Learn more about our comprehensive legal services.
Advising our clients on different opportunities and challenges of the industry.
Developing a unique culture, which blends traditional client care with modern technology and working practices since 1851.
Stay up to date on the latest news and legal insights.
News & Insights
Authored by: Isabella Wong
The Securities and Futures Commission (SFC) has issued a circular for licensed corporations using generative artificial intelligence language models (AI LMs). Effective 12 November 2024, licensed corporations must comply with specific notification, senior management and risk management requirements as set out in the circular when adopting AI LMs for their regulated business activities. These requirements can be distilled into the following steps that licensed corporations need to address for use of AI LMs.
1. Identify high-risk use case and notify the SFC
Licensed corporations should consider the use cases for AI LMs before adoption. Utilizing AI LMs to provide investment recommendations, advice, or research to investors or clients is considered a “high-risk use case” by the SFC. This type of usage would be viewed as a significant change to the nature of business and services offered by a licensed corporation, triggering a mandatory notification to the SFC within 7 business days of implementation. The SFC encourages licensed corporations to discuss their plans for high-risk use cases involving AI LMs with the SFC.
2. Engage senior management to prepare for the expanded responsibilities
Senior management of a licensed corporation using AI LMs for regulated activities should aware the risks and limitations of the AI LM and its input data, to ensure the deployed model is fit for purpose given those considerations. Senior management responsibilities could expand to the (i) design, implementation, customization, training, testing, and calibration (Model Development) and (ii) validation, approval, ongoing review and monitoring, use, and decommissioning (Model Management) of the AI LMs. Senior management need to ensure that throughout the lifecycle of Model Development and Model Management, the licensed corporation would implement:
An effective governance framework should identify high-risk use cases, considering potential adverse client impact if the AI LM’s output is inaccurate or inappropriate. This requires responsible staff from the business, risk, compliance, and technology functions who have relevant knowledge, experience or qualification in AI, data science, model risk management, and domain expertise to manage the licensed corporation’s adoption and implementation of AI LMs, along with legal and compliance personnel assessing the legal and compliance risks.
3. Enhance risk management controls
Licensed corporations can adopt a risk-based approach to implement controls commensurate with the materiality of the impact and level of risks presented by the specific use cases for AI LMs. Below is a high-level matrix outlining the SFC’s risk management expectations for the use of AI LMs across different aspects:
Subscribe to Publications
Sign up for our regular updates covering the latest legal developments, regulations and case law.