How generative AI can help banking and financial institutions manage risk and regulatory compliance

We introduced ECO Chat at the Big Data & AI exhibition in London last week, where we frequently talk with banking and financial institutions, traditionally reluctant to major technological changes unless they have been previously tested and passed certain security tests. This has not been the case with Generative AI. I am not the only one who believes that in the next five years, Generative AI will radically change risk management in financial institutions by automating, accelerating, and improving everything from compliance to climate risk control.

Although based on models, Generative AI has revolutionized cognitive experience and how we interact with machines, systems, and data. Generative AI will become the catalyst for the next wave of productivity increases in all sectors, including financial services. We can discuss whether our productivity will increase by an order of magnitude of 10 or 100, but it will happen.

From model analysis to automation of manual tasks and large-scale summarization of unstructured content to access knowledge, making data "speak" in the form of virtual assistants or chatbots for employees or customers and consumers, the technology is revolutionizing the way many organizations, companies of all sizes and corporations operate. Of course, banking institutions are not immune to this and Generative AI will affect the way they manage risks and comply with applicable regulations.

We have all used external models, from ChatGPT to Gemini, Aya from Cohere, or our own free and open LLM ECO, and we are aware that we cannot share data outside our organizations. Therefore, it is imperative that legal departments and risk and compliance departments of all organizations impose limits on the use, personal or otherwise, of generic AI within an organization.

However, we know that this technology can help us be more efficient in our work. In this article, I would like to discuss how banking and financial entities can create flexible and powerful policies to use artificial intelligence in risk management and compliance, identifying some points that those responsible must consider.

How to make the most of the promise of generative AI

Next-generation AI has the potential to revolutionize the way banks and financial institutions manage risk and many other areas over the next three to five years. Generative AI undoubtedly allows the functions performed by many departments to move away from ordinary, traditional activities to be associated with other lines of business, such as strategic risk prevention, for example. Generative AI can thus provide deep controls from the very beginning of the customer relationship. This, in turn, frees risk professionals to advise companies on new product development and strategic business decisions, enables exploration of emerging risk trends and scenarios, strengthens resilience, and improves risk and control processes proactively.

The advances brought by GenIA in the banking and finance sector are going to lead to the creation of AI-driven Risk Intelligence Centers that will service what in banking is referred to as "lines of defense" (LOD):

• business and operations,
• compliance and risk functions,
• audits.

A center of this type will provide automated reports, improve risk transparency, increase efficiency in risk-related decision-making, and partially automate the drafting and updating of policies and procedures to reflect new regulatory requirements. This AI-powered Risk Intelligence Center will act as a reliable and efficient source of information, enabling risk managers to make informed decisions quickly and accurately.

For instance, Pangeanic has developed an AI-based generative virtual assistant specializing in taxation, offering customized answers based on the information and documents owned by individual clients, firms, or practices. Many banking and financial institutions could develop similar tools or utilize ECO Chat to analyze transactions with other entities, potential red flags, customized market news reports, asset prices, and so on, to make better risk decisions or more informed decisions. These virtual experts can also collect data and assess climate risk evaluations to answer queries from counterparts.

Finally, generic IA can facilitate better coordination between the organization's first and second "line of defense" while maintaining the governance structure in all three. Improved coordination allows for better oversight and control mechanisms, thereby strengthening the organization's risk management framework.

Emerging applications of Generative AI in Risk and Compliance

Among the many promising applications of Generative AI for financial institutions, banks are exploring a set of candidates for a first wave of adoption: regulatory compliance, financial crime, credit risk, data modeling and analysis, cybersecurity risk, and climate risk. In general, we see applications of Generative AI through three archetypes of use cases in risk and compliance functions.

1. Fraud and Anomalous Activity Detection - Generative AI models can analyze large volumes of transactions in real time to identify patterns that indicate fraud, money laundering, or other illegal activity. By learning from historical data, these systems can adapt to new fraud techniques.

2. Automated Regulatory Compliance: In highly regulated sectors, such as finance and healthcare, generative AI can automate the collection and analysis of data required by regulations. This includes generating compliance reports, monitoring communications to avoid market manipulation, and identifying conflicts of interest.

Risk Simulations: Generative models can create realistic risk scenarios and simulations to assess an organization's resilience to adverse events. This is particularly useful for financial risk management, cybersecurity, and business continuity planning.

4. Credit Risk Assessment: In the financial sector, generative AI can improve the accuracy of credit risk models by generating risk profiles based on a wide range of financial and non-financial data, enabling better differentiation between credit applicants.

5. Compliance Training and Awareness: By creating customized educational content and interactive learning scenarios, generative AI can enhance compliance training programs, making them more relevant and engaging for employees.

6. Business Ethics Monitoring: Generative AI models can internally analyze communications and behaviors to identify potential risks related to business ethics, such as harassment, discrimination, or violation of internal policies.

7. Information and Documentation Management: Generative AI can automate the creation, classification, and maintenance of documents required for regulatory compliance, ensuring that documentation is up-to-date, complete, and easily retrievable during audits.

8. Regulatory compliance. Companies are using generative AI as a virtual regulatory and policy expert by training it to answer questions about regulations, company policies and guidelines. The technology can also compare policies, regulations and operating procedures. As a code accelerator, it can check code for misalignment and compliance gaps and automate regulatory compliance checking, providing alerts for potential violations.

9. Financial crime. Generative AI can generate suspicious activity reports based on customer and transaction information. It can also automate the creation and updating of customer risk ratings based on changes in know-your-customer attributes. By generating and enhancing code to detect suspicious activity and analyze transactions, the technology can improve transaction monitoring.

10. Credit risk. Generative AI can summarize customer information (e.g., transactions with other banks) to inform credit decisions, which helps speed up the end-to-end bank credit process. After a credit decision, it can draft the credit memo and contract. Financial institutions are using the technology to generate credit risk reports and extract customer information from credit memos and contracts. Generative AI can generate code to obtain and analyze credit risk data, providing insight into customer risk profiles and generating default and loss probability estimates through modeling.

11. Data modeling and analysis. Generative AI can accelerate the migration of legacy programming languages, such as moving from SAS and COBOL to Python. It can also automate model performance tracking and generate alerts if key performance indicators fall outside tolerance ranges. Companies are also using generative AI to write model validation documentation and reports.

12. Cyber risk. By testing for cybersecurity vulnerabilities, generative AI can use natural language to generate code for detection rules and accelerate the development of secure code. It can also be useful in "red teams" (simulating adversarial strategies and testing attack scenarios). The technology can also serve as a virtual expert for security data research. It can make risk detection smarter by accelerating and aggregating security insights and trends from events and behavioral anomalies.

13. Weather risk. Generative AI can suggest code snippets, facilitate unit testing, and assist in visualizing physical risk with high-resolution maps. It can also automate data collection for counterparty transition risk assessments and generate early warning signals based on triggering events. As a virtual expert, generative AI can generate automatic reports on climate risk and sustainability topics in sections of annual reports.