CRO Outlook

Pandemic Challenges: How AI Will Change Risk and Compliance

Many companies now use data on risk assessments, loss events, regulations and industry standards to comply with regulatory requirements. But they're not getting enough bang for their buck, and could turn to artificial intelligence-driven predictive analytics to improve forecasting, enhance decision support and gain a better understanding of the ties that bind losses, control failures and reputational events.

Friday, October 16, 2020

By Brenda Boultwood


Technology in risk and compliance has, to date, yielded limited success, even after many millions of dollars in investments. But, as more financial institutions adopt artificial intelligence (AI), risk and compliance ROI could change dramatically. Indeed, AI-fueled prescriptive analytics should provide enlightening insights about risk assessments, loss events, audit findings and regulations, ultimately leading to improved decision-making and better operational resilience.

Today, automation in risk and compliance is inching forward, but still lags behind other areas from a technology perspective. Automated workflow applications have replaced some manual processes. Moreover, some risk and compliance data is now being storied in databases, rather than spreadsheets.

Brenda Boultwood headshot
Brenda Boultwood

However, while the accuracy, timeliness and completeness of risk data has arguable improved, and while we have seen some advancements in reporting, the compliance and risk functions still mainly operate as a “Wizard of Oz” behind the green curtain.

In the banking industry, risk and compliance staffing levels have either remained the same or grown linearly, in alignment with the size of a company and the scale of its operation.

In other industries, AI-powered predictive analytics have allowed companies to model outcomes to make better decisions, particularly in the analysis of stocks and flows. When will call volumes, for example, be highest? When should we replenish inventories? Which styles sell best online?

AI combines internal and external data with algorithms - mathematical instructions that provide step-by-step procedure for calculations. Procedures for AI can either be prescribed or machine learned.

Today, many organizations have data on risk assessments, loss events, issues, regulations and industry standards to meet regulatory requirements. AI-powered predictive analytics will convert this data into meaningful decision support, enhancing organizational agility and resilience.

The data can be either structured or unstructured, internal or external. Unstructured data comes from free text or natural language, while external data may be extracted from real-time social media feeds and/or changing regulations, laws and industry standards. Internal data, meanwhile, may be derived from crowdsourced employee-survey responses, customer complaints, audit findings, voice responses and control test results.

Explaining AI

AI-driven predictive analytics can be broken into four categories: classification, sorting, forecasting and comparisons.

Categories of AI-Driven Predictive Algorithms
Categories of AI-Driven Predictive Algorithms

Classification is obvious when using yes/no response data, but can also be applied when key phrases in unstructured data have the same meaning. Through classification, we can answer questions about whether sentiment is positive or negative and whether a compliance rule is an explanation, guidance or a requirement.

Clustering models sort your data into separate groups based on similar attributes. If supervised, the machine sorts based on decision rules created by humans. Data is sorted in the same way humans would sort it, but with greater consistency and a lot faster.

In an unsupervised learning approach, a clustering model works on its own and learns to sort data. This approach allows a machine to recognize patterns, or cluster data in ways humans may not think to do, resulting in potentially unique insights.

Clustering allows us to understand which issues across the company are the same, and whether these issues are the same as the key risks we have already identified. Similarly, we can understand if customers are complaining on Twitter and Facebook about the same things.

Forecasting is enhanced through AI when we use either historical trend data or contemporaneous internal and external data to help us predict outcomes - even when data sets appear diverse and unstructured. We can, for example, apply algorithms to understand whether a repeated control failure will lead to a loss or reputational damage. Similarly, internal and external data can be combined to determine if an audit or regulatory exam will lead to moderate or severe findings.

Lastly, AI comparisons allow us to understand if financial statements are semantically the same, even when they seem very different. Firms can use AI to convert unstructured natural language or free text into mathematical equivalents, and then either rate the goodness of fit or rank the level of similarity - much like Google's presentation of search results.

Predictive algorithms, moreover, allow us to understand where regulations overlap with legislation and industry standards - as well as whether statements in our policies and procedures are well-aligned with regulatory and legal requirements.

Parting Thoughts

Undoubtedly, many firms would like to better understand the degree of overlap between their loss events, incidents, cases, customer complaints, audit findings and issues.

It's therefore time to rethink how we work in risk and compliance. Today, many organizations use data on risk assessments, loss events, issues, regulations and industry standards to meet regulatory requirements. AI-powered predictive analytics will convert this data into meaningful decision support, enhancing organizational agility and resilience.

In an upcoming column, we'll examine some risk and compliance applications, or use cases, of these ideas.


Brenda Boultwood is an independent risk management consultant and company advisor. She is the former senior vice president and chief risk officer at Constellation Energy, and has served as a board member at both the Committee of Chief Risk Officers (CCRO) and GARP. Previously, she was a senior vice president of industry solutions at MetricStream, where she was responsible for a portfolio of key industry verticals, including energy and utilities, federal agencies, strategic banking and financial services. Before that, she worked in a number of risk management, business roles and as the global head of strategy, Alternative Investment Services, at JPMorgan Chase, where she developed the strategy for the company's hedge fund services, private equity fund services, leveraged loan services and global derivative services. She currently serves on the board of directors at the Anne Arundel Workforce Development Corporation.


We are a not-for-profit organization and the leading globally recognized membership association for risk managers.

weChat QR code.
red QR code.

BylawsCode of ConductPrivacy NoticeTerms of Use © 2024 Global Association of Risk Professionals