Regulatory law, in the context of banking and insurance regulation, is naturally complex. Much is at stake since banks and insurance companies are centerpieces of our modern economies. At the same time, however, various stakeholder interests’ clash. On one hand, regulators work towards crucially important goals, such as overall financial stability and robustness, or policyholder protection (for a European perspective see here). On the other hand, the financial industry (i.e., banks and insurance companies) generally strive for profits and growth while having to comply with rigid regulations. This is complemented by the particular interests of customers and consumers.
In the aftermath of the Global Financial Crisis (GFC), the overall regulatory environment tightened. For instance, in the US, the Dodd-Frank Act vastly introduced new rules affecting both banks and insurance companies. The EU banking legislation likewise moved into that direction. With respect to the insurance sector, a new EU directive came into force in 2009 and established extensively novel rules regarding solvency and capital (pillar 1), governance (pillar 2), and reporting and disclosure (pillar 3) requirements. However, they were not a reaction to the crisis and the legislative process that already started years before the GFC. Eventually, it was amended in 2014 in response to the crisis. Since then, the overall trend was more sophisticated and detailed regulation that has not stopped, and it is unlikely to do so amidst pressing changes and developments (e.g., pandemic recovery and resilience, digitalization and sustainability).
Generally speaking, banks and insurance companies must carefully monitor and follow not only regulatory law de lege lata but also have to anticipate regulatory changes de lege ferenda. Otherwise, they face the risk of fines and reputational losses (E.g., in 2020 global banks paid billions of fines because of regulatory non-compliance). Additionally, the board of a bank or an insurance company may bear professional and liability risks for non-compliance with regulatory rules and standards. Both are particularly delicate since it can take time to actually implement and enforce the law internally, depending on the complexity and the dimension of the change of the legal environment. Regulatory compliance is of utmost importance and requires adequate and effective steps. Given the tightening regulatory landscape, compliance efforts, and costs increase, this trend will presumably not stop.
Insofar, voices championing the use of modern technologies promising more effective and efficient regulatory compliance grow louder in the broader frame of RegTech. One argument is that AI-based software, (e.g., legal document management systems), achieves “preparedness, adaptability, and resilience,” and ultimately, supports the overall capability to adapt and comply with challenging legal requirements. Additionally, AI-based applications conceptually may favor customers and consumers in the course of more tailor-made financial and insurance products. This may lead to the conclusion that a bank or insurance companies’ board is not only allowed, but also legally compelled to actually apply AI-based applications. This is a discussion which already takes place in the corporate law context and may well be transferred into the regulatory context.
This all sounds like an easy and quick fix to the dilemma of increasingly complex and costly regulatory compliance efforts; in fact, under certain circumstances and from a more abstract point of view, one cannot deny that AI-based or supported solutions — leaving aside what AI precisely means outside and inside the regulatory context — may have positive impacts. This appears to be especially the case for AI-based legal document management systems. However, in trying to fit this into the broader regulatory context, the picture is more complex. Apart from the quite narrow example of document management systems, there are a lot of complicated applications such as credit scoring, credit and rate making, or anti money laundering. In other words, AI in the field of regulatory compliance touches various areas with likewise unsolved problems. These problems include transparency, explain-ability, data protection, liability, board responsibility, fit and proper requirements, the role of third-party AI vendors, anti-discrimination, and so on and so forth.
There is an urgent need for further AI research in potential fields of applications, and its complications with regulatory goals and stakeholder interests. AI can bring relief to the regulatory compliance dilemma and can probably already do so in narrowly defined fields such as document management systems. However, this should not automatically lead to a general legal rule for the board of a bank or insurance company to apply AI-based systems. Notwithstanding, where the benefits and risks of certain applications are sufficiently identified, it seems reasonable to think about it and fathom the details. In the meantime, there remains much to discuss from a rather restrained setup.