Security & Risk

Moving into the future of compliance

Financial services companies are increasingly using AI to predict and manage risk

finance analytics
  • Financial services firms struggle to keep up with new and increasingly complex government regulations
  • New predictive analytics tools can generate more accurate critical risk models and forecasts
  • Similar analytics tools can help companies detect fraud

It started with the 2008 financial crisis, when risky lending and reckless trading brought the global economy to the brink of collapse. Then came a decade of escalating corporate data breaches and new forms of digital fraud.

The end result? An array of new government regulations aimed at mitigating different forms of risk—from Dodd-Frank requirements for financial institutions to new data and privacy controls, both in Europe (with the General Data Protection Regulation) and in the U.S. (with the California Consumer Privacy Act).

Failure to comply with government regulations has cost U.S. financial services companies $321 billion since 2010, according to Boston Consulting Group. As a result, they’re expected to spend 10% of their revenue on compliance by 2022—more than double what they’re paying today.

Emerging tech such as robotic process automation (RPA), can replace manual workflows and ease some of the pain and cost of compliance requirements. However, this is a piecemeal solution to an increasingly complex problem.

Many companies are choosing to invest in predictive analytics as part of their compliance strategy. The data models and forecasts they generate can more accurately and efficiently identify risks, monitor customer and employee behavior, and fulfill regulatory responsibilities.

“Today, most prediction is based on very simplistic algorithms,” says Dilip Krishna, managing director of regulatory and operational risk for Deloitte. “With advanced analytics, you can move on to better and more accurate predictions.”

With predictive analytics, you can tie historic and current data together to see inherent risks, and jump on them earlier.

Passing financial stress tests

In the aftermath of the Great Recession, the U.S. Congress instituted two mandatory “stress tests” to ensure stability in the financial sector. Banks and other financial institutions with more than $10 billion in holdings had to pass such a test once a year. Those with more than $50 billion had to do it twice per year, as well as complete a more rigorous Comprehensive Capital Analysis and Review (CCAR). In October 2019, Congress amended these regulations to raise asset thresholds.

Under bank supervisory oversight, the tests require banks to forecast how well prepared they are to weather different risk scenarios, such as a housing market crash or economic slowdown.

Scenario risk analysis is an ideal use case for predictive analytics, says Amy Matsuo, national leader for regulatory insights at KPMG. “We’re seeing a lot of tech development in areas like modeling for geopolitical risk and economic indicators,” she says. “With predictive analytics, you can tie historic and current data together to see changing inherent risks, and jump on them earlier.”

Citigroup is aiming to do just that. Meeting its CCAR regulations (which requires analyzing how 2,600 economic variables will impact each of its business units) has typically required several hundred employees working nine months out of the year. The company failed the test at least twice before 2017, according to a case study by AI software firm Symphony AyasdiAI.

By implementing new predictive modeling tools, Citigroup has since shrunk its CCAR process from nine months to three, and reduced the support team to fewer than 100 employees—all without failing a test.

Citigroup is not alone. “We’re seeing a significant shift toward technology to solve for the increasing regulatory requirements in financial services,” says Lauren Robbins, vice president and general manager for financial services at ServiceNow. “As a digital workflow platform, we are partnering with our customers to accelerate that journey by providing repeatable regulatory processes, real-time compliance visibility, continuous monitoring for risks, and an automated audit trail to provide compliance to regulators.”

Scams get smarter

As consumers conduct more financial transactions across more digital channels and devices, scam artists are getting more creative about using technology to defraud banks, creditors, and insurers.

Financial institutions bear the burden of policing fraud. Failure to meet anti-money laundering (AML) regulations, for example, comes with a steep price. In the first quarter of 2019, regulators handed out $7.7 billion in AML fines, according to research from Comply Advantage.

Why is it so hard to thwart scam artists? In part because they push current compliance tools and processes beyond their limits. Because many fraud-prevention applications still rely on rule-based algorithms, any activity that falls outside the rules triggers a Suspicious Activity Report (SAR), which must be investigated manually.

200

Number of regulatory revisions that financial services companies handle per day

That creates more headaches for compliance teams, because the process generates many false positives, says Krishna. “Somebody’s got to track these things down to see if that’s really a terrorist or a money launderer behind it,” he says.

Traditional fraud detection algorithms also spell trouble for legitimate customers, leading to credit refusal, loan and insurance claim denials, and frozen assets.

Predictive analytics takes a different tack. Rather than examining transactions according to fixed rules (which fraudsters can learn to circumvent), the application detects suspicious anomalies in both structured data (bank transfers, credit charges) and unstructured data (social media, geographic patterns). Using deep learning techniques, the software soon “learns” to distinguish actual fraud from false positives.

This approach is already paying dividends. To fight 1,200 false positives per day, Copenhagen-based Danske Bank modernized its fraud-detection software, according to a case study by AI software vendor Teradata. Within one year the bank measured a 60% reduction in misidentified, legitimate transactions and a 50% improvement in real fraud detection.

Fraudsters aren’t the only threat compliance programs need to account for. Employee fraud is currently the biggest threat facing financial institutions, according to a recent Association of Certified Fraud Examiners report. Last year, banks saw the highest number of employee fraud cases out of the two dozen industries examined by ACFE.

That’s a realm of compliance where predictive analytics and AI are taking aim next. Emerging applications can analyze reams of employee communication data and other information to identify when workers are circumventing compliance rules.

Could companies eventually use AI to replicate what human compliance officers do? “We haven’t seen anything close to that deployment yet,” says Matsuo. “But the technology is out there, and being adopted with increasing speed.” For financial services companies that must deal with as many as 200 regulatory revisions per day, it’s a good bet they’ll take a close look when the time comes.