Gen AI Use Cases in Risk and Compliance

Generative Artificial Intelligence or Gen AI as it is popularly called has recently emerged as a technology enabler which is seeing a lot of use cases across the banking industry. Currently, many banks are trying to experiment with this new tool and understand amendable areas that can benefit from this technological intervention. Adoption patterns currently indicate that many banks and financial institutions are starting small with internal use cases to understand and analyse the efficacy of this intervention. Within the banking sector, Gen AI has a lot of applications in the risk and compliance value chain across areas of Risk Identification, Risk Assessment, Risk Monitoring and Risk Reporting. As per industry estimates, market size is expected to grow at a CAGR of 34% (approx.) in risk and compliance management. Given the focus of regulatory scrutiny on the adoption of Gen AI in the risk and compliance function, currently the initial set of use cases are more focused on augmenting the existing functions rather than fully automating them, hence the adoption of Gen AI is slowly but steadily progressing. Integration of Gen AI with the existing RegTech tools can yield a lot of benefits in terms of improved automation and cost savings which will make the current processes more efficient and also enable near real time decision making as well in certain risk and compliance functions.

Gen AI, much like any other technological advancement, comes with its own set of challenges such as data privacy concerns, information accuracy, biased output, and cyber risks, to name a few. However, the opportunities still do exist for an effective use of Gen AI within risk and compliance through proper framework, governance structure, processes, and controls.

Risk and compliance is a highly regulated space with multiple regulations overseeing bank operations and activities, but the scope of Gen AI still exists in various areas of risk and compliance. Some of the key use cases where we are seeing experimentation / adoption in risk and compliance is as follows:

• Knowledge Compounding – To overcome the challenge of siloed departments, Conversational AI BoTs at the Enterprise Level help enable information sharing across the organisation. NLP (Natural Language Processing) techniques extract meaningful information from internal policies, procedures, financial documents, customer queries, and market news, which can then be used to train generative models which can be accessed by varied stakeholders through conversational AI BoTs. This intervention helps in cross enterprise knowledge sharing and faster access to critical information. The adoption pattern for this use case is very high and is being explored by many banking organisations.
• Risk Modelling – Building Gen AI powered models based on the existing data sets to generate sophisticated simulations and predictive models which can help in better outputs from existing models. This intervention helps to improve the way risk scenarios are modeled and evaluated while including a broad array of risks which might have been previously unforeseeable or hard to quantify.
• Automated Generation of Business Requirements – When banks are complying to newer regulations, and because business requirements are the backbone of all technology implementations, it is typically a very manual process, and given the nuances involved in the regulation, it can be too time consuming to interpret and elicit requirements. While regulators are very careful about the usage of Gen AI technologies for regulatory purposes, they can still be leveraged for initial automated drafting of requirements which can be subsequently reviewed by the business stakeholders, thereby reducing the cycle time for producing the business requirements and freeing up their time for more strategic activities like review and collaboration.
• Risk Reporting – Leveraging Gen AI LLM models to absorb vast data in organisation and comb through large volumes of documents to identify important data, patterns and summarise them for review for reporting teams for internal and external reports. This intervention will also generate a lot of actionable insights for the risk reporting team saving considerable time and also enable them to spend more time on review.
• Fraud Detection and investigation – For a long time fraud teams across banks have been grappling with the issue of false positives; every alert generated needs to be thoroughly investigated. Generative Adversarial Networks (GAN’s) can be leveraged to create synthetic data (like real data) and compare synthetic transactions with real data to learn and identify fraud transactions which will improve accuracy in fraud detection. Gen AI tools can also help with gathering the required information needed for investigation of fraud alerts, thereby saving lot of time for information gathering which can be then used for review by the alert teams.
• Early Warnings in Credit Risk – Early warnings has been a focus use case for the credit risk department. Gen AI tools can scan through vasts sets of credit information from internal and external sources and generate warning alerts with a severity index which can then be taken up to the credit department to review. The frequency of alert generation can be near real time and can be specified based on various parameters like exposure, borrower financial standing, adverse market screening, etc.

Similar to any other technology, Gen AI has displayed vast potential which can be tapped into to make the risk and compliance function more effective and efficient. While many regulatory bodies are yet to publish guidelines on the use of Gen AI in the risk and compliance function, banks should exercise utmost caution and create adequate governance, policies and controls at an enterprise level for Gen AI adoption across the departments. Given the nascent maturity levels, Gen AI currently should be used as supporting technology tool which aids the current business processes in achieving desired outcomes along with sufficient monitoring and review from business stakeholders.

The author, Ajay Katara, is a Consulting Partner and Heads the RegTech Portfolio in the Banking Risk Management area at Tata Consultancy Services (TCS). He has extensive experience of more than 19 years in Business Consulting, Transformation and Solution design space, cutting across regulatory compliances like Basel, CCAR, AML, BSA, to name a few, and has worked with several financial enterprises across geographies. He has significantly contributed to the conceptualisation of strategic offerings in the risk management space and has been instrumental in successfully driving various consulting engagements.