A CRO on the Human-AI Balance

Risk professional jobs will be saved - or less jeopardized - by the superiority of humans over artificial intelligence and machine learning in dealing with behavioral matters, according to State Street Corp. executive vice president and chief risk officer Andrew Kuritzkes.

An example of a risk issue with a vital behavioral component is Brexit. Another is the question of whether a future drop in housing prices could lead to a recession, as happened in 2008.

However, Kuritzkes predicted a long-term decline in risk management jobs as AI tackles such complicated tasks as analyzing huge customer and transaction data sets, while robotics take over repetitive and mundane risk reporting, monitoring and administrative processes.

“Using automation and robotics for routine administrative tasks will make them less manually intensive and drive costs down. The implication is fewer people will be needed,” explained Kuritzkes, who participated in a panel discussion at the Institute of International Finance Washington Policy Summit on April 11.

He predicted that in five or 10 years, risk departments will be smaller and more efficient. The risk managers of the future, equipped with big data and other technology, will be better than ever at addressing issues ranging from credit scoring to fraud detection to intra‐day liquidity.

CEO on Capitol Hill

One day before the IIF event, State Street Corp. president and CEO Ronald O'Hanley was one of several systemically‐important‐bank chief executives to testify at the House Financial Services Committee's “Holding Megabanks Accountable” hearing.

“Ten years after the crisis, State Street is stronger and more resilient and, I believe, more nimble and responsive to emerging and new risks,” O'Hanley asserted. He acknowledged, in a section of his testimony on risk management, that “instances that led to enforcement actions and financial settlements with the government and clients” required a strengthening of “related risk and compliance controls. I am committed to continuing to ensure that we have learned from their causes and to advancing a culture of trust and accountability at State Street. We enforce strict policies against employee misconduct.”

O'Hanley also pointed to “numerous initiatives intended to strengthen our corporate culture, most recently through our Risk Excellence initiative aimed at elevating the importance of risk and compliance excellence across our organization. This includes a programmatic education of our workforce, 'Speak Up' training to encourage and facilitate all employees' reporting of issues, and risk excellence criteria for all employees' performance evaluations, compensation decisions, and executive promotions.”

He added: “The crisis revealed weakness in the risk management functions of many banks, which were often siloed and uncoordinated. We have strengthened our top‐down risk management systems at State Street so that we have better transparency around enterprise-wide risks. We now have stronger, independent control functions and higher‐quality risk analytics.”

O'Hanley became CEO in January 2019. CRO Kuritzkes, who is a member of the GARP board of trustees, joined Boston‐based State Street in 2010 after leading Oliver Wyman's North America public policy practice.

Technologies as Tools

Given the importance and ubiquity of data in financial services, everyone is going to have to become a risk manager, said Scotiabank CRO Daniel Moore, another member of the “Key Strategic Trends” panel at the IIF.

Kevin Greenfield, director of bank information technology for the Office of the Comptroller of the Currency (OCC), said technologies need to be viewed as tools, not ways to make risk decisions automatic.

On partnerships that established banks are forming with fintech start‐ups, Greenfield said that the banks should employ the same level of due diligence that they do in legacy business operations. If a new product fails to deliver or results in a breach, customers are not going to look to see if the bank or the fintech is at fault.

The OCC wants to be supportive of innovation, he said, but also make sure sound risk management practices are in place.

Third Parties and Beyond

On a panel covering cyber risk and operational resilience, the OCC's Beth Dugan, deputy comptroller for operational risk, said vendor management is important and even extends to indirect relationships with a given firm.

“The guy who is your vendor's vendor,” interjected Jason Harrell, executive director, technology risk management, and head of business and government cybersecurity partnerships, Depository Trust & Clearing Corp.

One risk of new technology, he cautioned, is that bad actors can find ways to create havoc as soon as it is introduced.

Deborah Eng, executive director, global cyber partnerships and government strategy group, JPMorgan Chase & Co., said that a “weakest link” can be found anywhere in a value chain.

She added that the cooperation that has become essential for threat intelligence has progressed to “Information Sharing 2.0”: “not so much information sharing, but operational coordination.”

Eng had advice on risk management and the cloud: “Crown jewel” data can be kept in-house to limit the third-party exposure. Data could also be split among more than one cloud service provider.