The Hong Kong Monetary Authority (HKMA) has released new guidelines for authorised institutions regarding the use of generative artificial intelligence (Gen AI) in customer-facing applications, emphasizing consumer protection.
This update builds upon the 2019 principles on Big Data Analytics and Artificial Intelligence (BDAI), focusing on governance, fairness, transparency, and data privacy.
As interest in Gen AI grows within the banking sector, particularly for applications such as chatbots and personalised services, the HKMA stresses that these technologies could have significant consumer protection implications.
While current adoption is in its early stages, primarily improving operational efficiency, the potential for broader use in customer-facing activities is clear.
Alan Au, Executive Director for Banking Conduct at HKMA wrote in a circular,
“Gen AI, being a subfield of BDAI, basically shares a set of similar risk dimensions. As such, with respect to consumer protection in customer-facing applications, the HKMA expects all authorised institutions to apply and extend the 2019 BDAI Guiding Principles to the use of Gen AI and continue to adopt a risk-based approach commensurate with the risks involved.
Having said that, since Gen AI uses complex models, potential risks such as lack of explainability and hallucination (i.e. generating outputs that seem realistic but are factually incorrect, incomplete, lack important information, or lack relevance to the context) could cause even more significant impact on customers.”
To address these concerns, the HKMA has outlined additional principles under the four key areas to ensure adequate safeguards.
Banks’ boards and senior management must remain accountable for Gen AI-driven decisions, ensuring that the scope of Gen AI applications is clearly defined.
They are expected to develop responsible use policies and implement proper validation of Gen AI models, particularly through a “human-in-the-loop” approach during early deployment to ensure outputs are accurate and not misleading.
Fairness in Gen AI models is also crucial, with institutions required to avoid bias and ensure ethical outcomes.
Customers should be provided with the option to opt out of Gen AI-driven decisions or seek human intervention where necessary.
If opting out is not feasible, banks should offer channels for customers to request reviews of Gen AI-generated decisions.
Transparency is essential, and banks must clearly communicate the use, purpose, and limitations of Gen AI to customers.
Additionally, strong data protection measures must be in place, complying with the Personal Data (Privacy) Ordinance and guidelines from the Privacy Commissioner.
The HKMA also encourages banks to explore using Gen AI to enhance consumer protection, such as identifying vulnerable customers or issuing fraud alerts for high-risk transactions.
Featured image credit: Edited from Freepik