生成式 AI 对银行的新兴风险与机遇(MindForge Phase 1)
Emerging Risks and Opportunities of Generative AI for Banks (MindForge Phase 1)
别名: MindForge Whitepaper · MindForge Phase 1 · MindForge GenAI Banks 2023
为新加坡银行梳理新兴的 GenAI 风险与机遇;MindForge 手册的前身。
Maps emerging GenAI risks and opportunities specifically for SG banks; precursor to MindForge handbooks.
文件关系
- precedes-in-forcesg-mindforge-exec-handbook
原子条款(242)
在搜索器中打开 →考虑管理生成式AI基础模型所需的内部资源、技能和能力。
Consider internal resources, skills and competencies needed in managing a Generative AI FM.
必须妥善处理生成式AI训练数据中的代表性、质量和漂移风险。
The risks from data used in training Generative AI, including data representativeness, quality, and drift, must be properly addressed.
更新的原则和方法应包含针对每种风险的详细缓解措施和防护措施。
A renewed set of principles and methodology should include a detailed perspective on mitigations and guardrails for each of these risks.
联盟建议持续进行风险监控和评估,以确保设置有效的防护措施,同时保持有效利用技术的潜力。
The consortium recommends continuous risk monitoring and evaluation to ensure that effective guardrails are placed whilst maintaining the potential to effectively harness the technology.
金融机构必须评估非结构化数据能否支持下一代生成式AI系统。
FIs must assess whether unstructured data can power the next generation of Generative AI systems.
可能需要更新治理政策和程序、修改技术、培养技能,以使非结构化数据集达到与当前结构化数据相同的标准。
Governance policies and procedures may need to be updated, technologies may need to be modified, and skills may need to be developed in order to hold unstructured datasets to the same standards as structured data currently.
使用生成式AI系统的金融机构应纳入额外考量,以及一套额外的护栏和规则,以确保这些系统的风险得到充分评估和适当缓解。
Additional considerations for FIs using Generative AI systems should also be included, along with a set of extra guardrails and rules designed to ensure the risks of these systems are fully evaluated and properly mitigated.
P1可能需要增强以确保其在整个生命周期中的应用。
P1 may need to be enhanced to ensure its application across the full lifecycle.
原则P1至P4在处理生成式AI带来的公平性风险时仍应适用。
Principles P1 through P4 should still hold when addressing fairness-related risks arising from Generative AI systems.
透明度原则要求披露AIDA的使用、解释结果并了解驱动结果所使用的数据。
Transparency principles require disclosing the use of AIDA, explaining outcomes, and understanding what data is used to drive the outcome.
应考虑改进对最终用户透明度的措施。
Methods to improve transparency to end users should be considered.
组织必须监控与伦理相关的风险,并保持更新的伦理标准、价值观和行为准则。
Organisations must monitor ethics-related risks and maintain updated ethical standards, values and codes of conduct.
应仔细考虑使用第三方生成式AI系统带来的挑战。
Challenges posed by using third-party Generative AI systems should be carefully considered.
增强公平原则P1,并补充FEAT原则,涵盖版权/知识产权、隐私、监控与稳定性、网络与数据安全等领域。
Enhance fairness principle P1 and supplement the FEAT Principles with new domains such as copyright/IP and privacy, monitoring and stability, and cyber and data security.
MAS应考虑金融机构在实施生成式AI时应考虑的所有关键原则。
MAS should consider addressing all of the key principles FIs should consider in implementing Generative AI.
建议涉及人类监督和干预。
It is recommended to involve human oversight and intervention.
这不应是一次性的,而是一个持续的过程,定期验证输出的准确性。
This should not be a once-off but an ongoing process to periodically validate the accuracy of outputs.
金融机构可以在内部建立能力以理解部署。
FIs may build the capacity or capability within FIs to appreciate the deployment.
金融机构可以改进现有的AI治理流程,以充分应对生成式AI放大的风险。
FIs may evolve existing AI governance processes to adequately address risks amplified by Generative AI.
如果第三方无法或不愿提供此类透明度,金融机构可以考虑在合同中包含关于偏见、准确性和其他公平相关方面的适当陈述或保证。
If the third party is unable or unwilling to provide such transparency, the FI can consider including in its contract appropriate representations or warranties about bias, accuracy and other fairness-related aspects.
金融机构可以对第三方生成式AI系统进行彻底的尽职调查,推动高质量和相关数据、遵守法律和知识产权法规、客户同意、查询能力以及训练数据中的公平代表性。
FIs may conduct thorough due diligence on third-party Generative AI systems, pushing for high-quality and relevant data with justification (if applicable), compliance with legal and IP regulations, customer consent (for the collection, use, disclosure, transfer and storage of data), query abilities, and fair representation in training data.
金融机构应与第三方供应商制定必要的服务级别协议和合同条款,以满足监管期望,包括在需要时进行监管访问。
FIs should set out the necessary service level agreements and contractual terms with third-party vendors to meet regulatory expectations including the need for regulatory access when required.
金融机构可以制定使用生成式AI时的内部“注意事项”指南。
FIs may set out internal guidance of the 'Dos and Don'ts' when using Generative AI.
建议定义额外角色,如“AIDA提供者”。
It is recommended that additional roles, such as 'AIDA providers', are defined.
FEAT出版物应包括涉及生成式AI的用例说明以及关于与FEAT原则保持一致的建议。
FEAT publications should include use case illustrations involving Generative AI and advice on alignment with FEAT Principles.
金融机构可以修订和完善其AI伦理原则,以确保它们仍然适用于整个组织使用生成式AI。
FIs may revise and refine their AI ethical principles to ensure they are still appropriate for the use of Generative AI across the organisation.
金融机构可以采用基于风险的方法,如人在回路中和深入分析模型输出,以根据其风险偏好识别模型准确性的潜在差异。
FIs may adopt risk-based approaches such as human-in-the-loop and in-depth analysis of model output to identify potential disparities in model accuracy based on their risk appetite.
它们应根据道德标准、价值观和行为准则进行评估,并考虑基于重要性的独立评估。
They should be evaluated against ethical standards, values, and codes of conduct, with consideration for independent evaluations based on materiality.
金融机构可以对生成式AI模型输出实施控制。
FIs may implement controls over Generative AI model outputs.
在新加坡实施生成式AI的金融机构应继续遵守三项指导文件的要求。
FIs implementing Generative AI systems in Singapore will likely be able to continue complying with requirements set out by the three instruments, where they are applicable, within the framework of a careful and responsible Generative AI implementation.
应与道德标准、价值观和行为准则保持一致,确保利益相关者批准并保护数据主体隐私。
They should align with ethical standards, values and codes of conduct, ensuring stakeholder approval and protecting data subject privacy.
金融机构应确保数据来源、合法性和质量的透明度,以及模型开发方法的透明度。
FIs could also have adequate and reasonable transparency on data provenance, legality and quality, along with model development methods.
采用RAG方法降低了此事件发生的概率。
The adoption of RAG approach has reduced the probability of this happening.
与第三方提供商的法律合同中应包含其向金融机构共享信息的责任条款,以便金融机构满足道德和问责标准。
Appropriate contractual clauses within legal contracts with third-party providers could include their responsibility to share information with FIs, so FIs can meet ethics and accountability standards.
金融机构对外部和内部来源的模型负责,供应商和外部方的责任应明确约定并定期检查合规性。
While FIs are accountable for externally and internally sourced models, responsibilities of vendors and external parties could be explicitly agreed upon and periodically inspected for conformity.
金融机构可确保供应商提供可衡量的数据,并在整个合作过程中观察和监控。
FIs can then ensure vendors provide measurable data, which they can observe and monitor throughout their engagement.
评估互联网连接以确保足够的带宽,实现顺畅的生成式AI操作。
Evaluate and assess internet connectivity to ensure sufficient bandwidth for smooth Generative AI operation.
金融机构可利用道德与问责框架识别与其核心价值观一致的规范。
FIs can leverage the Ethics and Accountability Framework to identify specifications aligned with their core values.
道德供应商入职对于在金融机构部署生成式AI至关重要,包括尽职调查以确保产品功能符合道德、透明度和偏见缓解。
Ethical vendor onboarding is crucial for deploying Generative AI within FIs. This involves due diligence in ensuring product features align with ethics, transparency, and bias mitigation.
金融机构必须展示其对负责任AI部署的承诺。
FIs must demonstrate their commitment to responsible AI deployment.
采用并实施监控工具,跟踪系统性能,识别瓶颈并主动解决问题。
Adopt and implement monitoring tools to track system performance, identify bottlenecks, and proactively address issues.
金融机构可通过迭代测试和持续监控对已部署AI模型的性能进行彻底分析,并采取适当行动解决发现的差距。
FIs may conduct thorough analyses of the performance of deployed AI models through iterative testing and continuous monitoring, and take the appropriate action to address gaps that are found (e.g., discrepancies between AI outputs and ethical standards, gaps between expected and actual model performance).
为解决道德和问责差距,可部署涉及AI专家、伦理专业人士、法律顾问和业务利益相关者的多学科方法。
To address ethical and accountability gaps, a multidisciplinary approach involving AI experts, ethics professionals, legal advisers and business stakeholders could be deployed.
定期维护和更新基础模型软件,包括错误修复、安全补丁和功能增强。
Regularly maintain and update the FM software, including bug fixes, security patches, and feature enhancements.
金融机构可利用领先行业专业知识和通用标准,使用AI Verify基金会和新加坡资讯通信媒体发展局开发的生成式AI评估沙盒来识别风险和评估AI系统暴露。
FIs could draw on leading industry expertise and common standards to identify risks and evaluate exposure of AI systems using Generative AI Evaluation Sandbox developed by the AI Verify Foundation and Singapore’s Infocomm Media Development Authority.
机构应尝试提供影响输出的输入元素的透明度。
Institutions should try to provide transparency on elements of the input influencing output.
应进行模拟以解决因提示微小修改导致的生成变化。
Simulation should be done to address the variation in generation depending on slight modifications of the prompt.
模型可能对这些设置敏感,应监控并解决这种敏感性。
Models can be sensitive to these settings and this sensitivity should be monitored and addressed.
如果LLM参与决策,应评估其准确性。
If the LLM is also involved in decision-making, we should aim to assess its accuracy.
应调查LLM中使用的分块方法。
Chunking used in LLMs should be investigated.
当模型用于从向量数据库摘要或检索信息时,开发者应确保考虑检索的潜在随机性。
Where a model is used to summarise or retrieve information from a vector database, for instance, the model developer should ensure that potential randomness from the retrieval is considered.
组织应运行初始最小可行产品实施项目或生产试点,生产试点应涉及在微调或训练模型之前,先对预训练模型进行提示作为网关流程。
Organisations should run an initial minimum viable product (MVP) implementation project, a production pilot, or both, with the production pilot involving prompting a pre-trained model as a gateway process before fine-tuning or training a model.
组织应在成功论证用例、其收益、费用以及模型微调和训练复杂性后,再进行扩展。
Organisations should scale up after successful justification of the case, its benefits, expense and model fine-tuning and training complexity.
组织应遵循结构化方法,预先确定关键结果,并最好使用量化指标来衡量MVP或试点的成功。
Organisations should follow a structured approach where key results are identified upfront, ideally with metrics that quantify the success achieved by the MVP or pilot.
组织需要具备强大的技术能力和流程来监控、分析和评估风险并执行保障措施。
Organisations need to have robust technology capabilities and processes to monitor, analyse and evaluate risks and enforce safeguards.
这些技术能力不限于生成式AI,必须与架构原则保持一致。
These technology capabilities are not limited to Generative AI and must be aligned with architectural principles.
金融机构必须考虑更新组织标准,以充分采用和支持企业级生成式AI。
FIs must consider several practices such as updating organisational standards to adequately adopt and enable enterprise-grade Generative AI through technology implementation.
组织必须关注并共同努力,在领域数据风险评估与缓解以及领域数据供应链两个领域成功建立数据环境。
Organisations must pay attention to and work together to successfully establish data environments in two areas: domain data risk assessment and mitigation, and domain data supply chain.
公司需要采取战略性和纪律性的方法来获取、增长、精炼、保护和部署数据以支持生成式AI采用。
Companies need a strategic and disciplined approach to acquiring, growing, refining, safeguarding and deploying data for Generative AI adoption.
组织可能需要根据部署模式选择增强现有计算基础设施和工具栈。
Organisations may need to augment existing computing infrastructure and tooling stacks depending on their choice of deployment pattern.
组织需要建立企业级能力,以支持标准的编排和集成模式,例如标准API。
Organisations need to establish enterprise capabilities to enable standard orchestration and integration patterns, such as standard APIs.
重要的是根据组织现有流程评估并引入解决方案,以弥补工具方面的差距。
It is important to assess and onboard solutions for any gaps in tooling in line with the organisation’s existing processes.
重要的是要有全局观,考虑业务流程或功能、技术基础设施、架构、运营模式和治理结构的可持续性。
It is also important to have a holistic view which looks at the sustainability of a business process or function, technical infrastructure, architecture, operating model and governance structure.
组织应持续定期评估生成式AI的采用,使其更绿色和可持续。
Organisations should continuously and periodically assess the adoption of Generative AI to make it greener and more sustainable.
组织应建立稳健的系统,从内部供应商或供应商处获取总环境影响的标准化数据。
Organisations should have a robust system in place for acquiring standardised data on total environmental impact from internal providers or vendors.
组织应定义数据质量标准,实施数据质量检查并监控数据质量。
Organisations should define data quality standards, implement data quality checks and monitor data quality.
组织应利用自动化和AI、ML、NLP等技术来提升数据质量。
Organisations should leverage automation and technologies such as AI, ML, and NLP for data quality.
保护数据存储系统安全。
Secure data storage systems.
实施数据备份和恢复程序。
Implement data backup and recovery procedures.
采用可扩展的数据存储系统。
Adopt scalable data storage systems.
金融机构应持续或临时验证并确保基础模型对已知提示的响应一致性。
FIs should validate and ensure consistency in FMs’ response to known prompts, both continually as well as ad-hoc, when modifying prompts or changing models.
应建立流程定期评估价值观是否充分指导组织应对新风险或放大风险。
There should be processes in place to periodically assess whether values adequately guide organisations in navigating against new or amplified risks.
应识别承诺负责人及相关利益方,并使其对承诺负责。
Identifying commitment owners and the stakeholders with interest in holding the commitment owners accountable should be included.
应为每项承诺记录相对优先级(可能与重要性相关)。
Relative priorities, which may or may not be tied to materiality, should be recorded for each commitment.
金融机构还应考虑生成式AI采用的七个技术维度。
FIs should also consider the seven dimensions of technology considerations for Generative AI adoption.
选择完全控制的金融机构需注意额外因素。
FIs choosing full control need to be aware of additional factors to consider.
组织需要彻底审查并更新其MLOps框架,以基于有效管理生成式AI所需的新技术能力来产品化机器学习应用。
Organisations need to thoroughly review and update their machine learning operations (MLOps) framework to productise machine learning applications based on the new technical capabilities required to effectively manage Generative AI.
金融机构还需要持续评估风险是否得到适当缓解,考虑到不断变化的AI威胁环境。
FIs also need to continuously assess if risks are appropriately mitigated, given the ever-evolving AI threat landscape.
组织需要对可操作性策略和工业化开发应用方法进行彻底审查,以确保与生成式AI采用的一致性。
Organisations need to conduct thorough reviews on operability strategy and industrialised development application approach to ensure alignment for Generative AI adoption.
建立企业级监控、评估和分析能力同样至关重要,需要在技术解决方案层采用和应用关键指标。
Establishing enterprise-wide monitoring, evaluation and analysis capabilities is equally crucial, with key measurements to adopt and apply across technology solution layers.
需要定期监测和重新评估AI伦理使用原则,以确保充分考虑新兴技术的额外风险。
Principles for ethical use of AI needs to be monitored and re-evaluated periodically to ensure they sufficiently consider additional risks of emerging technologies.
培训员工进行基于价值观的决策至关重要,以确保员工理解银行的伦理考量并在AI相关任务中适当应用。
Training the workforce to practise values-based decision-making is critical to ensure employees understand the bank’s ethical considerations and apply them appropriately in AI-related tasks.
应为每个AI用例提供价值观、核心概念、伦理原则和承诺的全面文档,包括确定承诺负责人和利益相关者。
There should be comprehensive documentation of values, core concepts, ethical principles, and commitments for each AI use case, including identifying commitment owners and stakeholders.
领域专家提交多种问题测试模型,以识别不符合负责任使用的意外输出或结果。
Subject matter experts submit a variety of questions to test the model with the aim of identifying unintended model outputs or results that do not conform to the responsible use of the model.
为承诺分配相对优先级,使银行能够优先处理最关键的风险。
Assigning relative priorities to commitments allows the bank to focus on addressing the most critical risks first.
应为受AI决策影响的数据主体提供追索机制,银行应评估其使用情况以确定有效性。
Recourse mechanisms should be available to data subjects affected by AI decisions, and the bank should evaluate their use to identify effectiveness.
是否识别并记录了系统运行中可能对F1中个人和群体造成系统性不利影响的潜在危害和利益?
Have you identified and documented the potential harms and benefits created by the system’s operation that are relevant to the risk of systematically disadvantaging the individuals and groups in F1?
是否识别并记录了系统的公平性目标和相关公平性指标?
Have you identified and documented the fairness objectives of the system and associated fairness metrics, with respect to the individuals and groups in F1 and the harms and benefits in F2?
是否记录了系统中可能影响公平性的关键错误、偏见或数据属性?
Have you documented key errors, biases or properties present in the data used by the system that may impact the system’s fairness?
鼓励金融机构在微调过程中评估系统,确保输出适当、无冒犯性内容。
FIs are encouraged to evaluate the system throughout the fine-tuning process to ensure the system produces appropriate, non-offensive content.
是否记录了这些影响如何被缓解?
Have you documented how are these impacts being mitigated?
应进行适当的可解释性评估,确保系统输出及使用个人属性的原因可理解。
Appropriate explainability assessments should be performed to ensure that outputs of the system and the use of personal attributes to drive those outputs are understandable.
是否确定并记录了用于系统操作或公平性评估的个人属性?
Have you determined and documented personal attributes that are used as part of the operation or fairness assessment of the system?
识别个人属性的过程是否考虑了伦理目标?
Does the process of identifying personal attributes take into account ethical objectives?
已采用提示工程以在一定程度上减少公平性和偏见风险。
Prompt engineering have been put in place to reduce risks associated with fairness and bias to a certain extent.
金融机构应确保系统的监控和审查机制使其影响与其商业和公平性目标保持一致。
FSI should ensure that the system's monitoring and review regime ensures that the system's impacts are aligned with its commercial and fairness objectives (G5 and F3).
金融机构应定义标准、稳健的流程,用于识别风险群体、个人属性及代理变量、公平性目标及阈值、以及识别和减少不公平的算法方法。
FSI should define standard, robust process for (a) identifying at risk groups; (b) identifying personal attributes and potential proxies; (c) identifying explicit fairness objectives and associated measures and thresholds; and (d) algorithmic methods to identify and reduce unfairness.
金融机构应识别并记录系统使用个人属性可能产生的危害和益处。
FSI should identify and document the potential harms and benefits created by the system's use of personal attributes.
金融机构应记录这些影响如何被缓解。
FSI should document how these impacts are being mitigated.
金融机构应记录系统中使用的数据中可能影响系统公平性的关键错误、偏见或属性。
FSI should document key errors, biases or properties present in the data used by the system that may impact the system's fairness.