Today’s financial institutions are required to have best-in-class technology, advanced data management capabilities, a superior cyber security setup, and an exceptional risk management program to govern the company. “Survival of the Fittest” has been replaced by “Demise of the Weakest,” with unprepared and underperforming organizations losing business and market share to organizations that properly invest in their data management program, systems architecture, and technology capabilities.

Generative AI services such as ChatGPT have demonstrated the power and potential of Artificial Intelligence. AI shows considerable power to change both how customers interact with and the service they expect from financial institutions. The banking industry stands at the cusp of a significant transformation: institutions that are unable to harness their data management programs, platforms, and architecture to fully realize the potential of AI will be unable to provide optimal service to their customers and will find themselves chasing their peers.

Advancements in AI are outpacing the current capabilities of many organizations. When assessing their institution’s readiness to fully implement and harness to power of AI, leaders must consider factors such as the strength of their technology and data infrastructure, architecture, and their organizational capabilities. More broadly, however, leaders must step back and consider whether their organization is ready to effectively develop, implement, and manage AI models and services; that includes accounting for the future retention and maintenance needs of those services.

Ensuring institutional readiness is a necessary collaboration between the Data organization to build the required capabilities and the Risk organization to predict and ameliorate the challenges. Harnessing the full potential of AI is dependent on the availability and accessibility of large volumes of data, with an increasing focus on unstructured data and external data sources. The continued evolution towards data democratization is a key enabler to realizing the capabilities and benefits that AI can bring to an organization. To enable this transformation, organizations will need to ensure that their data architecture and strategy are aligned to deliver the capabilities, platforms, tools, and processes to allow for ready access, analysis, and consumption of data across the organization.

Data management practices will also require enhancements to ensure the continued availability, quality, and security of an organization’s data assets. Particular focus areas include:

Data Security: The introduction of AI into an organization is often enabled through the usage of cloud platforms and services to enable model development and deployment, leading to increased transit and storage of data outside of the organization.

Data Quality: AI models usually require large datasets for training. Many organizations will look to leverage third-party data to augment their existing datasets which need to be reviewed and evaluated.

Data Privacy: Usage of personally identifiable data within the training and validation process should be reviewed and evaluated to ensure it meets the relevant legal and regulatory requirements as well as the organization’s own policies and standards.

The ability of an AI system to consistently produce reliable, high-quality results has a significant dependency on the data used to train and validate the underlying model. Organizations will need to adapt to the specific challenges that this infers, including:

Increasing reliance on third parties: Increasing usage of third-party data sets and external infrastructure, services, and tools supporting the development, training, and operations of AI systems will heighten the risks related to data privacy, data security, and operational availability.

Heightened requirement for data quality: Bias can be introduced through the model training and validation process through a variety of means, including the usage of inappropriate or low-quality data.

Increasing regulatory requirements: The regulatory requirements governing the usage of AI within Financial Services are not consistent across jurisdictions and continue to evolve. Organization’s data governance functions will need to continually evaluate their conformance to the changing regulatory landscape.

AI’s impact can benefit multiple institutional business lines. In the Front Office, AI can streamline the client selection and underwriting process, greatly enhancing the ability to access credit and financial inclusion. In the Back Office, AI has the power to assist in the capital, equity, and liquidity optimization, AML and fraud detection, and balance sheet and portfolio optimization. All these added benefits accompany the need for a heightened attention to risk management. Some of the key risks that can affect an institutions use of AI include:

Data Risk: Bias may be introduced through the usage of inappropriate data in the training and validation process. Data privacy and security may be compromised through lack of controls in the model development process and/or the increased usage of third-party services utilized to support model development, deployment, and operations.

Model Risk: Lack of AI-specific governance may result in the inappropriate use of AI within an organization. Insufficient controls around the Model Development Life Cycle (MDLC) may result in lack of traceability and explain ability of how a model was trained and the results that are produced.

Regulatory and Compliance Risk: The evolving landscape of laws, rules, and regulations for utilizing AI within Financial Services institutions may result in regulatory challenges. The fragmentation of the approach across different jurisdictions poses a significant challenge.

Operational Risk: Insufficient controls throughout the MDLC may result in operational issues including inaccurate results, poor performance, and/or lack of availability.

To effectively manage these risks, organizations must adopt and implement enhanced policies, standards, and controls across the enterprise. Important considerations include:

Define the principles and acceptable use cases for AI models within your organization, establishing an appropriate risk appetite for the organization and a mechanism to rate the inherent risk of an AI model. Considerations should include the use case, materiality, the type and volume of data used, the complexity of the model, and compensating controls.

Enhance Data Management frameworks and processes to assess the quality and scope of the data sources used within the model development process.

Enhance model risk management standards and controls to address the risks associated with AI models. Clearly articulate roles and responsibilities through a cross-functional governance framework.

Invest in tooling used throughout the model development lifecycle, particularly in tools that enable traceability throughout the model development process and visibility into the ongoing operations of AI models.

Invest in upskilling teams involved in the development, operations, monitoring, and governance of AI models and systems. Assess the existing skills and capabilities to develop a comprehensive training and resourcing plan.

Implement an organization-wide training program to educate stakeholders at all levels on the use cases, risks, controls, and best practices relating to the usage of AI within your organization.

As companies become data-and technology-centric entities, Chief Data Officers (CDOs) become increasingly responsible for the execution of strategic plans. A data-focused decisioning paradigm requires excellent data quality and reporting tools; as a result, the focus of the CDO’s role will shift towards optimizing the impact of an organization’s data assets to maximize profits, minimize losses, and amplify the overall competitive advantage. Key responsibilities for CDOs include, but are not limited to:

• Establish, maintain, and ensure adherence Data Management Policy and Procedures
• Oversee data capture, movement, storage, access, and reporting across the enterprise.
• Ensure compliance with data protection and privacy regulations.
• Drive data-related initiatives and strategic plans

CDOs have an instrumental role in governing the data that enables AI models and are therefore critical to a bank’s oversight of their AI models and AI strategies. As the criticality of data becomes more understood, the focus of the CDO role has shifted to helping business units access data easily, accurately, and in a timely manner to enable AI models to produce accurate outputs.

The rapid pace at which the technology and use cases for AI are evolving means that many organizations are not equipped to effectively manage the risk that AI systems pose. Organizations will need to ensure that their Risk Management framework and capabilities are quickly enhanced to capture the benefits of AI whilst ensuring that they are managed and governed responsibly.

Effective risk management of AI will require a collaborative approach be adopted across the organization, in particular close co-operation between the Chief Risk Officer (CRO), Chief Data Officer (CDO), Chief Information Officer (CIO), and business lines. Consideration should be given to the establishment of a dedicated executive role and Chief AI Officer to help drive the strategy, prioritization, implementation, and risk management of AI within the organization.

The dynamic nature of AI makes it imperative to establish a framework that has appropriate controls embedded throughout the entire process, from ideation of AI use cases, through the development, deployment, and post-implementation monitoring. Implementing the right checks and balances throughout the entire process will not only help ensure the appropriate usage of AI is aligned to the principles and risk tolerances of the organization, but it will also ensure that consideration of the risks and potential mitigating controls are embedded in the design, development, and operation of the AI system.

The above highlights a handful of points for consideration to help enable any Financial Services organization to prepare their data and their organization for AI. AI has the potential to transform a bank, from the way bank CIOs build and test software to the way customer engagement teams serve their customers. AI also has the potential to enable banks to inadvertently make discriminatory decisions based on AI recommendations, to disclose confidential and private information to employees and customers, and to introduce significant operational risk if not properly controlled. Banks should seek the opportunity now to get as many points of view on their long-term AI and Data Strategies to enable them to safely realize the benefits.

While we are in the early stages of using AI in banking, it has already proven successful in many different corners of finance. The majority of initial implementations in banking are in chatbots and virtual assistants, basic transaction assistance, KYC review, validation, and approval, simple fraud detection and alert, cybersecurity, and enhanced models. Additional examples of areas in which AI has been implemented include, but are not limited to:

• Customer Interactions: Customer identification and validation, marketing campaigns, client identification.
• Middle Layer: Detection of fraudulent activity, AML related events, KYC checks.
• Advanced Analytics: Identification of clients for relationship strengthening, product mapping, portfolio optimization, balance sheet optimization, risk assessment.
• Business: Underwriting, payments, lending, and credit decisions.

Want to know more about how we can ensure your organization is AI-ready? Contact us today or visit our Office of the CFO solutions for more information on how RGP can help you can get started.