Data-Driven Enterprise Risk Management

Jun 13, 2019

Opportunity and risk go hand-in-hand, and data helps us know which outweighs the other. Managing this balance requires in-depth understanding of the tradeoffs at hand when an organization launches a new program, initiates a customer retention campaign, introduces a new product, extends a line of credit, updates loan terms, or adopts a new operational framework. This management and understanding of risks and opportunities is a core component of strategic planning and executive responsibility. Though any organization is exposed to risk during the normal course of operations, those responsible for a multitude of programs, services, products, or initiatives, are absolutely required to have a well-run enterprise risk management (ERM) framework when planning and approaching objectives and monitoring performance.

Central to any ERM framework are data and analytics. Rapid, comprehensive access to data at management levels is becoming more common, thanks to managers promoting an evidence-based, data-driven culture. More expansive understanding of an enterprise’s data enables strategists, managers, and compliance officers to make informed decisions on organizational risk and benefit.

ERM and the Internet of Things

However, the exponentially increasing volume and complexity of data being generated require organizations to adapt their data practices to accommodate these data. In particular, unstructured data is now being captured alongside structured data, requiring computationally intensive methods to extract value. Already effective at interpreting large sets of structured data, natural language processing (NLP) and machine learning toolkits excel at wrangling large, sparse, undefined sets of information, such as voices, objects and images. Since the 1990s, NLP has helped analysts and investigators sift through the tremendous amount of information produced by human and machine communications. The sharp rise in the world’s internet of things (IoT) and digitally connected population means more data is produced or consumed every few years than has ever existed, much of it written or readable by people and increasingly analyzable through machines.

Language is useful to us because of its flexibility – everything that we know and share can be represented by language. However, this flexibility leads to inconsistency, making it extremely difficult for typical rule-based approaches to derive patterns or meaning in language. Modern NLP abstracts away from older rule-based approaches by employing machine learning to define the rules instead of people. In short, NLP excels at reducing the computational burden typical of text and language analytics, a boon to decision-heavy tasks present in risk, compliance, and regulation.

Deep Learning: From Mind to Machine

Machine learning, including NLP, is not a new tool for risk management analysts and ERM professionals; rather, it is the depth of its application that has recently improved. Once opaque to inference and identification, advances in artificial intelligence (AI), microsimulations, modeling, and computing power mean the billions of human interactions are now visible to statistical models. NLP has revolutionized the monitoring and decision-making potential of ERM frameworks by distilling order from these interactions. Ironically, rapid uptake of language analysis capabilities by risk management units is not without its own set of risks. A major component of ERM frameworks is a traceable form of reasoning behind decision-making, or at least a sound basis for enacting business designs or processes. NLP excels at what it does because its modern iterations mimic the intuition of the human mind with deep learning based on neural network methods. Much like the human mind cannot trace a given thought to its origin, neural approaches to machine learning gain in power what they lose in intuitiveness. Deep learning models often serve as a ‘black box’, whereby modeling teams have extreme difficulty explaining what model components actually mean.

This tradeoff creates complications when regulations and stakeholders favor processes or outcomes that have a clear line of reasoning. The burden then falls on risk managers and ERM professionals to have a clearly defined need for adding NLP, or any deep learning method, to their toolkit, while fostering reasonable expectations and understanding of the approach among said stakeholders. Adopting AI in general, and NLP in particular, to improve risk management and empower ERM decision-makers requires building a data-driven culture and ensuring that the chosen solutions augment human expertise, not supplant it.