Qatar Central Bank issues guidelines to ensure ethical use of AI in the financial sector

The Artificial Intelligence Guideline applies to QCB licensed financial firms, and imposes a number of requirements and obligations on firms that use AI systems. It also provides guidance on human oversight of AI in use, AI life cycle management, data governance and security.

The central bank stated in its guideline that AI provides opportunities for the financial sector, enabling advancements in various applications, however, “AI also introduces risks and concerns, including biases, discrimination, privacy and security issues, lack of transparency, accountability, and ethical dilemmas”. The guideline is to help firms address these challenges prior to and during the use of AI.

Following the guideline, financial institutions that use, develop or deploy AI systems are now required to strengthen their governance structure by putting in place a robust AI strategy, which is reviewed periodically, and establish a dedicated function overseeing the operation of AI systems. A human oversight protocol is also mandatory for using any AI system.

The guideline has made it clear that the board of directors and senior management of a firm are accountable for the outcomes and decisions of its AI systems. Firms are also obligated to create clear AI governance policies to ensure that the functions associated with AI governance are properly managed, and to develop a risk management system to evaluate and handle AI related risks to avoid any potential harms. Firms have to identify “high-risk” AI systems, if they fall within the criteria set out in the guideline. High-risk systems are under tighter scrutiny and higher level of disclosure and risk management requirements. 

Martin Hayward, a Middle East technology law expert at Pinsent Masons, said: “The guideline provides a detailed, practical, roadmap for QCB licensed entities as they onboard and develop AI solutions, emphasising the importance of AI governance and effective risk and life cycle management. Particular attention to ‘high-risk AI’ will be critical to ensure entities meet the guideline requirements for these key AI systems."

The guideline also imposes stricter disclosure and approval measures on financial firms using AI. They are now expected to develop and maintain an updated register of information on all of their AI systems and should disclose to the QCB certain required data, including risks associated with the AI system, its impact assessment, the provider of the AI system, and many other specific details related to the operating system and entity. Firms are required to provide such data to the QCB annually and upon request.

In addition, financial institutions must obtain official approvals from the QCB prior to launching a new AI system. If the AI system is considered high-risk, any purchase, licensing or outsourcing agreement relating to the AI system will also need to be approved by the QCB prior to signing. Before granting approval, the QCB may direct a particular AI system for further evaluation in a sandbox environment.

The guideline also places several new obligations on firms in their interactions with customers. For example, firms should notify customers when they are interacting with an AI system and provide information on how to use the AI system. They should also inform customers on any decision-making process involving AI and how it may affect them, and get customers’ consent to accept risks associated with the use of AI prior to providing service.

The guidelines interact, and should be assessed in conjunction, with a number of other recent Qatari regulatory developments, including the QCB’s cloud computing regulations, and other legacy regulations such as the QCB’s 2018 Technology Risks Circular and Qatar’s 2016 Personal Data Protection Law.