Re: Docket Number TREAS-DO-2024-0011; Response to Request for Information on Uses, Opportunities, and Risks of Artificial Intelligence in the Financial Services Sector
Dear Mr. Kim,
The American Bankers Association (ABA) and 21 state bankers associations representing banks in California, Colorado, Delaware, Hawaii, Iowa, Kentucky, Louisiana, Maryland, Massachusetts, Michigan, Nebraska, Nevada, New York, Ohio, Pennsylvania, South Dakota, Virginia, Washington, West Virginia, Wisconsin, and Wyoming (the Associations) appreciate the opportunity to respond to the request for information (RFI) on the Uses, Opportunities, and Risks of Artificial Intelligence in the Financial Services Sector issued by the Department of the Treasury. Artificial intelligence (AI), including the latest iteration commonly dubbed "generative" AI (GAI), are technological tools that have their place in aiding various banking use cases. However, as with any technology, its deployment should only take place in an environment that carefully considers potential risks with appropriate mechanisms in place to manage those risks. This is especially true for banks, which are integral to the economy, responsible for safeguarding customers’ money, and which need to build and maintain customers' trust in order to do so. Moreover, it is becoming increasingly clear that interdicting AI is not a viable option—the technology is too pervasive and promising to block or drive underground.
Banks have employed AI in a responsible manner for decades and are leveraging that mature risk management framework as they begin implementing GAI. Moreover, ABA, the Associations, and our members have had numerous discussions on ways to augment the risk management framework in the wake of GAI, and to that end we present recommendations in the realms of legislation, regulation, and supervisory guidance.
In particular, we wish to highlight two key recommendations at the outset of this comment. First, we urge that any new horizontal federal law pertaining to AI preempt state requirements and clearly exclude banks from any duplicative obligations. As observed in the privacy landscape, the lack of preemption and the confusing applicability to bank data has led to inconsistent levels of consumer protection and significant compliance burden, and policymakers cannot allow this misstep to happen again with AI. Second, we call for updated model risk management guidance from the prudential regulators to clarify expectations in the wake of changes to the ecosystem, but only after an appropriate notice and comment period.
This comment letter is organized in the following manner:
Download the joint comment letter to read the full text.