Artificial Intelligence as a Tool for Financial Risk Management
An exploration of A.I. implementation into ERM frameworks
By Arthur Wayne
December 21, 2020
Abstract: In this paper, I will conduct a review on applications of AI (artificial intelligence) to risk management in the financial sector. The paper will begin with a brief introduction of AI and machine learning. Then, we will look into the three core risk areas where AI can manage financial risk: credit risk, market risk, and operational risk. The effectiveness and potential complications of these AI risk management methodologies will be reviewed such as the ‘Flash Crash’ and the $440-million-dollar loss incurred by Knight Capital Group from a single coding error. Finally, the paper will provide potential approaches to resolving risk inefficiencies and misallocations brought about by AI-based risk management. The goal of the paper will be to answer this question: do artificial intelligence based risk management techniques in finance create more financial risk?
Introduction
As technological innovations have streamlined financial transactions, financial institutions are left with increasingly large amounts of data on their clients, employees, and markets. Traditional statistical approaches to integrate this data in risk management processes are prevalent, but they may soon be insufficient, as these traditional methods have diminishing effectiveness on large amounts of unstructured data. Among financial institutions, there is growing interest in the ability of artificial intelligence to aid in managing firm risk with AI financial risk management research dating as far back as 1994 (Altman and Hotchkiss 1994).
When discussed in the literature, the term ‘artificial intelligence’ most often refers to machine learning—an algorithmic process where programs draw relationships between variables of a dataset, create a model based on these relationships, and test this model on subsamples of data (potentially thousands of times), so the model ‘learns’ what the strongest out-of-sample predictors are over time. Machine learning can be classified into two approaches: supervised and unsupervised learning. Supervised learning predicts a dependent variable from several independent variables like predicting the inflation rate from various economic data whereas unsupervised learning identifies patterns in a dataset such as certain patterns of bank transactions which constitute money laundering. Within both learning models, there are many methods that data scientists can utilize such as Principal Component Analysis, Support Vector Machines, and K-Means Clustering. In the case of financial risk management, the specific approach and method of machine learning applied will be context dependent.
There are three core risk areas where AI can manage financial risk: credit risk, market risk, and operational risk (Aziz and Dowling 2019; Martin, et al. 2019). Each of these risks will be defined, their impacts on relevant parties will be identified, and specific machine learning techniques to resolve each risk will be discussed below.
Credit Risk
Credit risk is potential loss that a creditor incurs through lending capital and arises from a debtor defaulting on their contractually obligated loan repayments. For financial institutions, credit risk is their single largest risk, as banks have built a majority of their business on facilitating capital needs for individuals, companies, other banks, and governments; it is therefore no coincidence that it is the most deeply researched field for machine learning applications to risk management (Martin, et al. 2019). There is a plethora of factors to determine the ability for a party to repay their credit, and AI is sought after to improve upon current credit risk modeling, given that machine learning is meant to handle large amounts of variables to draw inferences. More accurate creditworthiness predictions grant financial institutions larger credit portfolios and reduced counterparty default risk.
Supervised neural networks, a machine learning technique, have been found to be an effective predictor of credit risk. Artificial neural networks operate in a similar manner to the human brain where instead of each neuron being a biological mechanism to pass on information, each artificial neuron takes in an input of variables, performs calculations to determine correlative relationships, and gives an output to the next layer of neurons in the network. These layers are continually formed so that the process somewhat mimics brain function: “i) Knowledge is acquired by the network from its environment through a learning process; ii) Interneuron connection strengths, known as synaptic weights, are used to store the acquired knowledge” (Haykin 2009). In a 1994 pioneering study for the field of AI risk management, NYU Stern professor Edward Altman and his colleagues performed a comparative analysis between traditional linear discriminant analysis and neural networks to estimate the probability of corporate bankruptcy, a grave form of credit risk. Both methodologies generated a score for each firm that expressed the risk profile of the business. Their findings revealed that neural networks were just as capable, if not more, than traditional linear statistical methods (Altman and Hotchkiss 1994). Further and more recent research into this area confirms Altman’s findings. Even when compared against five other AI-based and statistical methodologies including the linear discriminant analysis found in Altman’s study, artificial neural networks were found to be the most accurate predictor of default risk (Yeh and Lien 2009).
Real world implementation of machine learning applications with credit risk are prevalent and growing. With the rise of e-commerce, the need for consumer loans in retail purchases has expanded. Particularly, in 2016, Chinese e-commerce giant Baidu sought to make small consumer loans to facilitate sales, but in China less than 20% of people have credit ratings or profiles (Aziz and Dowling 2019). Making loans to most consumers would thus open Baidu to significant credit risk, as a lack of credit history makes it difficult to determine borrower creditworthiness. Baidu, however, partnered with FinTech firm ZestFinance to develop a work around to credit scores. The core of their solution was based in machine learning techniques like clustering, an unsupervised model which creates clusters or groups of similar variables. In this instance, ZestFinance, with the permission of the customer, obtained large amounts of non-traditional data on the customer like browser and purchase history to determine risk clusters. For instance, an individual who has “a search history indicating accessing gambling websites would cluster a potential borrower into a higher risk group” (Aziz and Dowling 2019). The results of ZestFinance’s method to minimize Baidu’s credit risk proved significant, as within two months Baidu saw a 150% increase in small consumer lending with no increased loan losses (Byrnes 2017).
Market Risk
Market risk derives from exposure to financial markets, generally from investing and trading activity. Individuals are exposed to financial market risk through stock and bond holdings such as through pension funds and individual accounts. On the other hand, financial institutions are driven to make prudent decisions about investing in financially sound companies to generate profits for themselves and clients as well as providing liquidity for other market participants to ensure sound market functioning. The risk for individuals and institutions therefore lies in investments going awry or asset pricing models losing accuracy. AI applications to manage market risk are most often found on the institutional side where machine learning algorithms can be used to build stress testing models, to identify high-risk portfolio assets, or to even generate portfolio holdings.
Within financial markets, AI most commonly appears in the form of HFT (high frequency trading). Despite common misconceptions that HFT is predatory, the lion’s share of HFT activity comes from market-making, where financial firms act as liquidity providers and place simultaneous buy and sell orders to create what is known as the ‘bid-ask’ spread. These spreads are generated using techniques like reinforcement learning which in this case create more accurate pricing models that continually adapt to novel market conditions. A tighter spread implies greater liquidity and therefore greater price stability, as the price at which an asset is traded at jumps in smaller increments. A review of 265 articles on HFT found that market making comprises up to 72% of HFT trading volume, and algorithmic trading in general comprises up to 64% of all daily trading volume (Monaco 2019). The review also found that HFTs had the overall effect of reducing trading costs, improving price efficiency, and increasing liquidity, even in times of market stress. HFT activity has therefore reduced market risk by facilitating smoother market functioning.
Another area of market risk that specifically firms with large exposure to financial markets face is market impact costs—costs that arise from entering or exiting large positions that drastically effect the price of the underlying investment. In other words, the position is so large that it has a significant impact on the instrument being traded. These costs generally come about with more illiquid markets, as there are less participants to effect the price of the asset. Market impact costs can be as much as two-thirds of the net gain on a single trade (Day 2017). This can also pose risks for smaller market participants if they subsequently enter a trade on the same instrument that has inflated or deflated market value as the result of large institutional transactions. To reduce market impact costs for all market participants, Bayesian regression and random forest, both machine learning methods, are utilized by firms to predict short-term volatility, to create a trading schedule that will minimize market impact costs, and to revise this schedule as the large trade continues (Day 2017). The result is fair asset pricing for all market participants and larger trading profits.
Operational Risk
Operational risks are financial losses that emanate from internal operations like employee malpractice and system failures or from external events such as fraud and cybersecurity attacks. While technological innovation has been discussed as a mechanism of risk reduction, namely through artificial intelligence, up until this point, technology can pose new and unpredictable risks to the operational structure of financial institutions. In 2013, Target was hit with an unprecedentedly large cybersecurity breach that exposed 70 million shoppers to the risks of identity theft and financial jeopardy (McGrath 2014). Because it is inevitable that technology will continue to develop rapidly, it is imperative that firms proactively use the power of computing to their advantage. The ability of machine learning techniques to handle an immense number of variables that come from the countless moving parts of a firm can enable the identification of risks before they occur.
In terms of internal operational risks, employees and traders are constantly at risk of violating company or legal conduct. Compliance costs in particularly can be extremely costly, and it is estimated that major financial institutions spend up to a combined $70 billion on regulatory compliance per year (Aziz and Dowling 2019). Machine learning can drastically reduce these costs through the implementation of clustering techniques that can create “behavior-based trader profiles, where combinations of trade data, electronic and voice communications records enable banks to observe emerging patterns of behavior to predict latent risks and detect links between employees” (Aziz and Dowling 2019). IBM already offers a form of this risk detection framework built on their popularly known Watson AI. Watson has the ability to parse voice and text conversations and classify certain conduct as being potentially non-compliant, enabling firms to catch and resolve internal risks ahead of time.
Regarding managing external operational risks such as cybersecurity attacks and fraud, machine learning approaches are particularly effective. Malicious spam email attacks, known as ‘email phishing’ are a large and efficient source of cybersecurity attacks—a single malicious spam email attachment can lead to the compromise of an entire firm’s technological infrastructure, costing hundreds of millions of dollars in losses. The same clustering algorithms used to detect non-compliant employee behavior can be just as effective in detecting cybersecurity risk. A firm known as Proofpoint developed a clustering-based spam detection tool known as MLX that “continuously analyzes millions of messages and automatically adjusts its detection algorithms to identify even the newest, most cunning types of attacks” (Proofpoint 2006). Concerning fraud, money laundering poses a large risk to financial institutions as illegal organizations continue to find new methods of making illegitimate money seem ostensibly obtained. Again, clustering algorithms play a large role here, enabling risk managers to sort through large amounts of transactions and classify specific patterns of transactions by levels of suspiciousness.
Shortcomings of AI
One of the most prudent criticisms of AI-approaches to classical risk management issues is the ‘black box’ critique. During the learning phase of a given machine learning process, it is not always apparent how an algorithm arrives at a certain conclusion or establishes certain correlations, and machine learning is thus a ‘black box’ to users where only the inputs and outputs are easily identifiable. This leads prominent critics of machine learning to believe that “the very presence of a black box at the centre of decision-making can be its own source of risk in a firm” (Aziz and Dowling 2019). Risk managers who rely solely on AI will therefore find it extremely difficult to isolate the source of faulty conclusions that arise from AI and design methods to resolve them. The nature of AI additionally exposes models to issues of high sensitivity to outliers. This has the effect of the “overfitting of the data and counterintuitive predictions” (Leo, et al. 2019). The possibility of faulty conclusions being made is exacerbated by a lack of skilled staff to implement machine learning models which require a reasonable amount of technical knowledge and expertise. A survey of the top 1000 firms in the US found that the greatest concern with new AI solutions was ability of staff to properly understand and utilize them (Wilson, et al. 2017). Without proper training, risk managers may apply machine learning techniques improperly such as applying a clustering algorithm to predict bankruptcy risk where the former is an unsupervised AI model and thus does not have power to create predictions, only establish categories.
There are multiple instances where the ‘black box’ limitation of AI systems have been demonstrated, with drastic financial consequences. Two such occurrences will be discussed. First will be what is known as the ‘Flash Crash.’ On May 6th, 2010, one trillion dollars of equity vanished within minutes from financial markets as an automated selling program took over trading activity on the S&P 500 futures market. Later that day, prices rapidly recovered to where they were before the crash. This brought much scrutiny and blame to firms whose main strategies involved HFT. Critics claimed that HFT activity, counter to its purpose, created larger asset volatility and lower liquidity. It was only until 2020 that a single individual, a British trader named Navinder Singh Sarao was declared guilty for playing a large part in the ‘Flash Crash’ (Reid 2020). Navinder had discovered an illegal trading strategy known as spoofing— to take advantage of trading algorithms, the strategy rapidly places and cancels thousands of orders in seconds to obtain better prices for trades. Although it may seem that an external risk, a rogue actor, brought about the events of the ‘Flash Crash,’ HFT firms bear responsibility in not adequately preparing their algorithms and models to detect such activity and respond accordingly. The events of that day exposed all market participants to immense market risk, and due to the ‘black box’ nature of the HFT models, finding the culprit of the crash took far longer than an acceptable risk management model should have, a major inefficiency.
The second significant demonstration of the pitfalls of ‘black box’ risk management was when a single coding error caused Knight Capital Group (KCG) to lose over $440 million in a matter of minutes. At the time, KCG was one of the largest finance firms providing a variety of financial services. At the core of their business was HFT-based market-making, providing liquidity through the use of high-speed trading algorithms. Their mistake began far before the loss was realized. In 2005, “Knight Capital moved a section of computer code…to an earlier point in the code sequence in an automated equity router, making a function of the router wrong” (Saltapidas and Ramin 2018). On August 1, 2012, a new program known as the Retail Liquidity Program was set to be implemented on trading exchanges to allow market-makers like KCG to provide even greater liquidity to market participants. To prepare for this new program, KCG erroneously copied and implemented the faulty code from 2005 into their systems. When the market opened on August 1st, “Knight Capital’s router rapidly sent more than 4 million orders into the market when attempting to fill just 212 customer orders” (Saltapidas and Ramin 2018). This resulted in a $440 million trading loss for KCG, and caused their stock to drop by 70%. KCG thus incurred monumental damages from two elements of exposure to market risk: from participating in trading activities and from their status as a publicly listed company on the stock market. And unlike in the flash crash, the losses were not corrected. The losses were true and realized. The events of that day additionally reflected a failure to manage two aspects of internal operational risk. First was the coding error that went undetected and unscreened by any management facility of KCG, a demonstration of employee and managerial misconduct. Second was an issue of compliance. The Securities and Exchanges Commission mandates that “a broker or dealer’s risk management controls and supervisory procedures shall be reasonably designed to prevent systematically the entry of orders that exceed an appropriate pre-set credit or capital threshold” (Murphy 2013). KCG failed to meet this standard due to their faulty code.
An additional consideration of utilizing AI as a risk management tool is the difficulty of collecting all the data necessary to make risk managing decisions. While there is a wealth of data for an area like credit risk such as tax filings, bank statements, and credit scores and even legally mandated available data to manage market risk, obtaining useful data to effectively manage operational risk, particularly internal operational risk through AI seems challenging. Employees would have to forfeit privacy in their conversations to ensure that AI can detect non-compliance in text and verbal discussions. However, it could be the case that such a requirement would violate employee privacy, posing another threat to the firm’s regulatory compliance. Moreover, bureaucratic processes pose the difficulty of consolidating all the data into one central area: “Data is often held in separate silos across departments, perhaps on different systems, and perhaps with internal political and regulatory issues restricting the sharing of data. Important data might not even be recorded as data but rather kept as informal knowledge of the firm.” (Aziz and Dowling 2019). Data may then be fragmented and incomplete, barring the effectiveness for a risk management team to identify and encapsulate risks that were found in the ‘Flash Crash’ and the KCG incident.
Resolving Inefficiencies
In order to resolve the issues brought about by the ‘Black Box’ criticism, de-centering the focus around pure AI risk management techniques is necessary. If machine learning processes contain intermediate steps that are not readily visible to risk managers, then machine learning cannot be relied on solely for risk decision-making. To avoid financial disasters like the ‘Flash Crash’ and the KCG incident, a hybrid approach which incorporates elements of traditional statistical inference and newer machine learning models would enable greater discretion to manage financial risk. This technique is not as widely implemented compared to each approach individually, but there is some empirical basis for a hybrid model of financial risk management. In the context of credit risk management, the Iranian Journal of Management Studies conducted research in 2016 on the effectiveness of a hybrid credit risk model. Unlike previous papers which only compared traditional statistical modeling and machine learning with each other, this paper compares the results of credit default risk estimation between each individual base model and the unique combination of the two. The study, which combines a logit model with a neural network approach found that “the overall accuracy of hybrid model outperformed both base models. Combining linear and non-linear models to benefit from advantages of both models” (Raei, et al. 2016). A hybrid model thus enables risk managers to combine the intelligibility of traditional methods with the computing power of non-linear AI methods to achieve a more effective risk management framework. By doing so, the pitfalls of relying on a purely AI-based risk management method are avoided, giving the risk practitioner a greater degree of freedom to evaluate conclusions generated from models.
Concerning the lack of technological skill amongst firm employees, training programs may be costly, but training staff is entirely possible, and the benefits of being equipped with AI based risk management outweigh these costs. With increasing amounts of data and greater financial risks posed by technological development, it is paramount for risk managers to be equipped with skills that can easily identify risks like single coding errors to prevent fatal mistakes for the whole firm. Goldman Sachs developed a campus of 7000 employees devoted to honing technological skills (Aziz and Dowling 2019). Other financial institutions should follow suit and provide their employees, and especially their risk management administrators, to be equipped with essential 21st century skills like data science. Furthermore, on the siloing of data within departments of a firm, segregated units for managing data may be a more effective risk management allocation than relegating all risk responsibilities to risk managers. For instance, financial actuaries are most likely better equipped to evaluate credit risk than general risk managers. Perhaps risk management should dedicate their focus to operational risk, as many internal and external operational risks like compliance or cybersecurity pose firm-wide threats.
In addition to restructuring firm-based risk management methods, legislators ought to consider more stringent legislation in the HFT space to reduce catastrophic market risks. One example of such legislation is taxation on rapid market orders and cancellations. On August 1, 2012 (ironically on the same date as the KCG incident), the French government levied a tax on “cancelled orders made by high-frequency traders where all orders cancelled or modified within half-second time span are taxed” (Monaco 2019). Such a tax would seem to deter predatory activities such as spoofing which was partly responsible for the ‘Flash Crash.’ However, such regulation would also seem to counteract the increased liquidity, lower transaction costs, and price efficiency benefits that are empirically brought about by HFT market-making. Policymakers ought to consider these effects when drafting additional regulation legislation, as decreased liquidity may mean that if another extremely rapid crash were to happen, the drop would be even faster, and the market may not correct itself like it did in 2010 due to lower overall market stability.
Conclusion
Financial risk management encompasses a broad range of risk management topics. When examined under a lens of AI-based approaches to financial risk management, three core areas of risk are identified: credit, market, and operational risk. AI risk management methods, specifically machine learning models, prove to be powerful in handling large quantities of data, drawing seemingly hidden relationships between variables, and predicting accurate outcomes. The capabilities of AI point to its effectiveness at minimizing risk in each of these risk categories in its own unique ways.
AI solutions are not without fault, as pure ‘black box’ approaches expose firms up to pure and catastrophic risk within financial markets and operational structures. A hybrid approach which combines traditional statistical methods with more modern machine learning techniques is the most effective framework that avoids the pitfalls of the ‘black box,’ and lend risk managers greater flexibility in their decision-making. AI solutions alone may not be the best approach, but when combined with traditional risk management methods AI streamlines the risk management process by increasing prediction accuracy, improving financial market stability, and maintaining the integrity of organizational structures.
References
Altman, Edward I., and Edith Hotchkiss. "Corporate financial distress and bankruptcy." (1993).
Aziz, Saqib, and Michael Dowling. "Machine learning and AI for risk management." Disrupting
Finance. Palgrave Pivot, Cham, 2019. 33-50.
Byrnes, Nanette. " An AI-Fueled Credit Formula Might Help You Get a Loan." MIT Technology
Review. 14 February 2017.
Day, Sebastian. "Quants turn to machine learning to model market impact." RISK Magazine
(2017).
Haykin, Simon S. "Neural networks and learning machines/Simon Haykin." (2009).
Leo, Martin, Suneel Sharma, and Koilakuntla Maddulety. "Machine learning in banking risk
management: A literature review." Risks 7.1 (2019): 29.
McGrath, Maggie. “Target Data Breach Spilled Info On As Many As 70 Million Customers.”
Forbes Magazine. 10 January 2014.
Monaco, Eleonora. "What FinTech Can Learn from High-Frequency Trading: Economic
Consequences, Open Issues and Future of Corporate Disclosure." Disrupting Finance.
Palgrave Pivot, Cham, 2019. 51-70.
Murphy, E. The Securities and Exchange Commission. (2013). Available at: https :
//www.sec.gov/litigation/admin/2013/34 − 70694.pdf
Proofpoint, M. L. X. "Machine Learning to Beat Spam Today and Tomorrow." Copyright 2006
(2006): 28.
Raei, Reza, et al. "A hybrid model for estimating the probability of default of corporate
customers." Iranian Journal of Management Studies 9.3 (2016): 651-673.
Reid, David. “‘Flash crash’ trader sentenced to one year of home detention.” CNBC. 29 January
2020.
Saltapidas, Christos, and Ramin Maghsood. "Financial Risk The fall of Knight Capital Group."
(2018).
Wilson, H. James, Paul Daugherty, and Nicola Bianzino. "The jobs that artificial intelligence
will create." MIT Sloan Management Review 58.4 (2017): 14.
Yeh, I-Cheng, and Che-hui Lien. "The comparisons of data mining techniques for the predictive
accuracy of probability of default of credit card clients." Expert Systems with Applications 36.2 (2009): 2473-2480.
Abstract: In this paper, I will conduct a review on applications of AI (artificial intelligence) to risk management in the financial sector. The paper will begin with a brief introduction of AI and machine learning. Then, we will look into the three core risk areas where AI can manage financial risk: credit risk, market risk, and operational risk. The effectiveness and potential complications of these AI risk management methodologies will be reviewed such as the ‘Flash Crash’ and the $440-million-dollar loss incurred by Knight Capital Group from a single coding error. Finally, the paper will provide potential approaches to resolving risk inefficiencies and misallocations brought about by AI-based risk management. The goal of the paper will be to answer this question: do artificial intelligence based risk management techniques in finance create more financial risk?
Introduction
As technological innovations have streamlined financial transactions, financial institutions are left with increasingly large amounts of data on their clients, employees, and markets. Traditional statistical approaches to integrate this data in risk management processes are prevalent, but they may soon be insufficient, as these traditional methods have diminishing effectiveness on large amounts of unstructured data. Among financial institutions, there is growing interest in the ability of artificial intelligence to aid in managing firm risk with AI financial risk management research dating as far back as 1994 (Altman and Hotchkiss 1994).
When discussed in the literature, the term ‘artificial intelligence’ most often refers to machine learning—an algorithmic process where programs draw relationships between variables of a dataset, create a model based on these relationships, and test this model on subsamples of data (potentially thousands of times), so the model ‘learns’ what the strongest out-of-sample predictors are over time. Machine learning can be classified into two approaches: supervised and unsupervised learning. Supervised learning predicts a dependent variable from several independent variables like predicting the inflation rate from various economic data whereas unsupervised learning identifies patterns in a dataset such as certain patterns of bank transactions which constitute money laundering. Within both learning models, there are many methods that data scientists can utilize such as Principal Component Analysis, Support Vector Machines, and K-Means Clustering. In the case of financial risk management, the specific approach and method of machine learning applied will be context dependent.
There are three core risk areas where AI can manage financial risk: credit risk, market risk, and operational risk (Aziz and Dowling 2019; Martin, et al. 2019). Each of these risks will be defined, their impacts on relevant parties will be identified, and specific machine learning techniques to resolve each risk will be discussed below.
Credit Risk
Credit risk is potential loss that a creditor incurs through lending capital and arises from a debtor defaulting on their contractually obligated loan repayments. For financial institutions, credit risk is their single largest risk, as banks have built a majority of their business on facilitating capital needs for individuals, companies, other banks, and governments; it is therefore no coincidence that it is the most deeply researched field for machine learning applications to risk management (Martin, et al. 2019). There is a plethora of factors to determine the ability for a party to repay their credit, and AI is sought after to improve upon current credit risk modeling, given that machine learning is meant to handle large amounts of variables to draw inferences. More accurate creditworthiness predictions grant financial institutions larger credit portfolios and reduced counterparty default risk.
Supervised neural networks, a machine learning technique, have been found to be an effective predictor of credit risk. Artificial neural networks operate in a similar manner to the human brain where instead of each neuron being a biological mechanism to pass on information, each artificial neuron takes in an input of variables, performs calculations to determine correlative relationships, and gives an output to the next layer of neurons in the network. These layers are continually formed so that the process somewhat mimics brain function: “i) Knowledge is acquired by the network from its environment through a learning process; ii) Interneuron connection strengths, known as synaptic weights, are used to store the acquired knowledge” (Haykin 2009). In a 1994 pioneering study for the field of AI risk management, NYU Stern professor Edward Altman and his colleagues performed a comparative analysis between traditional linear discriminant analysis and neural networks to estimate the probability of corporate bankruptcy, a grave form of credit risk. Both methodologies generated a score for each firm that expressed the risk profile of the business. Their findings revealed that neural networks were just as capable, if not more, than traditional linear statistical methods (Altman and Hotchkiss 1994). Further and more recent research into this area confirms Altman’s findings. Even when compared against five other AI-based and statistical methodologies including the linear discriminant analysis found in Altman’s study, artificial neural networks were found to be the most accurate predictor of default risk (Yeh and Lien 2009).
Real world implementation of machine learning applications with credit risk are prevalent and growing. With the rise of e-commerce, the need for consumer loans in retail purchases has expanded. Particularly, in 2016, Chinese e-commerce giant Baidu sought to make small consumer loans to facilitate sales, but in China less than 20% of people have credit ratings or profiles (Aziz and Dowling 2019). Making loans to most consumers would thus open Baidu to significant credit risk, as a lack of credit history makes it difficult to determine borrower creditworthiness. Baidu, however, partnered with FinTech firm ZestFinance to develop a work around to credit scores. The core of their solution was based in machine learning techniques like clustering, an unsupervised model which creates clusters or groups of similar variables. In this instance, ZestFinance, with the permission of the customer, obtained large amounts of non-traditional data on the customer like browser and purchase history to determine risk clusters. For instance, an individual who has “a search history indicating accessing gambling websites would cluster a potential borrower into a higher risk group” (Aziz and Dowling 2019). The results of ZestFinance’s method to minimize Baidu’s credit risk proved significant, as within two months Baidu saw a 150% increase in small consumer lending with no increased loan losses (Byrnes 2017).
Market Risk
Market risk derives from exposure to financial markets, generally from investing and trading activity. Individuals are exposed to financial market risk through stock and bond holdings such as through pension funds and individual accounts. On the other hand, financial institutions are driven to make prudent decisions about investing in financially sound companies to generate profits for themselves and clients as well as providing liquidity for other market participants to ensure sound market functioning. The risk for individuals and institutions therefore lies in investments going awry or asset pricing models losing accuracy. AI applications to manage market risk are most often found on the institutional side where machine learning algorithms can be used to build stress testing models, to identify high-risk portfolio assets, or to even generate portfolio holdings.
Within financial markets, AI most commonly appears in the form of HFT (high frequency trading). Despite common misconceptions that HFT is predatory, the lion’s share of HFT activity comes from market-making, where financial firms act as liquidity providers and place simultaneous buy and sell orders to create what is known as the ‘bid-ask’ spread. These spreads are generated using techniques like reinforcement learning which in this case create more accurate pricing models that continually adapt to novel market conditions. A tighter spread implies greater liquidity and therefore greater price stability, as the price at which an asset is traded at jumps in smaller increments. A review of 265 articles on HFT found that market making comprises up to 72% of HFT trading volume, and algorithmic trading in general comprises up to 64% of all daily trading volume (Monaco 2019). The review also found that HFTs had the overall effect of reducing trading costs, improving price efficiency, and increasing liquidity, even in times of market stress. HFT activity has therefore reduced market risk by facilitating smoother market functioning.
Another area of market risk that specifically firms with large exposure to financial markets face is market impact costs—costs that arise from entering or exiting large positions that drastically effect the price of the underlying investment. In other words, the position is so large that it has a significant impact on the instrument being traded. These costs generally come about with more illiquid markets, as there are less participants to effect the price of the asset. Market impact costs can be as much as two-thirds of the net gain on a single trade (Day 2017). This can also pose risks for smaller market participants if they subsequently enter a trade on the same instrument that has inflated or deflated market value as the result of large institutional transactions. To reduce market impact costs for all market participants, Bayesian regression and random forest, both machine learning methods, are utilized by firms to predict short-term volatility, to create a trading schedule that will minimize market impact costs, and to revise this schedule as the large trade continues (Day 2017). The result is fair asset pricing for all market participants and larger trading profits.
Operational Risk
Operational risks are financial losses that emanate from internal operations like employee malpractice and system failures or from external events such as fraud and cybersecurity attacks. While technological innovation has been discussed as a mechanism of risk reduction, namely through artificial intelligence, up until this point, technology can pose new and unpredictable risks to the operational structure of financial institutions. In 2013, Target was hit with an unprecedentedly large cybersecurity breach that exposed 70 million shoppers to the risks of identity theft and financial jeopardy (McGrath 2014). Because it is inevitable that technology will continue to develop rapidly, it is imperative that firms proactively use the power of computing to their advantage. The ability of machine learning techniques to handle an immense number of variables that come from the countless moving parts of a firm can enable the identification of risks before they occur.
In terms of internal operational risks, employees and traders are constantly at risk of violating company or legal conduct. Compliance costs in particularly can be extremely costly, and it is estimated that major financial institutions spend up to a combined $70 billion on regulatory compliance per year (Aziz and Dowling 2019). Machine learning can drastically reduce these costs through the implementation of clustering techniques that can create “behavior-based trader profiles, where combinations of trade data, electronic and voice communications records enable banks to observe emerging patterns of behavior to predict latent risks and detect links between employees” (Aziz and Dowling 2019). IBM already offers a form of this risk detection framework built on their popularly known Watson AI. Watson has the ability to parse voice and text conversations and classify certain conduct as being potentially non-compliant, enabling firms to catch and resolve internal risks ahead of time.
Regarding managing external operational risks such as cybersecurity attacks and fraud, machine learning approaches are particularly effective. Malicious spam email attacks, known as ‘email phishing’ are a large and efficient source of cybersecurity attacks—a single malicious spam email attachment can lead to the compromise of an entire firm’s technological infrastructure, costing hundreds of millions of dollars in losses. The same clustering algorithms used to detect non-compliant employee behavior can be just as effective in detecting cybersecurity risk. A firm known as Proofpoint developed a clustering-based spam detection tool known as MLX that “continuously analyzes millions of messages and automatically adjusts its detection algorithms to identify even the newest, most cunning types of attacks” (Proofpoint 2006). Concerning fraud, money laundering poses a large risk to financial institutions as illegal organizations continue to find new methods of making illegitimate money seem ostensibly obtained. Again, clustering algorithms play a large role here, enabling risk managers to sort through large amounts of transactions and classify specific patterns of transactions by levels of suspiciousness.
Shortcomings of AI
One of the most prudent criticisms of AI-approaches to classical risk management issues is the ‘black box’ critique. During the learning phase of a given machine learning process, it is not always apparent how an algorithm arrives at a certain conclusion or establishes certain correlations, and machine learning is thus a ‘black box’ to users where only the inputs and outputs are easily identifiable. This leads prominent critics of machine learning to believe that “the very presence of a black box at the centre of decision-making can be its own source of risk in a firm” (Aziz and Dowling 2019). Risk managers who rely solely on AI will therefore find it extremely difficult to isolate the source of faulty conclusions that arise from AI and design methods to resolve them. The nature of AI additionally exposes models to issues of high sensitivity to outliers. This has the effect of the “overfitting of the data and counterintuitive predictions” (Leo, et al. 2019). The possibility of faulty conclusions being made is exacerbated by a lack of skilled staff to implement machine learning models which require a reasonable amount of technical knowledge and expertise. A survey of the top 1000 firms in the US found that the greatest concern with new AI solutions was ability of staff to properly understand and utilize them (Wilson, et al. 2017). Without proper training, risk managers may apply machine learning techniques improperly such as applying a clustering algorithm to predict bankruptcy risk where the former is an unsupervised AI model and thus does not have power to create predictions, only establish categories.
There are multiple instances where the ‘black box’ limitation of AI systems have been demonstrated, with drastic financial consequences. Two such occurrences will be discussed. First will be what is known as the ‘Flash Crash.’ On May 6th, 2010, one trillion dollars of equity vanished within minutes from financial markets as an automated selling program took over trading activity on the S&P 500 futures market. Later that day, prices rapidly recovered to where they were before the crash. This brought much scrutiny and blame to firms whose main strategies involved HFT. Critics claimed that HFT activity, counter to its purpose, created larger asset volatility and lower liquidity. It was only until 2020 that a single individual, a British trader named Navinder Singh Sarao was declared guilty for playing a large part in the ‘Flash Crash’ (Reid 2020). Navinder had discovered an illegal trading strategy known as spoofing— to take advantage of trading algorithms, the strategy rapidly places and cancels thousands of orders in seconds to obtain better prices for trades. Although it may seem that an external risk, a rogue actor, brought about the events of the ‘Flash Crash,’ HFT firms bear responsibility in not adequately preparing their algorithms and models to detect such activity and respond accordingly. The events of that day exposed all market participants to immense market risk, and due to the ‘black box’ nature of the HFT models, finding the culprit of the crash took far longer than an acceptable risk management model should have, a major inefficiency.
The second significant demonstration of the pitfalls of ‘black box’ risk management was when a single coding error caused Knight Capital Group (KCG) to lose over $440 million in a matter of minutes. At the time, KCG was one of the largest finance firms providing a variety of financial services. At the core of their business was HFT-based market-making, providing liquidity through the use of high-speed trading algorithms. Their mistake began far before the loss was realized. In 2005, “Knight Capital moved a section of computer code…to an earlier point in the code sequence in an automated equity router, making a function of the router wrong” (Saltapidas and Ramin 2018). On August 1, 2012, a new program known as the Retail Liquidity Program was set to be implemented on trading exchanges to allow market-makers like KCG to provide even greater liquidity to market participants. To prepare for this new program, KCG erroneously copied and implemented the faulty code from 2005 into their systems. When the market opened on August 1st, “Knight Capital’s router rapidly sent more than 4 million orders into the market when attempting to fill just 212 customer orders” (Saltapidas and Ramin 2018). This resulted in a $440 million trading loss for KCG, and caused their stock to drop by 70%. KCG thus incurred monumental damages from two elements of exposure to market risk: from participating in trading activities and from their status as a publicly listed company on the stock market. And unlike in the flash crash, the losses were not corrected. The losses were true and realized. The events of that day additionally reflected a failure to manage two aspects of internal operational risk. First was the coding error that went undetected and unscreened by any management facility of KCG, a demonstration of employee and managerial misconduct. Second was an issue of compliance. The Securities and Exchanges Commission mandates that “a broker or dealer’s risk management controls and supervisory procedures shall be reasonably designed to prevent systematically the entry of orders that exceed an appropriate pre-set credit or capital threshold” (Murphy 2013). KCG failed to meet this standard due to their faulty code.
An additional consideration of utilizing AI as a risk management tool is the difficulty of collecting all the data necessary to make risk managing decisions. While there is a wealth of data for an area like credit risk such as tax filings, bank statements, and credit scores and even legally mandated available data to manage market risk, obtaining useful data to effectively manage operational risk, particularly internal operational risk through AI seems challenging. Employees would have to forfeit privacy in their conversations to ensure that AI can detect non-compliance in text and verbal discussions. However, it could be the case that such a requirement would violate employee privacy, posing another threat to the firm’s regulatory compliance. Moreover, bureaucratic processes pose the difficulty of consolidating all the data into one central area: “Data is often held in separate silos across departments, perhaps on different systems, and perhaps with internal political and regulatory issues restricting the sharing of data. Important data might not even be recorded as data but rather kept as informal knowledge of the firm.” (Aziz and Dowling 2019). Data may then be fragmented and incomplete, barring the effectiveness for a risk management team to identify and encapsulate risks that were found in the ‘Flash Crash’ and the KCG incident.
Resolving Inefficiencies
In order to resolve the issues brought about by the ‘Black Box’ criticism, de-centering the focus around pure AI risk management techniques is necessary. If machine learning processes contain intermediate steps that are not readily visible to risk managers, then machine learning cannot be relied on solely for risk decision-making. To avoid financial disasters like the ‘Flash Crash’ and the KCG incident, a hybrid approach which incorporates elements of traditional statistical inference and newer machine learning models would enable greater discretion to manage financial risk. This technique is not as widely implemented compared to each approach individually, but there is some empirical basis for a hybrid model of financial risk management. In the context of credit risk management, the Iranian Journal of Management Studies conducted research in 2016 on the effectiveness of a hybrid credit risk model. Unlike previous papers which only compared traditional statistical modeling and machine learning with each other, this paper compares the results of credit default risk estimation between each individual base model and the unique combination of the two. The study, which combines a logit model with a neural network approach found that “the overall accuracy of hybrid model outperformed both base models. Combining linear and non-linear models to benefit from advantages of both models” (Raei, et al. 2016). A hybrid model thus enables risk managers to combine the intelligibility of traditional methods with the computing power of non-linear AI methods to achieve a more effective risk management framework. By doing so, the pitfalls of relying on a purely AI-based risk management method are avoided, giving the risk practitioner a greater degree of freedom to evaluate conclusions generated from models.
Concerning the lack of technological skill amongst firm employees, training programs may be costly, but training staff is entirely possible, and the benefits of being equipped with AI based risk management outweigh these costs. With increasing amounts of data and greater financial risks posed by technological development, it is paramount for risk managers to be equipped with skills that can easily identify risks like single coding errors to prevent fatal mistakes for the whole firm. Goldman Sachs developed a campus of 7000 employees devoted to honing technological skills (Aziz and Dowling 2019). Other financial institutions should follow suit and provide their employees, and especially their risk management administrators, to be equipped with essential 21st century skills like data science. Furthermore, on the siloing of data within departments of a firm, segregated units for managing data may be a more effective risk management allocation than relegating all risk responsibilities to risk managers. For instance, financial actuaries are most likely better equipped to evaluate credit risk than general risk managers. Perhaps risk management should dedicate their focus to operational risk, as many internal and external operational risks like compliance or cybersecurity pose firm-wide threats.
In addition to restructuring firm-based risk management methods, legislators ought to consider more stringent legislation in the HFT space to reduce catastrophic market risks. One example of such legislation is taxation on rapid market orders and cancellations. On August 1, 2012 (ironically on the same date as the KCG incident), the French government levied a tax on “cancelled orders made by high-frequency traders where all orders cancelled or modified within half-second time span are taxed” (Monaco 2019). Such a tax would seem to deter predatory activities such as spoofing which was partly responsible for the ‘Flash Crash.’ However, such regulation would also seem to counteract the increased liquidity, lower transaction costs, and price efficiency benefits that are empirically brought about by HFT market-making. Policymakers ought to consider these effects when drafting additional regulation legislation, as decreased liquidity may mean that if another extremely rapid crash were to happen, the drop would be even faster, and the market may not correct itself like it did in 2010 due to lower overall market stability.
Conclusions
Financial risk management encompasses a broad range of risk management topics. When examined under a lens of AI-based approaches to financial risk management, three core areas of risk are identified: credit, market, and operational risk. AI risk management methods, specifically machine learning models, prove to be powerful in handling large quantities of data, drawing seemingly hidden relationships between variables, and predicting accurate outcomes. The capabilities of AI point to its effectiveness at minimizing risk in each of these risk categories in its own unique ways.
AI solutions are not without fault, as pure ‘black box’ approaches expose firms up to pure and catastrophic risk within financial markets and operational structures. A hybrid approach which combines traditional statistical methods with more modern machine learning techniques is the most effective framework that avoids the pitfalls of the ‘black box,’ and lend risk managers greater flexibility in their decision-making. AI solutions alone may not be the best approach, but when combined with traditional risk management methods AI streamlines the risk management process by increasing prediction accuracy, improving financial market stability, and maintaining the integrity of organizational structures.
References
Altman, Edward I., and Edith Hotchkiss. "Corporate financial distress and bankruptcy." (1993).
Aziz, Saqib, and Michael Dowling. "Machine learning and AI for risk management." Disrupting
Finance. Palgrave Pivot, Cham, 2019. 33-50.
Byrnes, Nanette. " An AI-Fueled Credit Formula Might Help You Get a Loan." MIT Technology
Review. 14 February 2017.
Day, Sebastian. "Quants turn to machine learning to model market impact." RISK Magazine
(2017).
Haykin, Simon S. "Neural networks and learning machines/Simon Haykin." (2009).
Leo, Martin, Suneel Sharma, and Koilakuntla Maddulety. "Machine learning in banking risk
management: A literature review." Risks 7.1 (2019): 29.
McGrath, Maggie. “Target Data Breach Spilled Info On As Many As 70 Million Customers.”
Forbes Magazine. 10 January 2014.
Monaco, Eleonora. "What FinTech Can Learn from High-Frequency Trading: Economic
Consequences, Open Issues and Future of Corporate Disclosure." Disrupting Finance.
Palgrave Pivot, Cham, 2019. 51-70.
Murphy, E. The Securities and Exchange Commission. (2013). Available at: https :
//www.sec.gov/litigation/admin/2013/34 − 70694.pdf
Proofpoint, M. L. X. "Machine Learning to Beat Spam Today and Tomorrow." Copyright 2006
(2006): 28.
Raei, Reza, et al. "A hybrid model for estimating the probability of default of corporate
customers." Iranian Journal of Management Studies 9.3 (2016): 651-673.
Reid, David. “‘Flash crash’ trader sentenced to one year of home detention.” CNBC. 29 January
2020.
Saltapidas, Christos, and Ramin Maghsood. "Financial Risk The fall of Knight Capital Group."
(2018).
Wilson, H. James, Paul Daugherty, and Nicola Bianzino. "The jobs that artificial intelligence
will create." MIT Sloan Management Review 58.4 (2017): 14.
Yeh, I-Cheng, and Che-hui Lien. "The comparisons of data mining techniques for the predictive
accuracy of probability of default of credit card clients." Expert Systems with Applications 36.2 (2009): 2473-2480.
