Digitizing Risk: Don’t Give the Robots Free Rein Just YetPartner, Digital Technology & Operations and Finance & Risk Practice at Oliver Wyman Principal, Finance and Risk Practice for Oliver Wyman Principal, Finance & Risk and Data, Technology & Analytics Practice at Oliver Wyman
Before giving artificial intelligence and machine learning free rein, financial firms must ensure that the decisions these programs make do not result in new risks and expensive regulatory breaches.
The risk and compliance standards put in place after the financial crisis are not going away. But what if financial institutions could turn the situation into a competitive advantage?
Some firms are beginning to recognize the possibilities and are working toward them. From increasing efficiency to lowering operating costs, digitizing risk and compliance functions makes sense on many levels. In the past three years, several financial institutions in Europe, North America and Asia have begun to use new digital technologies — including application programming interfaces, digital analytics, machine learning, robotic process automation and artificial intelligence.
Given the obvious upside of this new regulatory technology, known as regtech, many financial institutions are embarking on ambitious, yet vital, risk digitization programs.
Yet, as seen in many high-profile cases of machine learning bias, AI is not foolproof. In some instances, technology solutions fail to catch issues that would almost certainly have been spotted by an experienced risk manager or compliance professional. In others, the risks of automation outweigh the benefits.
As a result, for the next three to five years, financial institutions must approach the digitization of risk and compliance with a healthy dose of human supervision, governance and monitoring to ensure that automation is still within the perimeters of auditability and traceability. In short, digitization must not become a new emerging risk in itself.
Within risk and compliance functions, there are many obvious, less risky areas to automate. Yet, on the flipside, the consequences of mistakes can be severe, ranging from steep fines and regulatory scrutiny to customer attrition and reputational damages. To avoid these risks, companies should take the following three steps:
Soon, machines will be able to perform most of financial institutions’ risk and control assessment tasks just as well as humans — if not better. One such area is automated alerts for process failures, which can be remediated by using combinations of robotic process automation and advanced data analytics techniques. But we are still a long way off from allowing machines to make important strategic decisions on the impact of such control failures.
Digitizing risk does not mean displacing humans with robots and advanced analytics, but rather adapting to new skills and ways of working.
For now, human oversight and decision-making are still crucial, including the correlation to any regulatory noncompliance. For example, machine-executable risk algorithms are not yet smart enough to perform a complete risk assessment of trades booked by an investment financial institution against all applicable regulations and then determine if such trades are in line with the regulatory obligations.
Capabilities such as this require multidisciplinary data science and algorithmic reasoning skills, which are still scarce. As a result, algorithms could miss or overlook a few key hints or alerts that might account for less than 1% of the overall population, but could lead to serious consequences. Human experience is still essential to make these types of judgment calls.
Eliminating Algorithm Biases
AI has the ability to learn from vast amounts of unstructured complex data and translate them into actionable insights. However, from flawed facial recognition to gender-skewed credit and insurance underwriting, there are plenty of high-profile cases of algorithm biases that make us feel uncomfortable about machine learning within risk management.
Technology can greatly reduce the time required by manual processes from weeks to hours, but digitization also comes at a price. For example, when onboarding new customers, digital financial institutions can detect patterns using digital identity-verification and pixel-matching technologies for facial recognition. This helps to clarify and authenticate the identity of applicants in real time.
The problem lies in predicting a new customer’s authenticity by using the potential biases formed from previous customers’ demographics and then making decisions when the provided information is not conclusive. Worst case, this can lead to significant financial-inclusion issues.
Management often struggles to keep pace with the onslaught of regulatory changes. Downloading and digesting thousands of new rules is a major drain on time and resources. Regtech advancements in the form of machine-readable regulations are now able to speed up and simplify assimilating new legislations, drastically reducing the time taken to do manual reviews and assessments. By collecting, cleaning up and parsing data, these tools can crunch huge data sets into succinct bullet points.
Undoubtedly, the potential for model-driven, machine-readable, and executable regulation will deliver significant efficiencies. But, these technologies still rely on identifying patterns, and because most of the regulations are principles-based, it is often difficult to develop practical data use cases for automation. Also, pattern recognitions could “blindside” financial institutions to specific risks and provide a false sense of comfort.
New regulatory technologies are a much welcome development to update outdated compliance processes and increase efficiency. As more tasks are automated, risk and compliance roles and jobs will also evolve. Digitizing risk does not mean displacing humans with robots and advanced analytics. It is about adapting to new skills and ways of working. This will only work if financial institutions have viable modern learning programs for the challenges of tomorrow’s workplace. Regulatory technologies will have a major impact on the way risk teams collaborate both internally and with the external ecosystem.
The article originally appeared in Global Risk Regulator.