In age of artificial intelligence, traditional rules spur risk decisions

Strong governance, regular monitoring and data security continue to be at the core of risk decisioning at Indian banks as the process is now shaped by data, artificial intelligence (AI) and machine learning (ML) for informed decisions, concluded banking veterans in the panel discussion on Risk Modelling & Decisioning. Among experts on the panel were Ravi Duvvuru, Founder and Designated Director of Duvvuru and Reddy LLP; Biswajit Das, Chief Risk Officer of Bandhan Bank; Om Prakash Seth, Chief Information Officer of IDBI Bank; Dilip Kumar Mridha, Chief Risk Officer of UCO Bank; Abdullo Akhadov, Head of Credit Risk Modeling, Machine Learning & Decisioning, APAC at SAS and Sreya Paul, Partner at EY India. The discussion was moderated by Tamal Bandyopadhyay, Consulting Editor of Business Standard. Edited excerpts:

Can you please tell us about AI-ML in risk management?

Akhadov: Banks were exploring options to leverage AI-ML technology in credit risks for at least the last five years. They were trying advanced ML techniques to do future creation and future selection as well as create scorecards using these technologies based on traditional data. What has recently picked up globally is utilising open banking data or data carried by financial data aggregators. You are able to connect to external data sources — the other banks and get detailed transactional information for the last 1-2 years. Basically, to see what is the behaviour of the consumer and the kinds of transactions that happen when a person prefers to spend money, or how fast he is spending. It can allow banks to underwrite customers better and also use it for collections and early warnings.

How do you tackle the ethical and regulatory challenges?

Paul: The biggest regulatory challenge in AI and ML models is how we ensure fairness of those models. Ensuring fairness becomes very important mainly because the inherent data that goes into these models suffers from a lot of different biases and a lot of times these are judgemental biases scraped into the data. Typically, these AI-ML models tend to change the parameter values and the calibration at a very quick instance because every time they are ingesting more data, and some of these models are self-learning models, that’s why recalibration happens at a very high frequency. There has to be a clear communication between AI model developers and users along with strong governance and constant monitoring of outputs to reduce the chance of biases.

Do you think the Indian banking system knows how to respond to technological disruptions in the context of fintechs?

Das: They (fintechs) will be very good support players. It is not that we as banks should look at them as competition. It is a co-option. Many of them are being looked at as digital DSEs (direct sales executives) nowadays. Around 15 years ago, there was a fear across the world that big retailers would become competitors and dislodge the banks from the retail business. Somehow, banks adopted the system and moved ahead. Today, they are partners. There is a lot of emphasis on data and it is very important but it is just an input. I think data is a good servant but a bad master. Whatever the model is throwing out, keep checking it out.

Going beyond all the technicalities, how do you perceive conduct risk?

Duvvuru: After the financial sector crisis in 2008, regulators across the world focused on conduct risk. Whatever you do, ultimately it boils down to governance and conduct. I keep saying that it is the one risk where no amount of capital can save you. While we do not have a very codified regulation on conduct, we are seeing increasing supervisory intervention on conduct. Even the RBI (Reserve Bank of India) — when it puts emphasis on functioning of the board and the management — looks at how well they are governing the bank and addressing various risks.

What are the lessons you have learnt in risk management from the history of IDBI?

Seth: As the time passes and we move more towards digital, the risks are also coming from digital channels. There are exogenous and indigenous risks. This requires us to understand the customer persona and his digital identity. The real-time ingestion of the data is a bigger challenge. The more we delay the data ingestion, the more we lose the decision. Whatever the model we get, if the time of ingestion is not good and some of the materialistic significant data is lost out, then the model will not be appropriate. When we are talking about the conduct, we need to focus on the behavioural analysis of the employees too. The reason behind this is the work-from-anywhere model. We are also talking about fintechs that are our extended partners. The basic question is can we identify the employee behaviour and can we know what is the anomaly if the employee deviates? The most important questions are how to prevent this, how to detect it and give early warning signals.

What are the things you will recommend to the boards of Indian banks to better manage risks?

Mridha: Credit risk is the primary aspect of risk management as the deployment of credit is a vital issue. The risk-adjusted return that we get out of the credit is very important. When we consider the return from investment, it ultimately involves all the risks built in it. All the risks such as liquidity risk, fraud risk, cost of capital risk, and even the expected credit loss is also covered. All the major risk areas are covered while risk-based pricing is calculated. We have taken a view that before sanctioning any loan, it should be cleared by the risk particle. The second is the fraud risk management area; the fraud is under control. There is a technology called fraud risk management solution and most banks are in the process of implementing it. On a real-time basis, if there is any fraud incident, the management and the fraud risk team should know that the fraud has happened. They should also consider preventive measures to control their impact.