Regardless of your credit union's size, the time has come for it to have a policy addressing the core principles and procedures that will be used for integrating artificial intelligence. At the very least, a thoughtfully drafted policy will require the leadership of your credit union, including its board of directors, to grapple with the implications of the ubiquitous expansion of AI since the introduction of ChatGPT in 2021. In a best-case scenario, a properly drafted policy will help the credit union navigate the legal, compliance, operational and ethical principles related to this technology.
Depending on how you define it, AI has been used by financial institutions for decades, helping you make lending decisions for Fannie Mae and Freddie Mac, or identifying suspicious activity in your members' accounts. But times have changed. With the introduction of so-called generative AI for use by the general public and the exponential growth in the ability of companies to convert huge amounts of data into computer algorithms, AI now can generate documents ranging from correspondence to delinquent borrowers to proposed images for marketing campaigns. What makes AI so unique and powerful is that it is trained to recognize virtually any pattern or connection from suspicious account activity to sentence structure. It will improve over time as it processes more information. For example, without any additional programing, chatbots will get better at providing relevant responses.
Given its potential, it can help each of your employees do their job more efficiently. According to one estimate, approximately 30% of credit unions are already using AI, with many of those credit unions using chatbots to make customer service more efficient. A debt collection specialist told me that many delinquent borrowers prefer interacting with a chatbot over a human. And remember, no matter how small your credit union is, your employees are using ChatGPT.
Your credit union should establish a framework to examine potential applications. Credit unions are establishing committees to vet potential AI use models. The goal of any policy or framework should be to enable your credit union to strategically integrate AI into your operations. Without this framework, employees will still be using AI but management won't know how or why.
The policy should address how your credit union wants to use AI. As someone who has used various models on several AI legal platforms, there is no doubt in my mind that technology can make almost all of your employees more productive. But don't assume this to be the case. Make sure you establish benchmarks for judging just how useful AI is to your credit union.
When it comes to vendor AI offerings, thorough due diligence is even more important. Let's say your credit union wants to see how AI can be used to expand lending opportunities to more members. AI can do this because of its ability to quickly analyze hundreds of data points that could impact a person's likelihood of repaying. But precisely because it offers novel opportunities, it also presents unique due diligence concerns. For instance, does anyone in your credit union understand AI well enough to assess competing products and services? And how much trust can the credit union place in a third-party vendor that is itself learning how to use the technology? What data was used to create the lending model and how was it tested to ensure compliance with federal and state fair lending laws?
Because the credit union will be jumping into the unknown, adequate contract review and negotiations become even more important. Issues that should be addressed are: Liability for incorrect outputs, representations and/or warranties about the technology being offered, data protection protocols that comply with both federal and state mandates, adequate insurance, and indemnification against third party intellectual property claims.
AI isn't intelligent. The quality of its data will determine the quality of its output. Researchers have found, for instance, that facial recognition technology doesn't work nearly as well in identifying people with black and brown skin. In addition, at least one lawsuit has been filed against employment software providers over allegations that their models are inherently biased against women applicants.
In 2022, the CFPB issued guidance emphasizing that a model's complexity does not excuse a financial institution from complying with the ECOA. The CFPB was not against the use of AI but wanted financial institutions to ensure that models could identify the specific reasons why an applicant was denied. This means that financial institutions should know or receive assurances that models were created using a defined set of identifiable data and algorithms.
You are dealing with many risks, both known and unknown. Your contract is your primary protection. It should address who is responsible when the models don't work as intended. One particularly amusing incident occurred when a chatbot being used by an airline for customer service offered a refund that hadn't been approved by the airline. Does your contract address who would be responsible if a similar incident happened at your credit union?
Of course, adequate protection of personally identifiable information should always be a primary concern. Your vendor should be responsible for meeting baseline protections. Credit unions are increasingly citing vendors failing to provide adequate data security as a reason for terminating contracts.
AI is not a traditional product constrained to only having one purpose. When used properly, it will impact virtually all components of your credit union operations in a way that makes your employees more efficient and your customers more satisfied. But as with any new technology, its use raises operational, legal and compliance concerns. This is why a comprehensive AI use policy is crucial. Your credit union should understand when and how AI is being used and determine on a case-by-case basis whether its benefits are outweighed by the cost.
© Arc, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to TMSalesOperations@arc-network.com. For more information visit Asset & Logo Licensing.