government which has introduced in parliament the Data (Use and Access) Bill aimed at amending certain provisions of the UK GDPR, and future legislative actions such as the Cyber Security and Resilience Bill, mentioned in the King’s Speech but not yet tabled.

For more insights on AI in financial services, client subscribers to our knowledge portal can watch our webinar: AI in financial services: How you can future-proof AI compliance