CBA considers limiting customer use of external AI
Make us a preferred source
Make us a preferred source on Google
The news: The Commonwealth Bank (CBA) may limit how its customers use external AI-powered bots, as the institution weighs the risks and opportunities of the technology.
“As AI becomes more accessible, customers may choose to interact with our services through external agents or systems outside our control,” chief executive Matt Comyn in a new report revealing its approach to AI.
“While we may not be responsible for these external agents or systems, where we identify material risk, we may seek to implement limitations or controls to help protect our customers, channels and platforms.”
The bank said the impact of AI will “depend on how thoughtfully and responsibly it is applied”, publishing its own guiding principles in response to questions from stakeholders.
Its framework details its internal processes, identifying whether an AI application requires enhanced oversight, in turn triggering additional reviews by experts and senior leaders before teams can progress.
During development, privacy and data protections need to be verified along with the accuracy of output and stability of the model, according to the report. A CBA employee independent of the developer must complete those checks before it is signed off.
“AI-enabled applications may undergo security testing such as penetration testing, prior to launch”, the bank said.
Final approval before deployment lies with an authorised CBA team member. If it carries a high risk rating, the project may also require oversight from the bank’s technical committee.
The bank says any direct interactions between AI and customers must be clearly communicated, except in specific use cases such as fraud detection.
In one use case it details how itt currently uses guardrails to re-verify the answers its chatbot Ceba provides to customer queries. CBA said it has provided its teams with toolkits to help build AI responsibly and “manage potential negative outcomes”.
Meanwhile guardrails must be implemented to prevent models going rogue.
“Safety measures may include appropriate model shutdown or fall-back mechanisms that can safely deactivate an AI model in case of unintended behaviours,” the bank said, adding that any operational or compliance incidents would be subject to root cause analysis.
CBA also warned AI would be harnessed by bad actors for scams and phishing and could open up system vulnerabilities while also helping guard against them.
The principles, the first to be published by a major bank, emphasise environmental and social impacts, transparency, reliability, accountability, and data protection, while prohibiting unfair discrimination.
As it reshapes the workforce, CBA said AI could help close the gap between low-skill and high-skill workers, or accelerate social disparities. On the environmental front, the bank said it remained committed to purchasing the equivlaent of 100% of its operational electricity, including for data centres, from renewable sources.
The context: It comes as the industry becomes increasingly vocal about the value and risks of the technology. This year CBA partnered with OpenAI, expanded its work with Anthropic and launched a tech hub in Seattle.
The source: Commonwealth Bank
