IMPACT OF GENERATIVE AI ON ENTERPRISE RISK MANAGEMENT – A STRATEGIC PRIMER FOR BANKING, CAPITAL MARKET, AND INSURANCE FIRMS
Adeniyi Kevin Ogunsua, MBA, MS, PMP, CSM, CISA
Strategically creating and transforming the future with AI and Copilots in accounting & finance, operations, and risk management in the new era of AI at Microsoft
While the world is currently laden with escalating political, economic, social, and technological challenges peppered with considerable risks, and acknowledging we are in a golden age of AI with increasing concerns about the potentials dangers of AI and the need for regulations to protect the public from the risks and ensure safety, security, and privacy are responsibly woven into business and technology products and platforms, we posit the impact of Generative AI on Enterprise Risk Management for Financial Services Institutions (FSI) including banking, capital markets, and insurance firms. This paper strategically helps chief risk officers, senior risk executives, and boards better understand the impact of Generative AI in organizations using an Enterprise Risk Management framework, presents potential associated risks, and advocates practical steps to mitigate and manage the risks.
What is Generative AI?
Generative Artificial Intelligence (Generative AI, GenAI)?is a powerful subset of Artificial Intelligence that can create original or imaginative content in various forms, such as text, images, videos, or other data. Unlike traditional AI models that make predictions based on supervised, unsupervised, or reinforcement learning, Generative AI models learn the patterns and structures of their input training data from large language models (LLM) that are deep neural networks trained on massive amounts of data. These models excel at natural language understanding and generation, enabling them to perform various tasks (translation, summarization, object recognition, categorization, semantic search, and orchestration) across text, speech, image, voice, and other modalities. Leading LLMs used by organizations include OpenAI , LLAMA , Hugging Face , and PaLM . Examples of consumer applications include Chatbots like ChatGPT , Microsoft Copilot , and Google Gemini , image and art generation models like DALL-E , Stable Diffusion , MidJourney and Microsoft Designer , voice generators like ElevenLabs and VALL-E , and video generators like Sora . It is important to note that Generative AI is often used and deployed in collaboration with traditional AI and ML technologies including Predictive AI.
What is Enterprise Risk Management?
Enterprise Risk Management (ERM) is a strategic approach that organizations use to identify, assess, and manage risks across the entire enterprise. It involves systematically understanding and addressing risks that could impact an organization’s ability to achieve its objectives. ERM encompasses various risk categories, including financial, credit, market, operational, liquidity, technology, legal and regulatory, and systemic risks. Let us explore each component of ERM.
These definitions provide a high-level understanding of the various risks that can impact banking, capital market, and insurance companies.
What are the Potential Risks Associated with Generative AI in Banking?
The potential risks associated with Generative AI in various banking functions within the context of deposits, lending, payments, treasury, retail banking, business banking, commercial banking, and trade finance include:
1.?????? Deposits:
o?? Financial Risk:
o?? Operational Risk:
2.?????? Lending:
o?? Credit Risk:
o?? Legal and Regulatory Risk:
3.?????? Payments:
o?? Operational Risk:
4.?????? Treasury:
o?? Liquidity Risk:
5.?????? Retail Banking:
o?? Technology Risk:
6.?????? Business Banking:
o?? Operational Risk:
7.?????? Commercial Banking:
o?? Credit Risk:
8.?????? Trade Finance:
o?? Operational Risk:
Generative AI introduces opportunities for efficiency and innovation, but it also brings risks related to model accuracy, bias, transparency, and regulatory compliance. Leading consulting firms have postulated that banks must carefully manage these risks to fully leverage the benefits of Generative AI and further acknowledged that Generative AI can fundamentally change risk management practices at financial institutions .
What are the Potential Risks Associated with Generative AI in Capital Markets?
Against the preceding and similar backdrops, the potential risks associated with Generative AI in various capital market areas within the context of front office, middle office, back office, and market infrastructure operations for different financial institutions encompass:
1.?????? Front Office:
o?? Risk: Biased Investment Decisions
Mitigation:
2.?????? Middle Office:
o?? Risk: Operational Disruptions
Mitigation:
3.?????? Back Office:
o?? Risk: Settlement Failures
Mitigation:
4.?????? Market Infrastructure Operations:
o?? Risk: Market Manipulation
Mitigation:
5.?????? Risk Management:
o?? Risk: Model Uncertainty
Mitigation:
6.?????? Legal and Regulatory Risk:
o?? Risk: Non-Compliance
Mitigation:
Generative AI offers immense potential but requires careful management to mitigate risks. Financial institutions must strike a balance between innovation and risk control to fully leverage its benefits.
What are the Potential Risks Associated with Generative AI in Insurance?
?Likewise, the potential risks linked with how Generative AI impacts various risk categories within the insurance industry span:
1.?????? Policy Writing:
o?? Financial Risk:
o?? Legal and Regulatory Risk:
2.?????? Underwriting:
o?? Credit Risk:
o?? Operational Risk:
o?? Market Risk:
3.?????? Claims:
o?? Operational Risk:
o?? Legal and Regulatory Risk:
o?? Technical Risk:
4.?????? Investment:
o?? Market Risk:
o?? Legal and Regulatory Risk:
5.?????? Reinsurance:
o?? Financial Risk:
o?? Operational Risk:
6.?????? Expense Ratios:
o?? Operational Risk:
7.?????? Loss Ratios:
o?? Operational Risk:
Generative AI introduces opportunities for efficiency and innovation in insurance operations, but it also brings risks related to model accuracy, bias, transparency, and regulatory compliance. Striking the right balance between innovation and risk control is crucial for successful adoption.
What are the Practical Steps to Mitigate and Manage the Generative AI Risks?
Financial Service Institutions may use the COSO ERM Framework to evaluate risks of Generative AI related to their operations, projects, and initiatives; integrate Generative AI risk management into decision-making processes; enhance Generative AI governance and accountability; and improve overall performance by addressing Generative AI risks proactively.
领英推荐
How can Banking and Insurance Firms Manage Generative AI Risks?
Using the COSO framework , we delve into some practical approaches to apply preventive, detective, and compensating controls to the risks posed by generative AI in banking and insurance companies.
1.?????? Financial Risk:
o?? Impact:
o?? Controls:
2.?????? Credit Risk:
o?? Impact:
o?? Controls:
4.?????? Market Risk:
o?? Impact:
o?? Controls:
Preventive:
Detective:
Early warning systems for abnormal trading patterns.
Compensating:
5.?????? Operational Risk:
o?? Impact:
o?? Controls:
6.?????? Technology Risk:
o?? Impact:
o?? Controls:
Preventive:
Detective:
Compensating:
7.?????? Legal Risk:
o?? Impact:
o?? Controls:
Preventive:
Detective:
Compensating:
8.?????? Liquidity Risk:
o?? Impact:
o?? Controls:
Preventive:
Detective:
Compensating:
9.?????? Systemic Risk:
o?? Impact:
o?? Controls:
Preventive:
Detective:
Compensating:
Additional Strategies
A leading consultancy noted additional strategies to standardize Generative AI operations in an enterprise that may reduce risks .
It is worth noting that a comprehensive risk management approach involves preventive, detective, and compensating controls to effectively manage generative AI risks in banking and insurance. Also controls have to be designed and operated effectively.
How Can Capital Market Firms Manage Generative AI Risks?
Next, keeping with our COSO framework, we explore yet more ways to apply preventive, detective, and compensating controls to the risks posed by generative AI for Capital Markets, including Investment Banking, Asset Management Firms, Wealth Management Firms, Private Equity, and Hedge Funds:
1.?????? Financial Risk:
Impact: Inaccurate risk assessments due to flawed AI models can lead to inadequate capital reserves and mispriced investments. Financial losses due to incorrect risk predictions.
Controls:
2.?????? Credit Risk:
Credit Risk:
Impact: Biased AI models can perpetuate discriminatory lending practices or exclude certain borrowers. Legal and reputational risks.
Controls:
3.?????? Market Risk:
Impact: Generative AI models can introduce volatility due to unexpected behavior or sudden shifts in market conditions if employed. Misaligned trading strategies or investment decisions can occur if Generative AI is used by Hedge Funds to analyze large data sets, predict market movements, assist in asset allocation or stock selection summarize research , or used by Investment Banks to generate investment ideas or craft personalized strategies. Deloitte predicts that the top 14 global investment banks can boost their front-office productivity by as much as 27%–35% by using generative AI.
Controls:
4.?????? Liquidity Risk:
Impact: Generative AI models can introduce liquidity risks by making investment decisions based on synthetic data or artificially generated scenarios. Illiquid assets may be mispriced or overvalued due to inaccurate model outputs.
Controls:
5.?????? Operational Risk:
Impact: AI related fraud or internal process failures can disrupt critical processes (e.g., trade execution, settlement, risk management) if employed without guardrails. Financial losses, reputational damage, and regulatory penalties. Voice, image, and video impersonation facilitated by Generative AI may result in moderate to significant fraud in banking, capital market, and insurance organizations and their customers without appropriate guardrails.
Controls:
6.?????? Technical/Technology Risk:
Impact: AI models may malfunction, leading to incorrect investment decisions or operational disruptions. Cybersecurity threats targeting AI systems.
Controls:
7.?????? Legal Risk:
Impact: Legal challenges related to AI model outputs, data privacy, and compliance. Reputational damage and regulatory fines.
Controls:
8.?????? Regulatory Risk:
Impact: Non-compliance with financial regulations due to AI model behavior. Regulatory fines and reputational damage.
Controls:
9.?????? Systemic Risk:
Impact:
Controls:
Remember, a comprehensive risk management approach involves preventive, detective, and compensating controls to effectively manage generative AI risks in capital markets. Also controls have to be designed and operated effectively.
Call to Action
As you embrace the new realities and prepare for adoption while navigating the turbulent geopolitical and economic terrain in this new era of AI, don’t moderate your digital or innovation strategy for uncertainty’s sake. You may be asking how Generative AI will impact your company and your customers, and what it means for you, strategies to adopt, and what solutions can be enabled responsibly, swiftly, and securely. Microsoft has established a set of principles for responsible AI, which include fairness, reliability and safety, privacy and security, inclusiveness, transparency, and accountability.? Furthermore, Microsoft proposed a five-point blueprint to govern AI while the?NIST released the AI Risk Management Framework (AI RMF 1.0) along with companion NIST AI RMF Playbook. To discuss or learn more about how Microsoft can help you manage and mitigate the impact of Generative AI on your banking, capital market, or insurance operations and navigate with an Enterprise Risk Management lens, please comment or contact me. We shall continue to explore this topic and apply the learnings to federal agencies and other industries in upcoming posts. Stay tuned.
Board Chair | Fin Serv | Int'l | PE | BofA | JPM | Merrill | Bain | HBS
6 个月Well said, Adeniyi
Business Leader | Growth Driver | Author | Career Coach | INSEAD
6 个月Great article Adeniyi Kevin Ogunsua, MBA, MS, PMP, CSM, CISA. Generative AI can also be crucial in SMB cybersecurity by providing advanced capabilities to detect, analyze and respond to potential threats. Putting aside the risks, generative AI offers an outstanding opportunity to change the balance between attackers and defenders, especially for SMBs that lack resources. https://www.weforum.org/agenda/2023/07/generative-ai-small-medium-sized-business/
Power BI | Tableau | Python | Data Science | AI | Machine Learner | Marketing
6 个月Generative AI offers great potential but comes with risks. Financial institutions should use frameworks like COSO ERM and follow responsible AI principles to manage these risks effectively.