Risk managers must embrace artificial intelligence or be replaced by it, says Alex Sidorenko, chief risk officer and founder of RISK-ACADEMY, and group head of risk, insurance and internal audit at Serra Verde Group

A study published in the Annals of Oncology found that a deep learning algorithm achieved a 95% accuracy rate in detecting melanoma from skin lesion images, outperforming a panel of 58 dermatologists whose average accuracy was 86.6%.

In another study published in Nature, a deep learning system was able to identify breast cancer from mammograms with greater accuracy than radiologists. The AI system demonstrated a reduction of 1.2% (UK set) and 5.7% (US set) in false positives, and 2.7% (UK set) and 9.4% (US set) in false negatives.

SR_web_Alex Sidorenko

Research in the journal JAMA Network Open demonstrated that an AI algorithm was able to diagnose lymph node metastasis in breast cancer patients with an accuracy of 99.5%. This surpassed the 96.9% accuracy demonstrated by human pathologists.

Research conducted by Siemens in 2019 demonstrated that AI-driven predictive maintenance tools could forecast equipment failures with up to 30% greater accuracy than experienced maintenance personnel.

And according to a 2021 study by J.P. Morgan, AI and machine learning models reduced default prediction errors by approximately 25% over traditional statistical models.

“What used to take my team weeks to do, now can be done by AI + python in hours.”

And yet, every time I, or one of my team members, do a webinar on using AI for risk management, the only question that people ask is “how accurate is AI”. Every time.

So let me share a story. In my last five head of risk roles, I had access to both world-class team of quant risk professionals and access to different AI models, including the ones built in-house.

And you know what? I have spent considerably more time verifying, checking, correcting and validating my human risk team’s deliverables than I do now verifying RAW@AI deliverables.

What used to take my team weeks to do, now can be done by AI + python in hours.

AI doesn’t have to be always right, it just has to be less wrong than humans

In my mind, for AI to be universally adopted by risk professionals, it doesn’t need to be perfect—it just needs to be better than humans at making fewer mistakes.

This is something Douglas Hubbard calls “beat the bear” fallacy. Imagine two campers confronted by a bear; one doesn’t have to outrun the bear to survive, he just needs to outrun the other camper. Similarly, AI doesn’t have to be flawless; it just needs to outperform human error rates and speed of analysis.

“AI can handle huge datasets, large volumes of text and complex calculations without getting weary or overly biased.”

Humans are great at many things, but we can get tired, we can overlook details, we have blind spots to certain risks and we all have our biases. Some risk managers came from an accounting background and have little understanding of risk maths.

All these limitations make risk managers less effective, especially when dealing with probability theory, complex, interrelated risks and decisions.

AI, on the other hand, can handle huge datasets, large volumes of text and complex calculations without getting weary or overly biased. AI still makes mistakes. That isn’t the question. Does it make less or more mistakes than an alternative, that is the right question.

The more data you have, the more AI outperforms humans

Large volumes of data are what gives AI its risk management superpower.

Unlike humans, AI can quickly go through huge amounts of both structured data (risk registers, spreadsheets and databases) and unstructured data (risk reports, interview transcriptions, annual reports, and research papers).

This ability lets AI gather a wide and current view of potential risks and quantify most risks on the planet. Most risk managers can of course do the same, but it will take them 10 times the time to achieve a comparable level of quality.

“Large volumes of data are what gives AI its risk management superpower.”

The human brain is incredibly adept at recognising familiar patterns, but it struggles with the sheer complexity and subtlety of patterns found in today’s probabilistic risk landscape.

AI, on the other hand, excels at finding complex and non-linear relationships within massive datasets (distilling large texts into key points, not so much, but it’s only a question of time).

This can reveal hidden connections between seemingly disparate events or data points, highlighting risks that would otherwise go unnoticed until it’s too late. According to a 2022 report by IBM, AI systems detected and responded to security breaches an average of 40% quicker than human-led teams.

You no longer need a maths PhD to do quant risk analysis

In the past, every time I joined a company I would struggle to find quants who understood risk management and were capable of abstract thinking to integrate into decision-making. If you ever tried hiring a quant for risk management, you know what I mean.

Well, AI is changing the game. AI models with access to Python environment are putting powerful quantitative tools into the hands of a wider range of professionals.

AI models take care of the complex maths, allowing risk managers to focus on empowering risk taking and integrating risk analysis into decision making.

“The question isn’t whether AI will transform risk management. It’s whether you will upskill quickly enough to utilise [it]”

Just like calculators made complex computations accessible to everyone, AI and SIPmath are doing the same for risk modelling. You don’t need to understand the inner workings of a calculator to get the answer, and you no longer need to be a mathematics whiz to perform sophisticated risk analysis.

You still need to be able to double-check the calculations, because calculation errors are frequent. But you know what is even more frequent? Calculation errors by human risk managers. Much more frequent.

The question isn’t whether AI will transform risk management. It’s whether you will upskill quickly enough to utilise AI and guide its insights, or your team will be replaced by the next version of RAW@AI.

Important limitations:

  • Utiliding AI in risk management involves handling sensitive data, which can raise compliance and privacy issues. Some risks are too sensitive to be analysed by AI, unless it is an in-house closed model.
  • Using AI for risk management will probably be considered high-risk activity under the EU AI Act and will require significant compliance controls.
  • In cases where AI-driven decisions lead to financial losses or compliance breaches, establishing accountability can be challenging. Determining whether the fault lies in the data, model, or decision-making process requires clear protocols.
  • Effective use of AI in risk management requires specialised skills that may not be readily available within traditional risk teams. At least hiring or upskilling personnel to work effectively with AI tools is easier than finding a good risk quant who understands decision science and behavioural economics.