AI & credit unions: Balancing innovation and risk management

From chatbots to advanced lending algorithms, artificial intelligence (AI) is reshaping the landscape at credit unions. This transformation comes with challenges. Initially used in support of Bank Secrecy Act (BSA) compliance and fraud detection, AI is now indispensable at many credit unions. Its effective deployment, however, requires comprehensive risk management measures.

The complexities of AI-driven models

AI streamlines operations at credit unions but its misuse can lead to inadvertent discrimination. Regulatory bodies have persistently cautioned financial institutions against algorithms that drive lending decisions without clear justification. Moreover, these algorithms may indirectly encourage discrimination if previous loan decisions, which form the basis for the models, were based on bad data.

AI is also increasingly influencing other areas within credit unions, notably marketing. AI now determines which members receive ads for products and services on specific online platforms. This AI-driven decision-making affects consumers’ choices of products and services. This could negatively affect certain groups of customers. For example, if a consumer is only exposed to ads for high-interest credit cards, they might not consider applying for a card with lower rates and fees.

Should AI inadvertently offer product or service recommendations that target different protected groups, it could result in disparate impact. Disparate impact is a situation where a neutral policy disproportionately and negatively affects a protected class. Discriminatory intent is irrelevant – unfair treatment is treated as discrimination regardless of the underlying cause. Regulators will penalize your credit union for causing harm to consumers, regardless of whether a bot or AI was the cause. Consumers won’t recognize the difference either, resulting in damage to your reputation. It’s crucial to establish AI risk management controls to ensure compliance and avoid legal and reputational risks.

Establishing an AI control framework

AI introduces a new set of risks that necessitate a fresh set of controls. However, this isn’t just an issue for your credit union’s IT department. This requires a holistic view of risk and interdepartmental collaboration on the appropriate control environment.

Here are the steps to create an effective AI control framework for your credit union:

1. Gauge your credit union’s AI tolerance

How receptive is your credit union to AI? This question is similar to those asked for any risk. With an answer in place, your credit union can align its strategic objectives with the potential benefits of AI, while factoring in the costs and resources required for implementation.

2. Evaluate the risks linked to AI

Assess the risks posed by each AI tool, such as chatbots, credit decisioning engines, and social media management applications. This includes privacy and security risks, potential biases, ethical concerns, regulatory compliance, and the impact on employees and members. Credit unions should also contemplate how AI can be integrated into their existing risk management strategies for a holistic approach.

3. Develop a customized control framework

Create a control framework tailored for AI tools by developing and implementing AI governance policies and procedures. For instance, an AI chatbot for member inquiries might need fewer controls than an AI engine deciding on residential mortgage loans due to the higher risk in mortgage lending.

4. Oversee and evaluate AI performance

AI necessitates human supervision. For instance, a person might need to review all AI-generated social media posts before they’re posted. Implementing routine reviews and audits of AI tools to ensure they are working as intended and are not leading to regulatory or reputational risks is vital.

5. Manage AI vendors

If a credit union is employing third-party AI, it’s crucial to establish strong controls at the vendor level. Contracts should provide for access to test results and other model validation documents.

6. Empower compliance and audit teams

Equip compliance and audit teams with the necessary understanding and skills to effectively assess AI tools. This includes training on AI technologies and their associated risks, as well as a deep understanding of the unique challenges posed by AI in financial services.

7. Establish audit programs

Formulate audit programs to evaluate the output of AI tools and ensure compliance with policies and procedures.

8. Continuously update your AI risk management control environment

AI and machine learning are focused on constant evolution and improvement. Given AI’s rapid advancement, your credit union must regularly evaluate its control environment. An annual assessment is insufficient. The more real-time your evaluations are, the better. Any updates or added capabilities from your AI vendor may represent new or amplified risks, requiring reassessment of your controls.

Leveraging the potential of AI

As AI technology continues to evolve and become more entrenched in the financial services industry, it’s paramount for credit unions to establish a robust control environment to manage the risks associated with AI applications.

By implementing tailored controls, closely monitoring AI performance, and cultivating strong relationships with third-party vendors, credit unions can mitigate potential regulatory and reputational risks. At the same time, they can leverage the transformative power of AI to enhance their operations and member experiences. These measures will allow credit unions to fully embrace AI’s capabilities while navigating its complexities, fostering an environment of innovation grounded in sound risk management practices.