The draft states that the guidelines have been prepared with the aim of promoting the use of AI in the financial sector while minimizing the risks and challenges it may pose.
We use Google Cloud Translation Services. Google requires we provide the following disclaimer relating to use of this service:
This service may contain translations powered by Google. Google disclaims all warranties related to the translations, expressed or implied, including any warranties of accuracy, reliability, and any implied warranties of merchantability, fitness for a particular purpose, and noninfringement.
Nepal Rastra Bank has released a draft of ‘Artificial Intelligence Guidelines’ to ensure responsible, transparent and ethical practices as the use of Artificial Intelligence (AI) continues to grow in banks and financial institutions. Calling for feedback, the bank has proposed in the guidelines a comprehensive regulatory framework and a separate steering committee for banking institutions using AI technology.
The draft states that the directive has been prepared with the aim of promoting the use of AI in the financial sector and minimizing the risks and challenges it may pose. Such a directive was also said to be prepared in the monetary policy for the fiscal year 2082/83. The Rastra Bank believes that the directive is necessary to enable banking institutions to utilize the benefits of AI and to ensure the fairness and stability of the financial system.
The draft states that banking institutions should form a 'cross-disciplinary AI steering committee' or assign this responsibility to an existing committee. The committee should include senior employees of the institution along with members with sufficient expertise to oversee risks related to information technology or AI. The draft states that when an institution develops AI technology or hires services from a third party other than internal employees, it should obtain the approval of the board of directors and inform the Rastra Bank's Supervision Department.
For risk management, the National Bank has proposed a provision that banks and financial institutions should conduct an initial assessment of AI-based systems and classify them under high risk, broad impact, minimal human oversight, rights risk and sensitive data use. It has been said that systems that cause serious financial losses, create legal liabilities or disrupt essential services in the event of a cyber attack or disaster should be classified as 'high risk'. The draft states that those that are connected in large numbers and can have a wide impact should be placed under 'broad impact'.
Sub-section 6.2 of the draft includes detailed testing and validation to ensure that AI models used in the decision-making process are factual, reliable and impartial. Similarly, there is a provision that the data used in AI systems should be accurate, complete and up-to-date. It has been said that licensed institutions should formulate effective regulations or data retention policies for data management. The objective is to maintain data quality, accuracy and accountability (accounting of who did what).
For cyber security, banks and financial institutions are required to conduct regular security audits and follow the Cyber Resilience Guidelines of the National Bank, as mentioned in Sub-section 6.4. The guidelines also include provisions on the ethical use of AI, eliminating ‘algorithmic bias’ to ensure that AI systems do not discriminate against any individual or group when responding. The guidelines state that banks and financial institutions should ensure that the AI systems they use are transparent and that the AI decision-making process should be understandable to stakeholders, service recipients and regulators. For example, when AI approves or rejects a loan, it should be able to provide details to stakeholders such as how and on what basis the decision was made.
The guidelines state that if AI is used in interactions with customers, information should be provided about it. Section 8 on data security and privacy states, ‘Existing rules/laws on privacy should be followed, only as much data as is required for the purpose for which it is collected and kept only as long as is necessary, and as little data as possible should be collected. Customer consent should be obtained before collecting data for your AI system. Customers should be given the option to opt-out of using their data at any time. In doing so, they should not be deprived of banking services.’
Section 10 states that banking institutions should continuously monitor the performance and impact of AI systems and prepare monitoring reports. The draft states that if the system is disrupted, data is stolen due to cyber attacks, or the algorithm itself shows biased behavior, information about such incidents should be provided to the relevant supervision department of the National Bank. It has been said that banks and financial institutions should submit an annual report to the National Bank on all activities including any application, risk management methods related to AI. The National Bank has requested all stakeholders to provide suggestions by December 15.
This guideline will be applicable to all institutions licensed by the National Bank, including commercial banks (Class A), development banks (Class B), finance companies (Class C), microfinance institutions (Class D), Nepal Infrastructure Bank Limited, as well as payment system operators and payment service providers. It covers the use of AI for various purposes, including credit scoring, fraud detection, customer service, risk management, etc.
