Technological trends, ranging from the rise of generative AI to the growth of blockchain and digital assets to constantly evolving cyber risks and opportunities, have driven substantial transformation in the financial services industry. But has the role of the risk manager truly changed, or has it just ballooned in terms of day-to-day responsibilities and expectations?
Seventy-two percent of risk managers responding to GARP’s 2024 Risk Careers Survey reported an increase in the scope of their risk responsibilities within the past 12 months. Nearly half of those respondents, moreover, cited “technology, cybersecurity and data privacy” as a top driving factor behind the increase.
Omid Mostavi, VP of Compliance Innovation and Technology, State Street
At the same time, more than half of surveyed risk managers feel they lack the knowledge to effectively anticipate and manage crypto assets, cyberattacks, AI, and other top technology risk drivers of today.
For Omid Mostavi, vice president of compliance innovation and technology at State Street Corporation, the key to closing that knowledge gap lies with the mastery of traditional financial risk. As drivers of risk become more complicated, the old frameworks abide. “Even as technology advances, risk professionals should first and foremost try to ensure they know the basics,” he said.
To learn more about what junior risk professionals should know about tech disruption, we spoke with Mostavi about the adoption of AI in banking, risk modeling, and what he sees as the next top driver of technology risk at banks.
How can financial institutions balance innovation with the risks associated with AI?
A major challenge with using AI in finance arises from the fact that AI and machine-learning are prone to biases, given the potentially existing bias of the data sets on which they’re trained. This risk must be mitigated through strict auditing and regulatory supervision, as well as by implementing stringent model validation practices to ensure such models are as unbiased as possible.
Ultimately, I believe that the adoption of AI in banking needs to take place in a phased approach – starting with implementation in areas of lower levels of risk, before bringing it to higher risk areas.
Beyond AI, what do you see on the horizon as the next prominent topic that should attract the attention of junior-level risk professionals?
Advances in quantum computing seems like the next top technology-related risk factor. With its exponentially faster and superior computing capabilities, quantum computing may be able to break the existing data encryptions currently used in the financial industry, making it relevant to the future of blockchain and cryptocurrency.
Given the commercialization of quantum computing, it may also be more challenging to safekeep our sensitive data and to ensure the integrity of all banking transactions.
How can financial institutions leverage risk modeling to predict and mitigate the risks associated with cutting-edge technology?
Predicting and mitigating technology risks are, in principle, not much different from the risk modeling approach taken in mitigating other types of risk in banking.
You’d start the process by gathering data on historical events of the risks stemming from technological failures, categorized by severity and frequency. Then, you’d need to determine the corresponding risk factors. After taking these steps, you can use predictive analytics and ML techniques to build models to predict and forecast the risks.
While technology is clearly streamlining productivity, it's also changing the value of certain skills. What can junior-level risk professionals do to ensure the relevance of their skill sets?
In the age of AI, any role that is predominantly comprised of repetitious manual tasks, such as data entry, is more prone to becoming obsolete in the coming years. On the other hand, skills such as data analysis and interpretation have a much higher chance of staying relevant and in demand.
Knowing the core ideas and basics of financial risk is the most important thing for risk managers. I recommend taking a certification program, like GARP’s Financial Risk Manager Certification, to comprehensively study the concepts and applications of risk management in banking. After that, I’d highly encourage continuous learning in the fields of machine learning and AI, topics which will surely be prevalent for years to come.