Transforming Cost To Investment: A Banking AI Strategy For Risk-Based Regulations And Compliance

Originally published in . Link.

Banks need to approach regulatory and compliance programs with a new strategy. First, they need to mitigate the associated risks, and second, they need to transform the significant cost to investment. Based on in-the-field and on-the-project experience, I’ll present a sustainable banking AI strategy.

This aims to address the following questions: What is the AI strategy? Why and how will it help? How can banks implement it? What are the key success indicators?

A Banking AI Strategy

The proposed enterprise AI strategy should be developed on top of an enterprise cloud strategy to transform regulatory and compliance programs.

Regulatory compliance programs typically focus on customers, accounts or contracts associated with financial products or services and transactions. The primary challenge is data with these implementations. Specifically, business growth and customer experience go together, and risk is the other side of the same coin.

However, it is only possible when a continuous banking intelligence type of infrastructure, platform and service runtime are in place for data flow across applications and systems in real time or near real time rather than the existing batch practices. This is where AI becomes critical and integral to the overall success of the strategy.

What And How Will It Help?

Banking AI refers to artificial intelligence, machine learning and robotic process automation (RPA). AI offers the ability to learn and progressively adapt to the needs of the business through data rather than the static rules-based approaches. Machine learning is a branch of AI, typically referring to supervised, unsupervised and reinforced learning. RPA is the new and intelligent technology to automate business processes and system-to-system integrations by leveraging AI and machine learning. Looking at anti-money laundering and counter-terrorist financing, for instance, the sheer variety, velocity and volume of data can be overwhelming to most banks. The starting point can be using AI tools for transcribing customer-related documents and audio logs.

Organizationally, in most cases, a regulatory compliance program requires multiple lines of business and corporate functions to come together. Operationally, many applications and associated data systems, and the owner or custodian teams, are involved in the timely aggregation of data, quality control (e.g., cleansing, enrichment, blending, integration) and transformation typically across the enterprise landscape. Technically, this demands many data pipelines to move data from the providers to the consumers. But this often leads to questionable quality, a mismatch of formats and standards and confusion in terms of roles and responsibilities.

The proposed banking AI strategy transforms cost-centric to risk-based approaches, with staged value-driven architecture and regulatory-gated governance controls to operationalize a three-line defense model — similar to the model of risk management proven. To make it a reality, however, three types of capabilities are prerequisites: finance fabric, FinReg domain and AIOps pipelines.

How Will Banks Implement An AI Strategy?

The innovation of AI is reshaping the banking business; however, it needs a strategic approach to realize the ROI. We recommend a risk-based approach to implement the AI strategy and in compliance with new AI-specific regulations to shape how FIs use AI.

AI enablement can be approached by building up technological capabilities to implement the banking AI strategy incrementally through projects and programs. This foundation is the Finance Fabric. On top of it, the finance regulatory (FinReg) domain should be built up. The key to success is AIOps. Delivery pipelines such as AIOps will only function once the matrix of services and products are implemented and optimized for long-term reusability and sustainability. First, this is essential to comply with new regulations and to manage frequent changes to existing regulations. Second, this aligns with organizational changes for the enforcement of regulatory controls across business processes.

In our experience, the root cause, and therefore the strategic resolution, is in the program charter phase. Often, it starts with the implementation of regulatory control with customer onboarding or customer relationship management. The end-to-end customer journey is, indeed, a business process design matter rather than a technology artifact, where data originates. This is the risk that arises as well, hence critical lines of defense must be operationalized. It is a fatal mistake to design a regulatory program as if the compliance is an after-the-fact activity.

Worse still, no attention is given until suspicious AML/CFT-related transactions are reported for investigation. Unfortunately, however, this is the current status quo of how regulatory compliance programs are run in many banks. A banking AI strategy should transform the reactive after-the-fact approach to a proactive, risk-based approach. Specifically, we recommend transforming toward a new generation of continuous intelligent banking ecosystems enabled by AI and ML that leverage the scale and speed of cloud computing.

Key Success Indicators

A set of success indicators can be defined to measure the benefit versus investment, broadly, in terms of cost, risk, efficiency and growth. One of the first indicators is human capital augmentation. Second is the reduction of total cost of ownership. Third is the reduction of overall risks. Minimizing bias and maximizing the agility to embrace changes are also significant.

Conclusion

The three foundational components of Finance Fabric, FinReg domain and AIOps are critical to a successful implementation of the proposed banking AI strategy. However, AIOps adds the critical component of business continuity that mandates zero downtime and automated delivery of AI functionalities. This is the prerequisite for a continuous banking intelligent ecosystem, which, in turn, can enable real-time and risk-based regulatory compliance.