Opening Statement of Commissioner Kristin N. Johnson Before the Market Risk Advisory Committee Future of Finance Subcommittee Meeting
March 15, 2024
Good morning. It is my pleasure to welcome you to the Market Risk Advisory Committee’s (MRAC) Future of Finance (FoF) Subcommittee meeting.
The Promise and Peril of AI
Increasingly, diverse industries and sectors of our economy identify opportunities to integrate aspects of the assemblage of technologies that we commonly describe as artificial intelligence or AI technologies. AI enables doctors to diagnose and map diseases earlier, faster, and with greater accuracy than ever before in the history of medicine.[1] Farmers who cultivate crops that feed our nation may integrate AI to better manage access to vital resources such as freshwater, enabling more efficient irrigation, fertilization, and crop rotation leading to more sustainable farming.
In our markets, AI offers similar efficiencies for faster trade execution and settlement, more accurate pricing prediction, and more precise risk management oversight.[2] Markets have witnessed increased adoption of AI including AI-driven investment advising, trade execution, risk management, and market surveillance.[3]
Notwithstanding this promise, we must account for the potential perils of integrating innovation without proper guardrails. A few years ago, a branch manager of a Japanese company in Hong Kong received a call from the director of his parent business.[4] The instructions delivered during the call indicated that, in connection with a pending acquisition, the bank employee should transfer $35 million to a designated account. Having received emails confirming the legitimacy of the transaction, and because he spoke with the director by phone often and recognized his voice, the branch manager kindly obliged, followed the instructions, and transferred the funds. The calls and emails were deep fakes that relied on, among other technologies, AI voice-cloning technology and the transfer was an Oceans-Eleven style scam.
As this final use case illustrates, the ability of machines or more specifically supervised and unsupervised machine learning algorithms to process vast quantities of data to address disease, water management, or food scarcity is only part of the story.
Regulators have identified notable concerns regarding the development, testing, and deployment of AI.[5] Multiple standard setting authorities note the need for increased oversight regarding “governance, development, testing, monitoring, data quality and bias, transparency and explainability, outsourcing; and ethical concerns.”[6]
As a primary concern, it is imperative to increase market and prudential regulators’ understanding of how the underlying technology operates, the integrity of the inputs that it relies upon, the potential for neutral technologies to engender biased outcomes, and legal obligations to ensure that outcomes comply with principles of fairness and transparency.
Regulatory Responses
In October 2022, the White House Office of Science and Technology Policy published The Blueprint for an AI Bill of Rights (“AI Bill of Rights”) to “support the development of policies and practices that protect civil rights and promote democratic values” in the development of artificial intelligence systems.[7] The White House engaged in significant collaboration with the public through panel discussions, public listening sessions, requests for information, and other informal means of engagement prior to publication to help guide the drafting of the AI Bill of Rights. Though it is non-binding, the AI Bill of Rights offers guidance to the American public on how to safely and responsibly deploy AI.The AI Bill of Rights outlines five key principles to guide the use and regulation of AI. These principles involve: (1) protection from unsafe and ineffective systems; (2) avoiding algorithmic discrimination; (3) data privacy protection; (4) notice and explanation and (5) opportunities to opt out and access to humans who can consider and remedy problems.
AI Safety Institute
At the end of last year, the Biden Administration announced the creation of an AI Safety Institute, housed within the Commerce Department, which will be established within NIST, the National Institute of Standards and Technology.[8] NIST was founded in 1901 and is one of the nation’s oldest physical science laboratories. Congress established NIST to “promote U.S. innovation and industrial competitiveness by advancing measurement science, standards, and technology.”[9]
The AI Institute will “operationalize” NIST’s existing AI Risk Management Framework to “create guidelines, tools, benchmarks, and best practices for evaluating and mitigating dangerous capabilities and conducting evaluations including red-teaming to identify and mitigate AI risk.”[10] These guidelines will include “technical guidance that will be used by regulators considering rulemaking and enforcement on issues such as authenticating content created by humans, watermarking AI-generated content, identifying and mitigating against harmful algorithmic discrimination, ensuring transparency, and enabling adoption of privacy-preserving AI.”[11]
To support the AI Institute, NIST announced this month the creation of the AI Safety Institute Consortium, which will gather together hundreds of stakeholder organizations across the public and private sectors to “develop science-based and empirically backed guidelines and standards for AI measurement and policy, laying the foundation for AI safety across the world.”[12] The Consortium members will contribute work in areas such as developing guidelines for identifying and evaluating AI capabilities, with a focus on capabilities that could potentially cause harm and developing tools, methods, protocols for the testing and development of AI, among several other planned workstreams.[13]
We are not alone in our efforts to ensure responsible innovation. International standard setting authorities and other market and prudential regulators have outlined similar principles.
Domestic and International Standards—A Principles-Based Framework
As early as 2017, the Financial Stability Board (FSB) issued a report on market developments related to AI and the financial stability implications. The Financial Stability Oversight Council (FSOC) and the Financial Industry Regulatory Authority (FINRA) have published recommendations that offer guidelines for governing AI.
More recently, the International Organization of Securities Commissions issued a report following a consultation on the use of AI by market intermediaries. These efforts include a number of common threads, suggesting that, while many questions remain, there are important areas of consensus regarding the right approach to AI in financial markets. A few of these commonalities include:
- A focus on the governance of AI models. FSOC “recommends monitoring the rapid developments in AI, including generative AI, to ensure that oversight structures keep up with or stay ahead of emerging risks to the financial system while facilitating efficiency and innovation.”[14] “Regulators should consider requiring firms to have designated senior management responsible for the oversight of the development, testing, deployment, monitoring and controls of AI and [machine learning]. This includes a documented internal governance framework, with clear lines of accountability.”[15]
CFTC regulations, for example, introduce important governance obligations for registered market participants. Designated Clearing Organizations must establish a Risk Management Committee “comprised of clearing members and customers of clearing members on matters that could materially affect the risk profile of the DCO” and Risk Management Working Groups composed of market participants.[16] Enhanced risk management oversight and governance best practices will play an important role in managing the development and implementation of this new technology. - Promoting the explainability of AI models. Many AI models are “black-box” models, meaning that it may be difficult and in some cases impossible, to explain their decision-making processes. Accordingly, FSOC, IOSCO, the FSB, and FINRA have all emphasized the importance of addressing the explainability challenge.[17] As FINRA explains put it, [i]ncorporating explainability as a key consideration in the model risk management process for AI-based applications.”[18]
- The need for data controls. Data quality, security and privacy are central concerns for regulators as market participants adopt AI models. FSOC recent report notes, “data controls like data quality, suitability, security, privacy, and timeliness are vital to sound AI use.”[19] Similarly, FINRA calls for “data governance efforts” including: “data review for potential bias,” “data source verification,” “data integration,” “data security,” and “data quality benchmarks and metrics.”[20]
- Implementing measures to address bias. In 2019, I testified before Congress and voiced my concerns that AI models trained on incomplete or inaccurate data may engender biased results. The White House AI Bill of Rights appropriate emphasizes the need to ensure fairness and guard against bias. In its report, FSOC notes that “specific requirements to prevent discrimination or bias that apply to tools, models, or processes used in consumer compliance also apply to AI. This is an important consideration because without proper design, testing, and controls, AI can lead to disparate outcomes, which may cause direct consumer harm and/or raise consumer compliance risks.”[21]
- Testing and monitoring output. Protecting against bias, promoting explainability, and implementing governance strategies are only possible where models are properly tested and monitored. FSOC, IOSCO, the FSB, and FINRA have each emphasized the importance of testing. FSOC notes the responsibility of financial institutions to “monitor the quality and applicability of AI’s output” – the ability of regulators to “help to ensure that they do so.”[22] Similarly, the FSB recognizes the importance of “[a]ssessing AI and machine learning applications for risks, including adherence to any relevant protocols regarding data privacy, conduct risks, and cybersecurity.”[23] Existing approaches to issues like cybersecurity offer some guidance. Last year, in a statement regarding a proposed cyber resilience rulemaking, I noted the importance of comprehensive regulation in this area, including regulations that capture mission-critical third-party service providers.[24] Model testing and oversight, which concerns cybersecurity, and much more, must similarly be comprehensive in the parties and the issues that it captures.
Five years ago, I began to convene and participate in convenings of AI developers, adopters, academics, government and industry researchers and regulators and public interest organizations. In 2020, a co-author and I received invitations to publish two books, one of which examines the ethical implications of AI across diverse sectors of our society. In two recent speeches, a speech last month before the New York Bar Association and a speech at Japanese Fintech Week in Tokyo, Japan, I have advocated for the CFTC to begin to identify best practices for integrating AI in our markets.
I have advocated for greater visibility and transparency regarding our registrants’ use of AI by expanding our annual systems examination questionnaire to incorporate questions that directly inquire about the adoption of AI and related risks.
I have also advocated for the development of a principles-based framework. In consultation with members of this working group of the Market Risk Advisory committee, I look forward to exploring a principles-based regulatory framework that underscores intelligibility, risk management, compliance, oversight, market responsibility, notice, and explainability.
I have advocated for the Commission to consider introducing heightened penalties for those who intentionally use AI technologies to engage in fraud, market manipulation, or the evasion of our regulations.
Finally, the Commission should lead in creating an inter-agency task force focused on information sharing and composed of market and prudential regulators including the CFTC, SEC, Federal Reserve System, OCC, CFPB, FDIC, FHFA, and NCUA.
The task force would support the AI Safety Institute in developing guidelines, tools, benchmarks, and best practices for the use and regulation of AI in the financial services industry. The task force may provide recommendations to the AI Safety Institute as well as evaluate proposals coming out of the Institute.
We are fortunate to have Jessica Reiner, MRAC Member and Future of Finance Subcommittee Member and Managing Director and Head of Digital Finance at the Institute of International Finance (one of the institutions that will help advance the development and deployment of safe, trustworthy AI under the AI Safety Institute.
Today’s Subcommittee Meeting
Today’s meeting represents an important part of this work. I am excited about each of our panels and speakers. We will hear from several panels of invited guests from across the public and private sectors discussing the following four topics:
- AI in Financial Markets Today;
- Current Financial Markets Rules Are Implicated by AI;
- AI-Related Risks;
- What We Anticipate in the Near Future.
Alessandro Cocco, Vice President in the Financial Markets Group at the Federal Reserve Bank of Chicago, on detail at the U.S. Department of the Treasury will lead our first panel - AI in Financial Markets Today; this panel includes:
- David Palmer, Senior Supervisory Financial Analyst, Division of Banking Supervision and Regulation at the Federal Reserve Board of Governors;
- Kevin Werbach, Liem Sioe Liong, First Pacific Company Professor and Chair of the Department of Legal Studies and Business Ethics at The Wharton School, The University of Pennsylvania;
- Jessica Renier, Managing Director and Head of Digital Finance, Institute of International Finance; and
- Lisa Schirf, Managing Director, Global Head of Data and Analytics, Tradeweb.
The panel will discuss use cases for this technology its interaction with financial markets, as well as market structure and characteristics.
Petal Walker, former counsel to CFTC Commissioner Sharon Bowen and current Member of the Advisory Board of Liquidity Lock Global Markets, will moderate a panel discussing Current Financial Markets Rules Are Implicated by AI.
The panel will feature:
- Jason Harrell, Managing Director, Operational and Technology Risk and Head of External Engagement, Depository Trust & Clearing Corporation;
- David Felsenthal, Counsel to CFTC Chairman Rostin Behnam, Commodity Futures Trading Commission; and
- Chen Arad, Co-founder & Chief External Affairs Officer, Solidus Labs, Inc.
The panel will engage in conversation on the state of regulatory engagement with AI.
Rebecca Rettig, Chief Legal and Policy Officer, Polygon Labs will moderate a panel discussing AI-Related Risks. Panelists include:
- Yesha Yadav, Professor of Law, Milton R. Underwood Chair and Associate Dean, Vanderbilt Law School;
- Pauline Kim, Daniel Noyes Kirby Professor of Law, Washington University in St. Louis;
- Tamika Bent, Chief Counsel to Commissioner Kristin Johnson, Commodity Futures Trading Commission; and
- Dr. Eammon Hart, PhD, Mathematics, Drexel University.
The panel will discuss the risks attendant to the use of AI technology.
Finally, Gary Kalbaugh, Deputy General Counsel and Director, ING Financial Holdings Corp. will moderate a panel discussing What We Anticipate in the Near Future.
Panelists include:
- Purvi Maniar, General Counsel, FalconX Holdings Ltd.;
- Natalie Tynan, Associate General Counsel, Head of Technology Documentation Strategy, Futures Industry Association, Inc.; and
- Robert Mahari, Doctoral Candidate, Harvard Law School and the MIT Media Lab.
The panel will discuss what may be on the horizon for AI use and potential responses by both regulators and market participants.
I would like to express my appreciation to our MRAC Chair Alicia Crighton, my staff, including Julia Welch, ADFO for the FOF Subcommittee, Tamika Bent and Peter Janowski, DFO and ADFO for MRAC and Rebecca Lewis ADFO for two other MRAC Subcommittees as well as each of the moderators, panelists and committee members for their presence today and their continued work in these areas. I look forward to today’s important discussions.
[1]Commissioner Kristin Johnson, Building A Regulatory Framework for AI in Financial Markets: Regulating AI in Financial Markets New York City Bar Association: Emerging Technology Symposium (Feb. 23, 2024), https://www.cftc.gov/PressRoom/SpeechesTestimony/opajohnson10; Commissioner Kristin Johnson, Artificial Intelligence and the Future of Financial Markets, Manuel F. Cohen Lecture, George Washington University Law School (Oct. 17, 2023), https://www.cftc.gov/PressRoom/SpeechesTestimony/opajohnson7b.
[2] Kristin N. Johnson & Carla L. Reyes, Exploring the Implications of Artificial Intelligence, 8 J. Int'l & Comp. L. 315, 315 (2021).
[3] Id.
[4] Thomas Brewster, Fraudsters Cloned Company Director’s Voice In $35 Million Heist, Police Find, Forbes (Oct 14, 2021), https://www.forbes.com/sites/thomasbrewster/2021/10/14/huge-bank-fraud-uses-deep-fake-voice-tech-to-steal-millions/.
[5] Int’l Org. of Sec. Comm’ns Bd., The Use of Artificial Intelligence and Machine Learning by Market Intermediaries and Asset Managers 17 (2021), https://www.iosco.org/library/pubdocs/pdf/IOSCOPD684.pdf (IOSCO Report)
[6] Id.
[7] The Blueprint for an AI Bill of Rights: Making Automated Systems Work for the American People, White House Off. of Sci. & Tech. Pol’y 2 (2022), https://www.whitehouse.gov/wp-content/uploads/2022/10/Blueprint-for-an-AI-Bill-of-Rights.pdf.
[8]Press Release, FACT SHEET: Vice President Harris Announces New U.S. Initiatives to Advance the Safe and Responsible Use of Artificial Intelligence, White House (Nov. 1, 2023), https://www.whitehouse.gov/briefing-room/statements-releases/2023/11/01/fact-sheet-vice-president-harris-announces-new-u-s-initiatives-to-advance-the-safe-and-responsible-use-of-artificial-intelligence/.
[9] About NIST, NIST.gov, https://www.nist.gov/about-nist (last visited Feb. 23, 2024).
[11] Id.
[13] Id.
[14] Financial Stability Oversight Council. 2023 Annual Report. Washington, D.C.: Council, December 14, 2023. https://home.treasury.gov/system/files/261/FSOC2023AnnualReport.pdf.
[15] Report at 17, supra.
[16] 88 Fed. Reg. 44675, 44675.
[17] Financial Stability Oversight Council 2023 Annual Report at 92, supra.
[18] The Financial Industry regulatory Authority (FINRA), Report on Artificial Intelligence (AI) in the Securities Industry, June 2020, https://www.finra.org/sites/default/files/2020-06/ai-report-061020.pdf.
[19] Financial Stability Oversight Council 2023 Annual Report at 92, supra.
[20] FINRA Report, supra.
[21] Financial Stability Oversight Council 2023 Annual Report at 92, supra.
[22] Id.
[23] Financial Stability Board, Artificial intelligence and machine learning in financial services: Market developments and financial stability implications at 34, https://www.fsb.org/wp-content/uploads/P011117.pdf.
[24] Kristin N. Johnson, Commissioner, CFTC, Statement Regarding the CFTC’s Notice of Proposed Rulemaking on Operational Resilience Program for FCMs, SDs, and MSPs (Dec. 18, 2023), https://www.cftc.gov/PressRoom/SpeechesTestimony/johnsonstatement121823.
-CFTC-