CBA makes early forays in to AI and natural language generation to shape risk policy


The Commonwealth Bank’s risk team has made significant progress in its visualisation and dashboarding program over the last two years, claiming a “great track record” in automating its risk reporting function across “all stacks”, according to Fergus Kennedy, CBA’s general manager for transparency and visualisation, with his team now experimenting with artificial intelligence (AI) to help deliver policy reports and shape bank’s future risk ecosystem.

Speaking at FST Media’s Banking Summit on Wednesday, Kennedy revealed the bank is now trialling the emerging technology as part of its risk reporting “deep dives” – which explores, in finer granularity, particular areas of financial and non-financial risk within the bank, from market risk exposures to operational risk – using AI to not only identify existing business risks, but also map out what a future risk environment might look like.

“We’re starting to now work out how we can use artificial intelligence to tell us what those [risk] topics should be. Once we have that, we can start to better predict some of those interrelationships and interactions.”

“For instance, if you have a significant operational risk event, does it or can it impact some of your credit decisioning – and vice versa?”

“We’re starting to use the amazing things that AI can do to bring further insight and cross-pollination… to see what [risks] are emerging and that we need to start to be mindful of.”

While still in its “early days”, Kennedy says his team’s AI-enabled risk program is moving forward at pace.

“We want to be able to start to predict what the next best risk conversation is for our customers and for our stakeholders.”

He also notes an emerging use case for AI to test policy effectiveness, coupled with natural language generation to construct the “first draft” of policy reports.

“This is by no means complete; it’s still an emerging [use case]. But, again, we’re trying to give more time back to our people so that they can spend more time thinking about how best to exercise their judgement.”

At present, Kennedy said his team has employed machine learning for “anomaly detection” around particular events and metrics, as well as “incorporating, within our dashboard, outputs from machine learning models which are a little bit more predictive”.

“This is something humans would struggle to be able to do themselves, other than through a very, very manual and time-consuming process.”

Currently, Kennedy said, the risk team has strong capability in automating all reporting across its technology stack.

“If I want to know what the retail bank aggregate position is on a particular type of risk, I can see that. Or, if I’m really interested in what line of business or sub-team is using that same metric, I can move across the organisation, across risk types, and drill down into business units and into lines of the business.”

Among the core support pillars of the risk team’s development approach is the widescale use of Python – considered among one of the more accessible coding languages, and increasingly embraced by coders for building automation and data analytics functions.

“We’ve been on a bit of a journey for the last two years, running a lot of training [in Python] within risk management.”

Praising “the power of Python”, he said, the code “at the very least” is capable of automating “all boring stuff”.

A key priority for the team, he notes, is getting automated bots, coded in Python, “into the front line” to assist customer-facing staff.

“What that means is, if we spot data quality issues, for example, we run automated bots that connect directly with relationship managers in the front line for them to check and fix [issues] right at the start of the source of information, rather than having someone in a reporting landscape try to paper over differences.”

Since implementation in early 2020, these Python-coded bots have played a key role in “fixing” more than 7,000 data quality issues across the business.

“[It’s about getting] it fixed right down with the people who know the data best, who know the clients best, and once they fix it there, all the benefits flow upstream.”

Training in Python has also matured greatly over the last year, enabling automation of risk notifications, in real-time, to frontline staff.

CBA’s entire digitalised risk function is predicated on the team’s “adaptive risk management” approach.

“Our operating environment is constantly changing,” Kennedy said. “And we also know that there is no such thing as perfect judgment.

“So, we’ve got to bring the right tools and technology and allow our teams to deliver the type of reporting, to deliver the right insights. That really helps us manage risk at the boundary, which is where the most interesting and most useful conversations take place.”

“Where we can make the job on the front line more effective and efficient is not only good for our people but… that it is fundamentally good risk management.”

Dashboard delivery

Visibility and transparency (and a strong sense that “transparency builds trust”) form the core philosophy of CBA’s risk management and reporting function – and the dashboard serves as the real-world centrepiece of this philosophy.

“Those operational dashboards are getting more and more prevalent in terms of what [our team] produces. They really help the people who are managing risk on a day-to-day basis, and in the front line, better understand and be more efficient and effective in what they do.”

Despite access and use being “voluntary”, the popularity of these data dashboards has increased several-fold across the business.

From a baseline of around 750 users, today around 15,000 users connect into CBA’s various dashboards.

As more dashboards are rolled out, more are demanded by staff. Within a space of just three months, Kennedy’s risk visualisation team has delivered 35 separate data dashboards, with user logins to the dedicated dashboard platform increasing 350 per cent.

Co-presenting with Kennedy, Kapil Sabharwal, CBA’s head of strategy and execution for the risk data analytics and visualisation team, said demand for dashboards has increased markedly as more data has become available, “with risk professionals also craving for more insights in the non-financial risk space”.

One of the “black swan” developments for the risk team – “the centrepiece for how we manage risk from a reporting, dashboarding and analysis perspective” – was the rollout of the Data Analysis and Risk platform, Sabharwal said.

“It started very small, with a couple of reports focused largely on non-financial risk. But over the last year and a half, we’ve been able to bring in all other risk types, including market risk or financial risk as it relates to credit,” Sabharwal said.

“We also have some of our data management reporting and dashboards embedded into the single platform.”

More than 60 dashboards have been made available through CBA’s Data Analysis and Risk platform

Currently, the team has delivered more than 60 dashboards available through the Data Analysis platform, each of which is searchable via a Google-like search function, Sabharwal said.

Standardisation of dashboard features is key to ensuring these data-rich assets are readable and accessible by all business units.

“We do have design standards which are easily accessible to our users through this platform. [Users] can see exactly what standards are being encouraged, but also the right colour combination to use.

“After all, a report is only as good as much as it can be understood.”

“From a ‘personas’ perspective, these dashboards are used not just by risk management professionals or the risk management teams, but also by our ‘line one’ business teams.

“That makes a lot of difference because both these teams look at a common set of data with a common set of understanding.

“Hence, the conversations are much more productive and are able to be challenged to the right level of scrutiny that’s required in these instances as well.”

The creation of these dashboards has also ushered in a marked improvement in data quality across the organisation, enabling staff, even beyond risk and data teams, to report on and qualify data.

“We’ve improved data quality by 80 to 90 per cent across a lot of different factors. But the way that we did that was by actually giving dashboards that allow people to see what the data quality was in a particular unit,” Kennedy said.

“Now a lot more people across the business can now utilise risk data to help them make better risk decisions.

“And whether that be at a board in reporting in a risk reporting context all the way through to the day-to-day management, the real advantage about data is that once you get that momentum, the growth can be exponential.”