Compliance
Compliance Corner: FINMA Frets Over Outsourcing AI

The latest compliance news: regulatory developments, punishments, guidance, permissions and new product and service offerings.
FINMA
A recent survey by FINMA, the Swiss regulator,
found that about half of the firms it surveyed use AI or are
developing initial uses for this technology. A further 25 per
cent say they intend to use it in the next three years.
The study, based on 187 institutions, also showed that the
regulator is worried that the heavy use of outsourced
providers raises operational risks.
On average, these organisations have around five applications and
are developing nine of them. Some 91 per cent of respondents who
use AI also use generative AI such as newer chatbots.
Most institutions do not rely solely on their own developments
but also use external service providers. Smaller institutions
often rely exclusively on externally-developed applications, the
regulator said late last month; it drew attention to the
operational risks that such outsourcing might generate.
Around half of the institutions surveyed have
incorporated AI into an explicit AI strategy. When applying
existing governance frameworks, many focus on data protection, IT
and cyber security, data management and enterprise risk
management.
In its Guidance 08/2024 update, the regulator shared its
supervisory observations regarding governance and risk management
when using artificial intelligence.