t h e ( A I )e q u a t i o n
t h e ( A I )e q u a t i o n × 3
[ I ] f you’re a chief risk officer (CRO), your world is getting more
complicated and, at the same time, simpler. It’s more complicated
because as customer experiences grow faster and more frictionless, so
does risk. It’s simpler because new technologies, powered by attainable
artificial intelligence (AI) and machine learning platforms, are helping you
manage this complexity.
In a word, this complexity is about data. Humans are creating more data every
day than we did in the first 100,000 years of our existence, and the rate of data
proliferation continues to rise. Imagine that a gigabyte is the size of a brick. Ten
years ago, we created enough data to build a house every day. Now we produce
enough data – day in, day out – to build two and a half Great Walls of China.
Data is not only growing in volume, but also in format and channel.
Beyond the data explosion, CROs also face the growing demands of today’s
customers. They are always ‘on’, and they expect frictionless experiences –
fast. CROs are tasked with creating processes for risk management that can
keep pace with these demands for speed and ease of use.
The result is that organisations are changing, beginning at the top. Where
there used to be a division between the CRO and the chief information officer
(CIO), now there is a tight coupling. Data used to be the sole domain of the
CIO. Not anymore.
CIOs are tasked with managing and governing data, but that’s not
possible without understanding the meaning and the insights behind the
data. And CROs, tasked with understanding the data, can’t do their job
unless they understand how the data is managed and kept safe.
Gone are the days when silos separated these two concerns: the
infrastructure piping the data through an organisation, and the information
flowing through these pipes. Today, the CRO needs to help manage the
infrastructure, and the CIO needs to understand the content and the context
of the information that’s inside. In this partnership, the CRO has become >>
With today’s financial organisations built on digital, the lines between managing information and risk are blurring
t h e ( A I )e q u a t i o n
>> the CIO. It then begs the question: has the CIO, in
turn, become the CRO?
The data breach epidemicThis partnership between the CRO and the CIO has come
just in time, because the complexity underlying our
global risk infrastructure is untenable. The result is an
epidemic of data breaches worldwide. These breaches
are both frequent and massive, and they demonstrate
an infrastructure that’s broken.
In one study, the Association of Certified Fraud
Examiners found that the global cost of fraud amounts
to £2.8 trillion every year. If fraud had a GDP, it would
approach the size of Germany’s.
To navigate the complexity of detecting fraud across
such enormous volumes of varied data, financial
institutions are increasingly deploying machine
learning systems that can pinpoint patterns with an
accuracy that was impossible before. The predictive
power of AI is so great that deploying machine learning
platforms is becoming an essential requirement for
organisations large and small.
The result is another partnership. Just as CROs and
CIOs are coming together, so are humans and machines,
combining their intelligence and their learning
processes to create a sum that’s greater than its parts.
The human and machine partnership is not without its
difficulties, however.
“The biggest challenge for risk is understanding and
adjudicating what I need to pay attention to, whether I
am an internal auditor or a chief risk officer,” said Craig
Muraskin, managing director for innovation at Deloitte,
speaking to Forbes in 2016.
“There are limitations to what humans can do, what
they can find. Why we are so keen on the technologies
is that we think there is great opportunity to unearth
levels of insight not previously possible when we are
dealing with enormous volumes of data.”
To meet the immediacy that customers demand,
financial services providers have mere milliseconds
to make decisions that affect their clients. One major
concern is reducing false positives, where legitimate
customers are blocked due to a mistaken red flag.
Effective decision-making should be able to reduce
false positives as well as criminal behaviour. In other
words, risk management is about more than fighting the
bad guys. It’s about growing a business.
Impact of digitalisationWhen the ancient Chinese started using paper money
in the tenth century, they used paper from mulberry
trees. To prevent fraud, guards watched over the
mulberry forests.
A thousand years later, commerce has become
more complex. And so has our money. Currency has
become intangible. Armed guards no longer make for a
good security strategy, because now money exists as
ones and zeros transmitted across mobile phone masts
and satellites. We’ve migrated our economy to a digital
infrastructure. And that infrastructure is vulnerable.
Criminals are scrambling to find back doors into the
world’s biggest institutions. And they’re succeeding,
often in surprisingly simple ways. Consider the breach
two years ago at the large American retailer Target,
where 110 million people had their data stolen. The
breach cost the retailer $116 million in settlement
money. It also cost the CEO his job.
How did the fraudsters get in? Through the
air conditioning. Fazio Mechanical is the heating,
ventilation and air conditioning company that helps
4 ×
“ Today’s fraudsters are so creative that one survey of British bankers put ‘evolving criminal methodologies’ as the largest financial risk to business”
t h e ( A I )e q u a t i o n
[A]s data analysis becomes more and
more central to financial services,
the available talent pool of data scientists is
shrinking. At the same time, there is a boom in
the innovation of new tools and software that
will change the ways that data scientists work.
In the old world, data scientists, even the
most senior and creative ones, had to spend
much of their time completing tedious but
critical tasks, handcrafting strategies for data
hygiene, feature extraction and model updates.
But new tools and software have arrived that
can automate these mundane tasks and save
the data scientists precious time.
At the other end of the spectrum from tedious
tasks, there are advanced techniques. In the past,
only top analysts
could perform a cer-
tain tier of advanced
analytics work, using
sheer brainpower
and creativity to
wrest meaning out
of raw data. But for
the data scientist of
tomorrow, advanced
analytics will become
accessible for a
much larger popu-
lation, thanks to the
attainable insights
that machine learning is beginning to provide.
With the help of a human to train and provide
feedback to the machine, systems using AI are
modelling the universe with fresh eyes. They
are lending these new perspectives and insights
to the data scientist in a partnership that builds
on itself and improves over time.
The drawback is that sometimes it’s
impossible to find out why a machine learning
system has reached a certain conclusion. The
shrouded thinking of these systems creates
a conundrum for CROs, who are bound by
regulation to document the whys behind their
decisions. The disadvantages of AI that happens
inside a black box call for a new kind of machine
learning: ‘whitebox’ AI. This more transparent
type of AI provides explanations of the top-most
factors leading to its decision, using language
that a human can understand.
× 5
Target keep its food and drinks cold. One day, an employee
of this small vendor acted on a phishing email. Hackers
got their login. From there, it was just a few more steps up
into Target’s servers, and down into Target’s point of sale
systems, where the valuable data was stored.
Stolen data such as this feeds a booming black market –
an economy unto itself where fraudsters sell an individual’s
stolen information for the cost of a sandwich.
New skills for a new worldThe wildly multiplying vulnerabilities in our digital
infrastructure, and their associated risks, mean that
CROs and CIOs alike will need to expand their respective
skill sets to survive this new world order. Risk is digital,
so risk solutions must be digital as well. Criminals
are keeping close tabs on organisations and their risk
systems, and are scrambling to find those organisations
with the weakest links. And as the flurry of digital
breaches demonstrates, rules-based systems aren’t
cutting it anymore.
Machine learning to the rescueTraditional approaches to making decisions rely on
identifying risk patterns using human-created rules. The
problem with this approach is that financial institutions
are constantly addressing yesterday’s threat, leaving
vulnerable entry points open for the next wave of attacks.
While criminals can adapt their tactics every day, it can
take three to six months for conventional fraud detection
products to catch up. By contrast, anti-fraud systems based
on machine learning can recognise suspicious patterns in
an instant, even when the context changes.
Traditional approaches to fraud detection face a further
threat: despite the high financial and reputational impact
of fraud, its numerical incidence is relatively low. Fraud’s
prevalence is also spiky across time, with sporadic and
seemingly unpredictable variations.
Further, each individual case of fraud may not share
a consistent set of characteristics, and with traditional
approaches, the result is either failed identification or over-
flagging, a costly burden on any organisation.
Compare this approach to machine learning. Platforms
that leverage the power of AI can ingest enormous
quantities of data in every format, and from many
channels. This allows them to benchmark the normal
behaviour profiles for individual entities such as a person,
device or ATM. These platforms then track abnormal
behaviour in real time, replaying four years’ worth of
transaction history in an instant to alert decision-makers
to suspicious activity as it’s happening.
Largest single financial risk to business at present time
Greatest area of investment in financial crime prevention 2015–17
Cybercrime
Fraud
AML
37%
20%
23%
Sources: LexisNexis® Risk Solutions report produced for the British Bankers’ Association, November 2015; Financial Fraud Action UK report, Fraud: The Facts, 2016
42% evolving criminal methodologies
15% cost of AML compliance 11% lack of personnel in your risk function
10% civil prosecutions/class actions
10% geopolitical events
10% sectoral sanctions
2% other
2015 card fraud losses by type
ID th
eft
Card
not
rece
ived
Coun
terfe
it ca
rd
Lost
/sto
len
card
13%8%7%2%
Remotepurchase 70%
2015 financial fraud losses by type
Cheque Remote banking
Payment card
75%22%
£755M
£1.76BN
3%
Totallosses
Prevented fraud
+26%
70%
2014 2015
of attempted fraud
t h e ( A I )e q u a t i o n8 ×
[A]s a CRO, this question stands out: what is
cyber risk? At the heart of this question is the
most discussed topic in corporate boardrooms today.
Hack attacks, impersonations of real people, cyber
breaches... the list of threats keeps growing.
How do we manage this risk? My advice: be practical.
Take a layered approach, and make sure that all the
controls you think about will account for ongoing risks.
CROs need to do their best at confirming a customer
is truly the customer. Then look at the next layer. How
is the customer transacting? Are they exhibiting the
appropriate behaviour?
Some layers are about the use of stolen data, while
other layers are put in place to prevent data loss. Enter
the CIO. That role is tasked with making sure the firewall
is up to date, and scanning systems to avoid entry by
unauthorised vendors. The day-to-day engagement
between these two forces happens in an overlap that
can be described with one word: risk.
Organisations that are more sophisticated will
hire penetration companies, with ‘white hat’ hackers
who help orchestrate attacks on systems searching
for vulnerabilities. Other organisations will act out
scenarios and fictitious cases to test their fire drills.
There’s an opportunity here to learn more about the
behaviour of your portfolio, and also to meet the growing
expectation from regulators for the financial industry
to know its customers, get better at predicting risk,
and improve customer service. What you see is a lot of
companies throwing people at the problem.
But there’s another thing to throw at the problem. Is
machine learning on your radar? Numerous financial
institutions have risk issues, and the prevailing answer
to date has been to put more bodies on it. The bodies do
quality assurance, checking the checkers and checking
the checking. This is mildly effective, but it’s also
extremely costly.
It is time to apply AI to these problems. The
efficiency of machine learning is light years ahead of
piling on more people. Its efficacy and its ability to stop
fraud, make better credit decisions, and improve the
customer experience is far more advanced than any
human can do. The regulators will like it too.
CROs have long waited for change that puts them
on the cusp of seeing AI in action. To incite change and
bring AI to your organisation, ask yourself what’s holding
things back. Is it inertia – the impulse to continue what
“ What you see is a lot of companies throwing people at the problem. But there’s another thing to throw at the problem. Is machine learning on your radar?”
t h e ( A I )e q u a t i o n × 9
[ I ] n the past, AI was only available to big governments or
the world’s largest corporations. Now AI is becoming
such a vital tool, and so distributed, that it is joining a list of
essential utilities, much like electricity and gas. With AI like
running water, all businesses are eager to drink from the tap.
Here are five reasons why AI and machine learning are such
powerful decision-making tools:
Pattern detection – Criminals are people with money
to earn and things to do. They are working at a feverish pace to
keep up with the latest technologies. So criminals change their
methodologies until they find one that works. Build a wall and
they’ll dig a tunnel. Machine learning explodes this rules-based
paradigm, using insights gleaned from a mountain of data points
to surface patterns that were previously invisible.
Omnichannel and omnidata ingestion – A good
machine learning platform is not a picky eater. It will take in all
the information you feed it, no matter the format or the channel.
For example, an anti-fraud policy needs to construct a complete
view of the transaction by taking in data from disparate channels,
including online, mobile, contact centre and in-store routes.
Long-tail navigation – Risk is long-tailed. Fraudsters work
hard to avoid being caught, so there may be no single consistent
giveaway to their crime. Identifying potential criminals requires a
complex scoring and weighting of a large number of behaviours.
It’s a task whose scope can only be handled by machine
learning, ideally using a platform that offers transparency into its
workings, with whitebox explainable AI.
Speed – The motto of any protection system: don’t inhibit
sales! Customers grow sour by the millisecond. They want a
frictionless, fast experience. Machine learning is a match to this
high demand, offering real-time protection that’s so fast and
effective it goes unnoticed.
Self-improvement – The hallmark of machine learning is
that it gets better over time. In a nod to the partnership between
the human and the machine, data scientists and machine
learning models build on each other’s insights in a positive
feedback loop. A good machine learning platform will automate
parts of this feedback loop by automatically self-improving based
on experiential data.
1
2
3
4
5
you are doing and not stopping to change what seems
to be working? Or is it bureaucracy – the difficulty of
manoeuvring people and systems to effect change?
Keep in mind that regulators don’t want untested
technology thrown at customers. So the best way
to bring about change is to find an innovative streak
within your organisation that will help you deploy and
test to make a solid business case. Align with potential
financial technology disruptor teams that offer a better
experience for the customer. The rest will follow.
Nobody likes fraud. My advice for my peers is to
try and be open minded and test some of the new
technologies. Can AI and machine learning be the bridge
between the CIO and the CRO? I hope so.
Machine learning is already beginning to “replace manual
data wrangling and data governance dirty work”, leading
to embedded data analytics software providing US
companies with savings of over $60bn by 2020.
AI in general is expected to add up to an additional 4.6
per cent to the US gross value added (GVA) by 2035,
representing an additional $8.3 trillion in economic activity.
(Source: Forrester quoted by Forbes)
$60bnsaving by
2020
+4.6%GVA by2035
$8.3tn
t h e ( A I )e q u a t i o n10 ×
[T]he risk in our financial systems is systemic. So it’s
a good thing that we are here to witness the dawn
of attainable AI. It’s a revolution that almost didn’t happen.
The term “machine learning” was coined by an
American named Arthur Samuel. In 1962, he taught a
computer to play draughts. It worked by using a scoring
function that measured the chances of winning for each
side at any given position, taking into account a handful
of signals.
What made this the first of its kind was that
the program then used “rote learning”, meaning it
remembered the past and re-evaluated its decision-
making based on what it had learned so far. It took the
program over a decade to gain enough skill to challenge
a good human player. Samuel had a belief that teaching
computers to play games was an entry point for solving
bigger problems. But across the Atlantic there was a
man who disagreed.
Sir James Lighthill was a British mathematician who
specialised in fluid dynamics. While Samuel’s computer
program was perfecting its draughts play, Lighthill was
writing a report for Parliament declaring AI a failure. He
said AI algorithms wouldn’t work on real problems, just
toy problems.
The report led to a complete dismantling of AI
research in England. The pattern was repeated across
the globe. Public funding for AI was cut from research
programmes from America to Japan.
This started an AI winter that lasted until the 1990s.
But now there’s a resurgence of passion and funding
for AI that is unmistakable, and undeniable. Why is this
happening only now? There are five distinct threads
of technology that have come together in an amazing
moment of convergence...
Affordable parallel computing – About a
decade ago, Google innovated a method for computers
to work in parallel that introduced us to a new order of
magnitude for processing power.
Faster processors – Before, we just had one kind
of processor: the central processing unit, or CPU. Now
we have a second: the graphics processing unit, or GPU.
It’s a hardware renaissance, and it’s opened up a new
dimension of computing for machine learning.
Cheaper, smarter data storage – You are
aware of Moore’s law. It describes the exponential
growth for our capacity to store memory. Experts keep
predicting that Moore’s law has got to slow down at
some point. In fact, there’s no end in sight.
Big data – In reality, the name would more
accurately be “really, really, really big data”.
Better algorithms – Maybe you remember voice
recognition software 15 years ago. It took three months
of training before it could recognise your voice. Now
this software can recognise any voice, instantly. The
reason? We invented a better algorithm. Every time we
do that, we have the power to model the universe with
even more accuracy.
Add this all up and you have a revolution. A quiet
revolution. The end result is a complete restructuring
of the world’s digital infrastructure. To read more
about the exciting implications of this convergence,
consult our booklet The Dawn of Machine Learning for
Banking and Payments.
What’s the roadmap for good AI plumbing? How do
we operationalise AI so that it helps us and doesn’t hurt
us? The next few years will be exciting times as we
figure out the answers to these questions, with CROs
addressing the practical matter of how to effectively
pipe AI through an organisation.
As we approach a state of good operations in AI, it
may turn out that machine learning is about human
learning after all.
For decades, AI has been waiting in the wings. Only now, conditions are right for it to grab the spotlight
1
2
3
4
5
The AI Convergence