This is the 2nd blog in a series about Artificial Intelligence (AI) in the context of credit union risk and compliance. This series is designed to provide auditors and compliance professionals with a clear understanding of how AI can be applied and managed within their operations.
In many cases, leadership sets the parameters of AI use at each credit union. Leadership may set policy for AI use in major “offense” or “defense” solutions:
- Offense: AI loan decisioning, AI chatbots, and anything that helps the credit union automate, streamline, and grow.
- Defense: AI-powered cybersecurity, AI fraud detection, and anything that reduces the credit union’s exposure to risk.
But will leadership set policy for incidental use of AI? Will policy cover AI notetaking in meetings? Will it cover internal memos or social media posts written by ChatGPT? Or marketing images created by Midjourney or DALL-E?
And, more importantly, what are the risks associated with using AI in credit unions?
Credit Union AI Risks
There are 4 major risk types inherent to any new technology (such as AI) or policy. You’re almost certainly already aware of the 4 major risk categories.
However, due to the evolving nature of AI in the credit union workspace, it’s worth reiterating them here. Furthermore, it’s critical to ensure leadership is aware of these risks and includes them in their AI risk assessment:
1. Financial Risk
What effect will the technology have on the credit union’s bottom line? What are the costs of integrating new tech, training, support, and maintenance? What happens if the AI solution has a negative ROI or makes an error that costs money?
And conversely, what are the potential gains that could be realized with AI that couldn’t be possible otherwise?
2. Reputational Risk
What effects will the use of AI have on the credit union’s reputation? Bias, inefficiency, invasiveness, or catastrophic errors in AI products or policy could lead to loss of trust and reputation.
On the other hand, significant wins from AI might demonstrate innovation, tech-friendly, member-focused service.
3. Operational Risk
What effects will AI products or policy have on the daily operations at the credit union? How will AI change the day-to-day duties of any given department? How will it affect your infrastructure needs? What changes must the credit union make to its disaster recovery and business continuity plans?
Finally, will credit unions need to worry about system failures, data breaches, or new inefficiencies caused by integrating cutting edge technology in a tech stack with legacy elements?
4. Legal and Regulatory Risk
There are few (if any) regulations about credit union AI so far. However, reporting, data and privacy laws, data compliance regulations, fallout from lending bias, copyright issues with generative AI, and other potential concerns are all in play. As AI evolves and regulatory bodies develop new guidance, credit unions will need to pay close attention to stay in the clear.
Next Steps and Takeaways
When working with new AI solutions, it’s important for credit unions to do the following:
- Define whether their AI strategy is for offense, defense, or both;
- Understand the goals of the AI strategy or solution;
- Set intention behind the stated AI strategy or solution; and
- Run the AI strategy or solution through an AI Assurance Agenda.
Subscribe now to see further installments of this series on AI and credit union risk and compliance.
If you’d like to see how Redboard can save time and improve visibility and accountability in your audit process, schedule an assessment here.