Hungary’s financial regulator reviews risk of AI to banks and insurance companies

For the first time, the Hungarian National Bank (MNB) carried out a thematic study on the IT, privacy and other risks of AI and machine learning in banks and insurance companies.

The objective of the study was to enable the MNB to understand current-use cases to assess the need for possible supervisory guidance and to update its overall IT supervisory testing methodology with a view to AI and machine learning. The review was based on the Government Decree on the protection of IT systems of financial institutions, insurance companies, investment firms and commodity exchange service providers and the MNB Recommendation on the protection of IT systems.

The regulator found that Hungarian financial institutions use AI and machine learning mainly in their customer identification, account opening, marketing, customer relationship management (CRM) and campaign management processes.

The MNB’s review included the following:

• The evaluation of AI and machine learning, including the efficiency of regulation, control systems, organisational operations, development tasks, IT architecture, and security measures such as logical and data security, and authorisation management.
• The assessment of specific risks associated with the alignment of AI solutions used by banks and insurance companies with institutional strategy, evaluating whether process decisions were made with adequate expertise and specific risk analysis.
• The examination of the financial institutions' handling of customers’ personal data, including biometric data, examining measures to protect bulk linked data, considerations for data decryption, quality controls for automated decision-making, and procedures for addressing loss of manufacturer support, especially for regularly retrained models. The crucial consideration in the evaluation was whether the surveyed banks and insurers had implemented measures to detect “data poisoning”, such as incorrect models and information in databases, and whether they had employed diverse samples in their training to mitigate the risk of discrimination.
• Apart from analysing the AI technology utilised, the MNB also inspected the capability of algorithms, especially those necessitating ongoing retraining, to recall specific decisions as required.

The financial institutions were informed of the result in the form of an inspection letter. The MNB's recommendations were primarily aimed at addressing shortcomings in risk analysis, regulation and testing, and no legal provisions were violated by any of the parties concerned.

The investigation of AI solutions will also be given special focus in further comprehensive investigations by the MNB. It is therefore important for financial organisations to review their operations based on the criteria and findings of the MNB study.

For more information on this study and the use of AI in Hungary’s financial sector, contact your CMS client partner or these CMS experts.