By Vikrant Rana, Anuradha Gandhi and Rachita Thakur
Introduction
Recently Paris hosted an AI summit co-chaired by Prime Minister Narendra Modi, where he underscored the importance of developing high-quality datasets that are free from biases. He highlighted the critical role that the data used to train AI models plays in shaping their effectiveness and fairness. Prime Minister emphasized on the need to democratize technology, create people centric applications. He also welcomed the establishment of an AI Foundation and a Council for Sustainable AI.[1]
In the same line Reserve Bank of India (hereinafter referred to as RBI) is working towards developing the framework for responsible and ethical enablement of Artificial Intelligence[2]. On November 26, 2024 RBI sets up an eight member committee, called FREE-AI, to be headed by Dr. Pushpak Bhattacharyya, Professor, Department of Computer Science and Engineering, IIT Bombay along with six other members. The step came as a result of growing landscape of financial sector with, the global Artificial Intelligence (AI) in banking market size at USD 19.90 billion in 2023, calculated at USD 26.23 billion in 2024 and is expected to reach around USD 315.50 billion by 2033.[3]
Why the committee has been formed?
The committee has been formed with the objective-
- To assess the current level of adoption of AI in financial services, globally and in India.
- It further focuses on reviewing regulatory and supervisory approaches on AI
- Identifying potential associated risks if any and recommend an evaluation
- Mitigation and monitoring framework and consequent compliance requirements for financial institutions, including banks, NBFCs, FinTechs, PSOs, etc.
The committee further aims to recommend a framework including governance aspects for responsible, ethical adoption of AI models / applications in the Indian financial sector and any other matter related to AI in the Indian financial sector.
Existing use of AI in financial sector
AI in Fintech is characterized by the implementation of machine learning, natural language processing, predictive analytics, and cognitive computing to empower financial institutions. The payment technology companies such as paytm, google pay, phonepe, etc. have made it difficult for banks to survive in existing paradigm, banks are using new technologies to improve their services, and AI is one such mechanism which is helping banks to transform their business. The Indian Fintech industry is also flourishing, strengthening its position as a global leader with a market value of $90 billion, while AI and Generative AI are the focus for innovation among Fintech companies.[4]
The committee on FREE AI is going to assess the current level of adoption of AI in financial services, globally and in India.
- Customer Service & SupportAI-driven chatbots are being used to provide 24/7 customer service, to suggest tailored financial products such as credit cards or investment options based on individual customer.[5] For example, one of the India’s leading private sector Bank uses chatbot to provide personal assistance to customer 24/7. The chatbot allows users to open a savings account, check its benefit, find the bank’s branches and more.[6]
- Fraud detection system
AI fraud detection include collecting vast amount of transactional and behavioral data from various sources, using historical data to train the machine learning models to recognize fraud patterns and further updates the model with new data.An AI-powered platform is being used to solve several problems for its banking clients by streamlining the end-to- end collateral management process, critical for banks looking to reduce risks and enhance efficiency.[7]On February 07, 2025 the Reserve Bank of India (RBI) has announced to introduce the ‘bank.in’ exclusive Internet domain for Indian banks, to combat increased instances of fraud in digital payments which have caused significant concern.[8] - Trading and investmentQuantitative trading involves using large datasets to detect patterns that can guide strategic trading decisions.[9] It is useful in analyzing the price and volume of stocks and trades, identifying the best investment opportunities, investors use this for major transactions involving up to hundreds of thousands of shares.[10]While AI has had limited use in finance so far, the industry is preparing for a major shift in next five years. SEBI (Securities and Exchange Board of India) is already gearing up for this transition, having recently announced the use of AI to process IPO (Initial Public Offering) documents.[11]
- Anti-money laundering Money laundering is the technique individual or criminal groups introduce proceeds from their illegal activities into the global financial system, making them appear legitimately. AI-driven systems are better at analyzing data and identifying patterns that human analysts and risk controllers alone can’t.[12]
- Robo-Advisor
Various popular robo advisor platforms in India are giving financial advices to investors and traders not only on online trading questions but also on investment, retirement, loan etc., plans.[13]
Risk associated with AI in financial sector
Shaktikanta Das, former RBI governor at RBI@90 High-Level Conference said that heavy reliance on AI and unchecked use in banking poses certain risks.[14] He noted that depending too much on AI could create concentration risks, especially if a small number of tech providers control the market. This could increase systemic risks, as any failure or disruptions in these systems might affect the entire financial sector. Furthermore, the increasing use of AI introduces new vulnerabilities, such as heightened susceptibility to cyberattacks and data breaches. The opacity of AI makes it challenging to audit or interpret the algorithms that drive decisions, potentially leading to unpredictable market concerns. Therefore, banks and other financial institutions must implement adequate risk mitigation measures. Ultimately, banks must harness the benefits of AI and Big-tech while ensuring they do not become subservient to these technologies.[15]
Governing Laws & Authorities in Fintech Sector
Payment and Settlement System Act, 2007(herein referred to as PSS Act, 2007)–
The PSS Act, 2007 provides for the regulation and supervision of payment systems in India and designates the Reserve Bank of India (RBI) as the authority for the purpose and all similar matters. Therefore, RBI keeps releasing notification for data protection, RBI’s guidelines focus on several essential areas that banks and financial institutions must address to enhance their data security posture, further RBI vide notification on storage of payment data i.e., Entire data relating to payment system providers are required to be stored only in India. This data stored shall include end-to-end transaction details, information collected, carried, processed as part of the message, Payment instruction.
Securities and Exchange Board of India (SEBI): –
It regulates security market in India, ensuring transparency and protecting investor’s interest. It governs fintech activities related to investment platforms, stock trading and digital trading services. SEBI’s focus is on maintain fair practices, preventing fraud and overseeing digital platforms that deal with securities, mutual funds and other financial instruments.
As a step towards protecting the same, SEBI has placed full responsibility on regulated entities for the Artificial Intelligence (AI) tools that they used, either designed by them or procured from third party developers.[16]
Insurance Regulatory and Government Authority of India (IRDAI):
Information Technology Act, 2000 – The IT Act governs cybercrimes and electronic signatures in India. It provides legal framework for e-commerce and outlines penalties.
Digital Personal Data Protection Act, 2023 – it ensure that digital personal data is handled with transparency and consent while implementing robust security measures like consent notice.
NITI Aayog: being an apex public policy think tank of Government of India, it has recommended principles for responsible management of AI. The principle includes safety and reliability, equality, inclusivity and non-discrimination, transparency, accountability, privacy & security, protection & reinforcement of positive human values.
What are other countries doing?
The protection of financial data varies across jurisdictions, but most legal frameworks aim to safeguard the confidentiality, integrity and availability of financial information.
USA
Gramm-Leach-Bliley Act(GLBA) – It requires financial institutions to explain their data-sharing practices and companies that offer consumers financial products or services like loans, financial or investment advice, or insurance need to explain their information-sharing practices to their customers and to safeguard sensitive data and further prohibits a financial institution from disclosing nonpublic personal information.[17]
Fair Credit Reporting Act (FCRA) – It governs the collection, dissemination and use of consumer credit information.
California Financial Information Privacy Act- Requires financial institutions to provide their consumers notice and meaningful choice about how their nonpublic personal information is shared or sold by their financial institutions.
European Union
General Data Protection Regulation (GDPR)- It protects personal data including financial data, by emphasizing on consent, data minimization and breach notification.
Payment Service Directives 2 (PSD2)- It requires all such third-party payment services providers be authorized and regulated and provides for distinction of liability of bank holding the account and the payment initiation service provider.[18]
EU AI Act: the Act address AI systems used in credit scoring and risk assessment within the insurance sector. AI models that evaluate the creditworthiness of individuals are considered as high-risk, as they impact access to financial resources. Similarly, AI systems that are used for risk assessment in the case of life and health insurance are also classified as high-risk.[19] The Act also assigns financial supervisory authorities to oversee financial institutions’ compliance with the requirements stemming from the AI Act, including the power to carry out ex-post market surveillance activities.[20]
Hong Kong
Hong Kong Monetary Authority (HKMA) issued statutory guideline under the Banking Ordinance §7(3) which provides for cybersecurity risk management applicable to all AI system and addresses cyber risks that might threaten global financial stability. The guidelines provides for development and adoption of robust technology and cyber risk management frameworks that are proportionate to the nature, scale and complexity of their operations.[21]
Organisation for Economic Corporation and Development (OECD)
The framework address the ethical concerns to be incorporated in AI system, it should be so developed that it is trustworthy and contribute to achieving sustainable goals, be incorporated with human and democratic values, including fairness, privacy, transparency, explainability, robustness, security, safety and accountability.
United Nations Education, Scientific and Cultural Organisation (UNESCO)
India is a member state of UNESCO and follows the Ethical AI principle and further urge the citizens to comply with the same. It provides ten core AI principle, AI system be designed to achieve legitimate goals and do not harm, safety and security risks shall be addressed. Privacy must be protected and promoted throughout AI lifecycle along with respecting International laws, shall be responsible and maintain transparency and fairness. Apart from this human intervention is a crucial aspect of ethical AI as machine can’t be held responsible for the ultimate discussion which requires human oversight.
Conclusion
The inclusion of AI in financial sector has been a revolutionary thing but with the advancement it poses certain risks for which ethical AI rules have been introduced to be inculcated in the AI system. To protect the citizens from financial fraud RBI developed an AI model called Mulehunter.ai to tackle the issue of mule accounts (refers to bank account used for illegal activities). Notably, National Crime Record Bureau reported that 67.8 per cent of cybercrime complaints, were online financial frauds highlighting the urgency for AI-based fraud prevention solutions[22] and incorporation of privacy by design in AI systems to protect from frauds and risk associated.
Abhishekta Sharma, Junior Associate Advocate at S.S. Rana & Co. has assisted in the research of this article.
[2] https://www.ndtvprofit.com/economy-finance/rbi-sets-up-free-ai-committee-to-develop-ai-framework
[3]https://www.precedenceresearch.com/artificial-intelligence-in-banking-market
[5]https://www.plivo.com/cx/blog/ai-customer-service-statistics
[9]https://builtin.com/artificial-intelligence/ai-finance-banking-applications-companies
[10]https://builtin.com/artificial-intelligence/ai-trading-stock-market-tech
[12]https://www.oracle.com/in/financial-services/aml-ai/
[13]https://www.bajajbroking.in/blog/robo-advisor-india
[15] https://www.rbi.org.in/Scripts/BS_SpeechesView.aspx?Id=1470
[16]https://www.medianama.com/2024/12/223-regulated-entities-fully-responsible-for-ai-use-sebi/
[17]https://www.fdic.gov/regulations/compliance/manual/8/viii-1.1.pdf
[18]https://www.ecb.europa.eu/press/intro/mip-online/2018/html/1803_revisedpsd.en.html
[19]https://artificialintelligenceact.eu/annex/3/
[21]https://www.hkma.gov.hk/media/eng/doc/key-information/guidelines-and-circular/2024/20241129e2a1.pdf