Reprinted with permission from Endurance Advisory Partners.
The Financial Services industry’s increasing intricacy, combined with recent adverse events, has heightened regulatory scrutiny on banks. This is further compounded by liquidity challenges, creating a landscape of unprecedented risk management demands.
To navigate this new terrain, a robust Enterprise Risk Management (ERM) Program is essential. Such a program should integrate both proprietary and public data sources, encompassing loans, accounts, complaints, risk assessments, census tracts, and even social media feeds. By harnessing this array of data, a Data-Driven Risk Management Program can be crafted to effectively counter emerging risks.
Data-Driven Risk Management is critical, and the concept is being embraced across the banking sector due to its evident advantages. However, its implementation remains a formidable challenge for banks of all sizes, marked by diverse strategies. The concept of “Actionable Intelligence” is central, allowing risk managers to easily identify and mitigate underlying risks. However, several hurdles obstruct this:
Data Silos, Quality and Accuracy: Ensuring the accuracy, completeness, and consistency of data is a fundamental challenge. Inaccurate data can lead to faulty decisions, regulatory compliance issues, and operational inefficiencies. Data aging and archiving is also often a problem. Banks often have multiple systems and departments that generate and store data independently. This can result in data silos, making it difficult to gain a holistic view of customer relationships, risks, and business performance. Furthermore, ensuring the accuracy, relevance, and legality of external data from vendors or FinTechs can be challenging.
Many risk managers lack the experience to articulate precise analytics needs, particularly compliance teams relying on anecdotal information from the business.
Dependency on reports and analytics from the First Line of Defense (1LOD) compromises the independence intended by the three lines of defense model.
Traditional volume-focused reports from First Line of Defense often lack the potential to generate actionable intelligence.
The strength of risk management lies in detecting emerging patterns rather than just rules-based reports.
Swift regulatory changes, like the 2021 CARES Act, often demand deployment speed beyond organizational capabilities.
Advanced analytics techniques like Artificial Intelligence (AI) and Natural Language Processing (NLP) are underutilized by risk management, hampering their effectiveness in creating regulatory-ready artifacts.
An effective Data-Driven Risk Management program hinges on closely aligning with risk assessments, prioritizing high residual risk areas while staying vigilant for emerging risks. The significance extends beyond data alone; the underlying policies and procedures must be designed to optimize the application of analytics. Moreover, effective Data Management Programs produce artifacts connecting seemingly unrelated data sources, empowering risk managers to make immediate and specific connections. For instance, combining loan application denials from minority-populated census tracts with complaints. The integration of AI and NLP enhances pattern recognition. Artifacts should be user-friendly and effortlessly facilitate the creation of monitoring artifacts, potentially including an integrated “issue summary” feature.
Success in a Data-Driven Risk Management Program necessitates agility through automated artifact development and deployment processes. The “Tyranny of Training an Algorithm” underscores the challenges in AI and NLP adoption. Banks, particularly larger ones, allocate substantial resources to AI DevOps teams. However, many are still trapped in the “Supervised Learning” paradigm, training algorithms on historical data. This approach falters in rapidly changing scenarios, such as the rushed implementation of the CARES Act in 2021.
Addressing this challenge requires an “Open Visualization” or “Unsupervised Learning” approach, focused on inherent data patterns. This approach bridges structured data (e.g., loans) with unstructured data (e.g., customer feedback). Unsupervised Learning treats patterns as emerging until recognized and automated for recurring production. It is more interactive and cost-effective compared to Supervised Learning, while also being easily explainable.
Let me provide an example – news of regulatory actions has become commonplace in the banking industry, and risk and compliance teams must quickly ascertain if their firm also has a similar exposure. In these situations, there is no reliably labeled historical data to train an algorithm. One of the solutions that I put forward was recently patented, and involved specific application of NLP for complaints. In cases where we may have a way to conceptualize a fixed pattern, such as a complaint related to discrimination in the refund of Good Faith Funds (GFF) in the Mortgage application process, it is possible to complement an Unsupervised Learning process by introducing a known pattern, like a discrimination-related complaint. Such an example could be a real complaint that we are aware of or could be synthetically created based on what is known about the “other bank’s problem.” Similar mechanisms can be applied to situations involving structured data, such as transactions. In each case, a synthetic or representative example is introduced in the Unsupervised Learning process, functions as a “trap” and attracts other artifacts which are similar. This results in an incredibly efficient and cost-effective way to answer the commonly asked question “Do I have the same problem as the other bank in the news?”. This is just one example of how to use data and AI tools to enhance risk management and compliance.
In conclusion, banks must harness data for effective risk management, recognizing that traditional methods might fall short. Data-driven risk management also contributes to improved governance by providing a transparent and auditable process for risk assessment and mitigation. These practices align with regulatory expectations for robust risk management practices and will ultimately become standards for the industry. The success of risk and compliance depends on an effective Data Management Program, securing not just their success but the stability of the entire banking ecosystem.
