The AI (Regulatory) Race

Tracking regulatory changes 24/7 provides exposure to regulators’ agendas where seemingly unrelated actions affect the payments sphere — and often turn into trends. Artificial intelligence (AI) is one such area, with the field having caught the attention of regulators, as a direct outcome of the global AI race.


In an environment in which country actors want to provide the most advanced AI solutions, the financial services industry is actively exploring different ways to embed AI into their businesses, either to increase efficiency, improve scalability or simply mitigate operational costs. 

This brings up several questions: is there a race among the regulators too? If there is a race, what is the prize? And if there is a prize, what’s in it for payments? 

Zooming in on recent publications sheds plenty of light on how regulators view AI, and the differing paces at which they’re moving, from the slow and steady tortoise-like European Banking Authority (EBA) to Austria’s speedy approach to taking action. 

The Tortoises

The tortoises are taking their time to determine the basic steps to understand and form an opinion on how AI may affect their rule-making policy agendas. They show awareness of the implications of AI within the financial services sector and collect relevant evidence; however, it is unclear how and when this may translate to regulatory compliance.

The EBA, for instance, has outlined in a response to the European Commission’s consultation on a new digital finance strategy for Europe/fintech action plan that, rather than a set of prescribed requirements, the financial services industry would benefit from a principle-based framework. 

When taking this approach, the EBA has indicated that a policy agenda on AI matters must not hamper innovation.

The response also demonstrates the EBA’s readiness to take regulatory action: as stated in the response, in the medium term, supervisory expectations on data management and explainability of AI-based models could be designed and released to the industry.

The Rabbits

The rabbits — those moving at a moderate pace — have already taken steps to regulate AI in payment services, but are leaving some room for manoeuvre, depending on the legal issues that may occur in the future.

In Hong Kong, rather than introducing a set of objective requirements based on specific facts, the authorities have opted for a principle-based approach. Two circulars addressing AI that have recently been published by the Hong Kong Monetary Authority (HKMA) illustrate this.

The first one, entitled “High-level Principles on Artificial Intelligence”, centres around the practical application of the principles of ethics, fairness and transparency in all processes surrounding governance, application design and development, and ongoing monitoring and maintenance of AI applications.

The second one is the sector-specific guidance on AI and Consumer Protection. Entities under the supervision of the HKMA must ensure that the utilisation of big data analytics and AI in their business models takes into account issues related to governance and accountability, fairness, transparency and disclosure, and data privacy and protection.

The Cheetahs

In what can be seen as a piecemeal approach, the cheetahs have taken immediate action regarding the introduction of regulatory compliance requirements upon the introduction of AI into business models by financial institutions, including payment service providers. 

The key example is Austria, where proposed amendments to the Financial Markets Anti-Money Laundering Act (FM-GwG) have introduced a set of requirements with which payment service providers using AI for transaction monitoring purposes must comply. 

Requirements include providing evidence that the algorithms are able to monitor transactions under a risk-based approach, aligned to statutory transaction thresholds. AI users must engage with the Federal Intelligence Unit to assess the performance and efficiency of their AI-enabled transaction monitoring tools at least once a year. 

The amendments also raise issues related to privacy rules. Data processed by AI and the use of publicly available databases for compliance can only be done to the extent that is appropriate and necessary to prevent financial crime risks.

The Winner Takes it AI

The race to successfully implement AI is not necessarily what you would expect, as the winner may not be whoever goes the fastest: timing and appropriate responses to legal issues as they arise will determine the champion. 

The unclear future of AI makes it harder to place bets on a winner — but whoever lifts the trophy will establish the standard for AI regulation that will be applied by other jurisdictions. The industry welcomes regulatory certainty and harmonisation, and is looking forward to waving the checkered flag at the finish line.

The references in this article were all extracted from VIXIO PaymentsCompliance’s Horizon Scanning tool. Learn more about Horizon Scanning and the full VIXIO PaymentsCompliance solution here.  

Learn more about VIXIO PaymentsCompliance

Whether it’s Brexit, SCA, the 6th AMLD or PSD2, stay on top of regulatory change across multiple global jurisdictions.
We use cookies on this site to enhance your user experience.