Publication
Proposed changes to Alberta’s Freedom of Information and Protection of Privacy Act
Alberta is set to significantly change the privacy landscape for the public sector for the first time in 20 years.
Canada | Publication | July 30, 2024
In 2017, the Office of the Superintendent of Financial Institutions (OSFI) issued Guideline E-23 governing model risk management. More recently, OSFI issued a draft Guideline (the Guideline) expanding E-23’s scope to include federally regulated financial institutions (FRFIs). The Guideline also expands the definition of a “model” to be all encompassing by capturing all phases of the “model lifecycle” from conception to development and use.
The Guideline recognizes that FRFIs are using artificial intelligence (AI) and machine learning models to inform their decision-making, which potentially exposes them to a heightened risk of financial and operational loss and reputational damage.
The purpose of the Guideline is to ensure model use is adequately managed and the associated risks are minimized, monitored and mitigated. However, the Guideline makes clear that decisions on how to best manage risk are ultimately the responsibility of the organization.
OSFI lists seven guiding principles of policies and procedures to be implemented into an organization’s framework as best practices. Key takeaways of these principles include:
These principles are broad and place high standards on FRFIs and other organizations when monitoring and engaging with models. They require each phase of the model lifecycle be assessed individually, proportionately, and continually. OSFI recommends inventory be frequently updated and maintained and stakeholders be engaged throughout the process.
An important principle organizations should be aware of is the suggestion to establish and implement a model risk management framework. The model risk management framework should include various key elements such as: governance and accountability, model risk assessment and reporting, and a model risk rating. Even if the FRFI or other organization acquires a model from an external source, it is expected to establish and maintain a model risk management framework.
The final guideline is expected to come into effect in July 2025. Additionally, the proposed Artificial Intelligence and Data Act (AIDA) is expected to be adopted this year, with a possible coming into force in 2025. AIDA is intended to hold businesses responsible for AI use by requiring them to implement governance mechanisms and policies and publicly disclose AI use to ensure users can make informed decisions. Compliance with the Guideline could assist organizations caught under AIDA’s disclosure requirements. For example, the Guideline recommends organizations maintain a centralized inventory of all models in use and decommissioned, meaning the Guideline recommends recording what AIDA requires to be disclosed.
The authors would like to thank Samantha Hawthorne, summer student, for her contribution to preparing this legal update.
Publication
Alberta is set to significantly change the privacy landscape for the public sector for the first time in 20 years.
Publication
On December 15, amendments to the Competition Act (Canada) (the Act) that were intended at least in part to target competitor property controls that restrict the use of commercial real estate – specifically exclusivity clauses and restrictive covenants – came into effect.
Subscribe and stay up to date with the latest legal news, information and events . . .
© Norton Rose Fulbright LLP 2023