While I was doing my MBA in Technology for Business, I kept thinking about possible topics for my final project. At the time I was working at a company that built biometrics software, and instinctively I thought I should pick that domain as my theme — it was something real, something I actually knew. I remember my former CTO talking about how biometrics could be used to supervise the work of artificial intelligence.
From there I started to realize that AI shouldn't operate "freely" in high-risk systems and make the final decision. It should be a point of analysis, isolated from the business. It became clear that big decisions, like in financial institutions for example, follow deterministic flows. These flows are modeled from the business domain and execute a specific task, within a well-defined scope. And inside this process a particular model, maybe a simple machine learning one or a deeper risk analysis, is triggered to perform an analysis that will serve as the basis for a decision. A decision that can lead to different paths within the deterministic flow, possibly resulting in an approval or a rejection, for example.
This view came to me during a class on data governance, and it made me realize that governance will be a critical factor in the use of AI. I remember the professor talking about defining the roles people play in an organization, and it took me right back to my CTO — to that idea that adding facial recognition as a validator over automated decisions in high-risk operations would make sense. Auditing, compliance, data protection are real pains for anyone who works with sensitive data, and they open the door to a new kind of tool that helps manage these criteria. So why not apply governance exactly where the autonomous decisions happen, using biometrics as a way to control who can and who can't make decisions inside a company.
Okay, but doesn't a password solve the problem? It does, but it can be shared, stolen, hacked, or simply lost. A face has unique characteristics, intrinsically tied to physiology, which makes it unique and non-transferable.
Let's get to a concrete example. I won't get into the details of credit analysis, which isn't exactly my field, but it'll make sense with a simple example. Mike asks for a line of credit at a financial institution involving an astronomical amount, or he's simply about to move an absurd pile of money. That would be a red flag that deserves a risk analysis. The request enters a workflow marked out by a few stages. The first would be to trigger an autonomous agent, or some predictive algorithm, that determines whether what Mike is doing is legitimate or whether there's a hint of fraudulent intent. This analysis assigns a score to the operation, which is then read by a gateway that decides whether it goes to biometric audit or not. Not every operation can be reviewed by a real person — it's too expensive — so small transactions can skip human approval. And this is the point I'm getting at: the biometric layer that guarantees governance simply answers the question: "Who approved this?". It generates compliance and ensures that only the right person could have made that decision.
Some people might disagree with choosing this technology as the solution, since biometrics carries demographic bias. This is a real problem faced by the major liveness vendors, who need to mitigate this risk precisely because it's one of the big barriers for the business. More and more, the models are trained not to commit this kind of injustice, and there are bodies like NIST, with its FRTE program (Face Recognition Technology Evaluation), that evaluate this criterion rigorously.
I'll close with this: the concern about supervising the work of AI is a seed that has to be planted starting now. This revolution is having a real impact on business, and governments are watching. So it won't be long before companies using AI are required to have controls that guarantee auditability over their automated processes. Thinking about this too late will end up hitting the wallet of anyone who's unprepared.
Top comments (0)