Risk Management Meets AI
Given the increasing risks and regulations faced by enterprises today, AI will be vital for dealing with this complex environment.
- By Brian J. Dooley
- August 11, 2017
Given the intricate risk environment enterprises face, it's no wonder why the idea of automatically handling risk with artificial intelligence (AI) is increasingly popular. Although today's AI applications tend to be limited to special use cases (such as fraud analysis, customer credit analysis, compliance analysis, market analysis, and other low-hanging fruit), new developments and increased integration with other analytics techniques will yield important new risk management approaches.
Growing Global Risk
Risk is growing rapidly in all areas due to many factors, including globalization, digitization, increasing security threats, cross-border regulatory issues, and big data. Risk reaches into every area of business and includes business and market risk, operational risk, financial risk, and compliance issues. Although there is a move to centralize risk management in enterprise governance, risk, and compliance (GRC) platforms, each area retains unique characteristics and tends to be treated separately.
As risks continue to grow, companies need to cope effectively without hiring armies of analysts or interfering with business operations. Analytics has long been applied to calculate and mitigate risk, and big data has been used more recently to handle threats from growing data stores. However, a new wave of innovation in risk management is coming thanks to AI, which enhances understanding of unstructured data, and combining approaches will provide a more flexible automated analytics approach.
A study this year by the Global Association of Risk Professionals (GARP) shows that 67 percent of risk managers responding view AI as a foundational change within their profession.
Examples of Risk-Focused AI
Most specialized AI-driven applications are focused on areas in which AI can be used to sift through large volumes of data and find particular instances of behavior. GRC solutions can help companies meet complex regulatory and corporate policy requirements in large enterprise settings by monitoring activities (such as social media postings or data transfer) and matching them to risky behavior patterns. It can also aid internal audits by reviewing items such as expense reports and cross-checking them with social media. In financial services, AI is already proving useful in monitoring potential money-laundering activities, investigating financial crimes, managing liquidity risk, and analyzing regulatory changes.
Social media has placed additional demands on risk analysis due to the wide risk exposure comments from individuals can create. The need for instant remediation demands either an army of analysts or a competent AI. Analysis of social media demands a multi-level approach to understand language and determine whether regulations might have been breached or other threats such as potential security threats might exist. Some AI solutions currently available can delete comments, postings, or dangerous tweets before problems can occur.
These specialized solutions focus upon fairly specific problems and are likely to require constant monitoring as regulations change and social media usage evolves. Greater capabilities will emerge as risk analysis brings together more complex and better integrated approaches.
The application of AI to risk analysis is being pushed from a number of directions. Threats to business are multiplying in every sector and current solutions are pressed to the limit. Regulation is complex, global, and pervasive. Meanwhile, continual growth of social media provides an ever-increasing array of new threats. The Internet of Things is opening new realms of possible exposure, and growing use of sensors adds to the information feed, providing both data and exposure in every risk category.
Centralization and integrated GRC policies are needed to handle combined threats that could involve multiple strategies related to compliance issues, financial threats, and security. AI will be vital as an aid to analysts in focusing on this increasingly complex environment. Taking the analysts out of the loop is not likely to occur anytime soon, but making their job easier will be highly beneficial -- particularly as threats begin to incorporate AI approaches and attacks based on data volume move beyond denial-of-service.
It is certain that both risk and data will continue to grow in complexity, volume, and magnitude. Machine learning appears, superficially, as a credible remedy. However, each AI algorithm is still only capable of handling one thing at a time. New applications and better integration will yield more complex and useful systems, but at the moment we are in the early stages of understanding how AI might be useful.
Of course, as AI becomes pervasive, new categories of risk will emerge based on AI characteristics and autonomy -- but that's another story!
Brian J. Dooley is an author, analyst, and journalist with more than 30 years' experience in analyzing and writing about trends in IT. He has written six books, numerous user manuals, hundreds of reports, and more than 1,000 magazine features. You can contact the author at firstname.lastname@example.org.