Home / Banking Strategies / Enhancing resiliency against credit risk process fraud

Enhancing resiliency against credit risk process fraud

These risks can go undetected due to inefficient approaches followed by banks, making a comprehensive, AI-based strategy essential for resiliency.

Jan 25, 2023 / Fraud Prevention

To conduct the business of lending, banks employ credit risk processes – initial assessment, in-depth assessment leading to accept or reject decision, periodic review of loan performance and reporting.

These processes expose banks to several frauds, referred to as “credit risk process fraud.” Key categories of CRPF are misappropriation of funds, manipulation of data by borrowers and third-party providers, deviations from procedures and manipulation of reports.  Efficient management of CRPF is vital for banks.

Conversely, many banks do not provide commensurate importance to CRPF in terms of governance, clear definition to segregate it from frauds in credit operations and other related ones, infrastructure in terms of data, fraud investigation, systems, and automation. For example, even for the simplest of all processes – initial assessment of retail credit risk – only borrower-facing side is fully mature.

Additionally, many banks lack quantitative approach and treat fraud risk as qualitative. This may be due to absence of data and modeling approaches. Qualitative assessment involves two steps. First, a key risk indicator approach is used to detect critical risks by each business unit at granular (sub-process) levels, and then for each KRI, business units conduct their own assessment of gross risks and strength of controls to derive remaining risk by using risk and control self-assessment. Risks captured at sub-process levels are difficult to aggregate at higher levels, making the whole exercise somewhat subjective.

As a response to the challenges, it may be the right time for banks to invest more rapidly in artificial intelligence. The approach to be followed to improve growth in adoption of AI is a key question to be answered.

Integrated decision models: Banks are expected to transition to integrated decision models to get an aggregated view of both credit risk and fraud risk factors. For example, a decision to underwrite a loan should consider risk of misappropriation of funds by borrower. Similarly, monitoring of credit risk should consider the risk of extending undue concessions to borrowers.

Integrated data repository: Creating an integrated data repository is key to building integrated models. For each type of CRPF, data needs to be identified and defined by banks. In addition to internal data, it is essential for banks to use third-party data to get an improved view of both risks.  For analysis of risks posed by buyers and suppliers of borrowers, many banks lack adequate internal data.

Early warning systems: Supplementing early warning systems with integrated decision models makes continuous monitoring of risks possible. To be valuable, EWS must automatically generate alerts as soon as credit or fraud risk factors change. Many banks have semi-automated or manual EWS which results in inefficiencies in detection of credit and fraud risks.

Cognitive automation:  Many banks run their procedures in semi-automated or manual form.  The same lack of automation is found in a series of decisions involved in credit risk processes.  Using AI, it is possible to employ risk reduction without human intervention to, for example, limit or remove limits granted to a borrower in the event of detection of fraud or increase in credit risk.  Many banks have already started this transition.

Graph analytics: Also known as network analytics, this can reveal connections among networks using visual and analytical means. For example, it can help answer questions about how your borrowers are connected in a supply chain network with buyers and suppliers. The most powerful feature is that graph analytics can go beyond this first level to identify credit and fraud risks.

Machine learning and deep learning: Many banks are rapidly transitioning from traditional statistical models to machine learning/deep learning models to improve their predictive power.  The creation of entire models can be automated and integrated with modern AI infrastructure such as big data, data quality management and reporting.

The AI-based approach explained above is also applicable to other risks at banks, so there are potential benefits available in taking an enterprise-wide view in devising strategies. Risk of fraud in credit risk processes can go undetected due to inefficient approaches followed by banks.  A comprehensive, AI-based strategy is essential to be resilient.

Dr. Subramanian Venkataraman is a consulting partner in risk management and compliance at Tata Consultancy Services.