On 13 January 2020, the European Banking Authority (EBA) published a report on Big Data and Advanced Analytics (BD&AA) in the banking sector. The reports aims to share knowledge on the current use of BD&AA by providing a background on this area, alongside key observations and outlining the key pillars and elements of trust that could be used to establish a framework for their use.

The report is part of the EBA’s fintech roadmap project, whereby the European Supervisory Authority (ESA) aims to identify and keep track of merging trends in the banking industry and analyse their inherent risks.

The legal basis for the report is Article 9(2) of the Regulation establishing the EBA which mandates the ESA to monitor new and existing financial activities. This obligation extends to all areas of the EBA’s competence, including in the field of activities of credit institutions, financial conglomerates, investment firms, payment institutions, and electronic money institutions.

In its report the EBA identifies four key pillars for the development, implementation and adoption of BD&AA. These are: data management; technological infrastructure; organisation and governance; and analytics methodology. Firms must review these pillars to ensure they can support the roll-out of advanced analytics.

The report also specifies that the roll-out of BD&AA affects issues surrounding trust and that institutions wanting to integrate artificial intelligence and machine learning (AI/ML) solutions into their businesses must take these trust elements into consideration. The trust elements are: ethics; interpretability; fairness; traceability; data protection; data quality; security; and consumer protection.

The EBA concludes that the current trend and pace of change may soon create a need to develop AI/ML policies or regulatory frameworks for this technology to facilitate its proper development, implementation and adoption. The EBA will continue monitoring these developments on an ongoing basis. In consideration of the four key pillars for the development, implementation and adoption of BD&AA, the EBA takes the view that the existing regulatory framework is sufficient in the areas of ICT, security and governance. Next steps in this area could include a heightened focus on data management and ethical aspects that present a potential need for direction.