So, how does machine learning help GRC?
Machine learning has very important applications in a variety of GRC settings and roles. We look at a number of these in our eBook, Machine learning for governance professionals, but here are some examples:
- Managing risks and opportunities based on more advanced factors than risk appetite thresholds, estimations, and responses.
- Identifying fraud and waste patterns, mining financial data, and using predictive techniques to develop more effective controls.
- Understanding and preventing cyberthreats by analyzing data and automatically learning from successful attacks.
- Making better use of complimentary technologies like robotic process automation to improve processes, refine computer-based decisions, and improve algorithms.
There are obviously many, many more possibilities, but we’re going to focus on how it helps risk management. By analyzing large datasets in short times, machine learning is changing the way risks are assessed. The following are just some examples of how it can be used in risk management.
Lenders can determine the creditworthiness of potential borrowers by examining datasets like their digital footprint. This has become more common for evaluating borrowers with little or no credit history.
Several companies use the technology in their systems to examine alternative data sources (like social media usage, browsing history, and GPAs) to generate more accurate credit scores. An MIT study found that this could reduce bank losses from delinquent customers by up to 25%.
Identifying operational risks
Operational risk is present in every organization, from a small business to a global corporation. Here are a couple of ways machine learning can help with operational risk:
Cybersecurity threats. It can use statistical analysis and algorithms to stop threats before they cause damage. For example, anti-spam technology uses it to protect against spammers by analyzing the language in millions of messages to detect potential threats.
Money laundering attempts. The cost of anti-money laundering (AML) compliance is estimated at $23.5 billion per year. Clustering techniques that classify transactions based on how suspicious they are, or detect people with similar behaviors working together, can uncover money laundering attempts.
Using past data to project transactions from one period to the next, risk managers can determine where to direct resources. Machine learning helps risk managers automatically predict which branch locations are likely to fail an audit, and which are likely to pass. This lets them focus efforts on locations that need more attention.
Risk managers can alter input data to find out what impact it might have on predicted outcomes (e.g., how it might increase or decrease risk scores). The technology can explore a multitude of models, allowing GRC professionals to make predictions and continue to repeat and refine them.
Removing subjective risk scoring
A major benefit of machine learning is the ability to remove risk-scoring subjectivity. Feeding data into systems—and using a model to determine data-driven risk scores—avoids the manual and human process of risk scoring, which is often inaccurate.