The FBI Has Issued Repeated Warnings On Criminals Leveraging AI. Are We Moving Fast Enough in Financial Crimes Risk Management?
Like most of the financial crime risk community, we saw the FBI warning of the increasing threat of cyber criminals utilizing artificial intelligence. “Generative AI reduces the time and effort criminals must expend to deceive their targets,” stated a public service announcement issued by the FBI on December 3, 2024. “Generative AI takes what it has learned from examples input by a user and synthesizes something entirely new based on that information.”
It’s no big surprise to those of us tackling these challenges every day, but we need fast-track routes through model risk management (MRM) to keep our models a step ahead of the bad actors. We all agree that model risk is crucial in ensuring that financial institutions’ models—particularly those used for fraud detection, anti-money laundering (AML), and financial crime prevention—are reliable, accurate, and effective. However, managing these models creates severe challenges that slow down the pace at which these models can be deployed or updated. Is this process helping us balance the holistic risk to the bank, financial system, and society?
As recent discussions in the industry highlight, this creates an opportunity to rethink how we approach MRM—balancing safeguards with the need for adaptability. To fast-track routes through model risk management, thereby speeding the adoption of sophisticated technology approaches to risk mitigation, there are five challenges we need to address:
1. Rigorous Validation and Testing
Why it can slow down deployment or updates: Financial institutions need to thoroughly validate models to ensure they work as intended, are free from biases, and do not produce false positives or negatives. This process can involve extensive backtesting, stress testing, and model calibration, which takes time.
Impact on financial crime prevention: If this lengthy validation period is too protracted, models may not be updated quickly enough to keep up with evolving patterns of financial crime or emerging threats. Fraudsters and criminals are constantly adapting, so delays in model deployment can result in missed opportunities to detect or prevent illicit activities that are far more serious than the specific model risk.
2. Complexity vs. Transparency
Why it can slow down deployment or updates: Many financial crime detection models, particularly those leveraging machine learning (ML) or artificial intelligence (AI), can be complex, but we are beyond the days of opaque (“black box” models). Model risk management requires that these models be explainable and interpretable, especially in regulated industries – we have that norm now in the top data science teams.
Impact on financial crime prevention: Again the requirement for explainability can slow down the adoption of advanced techniques that might offer better detection of novel fraud schemes or money laundering tactics. The tradeoff between model sophistication and regulatory transparency can limit the ability to implement cutting-edge, real-time detection models. We need to be outcome-based in the same way we view how human analysts demonstrate a decision.
3. Regulatory Constraints
Why it can slow down deployment or updates: Financial institutions must ensure their models comply with regulations (e.g., GDPR, OCC guidelines, Basel framework) that often require periodic reviews, model updates, and adjustments based on the latest data or crime trends.
Impact on financial crime prevention: In some cases, model risk management processes require models to be frozen or adjusted to meet regulatory standards, which could delay the deployment of updated fraud prevention techniques that are more suited to current criminal tactics. We repeatedly hear regulators are supportive of innovation but we see the same approaches being expected for cash, wires, and checks when the products and typologies of risk have moved radically.
4. Balancing False Positives and False Negatives
Why it can slow down deployment or updates: Financial crime detection models often face a tradeoff between false positives (legitimate transactions flagged as suspicious) and false negatives (fraudulent transactions not flagged). Managing this tradeoff carefully is a key part of model risk management, which can lead to conservative choices in model deployment.
Impact on financial crime prevention: Overly conservative models may not detect enough fraud, while models that are too aggressive in flagging transactions may overwhelm investigators with false alarms, reducing the overall effectiveness of the crime prevention system. With AI not just creating output but working outputs we can handle volumes and rates that the human-heavy “model” could not sustain.
5. Continuous Monitoring Challenges
Why it can slow down deployment or updates: Financial institutions must ensure their models comply with regulations (e.g., GDPR, OCC guidelines, Basel framework) that often require periodic reviews, model updates, and adjustments based on the latest data or crime trends.
Impact on financial crime prevention: In some cases, model risk management processes require models to be frozen or adjusted to meet regulatory standards, which could delay the deployment of updated fraud prevention techniques that are more suited to current criminal tactics. We repeatedly hear regulators are supportive of innovation but we see the same approaches being expected for cash, wires, and checks when the products and typologies of risk have moved radically.
Balancing Safeguards and Responsiveness in Model Risk Management
The financial crime landscape is constantly shifting, with criminals leveraging innovative methods to exploit gaps in existing defenses. When the pace of MRM cannot keep up with these changes, institutions may face challenges in effectively mitigating risk.
This isn’t a critique of the processes in place but rather an observation of the constraints posed by traditional practices. Addressing these challenges with a mindset of continuous improvement and adaptability can help institutions respond more effectively to emerging risks.
A Forward-Thinking Approach to Model Risk Management
To meet today’s challenges, a modernized approach to MRM should emphasize agility without compromising on rigor. Key areas of focus include:
- Outcome-Focused Validation: Prioritize metrics that reflect real-world effectiveness in detecting financial crime.
- Explainable AI: Leverage techniques like locally interpretable machine learning models for transparency.
- Adaptive Models: Use models designed for real-time updates to reduce delays in addressing emerging threats.
- Regulatory Engagement: Foster dialogue with regulators to promote frameworks that encourage innovation.
- Automation at Scale: Use AI to manage high data volumes, ensuring faster updates and enhanced detection accuracy.
How Quantifind is Pioneering Agile Risk Intelligence
Quantifind’s Risk Intelligence platform exemplifies a modern approach to MRM, integrating the principles outlined here. By combining accuracy, speed and scalability, Quantifind’s risk models offer:
Accurate Risk Assessments that align with regulatory expectations while promoting agility and innovation.
Regulatory Alignment: Solutions built to meet tomorrow’s compliance standards while enabling innovation.
Dynamic Updates: Models that evolve with changing crime typologies, reducing the risk of stagnation.
Explainability at Scale: Tools that enhance transparency without compromising performance.
By focusing on outcomes and leveraging advanced technology, we aim to help institutions meet the challenges of financial crime prevention with greater speed and precision.
Are your risk models keeping up with today’s challenges? Learn how Quantifind’s Risk Intelligence platform can help you respond faster to emerging threats. CONTACT US to learn more.
Register for our next series of Risk Labs in 2025.