AI Executive Order: Consumer Financial Services Touchpoints
AI Executive Order: Consumer Financial Services Touchpoints
On October 30, 2023, President Biden issued a wide-ranging Executive Order designed to protect Americans from potential risks associated with artificial intelligence (AI) systems. The Executive Order on the Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence (AI Executive Order or Executive Order) directs a number of federal agencies to address specific AI issues, including the Consumer Financial Protection Bureau (CFPB), the Department of Housing and Urban Development (HUD), the Federal Housing Finance Agency (FHFA), and the Department of Treasury (Treasury). According to remarks from President Biden, the AI Executive Order is the “most significant action any government anywhere in the world has ever taken on AI safety, security, and trust.”
The Executive Order establishes new standards for AI safety, security, and innovation across a range of industries, including technology, banking, education, healthcare, housing, and the workplace. The 100-plus-page document requires federal agencies and developers of certain AI technologies to take steps to improve privacy and transparency and protect civil rights, while boosting research and diplomacy efforts aimed at promoting competition and advancing U.S. leadership in the rapidly evolving field. This Alert highlights some of the key touchpoints for the Executive Order with banking and financial services.
To “address discrimination and biases against protected groups in housing markets and consumer financial markets,” the Executive Order asks the CFPB and the FHFA, which regulates Fannie Mae and Freddie Mac, to monitor for lending bias. Specifically, the Executive Order encourages the CFPB and the FHFA to consider using their authorities to require their respective regulated companies to “use appropriate methodologies including AI tools to ensure compliance” with federal law. It also urges those regulators to evaluate: (i) their underwriting models for bias or disparities affecting protected groups; and (ii) automated collateral-valuation and appraisal processes in ways that minimize bias.
This directive in the Executive Order follows the guidance issued by the CFPB last month on lenders’ obligations when using AI and other complex technologies to make consumer credit decisions. Read our Alert on the CFPB guidance.
In addition, the Executive Order addresses the use of algorithmic targeting of advertising for housing and credit, as well as algorithmic tenant screening, in order to “combat unlawful discrimination enabled by automated or algorithmic tools used to make decisions about access to housing and in other real estate-related transactions.” Specifically, the Executive Order encourages the CFPB, and requires HUD, to issue guidance within 180 days:
The Executive Order also requires the Secretary of the Treasury to issue a public report on best practices for financial institutions to manage AI-specific cybersecurity risks. This directive follows remarks made by Federal Reserve Vice Chair for Supervision Michael Barr earlier this month. During a moderated discussion at the Large and Foreign Banking Organizations Cyber Conference, Vice Chair for Supervision Barr identified that banks need to be creative in testing cybersecurity resiliency.
The Biden administration continues to focus on AI and also met with a bipartisan group of legislators this week to further discuss actions that Congress can take on regulating AI. The AI Executive Order is broad-sweeping and directs multiple federal agencies to action, including with respect to banking and financial services. The effectiveness of these directives will depend on how they are implemented.
In the consumer protection context, the CFPB is already focused on the use of AI in credit underwriting, and last year the CFPB released an issue spotlight on the use of AI chatbots by financial institutions. The prudential agencies also have focused on AI through multiple lenses, including model risk management, third-party models, and third-party risk management expectations.