Using AI to build greater risk resilience

AI in risk management offers a multitude of opportunities but it also brings its own challenges. From data and security risks to adopting a new mindset for working, banks need to find an efficient way to innovate. Ahead of peer-to-peer conversations at RiskMinds International, we summarise how AI adoption fits into the increasingly complex risk landscape and where AI can make the biggest impact in risk management processes.

As the world becomes more connected through technology, yet less cohesive from a geopolitical perspective, financial services must find a way to build capabilities to deal with a host of complex issues. For risk management teams, the challenge is how best to keep their organisations (and customers) safe by building agility and resilience to contain myriad risk threats.

By focusing on wider collaboration across the enterprise to explore new ways to manage these threats, adopting a mindset of ‘be safe to fail’, CROs have the opportunity to make risk management more proactive rather than reactive. Thereby bringing it in to the strategic conversation at a much earlier stage to improve banks’ decision-making.

While technology can help scan the horizon for emerging risks, as part of this proactive approach, it is nevertheless vital for CROs to clearly articulate the challenges to senior leadership. It’s one thing to identify threats. Quite another to explain them. Yet the world we live in will become increasingly complex, making risk communication a vital tool for every bank’s risk department.

Increasingly complex risk landscape

Like all businesses, banks and financial institutions find themselves operating in a world of powerful megatrends; these range from the impact of global change, the impact of technology/digitisation, the impact of shifting demographics, the impact of geopolitical fracturing, and social impact. All of these trends have an impact on financial services: physical risks in credit risk management value chains but also significant opportunities, in terms of financing climate technology and helping real economies pursue their net zero transformation agendas.

Many business leaders expect Gen AI will significantly change the way their organisation creates and delivers value in the next three years. This though is a double-edged sword because AI, as a broad technology, helps to both manage risk yet also introduce an array of new risks; from data privacy risks, cybersecurity risks, counterparty risks, regulatory risks, to name but a few.

AI safety is a big topic and one that still needs a lot of work, as banks determine the safest way to introduce AI tools into their risk management frameworks. Steps have already been taken from a regulatory perspective, with the EU introducing the Artificial Intelligence Act on 1^st August 2024, which sets out to assign AI applications to three different risk categories. More details on this can be found here.

A World Economic Forum report suggests that falsified information, or synthetic content (i.e. deep fakes, voice cloning) is the most serious short-term risk facing the world.

Bias detection

Trust is fundamental to the way in which banks adopt AI. Risk teams have to be 100% sure that a large language model that they use to train on customer data is producing the right outputs – humans must verify and check for errors or ‘hallucinations’ – or that a predictive risk model they’ve built is using cleansed data to avoid erroneous results. Risk teams who are now experimenting with LLMs have to contend with the risk of bias contained within information and take measures to mitigate it in order to achieve the best outcomes.

Moreover, they must take heed of the cyber risks that could cause huge reputational damage if a data leakage or IP theft event occurred. Associated with this is privacy risk, especially when using LLMs trained on large unstructured data sets from multiple sources that may can personally identifiable information.

But there are undoubtedly many advantages to using AI tools to improve banks’ risk frameworks. From a productivity standpoint, deploying AI can enhance regulatory horizon scanning; for example, using Gen AI to analyse and summarise regulatory documents to perform an impact assessment, as well as develop controls testing plans.

Another example of where banks are using Gen AI is to analyse customer complaints data to quickly identify potential conduct risks.

Taking risks intelligently

PwC’s Global Risk Survey 2023 found that around 5% of respondents are risk pioneers: these are firms who have built enterprise-wide resilience by placing an equal weighting on the human element (upskilling, investing in people) as well as the value creation opportunity that technology offers. By doing so, they have a higher confidence balancing value creation versus value protection, and are significantly more likely to view disruptive technologies such as Gen AI as a value creator rather than a risk creator. This underscores the need for organisations to take risks intelligently, to be truly effective in building more resilient risk management frameworks. It should not be a case of introducing technology just for the sake of it.

In recent years, there is no doubt that other technology advances such as cloud computing – whichh offers scalable infrastructure for banks to process and store vast amounts of data – and blockchain technology, whose immutability helps strengthen AML/KYC controls, have played a critical role. Not to mention AI and machine learning tools and the rise of big data.

Digital sentinel

AI tools represent the next iteration of how banks can strengthen their risk operations and by doing so, improve the confidence and trust of their customers. The sophistication of LLMs as they get applied to large data sets could open up a whole range of new insights to support risk departments, as banks adapt to the challenges of megatrends mentioned above.

Accessing large data sets in real time allows banks to immediately monitor transactions and have the AI identify risk anomalies. Also, by providing a holistic view, digitisation tools can identify new trends and new sources of risk so that CROs can make quicker, smarter decisions. Critically, digitisation reduces reliance on manual processing, which is often prone to human error. AI never sleeps, never eats, never gets ill. As a result, by moving into a more AI-centric risk environment, banks are seeing the benefits of maintaining constant vigilance. Like a digital sentinel, AI continually scans the environment for potential threats.

Risk profiling

Getting Gen AI tools to work with big data is likely to further enhance risk profiling. Already, many of today’s global banks use AI to aggregate large data sources to identify trends and patterns in relation to customer spending habits, payment history, social media interactions.

Machine learning tools allow banks to build predictive models and identify potential risks such as loan defaults or potential fraudulent activity, before they materialise. With Gen AI advances, these predictive capabilities are going to significantly improve the ability to identify which customers are likely to be a credit risk.

JP Morgan, for example, has introduced an AI-based credit risk management tool called COIN (Contract Intelligence). The tool’s ability to review legal documents and assess credit risks quickly and accurately has led to improved accuracy in risk profiling, reduced default rates and improved customer satisfaction.

Faced with an increasingly uncertain world, adding AI tools into their risk systems should help CROs adopt a more proactive approach to early risk detection and prevention, leading to improved decision-making. Both opportunities and challenges lie ahead.

Discuss the impact of AI, generative AI, machine learning, big data, and more at the Cyber Risk, AI, and Technology Resilience Summit, part of RiskMinds International.