BSP urges banks, nonbanks to tailor AI safeguards against bias, cyber risks
By Derco Rosal
At A Glance
- As artificial intelligence (AI) becomes more deeply embedded in financial operations, the Bangko Sentral ng Pilipinas (BSP) has urged banks and non-banks to establish tailored governance frameworks to protect the financial system from data privacy breaches, algorithmic bias, and operational risks.
As artificial intelligence (AI) becomes more deeply embedded in financial operations, the Bangko Sentral ng Pilipinas (BSP) has urged banks and nonbanks to establish tailored governance frameworks to protect the financial system from data privacy breaches, algorithmic bias, and operational risks.
According to a memorandum issued by the central bank, all BSP-supervised financial institutions (BSFIs) are encouraged to formulate “their own AI governance policies and risk management frameworks” by following the governance principles for AI outlined in the BSP’s guidance paper.
Given the varying levels of technological adoption across the industry, BSP Deputy Governor Lyn I. Javier stressed that institutions should tailor their frameworks to their profile and category.
“Governance and risk management should be proportionate to the nature, extent, scale, complexity, and materiality of their AI systems, as well as the institution’s overall operational complexity and risk profile,” Javier said.
This principle-based approach ensures that smaller entities are not overburdened while larger lenders maintain rigorous standards commensurate with their technological footprint.
Per the memorandum, the BSP encourages BSFIs to use the STARS framework, an acronym for five core pillars: sustainability, transparency, accountability, responsibility, and security. The framework seeks to promote “sound AI governance across the financial sector.”
Under the transparency pillar, “relevant and necessary information must be readily available and tailored to the knowledge and expertise of intended users or stakeholders,” the BSP said. This is designed to prevent “blind reliance” on algorithms by ensuring that users can understand “how” and “why” a recommendation was made.
On the issue of accountability, the regulator takes a firm stance on the role of human personnel, noting the necessity of keeping humans in the loop.
“While AI systems provide recommendations, humans are ultimately accountable for decisions made. The output of AI systems should not replace or diminish human responsibility,” the BSP asserted.
To enforce this, BSFIs are expected to establish robust guardrails that integrate human oversight throughout the AI system lifecycle.
Further, the BSP pointed out the dangers of unchecked automation. “Without clear guidelines and safeguards, AI systems may perpetuate biases, leading to unfair practices and the exclusion of individuals from access to financial products and services.”
To mitigate this, institutions must ensure their AI systems are designed in a manner that prevents “unfair practices or potential harm” to everyday users, BSFIs, and the broader financial ecosystem.
Technical security should also be among the priorities, with rigorous cybersecurity and data quality controls recommended. In particular, the BSP pointed to the need for defenses against “adversarial attacks and data poisoning” to preserve the integrity of financial models.
While the principles presented in the memorandum are classified as “non-binding,” and institutions are not mandated to comply, the issuance still signals a clear regulatory direction.
Looking ahead, the BSP committed to continuing to monitor AI-related developments in the financial system, adding that, if necessary, it could issue “appropriate regulations or policies to foster innovation and preserve the stability and competitiveness of the financial system.”