Responsible AI

What EY can do for you

Interest in AI has been soaring in recent years and many financial institutions have moved from proof of concept into productive use of AI applications. As EY we see stakeholder trust in applications as being paramount to realizing the full benefits of using AI. That’s why we developed our Trusted AI Framework, based on five key characteristics of a trusted AI system:

These key characteristics guide our work and are as follows:

1. Transparent : From the outset, end users must know and understand when they are interacting with AI. They must be given appropriate notification and be provided with an opportunity to a) select their level of interaction and b) give (or refuse) informed consent for any data captured and used.
   
   
2. Explainable: The concept of explainability is growing in influence and importance in the AI discipline. Simply put, it means the organization should be able to clearly explain the AI system; that is, the system shouldn’t outpace the ability of humans to explain its training and learning methods, as well as the decision criteria it uses. These criteria should be documented and readily available for human operators to review, challenge and validate throughout the AI system as it continues to “learn”.
   
   
3. Unbiased: Inherent bias in AI may be inadvertent, but they can be highly damaging both to AI outcomes and trust in the system. Bias may be rooted in the composition of the development team, or the data and training/learning methods, or elsewhere in the design and implementation process. This bias must be identified and addressed along the entire AI design chain.
   
   
4. Resilient: The data used by the AI system and the algorithms themselves must be secured against the evolving threats of unauthorized access, corruption and attack.
   
   
5. Performant: The AI’s outcomes should be aligned with stakeholder expectations and perform at a desired level of precision and consistency.

To help you achieve this, we assess your framework against the applicable regulations, set up suitable governance, processes and policies and look into the technical implementation. We leverage the right blend of technical, regulatory and risk management capabilities to stay focused on the desired business outcomes while getting to grips with the potential downsides of this new technology.
To ensure these five key characteristics are met, some critical governance and control elements must be put in place. These cover the entire AI solution lifecycle:

• AI policies and design standards
  
  
• Resource management
  
  
• Risk and control framework
  
  
• Data management
  
  
• Secure architecture

We offer the following services:

• Governance, risk and control
  • AI GRC strategy, design and implementation
    
    
  • AI governance maturity assessment
    
    
  • AI risks and controls
    
    
  • AI regulatory compliance, including data privacy
    
    
  • AI awareness training
    
    
  • AI cyber/resiliency advisory and remediation
    
    
  • GRC assessment of AI third-party/open-source providers
• AI asset management
  • AI inventory
    
    
  • AI model development and optimization
    
    
  • ModelOps
• AI validation and testing
  • AI validation and testing
    
    
  • AI data and model validation
    
    
  • AI post-deployment one-time testing services
    
    
  • AI asset due diligence
    
    
  • AI continuous monitoring/testing services
    
    
  • Testing of third-party/open-source AI tool
• AI assurance
  • Internal audit services
    
    
  • Pre-assurance assessment

....so you can answer the following questions with confidence:

1. Which AI is used in your company, where and for which applications?
   
   
2. Which risks are resulting from use of AI in your company, and how are they managed?
   
   
3. Which regulations are relevant for the use of AI in your company, and are you compliant with them?