Policy Statement on Responsible Application of Artificial Intelligence (“AI”) in the Financial Market

  • Legal Development 24 December 2024 24 December 2024
  • Asia Pacific

  • Technology risk

In light of the wide applications of AI in the financial services industry and government’s pro-active approach in promoting smart city and digital government, the Financial Services and the Treasury Bureau (“FSTB”) issued on 28 October 2024 a policy statement on the responsible use of AI in the financial market (the “Statement”), addressing the issues brought by technology, such as cybersecurity, data privacy and protection of intellectual property rights.


Below are some key takeaways from the Statement:
 

  1. Three “Ds” in application of AI in the Financial Services Sector: The FSTB observed three attributes in the application of AI in the financial market, namely:

    • Data-driven: The application of AI improves efficiency and competitiveness of data-driven financial services as it helps analyzing data.
       
    • Double-edged: The application of AI can be double-edged, it yields power and potential, but improper use of it can bring considerable risks. In principle, AI should remain a tool complementing and enhancing human capabilities rather than replacing human judgment and analysis.
       
    • Dynamic: AI is dynamic in nature, it helps cultivating more new and innovative businesses and enriching ecosystem of the financial services industry.
       
  2. Adoption of Dual-track Approach: Considering the above attributes of AI, the FSTB will adopt a dual-track approach – on one hand, capturing opportunities brought by adopting AI in the financial services industry, on the other hand, mitigating risks brought by the technology in the areas of cybersecurity, data privacy and protection of intellectual property rights.
     

    • Capturing Opportunities: There are various opportunities arisen from AI applications, including automation in research process, data analysis, risk assessment and repetitive tasks, hence increasing accuracy and freeing up human resources for more complex and value-added work such as supervision and quality assurances; optimization in investment strategies and offering better customer protections and experiences; prevention of fraud and financial crime activities by identifying patterns and anomalies at an early stage.
       
    • Mitigating Risks: At the same time, financial institutions should adopt a risk-based approach along with mitigation measures facing the risks associated with the use of AI. For instance, AI users should ensure compliance of existing regulations and protection of intellectual property rights when certain personal data and copyrighted materials are used to train AI models; ensure balanced and representative training data set to avoid bias and hallucination risk, and establish contingency plans to avoid disruption of or failure with regard to AI models; keep investors and customers informed of their rights and controls over their personal information and preferences; enhance AI detection systems to identify and counteract fraudulent activities and cybercrime; and continuingly reskill and upskill employees to avoid job displacement.
       
  1. Overview of Regulator’s Efforts: Below is a recap of the specific measures adopted or will be adopted by different regulators in Hong Kong –

The Hong Kong Monetary Authority (“HKMA”)

The Securities and Futures Commission (“SFC”)

  • By November 2024 – the SFC will issue a circular to licensed corporations to remind them of the existing rules and regulations, as well as the opportunities and risks associated with the generative AI.
  • The SFC is participating in the Fintech Task Force AI Working Group under the International Organization of Securities Commissions (“IOSCO”) and will keep in view any findings or recommendations from IOSCO to consider whether further regulatory guidance to SFC-licensed firms is necessary.

The Insurance Authority (“IA”)

  • May 2023 – the IA outlined in its Conduct in Focus the responsibilities of insurers and intermediaries regarding the use of chatbots under the “regulated activities” regime, reminding them to uphold the  principles of fair customer treatment and enable fully informed customer decisions.
  • The IA is enhancing its Guideline on Cybersecurity by developing a Cyber Resilience Assessment Framework specific for the insurance sector.   
  • The IA will conduct a Fintech survey to evaluate current technology adoption trends in the insurance sector, focusing on AI and related cybersecurity measures.

The Mandatory Provident Fund Schemes Authority (“MPFA”)

  • 8 February 2024 – the MPFA  issued circular “Guidance on Offering Robo-Advisor Service” to provide guidance on offering robo-advisor service.
  • The MPFA will keep monitoring the adoption of AI in the pension industry and issue further or updated guidance if necessary, having regard to the market and regulatory development.

The Accounting and Financial Reporting Council (“AFRC”)

  • The AFRC will assess the emerging opportunities and potential risks associated with the development of AI by audit firms.   
  • The AFRC will develop guidance to enhance awareness and support AI deployment by the accounting profession with an emphasis on the importance of upholding audit quality while ensuring alignment with quality management standards.

The Hong Kong Police Force (“HKPF”)

  • September 2022 – the HKPF launched “Scameter”, a scam and pitfall search engine, covering fund transfers using the Faster Payment System (“FPS”) proxy IDs (including mobile phone number, email address and FPS identifier.
  • Since August 2024 – the HKPF has, in collaboration with the HKMA, extended the coverage of the Suspicious Account Alert, which warns customers of “High Risk” of fraud based on information of Scameter, for internet banking and physical branches transactions.
  • The HKPF has been exchanging intelligence with the International Criminal Police Organization, law enforcement agencies of different jurisdictions, and the AI industry.  
  • The HKPF is keeping track of the latest modus operandi and criminal trends around the globe, including the application of deepfake technology.  
  • The HKPF will continue to step up cooperation with different stakeholders and jointly explore and formulate effective measures.

The Investor and Financial Education Council (“IFEC”)

  • The IFEC will continue to work with stakeholders to raise public awareness and enhance understanding on the opportunities and risks presented by AI technology in terms of retail investing and financial management.

The Financial Services and the Treasury Bureau (“FSTB”)

  • Since 2018 – the FSTB has included experienced Professional in Fintech in the Talent List.
  • The FSTB will continue to closely monitor the industry’s demand and cultivate more Fintech talents through implementing various support measures, including training and subsidy schemes.

Digital Policy Office (“DPO”)

  • July 2024 – the DPO issued the updated “Ethical Artificial Intelligence Framework” to provide government bureaux and departments a set of practical guides when implementing projects that involve the use of AI technology, and to identify and manage the potential risks and other issues including privacy, data security and management.

Office of the Privacy Commissioner for Personal Data (“PCPD”)

  • August 2021 – the PCPD issued the “Guidance on the Ethical Development and Use of AI” to help organizations understand and comply with the relevant requirements of the Personal Data (Privacy) Ordinance (Cap. 486) (“PDPO”) when developing or using AI.
  • June 2024 – the PCPD issued the “Artificial Intelligence: Model Personal Data Protection Framework” to provide recommendations  and  best  practices  to  assist  organizations in procuring,  implementing  and  using  AI,  including  generative AI,  in compliance with the requirements of the PDPO, thereby facilitating  them  to  harness  the  benefits  of  AI  while safeguarding personal  data  privacy.=

Commerce and Economic Development Bureau (“CEDB”)

  • July to September 2024 – the CEDB conducted a public consultation to explore further enhancement of the Copyright Ordinance (Cap. 528) regarding the protection for AI technology development, with a view to ensuring that Hong Kong’s copyright regime remains robust and competitive.

 

If you have any questions on any information set out in this newsletter or requires advice on compliance-related issues, please get in touch with Joyce Chan or your usual Clyde & Co contact.

End

Stay up to date with Clyde & Co

Sign up to receive email updates straight to your inbox!