AI in the Canadian Financial Services Industry
This article is part of our Artificial Intelligence Insights Series, written by McCarthy Tétrault’s multidisciplinary Cyber/Data team. This series brings you practical and integrative perspectives on the ways in which AI is transforming industries, and how you can stay ahead of the curve.
View other blog posts in the series here.
In recent years, players within Canada’s financial services industry, from banks to Fintech startups, have shown early and innovative adoption of artificial intelligence (“AI”) and machine learning (“ML”) within their organizations and services. With the ability to review and analyze vast amounts of data, AI algorithms and ML help financial services organizations improve operations, safeguard against financial crime, sharpen their competitive edge and better personalize their services.
As the industry continues to implement more AI and build upon its existing applications, it should ensure that such systems are used responsibly and designed to account for any unintended consequences. Below we provide a brief overview of current considerations, as well as anticipated future shifts, in respect of the use of AI in Canada’s financial services industry.
The Regulatory Landscape and Some Recent Developments
At a high level, Canadian banks and many bank-specific activities are matters of federal jurisdiction. As a result, they are subject to the Personal Information Protection and Electronic Documents Act (“PIPEDA”) and its “substantially similar” provincial equivalents when it comes to their use of personal information (including in the context of developing or deploying AI). Future posts in this series will engage in a broader discussion of AI and privacy concerns. Financial institutions’ use of AI is also subject to consumer protection, competition and human rights legislation.
Multiple regulators, including the Office of the Superintendent of Financial Institutions (“OSFI”), the Financial Consumer Agency of Canada (“FCAC”), and the Financial Transactions and Reports Analysis Centre of Canada (“FINTRAC”) play important roles in regulating banks and financial services institutions. Many banking-adjacent activities are regulated provincially (including, for example, by securities regulators) and as a result, financial services institutions may come under provincial regulation when engaging in provincially-regulated fields, such as insurance and securities.
As a result, the current regulatory landscape governing the use of AI by in the financial services industry is a broad patchwork of laws and regulations. Some examples of the regulatory initiatives and constraints of Canadian regulators currently impacting the use of AI in the financial sector are described below.
On September 24, 2015, the Canadian Securities Administrators (“CSA”), the umbrella organization of Canada’s provincial securities regulators, published CSA Staff Notice 31-342: Guidance for Portfolio Managers Regarding Online Advice (“CSA Notice 31-342”). See our previous blog outlining the CSA Notice 31-342, here. Among other things, CSA Notice 31-342 provides guidance for online advisors and suggests that Canadian securities regulators view online advisors as online platforms through which a human portfolio manager can provide investment services, stand-alone wealth management services.
OSFI’s Guideline E-23: Enterprise-Wide Model Risk Management for Deposit-Taking Institutions (“GuidelineE-23”) places the onus on federally-regulated financial institutions to develop their own sets of risk management policies and procedures (including, arguably, in relation to uses of AI) and indicates that such models should be reviewed regularly to evaluate their performance. OSFI has signaled a forthcoming revised model risk guideline (referenced further below).
In 2019, in collaboration with Accenture, the Investment Industry Regulatory Organization of Canada (“IIROC”) published its report on the state of wealth management in Canada, “Enabling the Evolution of Advice in Canada,” prepared through consultation with the CSA and other industry stakeholders. The report canvassed many of the new business models being implemented by financial services firms, made recommendations for regulatory shifts and identified some of the factors that remain unknown as firms continue to embrace an AI-driven approach to wealth management.
In September 2020, OSFI released Developing financial sector resilience in a digital world: Selected themes in technology and related risks. See our previous blog outlining this discussion paper, here. Among other things, the paper noted that the use of AI and ML present new opportunities and risks that should be approached with soundness, explainability and accountability. Further, the paper signaled OSFI’s interest in collaborating with stakeholders to develop guidance that balances the “safety and soundness” of the Canadian financial sector against the needs of the sector to innovate.
In its 2020-2021 Annual Report, OSFI stated that AI and ML are “expected to increase in importance both in terms of advancing [model risk managing] frameworks and in enhancing or creating new products and services.” OSFI is focused on developing additional principles “to address emerging risks” resulting from the use of AI and ML and anticipates publishing an industry letter on advanced analytics in 2022, as well as revised model risk guidelines in 2022-2023.
In July 2021, the Ontario Securities Commission, British Columbia Securities Commission, Autorité des Marchés Financiers, and Alberta Securities Commission, following the CSA’s launch of its Regulatory Sandbox in 2017, (which, at its inception cited “business models using artificial intelligence for trades or recommendations” as an example of eligible sandbox candidates), jointly announced the selection of Bedrock AI Inc. to support the Cross-Border Testing initiative, a project involving 23 regulators across five continents. This marked an important step by the securities regulators towards broader adoption of AI in their oversight processes.
Current Trends and Uses of AI
Banking in Canada, although now largely digital in operation, continues to involve many human-based processes. The following are some examples of how AI is being used in the industry to mitigate against the potential for human error, increase security and efficiencies, and adapt to the needs of the modern customer.
- General and Predictive Analysis
Financial services institutions are developing AI models that are capable of analyzing large amounts of data to identify market trends, prioritize risks and monitor them accordingly. These AI models are used to detect specific patterns and correlations in the data collected, which can in turn be used identify new sales opportunities or assist with revenue forecasting, stock price predictions and risk management.
- Fraud Detection
Financial services institutions have traditionally relied on “know your customer” (“KYC”) requirements and rule-based anti-money laundering (“AML”) monitoring systems to protect against fraud. With the increase in fraud-related crimes and consistently changing fraud patterns, financial services organizations and regulators are applying AI to existing fraud-detection systems, to identify data anomalies, patterns and suspicious relationships between individuals and entities that previously went undetected. By looking at customer behaviours and patterns instead of specific rules, proactive AI-based systems represent a significant transition away from more traditional, reactive approaches to fraud detection.
Chatbots are one of the most commonly used applications of AI across industries and have been embraced by many financial services organizations. Chatbots can take different forms, most frequently serving as a “virtual assistant”, are available 24/7, and can handle many standard banking tasks and inquiries that previously necessitated person-to-person interaction. To the extent that chatbots collect personal information or provide financial advice, their activities are likely to be subject to regulatory scrutiny.
- Loan and Credit Decisions
Many financial services institutions continue to rely on credit scores, credit history, customer references and banking transactions to determine whether or not an individual or entity is creditworthy. However, these credit reporting systems often miss real-world transaction history and other information that impacts creditworthiness. As a result, financial services institutions have implemented AI-based systems to help make more informed, safer and profitable loan and credit decisions. In addition to working off of available data, AI-based loan decision systems and ML algorithms can look at behaviours, patterns and other data to predict the probability of default, which helps to improve the accuracy of credit decisions.
However, AI-based loan and credit applications can suffer from bias-related issues similar to those made by their human counterparts, a challenge discussed further below.
In simple terms, a robo-adviser attempts to understand a customer’s financial circumstances by analyzing data shared by the customer, as well as their financial history. Based on this data and the customers’ goals, a robo-adviser can provide appropriate investment recommendations (including with regard to specific account options, asset holdings and balancing options). Capable of quickly analyzing current and historical market trends, AI and ML are now being applied across the investing and wealth management industry.
Canadian regulators have not yet paved the way for fully-automated robo-advisers, and as a result, they do not yet exist in Canada in the same form as in the United States and other countries. As a result of regulatory guidance like CSA Notice 31-342, online advisers are still required to: (a) fulfill the same registration and conduct requirements as regular portfolio managers, including know-your-client (“KYC”) and suitability obligations, and (b) ensure that their clients have the possibility to interact with a human advising representative (“AR”) during the on-boarding process either “by telephone, video link, email or internet chat”.
Any robo-advising currently operating in Canada uses a “hybrid” model in which an online platform is used for efficiency, but decision-making is ultimately left to an AR. An AR’s review of robo-adviser-generated advice is, among other things, to ensure that: (a) the investor profile generated by the algorithm corresponds to the client’s KYC information, and (b) the model portfolio recommended by the algorithm is suitable for the client. This ultimately places the responsibility of fulfilling the KYC and suitability obligations on the AR, rather than the online adviser. In order to ensure continued compliance with KYC and suitability obligations, online advisers’ systems should prompt a client to update their personal information online at least annually or when a material change in their financial circumstances has occurred so that the software can re-determine the suitability of that client’s portfolio. As with the initial advice generated by the algorithm, an AR has to review any new advice or changes to the initial advice before it is presented to the client. As online advisers expand their client-base, they must continually hire ARs to provide adequate services to their clients and comply with all the regulatory requirements, including the review of all financial advice.
As a result of this hybrid approach, securities regulators have only registered online advisers with relatively simple business models and portfolios, which are easy to understand by investors with average financial literacy. As the sophistication and potential for fuller automation of robo-advisers is enhanced, so too will their ability to better predict investor behavior and market conditions. Canada’s investment regulators continue to monitor and respond to these shifts. Careful attention should continue to be paid to their approach moving forward.
Regulatory technology (“RegTech”) has been cited by the Financial Stability Board (“FSB”) as an important area of innovation, involving the application of financial technology for regulatory and compliance requirements and reporting by regulated institutions. See our previous blog summarizing the opportunities and challenges described by the FSB’s 2020 report on the use of RegTech and supervisory technology (“SupTech”) by FSB members, including OSFI, here.
RegTech is being used by financial regulators and institutions to manage and respond to changes in the financial regulatory environment and to reduce the costs around compliance (including in relation to ensuring minimum regulatory standards are met). As technology-driven regulatory changes continue to occur across jurisdictions, RegTech compliance frameworks can help financial organizations ensure that they are meeting shifting requirements. See our previous blog, describing advancements in the Canadian and Australian RegTech ecosystems, here.
In February 2020, the Ontario Securities Commission (the “OSC”) established the Capital Markets Modernization Task Force (the “Task Force”) to implement initiatives to modernize Ontario’s capital markets regulation. In January 2021, the OSC released the Task Force’s report, which, among other things, considered the potential use of RegTech in the OSC’s regulation of Ontario’s capital markets. The Task Force recommended that the Innovation Officer “should consider how RegTech solutions, such as automated compliance tools, can benefit market participants and the OSC.” The Task Force’s recommendations focused on RegTech that would reduce the regulatory burden, such as assisting with onboarding clients, fulfilling KYC obligations and conducting suitability assessments. The OSC further committed to its goal of incorporating RegTech in OSC Notice 11-794 – 2022-2023 Statement of Priorities, wherein the OSC set out an action item to develop an OSC strategy to consider RegTech solutions.
FINTRAC has also started to enable the use of RegTech, particularly with respect to KYC requirements. Digital identities, along with verification technologies, enable faster and more accurate customer validation and verification for streamlined KYC processes. Recent amendments have been made to the Proceeds of Crime (Money Laundering) and Terrorist Financing Act regulations to make online identification easier.
Risks and Challenges
Embracing AI comes with certain risks and challenges. Financial services institutions should ensure that their implementation of AI systems aligns not only with the developing regulatory regime, but also with their existing ethics and bias practices. The following are key concerns that have, and should continue to, guide the development of financial AI tools and applications.
AI models are necessarily subject to the biases and assumptions of the humans who developed them. As the performance and fairness of any AI model turns on the accuracy and diversity of its subject data, steps should be taken to ensure that data remains precise and representative of the targeted population. The presence of any bias can be magnified when a model is deployed, sometimes with troubling results.
Including as identified in Guideline E-23, once an AI model is used by a financial services institution, it must be continuously updated to accommodate new facts and ensure that its decisions are made fairly.
- Fairness and Transparency
Financial services institutions and organizations operate under regulations that may require them to issue explanations for their credit-issuing decisions to potential customers. Notably, in a 2019 submission to the Department of Finance, the Office of the Privacy Commissioner of Canada cited the use of big data analytics and artificial intelligence in the financial technology realm as an area “requiring more attention,” particularly with regard to transparency, accountability and individuals’ ability to obtain access to their information.
Whether a financial service is required to provide an explanation for a decision, and the degree of detail required to be included with that explanation, is context-specific. As a result, financial services institutions should ensure their AI tools provide appropriate levels of opacity in their decision-making processes.
In addition to complying with regulations, financial services institutions must be mindful of customer trust when using AI tools. For example, if a financial services institution deploys a chatbot that makes mistakes or continually misunderstands the customers’ questions, customers will lose trust in the technology and the financial services institution will no longer receive the benefits associated with using the technology.
Financial services firms that invest in AI systems stand to gain advantages in the market, improve customer satisfaction and enhance their financial performance at the expense of those that fail to innovate with AI. However, careful attention should be paid to ensure that AI-powered applications and tools are developed with the ever-evolving legal and regulatory AI landscape in mind.
Stay tuned for further McCarthy Tétrault publications on this subject.
To learn more about how our Cyber/Data Group can help you navigate the AI, data and privacy landscape, click here and for more information about our firm's Fintech expertise, please see our Fintech group page.
The Personal Information Protection and Electronic Documents Act, SC 2000, c 5. An example of “substantially similar” provincial privacy legislation is Québec’s Act Respecting the Protection of Personal Information in the Private Sector, CQLR c P-39.1 s 20, which was recently amended by Bill 64 and now provides individuals with rights relating to automated decision making. See our blog series on Bill 64 here.
 CSA Staff Notice 31-342.
 CSA Staff Notice 31-342.
Proceeds of Crime (Money Laundering) and Terrorist Financing Act, SC 2000, c 17.
- AI and its Role in the Anne Frank Cold Case
- An AI a Day Keeps the Doctor Away?: Regulating Artificial Intelligence in Healthcare
- Considerations and Risks of AI in Employment Decisions
- Could AI get you sued? Artificial intelligence and litigation risk
- AI and Patent Law: Can AI Be an “Inventor”?
- Arbitration and AI – friends or foes?