BPI Responds to NIST Artificial Intelligence Risk Management Framework RFI

Dear Dr. Olthoff:

The Bank Policy Institute[1] appreciates the opportunity to comment on the National Institute of Standards and Technology’s Request for Information on the Artificial Intelligence Risk Management Framework. The development of the AI RMF is an important effort that will heighten awareness and help organizations across all industries understand and manage AI risks.

Banks have a strong history and culture of risk management and have decades of experience in designing processes to manage risks related to emerging technologies, including AI. The financial services sector is unique and stands out from other industries in that banks are subject to extensive regulatory requirements which provide a comprehensive framework to manage the implementation of AI across various banking use cases. We believe NIST’s AI RMF will help other organizations not already subject to similar requirements improve their awareness of AI risks and implement a governance structure to ensure AI is used in a responsible and trustworthy manner.

In this letter, BPI provides high-level comments and recommendations for NIST’s consideration in developing the AI RMF, based upon the financial sectors’ experience adopting AI and expanding existing model governance frameworks to AI. For additional information, especially to address NIST’s second goal to gain a greater awareness about how organizations are managing AI risk and have incorporated risk management standards into policies and practices, we encourage NIST to reference BPI’s response to the joint financial regulators’ Request for Information on Financial Institutions’ Use of AI, including Machine Learning,[2] provided as an Appendix to this letter. In addition to providing an overview of how banks are currently utilizing AI and managing any associated risks, BPI detailed the existing laws, regulations and guidance that provide a comprehensive risk management framework for AI in the financial sector, all of which relates directly to several of the questions posed in NIST’s RFI.

BPI and its member banks agree with and support the eight proposed attributes of the AI RMF. In particular, BPI appreciates that the Framework is intended to be voluntary, risk-based, useful to a variety of stakeholders and adaptable over time as the technology and AI applications continue to evolve. Our suggestions, therefore, are modest in scope, and intend to emphasize the importance of certain attributes as NIST continues to develop the AI RMF.

To read the full letter, please click here.

[1] The Bank Policy Institute is a nonpartisan public policy, research and advocacy group, representing the nation’s leading banks and their customers.  Our members include universal banks, regional banks and the major foreign banks doing business in the United States.  Collectively, they employ almost two million Americans, make nearly half of the nation’s small business loans, and are an engine for financial innovation and economic growth.

[2] Office of the Comptroller of the Currency, Board of Governors of the Federal Reserve System, Federal Deposit Insurance Corporation, Bureau of Consumer Financial Protection, National Credit Union Administration; Request for Information and Comment on Financial Institutions’ Use of Artificial Intelligence, including Machine Learning, 86 Fed. Reg. 16837, (Mar. 31, 2021).