As regulatory thinking evolves, firms must ensure that any current or planned use of AI complies with regulatory expectations.

By Fiona M. Maclean, Becky Critchley, Gabriel Lakeman, Gary Whitehead, and Charlotte Collins

As financial services firms digest FS2/23, the joint Feedback Statement on Artificial Intelligence and Machine Learning issued by the FCA, Bank of England, and PRA (the regulators), and the UK government hosts the AI Safety Summit, we take stock of the government and the regulators’ thinking on AI to date, discuss what compliance considerations firms should be taking into account now, and look at what is coming next.

The FCA recently highlighted that we are reaching a tipping point whereby the UK government and sectoral regulators need to decide how to regulate and oversee the use of AI. Financial services firms will need to track developments closely to understand the impact they may have. However, the regulators have already set out how numerous areas of existing regulation are relevant to firms’ use of AI, so firms also need to ensure that any current use of AI is compliant with the existing regulatory framework.

Insights from Latham’s flagship event: Managing the risk and promise of digitisation in financial services

Authors: Andrew Moyle, Nicola Higgs, Christian McDermott, and Kirsty Watkins.

The financial services industry is leading the way in outsourcing, with contract values in excess of US$10.7 billion in 2018, causing regulators to focus more than ever on the associated risks. Guidelines on outsourcing arrangements from the European Banking Authority (EBA), which came into effect on 30 September 2019, expand the requirements on institutions in this area, while both the Financial Conduct Authority (FCA) and the Prudential Regulation Authority (PRA) are also increasing their outsourcing supervision and enforcement activity.

We discussed the new requirements for financial institutions to maintain a register of outsourcing arrangements, and adhere to more stringent risk assessment and due diligence requirements at our recent event entitled Balancing the Scales: Managing the Risk and Promise of Digitisation in Financial Services.

Both the FCA and the PRA have written to firms to warn about certain risks associated with exposures to crypto-assets, and to advise firms of the measures they should consider implementing to mitigate such risks.

By Stuart Davis and Charlotte Collins

The FCA and the PRA have each written a “Dear CEO” letter to firms, to warn about the risks associated with exposure to crypto-assets. The letters reflect each regulator’s concerns, according to their regulatory remit, and provide examples of practical measures that firms should be putting in place.

These letters come at a time when both the use and regulatory scrutiny of crypto-assets is increasing, with the FCA recently revealing in a response to a Freedom of Information Act request that it is currently investigating 24 crypto firms.