Data Driven Risk Management is Critical to Survive and Thrive By Praful Mainker

The Financial Services industry's increasing intricacy, combined with recent adverse events, has heightened regulatory scrutiny on banks. This is further compounded by liquidity challenges, creating a landscape of unprecedented risk management demands.

To navigate this new terrain, a robust Enterprise Risk Management (ERM) Program is essential. Such a program should integrate both proprietary and public data sources, encompassing loans, accounts, complaints, risk assessments, census tracts, and even social media feeds. By harnessing this array of data, a Data-Driven Risk Management Program can be crafted to effectively counter emerging risks.

Data-Driven Risk Management is critical, and the concept is being embraced across the banking sector due to its evident advantages. However, its implementation remains a formidable challenge for banks of all sizes, marked by diverse strategies. The concept of "Actionable Intelligence" is central, allowing risk managers to easily identify and mitigate underlying risks. However, several hurdles obstruct this:

  • Data Silos, Quality and Accuracy: Ensuring the accuracy, completeness, and consistency of data is a fundamental challenge. Inaccurate data can lead to faulty decisions, regulatory compliance issues, and operational inefficiencies. Data aging and archiving is also often a problem. Banks often have multiple systems and departments that generate and store data independently. This can result in data silos, making it difficult to gain a holistic view of customer relationships, risks, and business performance. Furthermore, ensuring the accuracy, relevance, and legality of external data from vendors or FinTechs can be challenging.
  • Many risk managers lack the experience to articulate precise analytics needs, particularly compliance teams relying on anecdotal information from the business.
  • Dependency on reports and analytics from the First Line of Defense (1LOD) compromises the independence intended by the three lines of defense model.
  • Traditional volume-focused reports from First Line of Defense often lack the potential to generate actionable intelligence.
  • The strength of risk management lies in detecting emerging patterns rather than just rules-based reports.
  • Swift regulatory changes, like the 2021 CARES Act, often demand deployment speed beyond organizational capabilities.
  • Advanced analytics techniques like Artificial Intelligence (AI) and Natural Language Processing (NLP) are underutilized by risk management, hampering their effectiveness in creating regulatory-ready artifacts.

An effective Data-Driven Risk Management program hinges on closely aligning with risk assessments, prioritizing high residual risk areas while staying vigilant for emerging risks. The significance extends beyond data alone; the underlying policies and procedures must be designed to optimize the application of analytics. Moreover, effective Data Management Programs produce artifacts connecting seemingly unrelated data sources, empowering risk managers to make immediate and specific connections. For instance, combining loan application denials from minority-populated census tracts with complaints. The integration of AI and NLP enhances pattern recognition. Artifacts should be user-friendly and effortlessly facilitate the creation of monitoring artifacts, potentially including an integrated "issue summary" feature.

Success in a Data-Driven Risk Management Program necessitates agility through automated artifact development and deployment processes. The "Tyranny of Training an Algorithm" underscores the challenges in AI and NLP adoption. Banks, particularly larger ones, allocate substantial resources to AI DevOps teams. However, many are still trapped in the "Supervised Learning" paradigm, training algorithms on historical data. This approach falters in rapidly changing scenarios, such as the rushed implementation of the CARES Act in 2021.

Addressing this challenge requires an "Open Visualization" or "Unsupervised Learning" approach, focused on inherent data patterns. This approach bridges structured data (e.g., loans) with unstructured data (e.g., customer feedback). Unsupervised Learning treats patterns as emerging until recognized and automated for recurring production. It is more interactive and cost-effective compared to Supervised Learning, while also being easily explainable.

Let me provide an example - news of regulatory actions has become commonplace in the banking industry, and risk and compliance teams must quickly ascertain if their firm also has a similar exposure. In these situations, there is no reliably labeled historical data to train an algorithm. One of the solutions that I put forward was recently patented, and involved specific application of NLP for complaints. In cases where we may have a way to conceptualize a fixed pattern, such as a complaint related to discrimination in the refund of Good Faith Funds (GFF) in the Mortgage application process, it is possible to complement an Unsupervised Learning process by introducing a known pattern, like a discrimination-related complaint. Such an example could be a real complaint that we are aware of or could be synthetically created based on what is known about the “other bank’s problem.” Similar mechanisms can be applied to situations involving structured data, such as transactions. In each case, a synthetic or representative example is introduced in the Unsupervised Learning process, functions as a “trap” and attracts other artifacts which are similar. This results in an incredibly efficient and cost-effective way to answer the commonly asked question “Do I have the same problem as the other bank in the news?”. This is just one example of how to use data and AI tools to enhance risk management and compliance.

In conclusion, banks must harness data for effective risk management, recognizing that traditional methods might fall short. Data-driven risk management also contributes to improved governance by providing a transparent and auditable process for risk assessment and mitigation. These practices align with regulatory expectations for robust risk management practices and will ultimately become standards for the industry. The success of risk and compliance depends on an effective Data Management Program, securing not just their success but the stability of the entire banking ecosystem.

This presentation is being furnished on a confidential basis to provide preliminary summary information. The information, tools and material (collectively, information) contained herein is not directed to or intended for distribution or use by any person or entity who is a citizen or resident of or located in any jurisdiction where such distribution, publication, availability or use would be contrary to law or regulation or which would subject Endurance Advisory Partners, LLC, to any registration or licensing requirement within such jurisdiction.

The information presented herein is provided for informational purposes only and is not to be used or considered as an offer to sell, or buy securities or other financial instruments, or any advice or recommendation with respect to such securities or other financial instruments. The information may not be reproduced in whole or in part or otherwise made available without the prior written consent of Endurance Advisory Partners, LLC. Information and opinions presented have been obtained or derived from sources believed to be reliable, but Endurance Advisory Partners, LLC makes no representation as to their accuracy or completeness. Endurance Advisory Partners, LLC, accepts no liability for any loss arising from the use of the information contained herein.

This information is subject to periodic update and revision. Materials should only be considered current as of the date of the initial publication, without regard to the date on which you may access the information. Endurance Advisory Partners, LLC, maintains the right to delete or modify the information without prior notice.

Under no circumstances and under no theory of law, tort, contract, strict liability or otherwise, shall Endurance Advisory Partners, LLC be liable to anyone for any damages resulting from access or use of, or inability to access or use, this information regardless of whether they are dire, indirect, special, incidental, or consequential damages of any character, including damages for trading losses or lost profits, or for any claim or demand by any third party, even if Endurance Advisory Partners, LLC knew or had reason to know of the possibility of such damages, claim or demand.