Hong Kong: SFC Issues Guidelines for Safe Use of AI Models in Financial Firms

The Securities and Futures Commission (SFC) in Hong Kong has issued new guidelines to financial firms on how to responsibly use generative AI language models (GenAI LMs). These AI-powered tools are popular for improving services and streamlining operations, but the SFC warns that they can also pose risks, such as giving inaccurate or biased information, being unreliable, or even increasing the chances of cyberattacks and data breaches.

The SFC’s circular, released on November 12, 2024, applies to any licensed corporation (LC) using GenAI, whether the AI model is developed internally, by a group company, a third party, or from open sources.

Core Principles for AI Use

To help firms manage AI risks, the SFC outlined four core principles for responsible AI use:

1. Senior Management Responsibility: Leaders must oversee AI tools throughout their lifecycle, ensuring policies and controls are in place.

2. AI Model Risk Management: Firms should conduct thorough testing and validation before using AI models and regularly review them, especially if there are major changes. Risk reduction measures should also be applied as needed.

3. Cybersecurity and Data Protection: Financial firms should have policies to protect AI systems from cyber threats and ensure secure handling of sensitive data.

4. Third-Party Provider Management: Firms should carefully vet and monitor any third-party AI providers to ensure they have the necessary expertise, resources, and safeguards.

Notification Requirements

Financial firms must notify the SFC if they use GenAI in high-risk areas. They are also expected to discuss any plans for AI adoption with the SFC early in the process to avoid regulatory issues.

These guidelines take immediate effect, and financial firms are advised to review their policies and practices to ensure compliance. For more details, you can access the full circular on the SFC’s website - here