A version of this Q&A originally ran in the October Executive Report. Explore the issue, Compliance and Risk: Building Operational Resiliency, for more insights on supporting sustainable growth amid omnipresent uncertainties in a speedier, technology-reliant marketplace.
Even as financial institutions explore more use cases for automation and artificial intelligence (AI)—including for catching up on contact center volume or speeding up lending document review, for instance—the technologies’ upside potential in the risk and compliance departments gain traction.
Conversations often start by asking whether AI for banks and credit unions, including among vendors, adds too much risk exposure. Is a third- or fourth-party affiliate using AI following the same compliance checklist as the contracting bank, for instance? We’ve explored these considerations throughout this Executive Report as well.
But the discussion shouldn’t stop there. Enlisting AI muscle to strengthen human ranks in risk, audit, AML, and compliance can be additive to a bank or credit union’s operations, say proponents. AI might conveniently update a risk model to include factors previously locked within a data silo. Or AI can position bank-level data alongside market-level data in real time, providing the forward-looking snapshot regulators and other stakeholders increasingly seek.
Broadly speaking, AI proponents—including Brett Pharr, CEO of Pathward, in our interview—stress the importance of careful vetting and right-sized applications of AI based on an organization’s needs and governance parameters.
And even with careful adoption, AI is increasingly a must-have rather than a nice-to-have, says Pharr, who has a long career in risk spanning traditional banking and neo-banking. Other risk strategists agree that the speed of information sharing, volatility, systemic risk considerations, and harder-to-measure factors such as reputation, have turned up the heat for quicker and nimbler responses within solid frameworks. Challenges emerge from other corners as well; in a digital world, there is ever stronger competition to prove faster banking capabilities and a wider range of products for modern markets.
At the end of the day, regulators, customers, and other stakeholders want banks to see around corners when possible. They want FIs to be less reactive and more proactive.
For Pathward’s Pharr, AI is one key to that evolution. Here, we share a condensed version of our recent conversation. Notably, Pharr comes to this technological integration following decades of experiencing risk-department shifts and he leads a financial institution that itself wholly embraced digital transformation to expand its market.
Pathward is a nationally chartered bank whose present identity feels far from its roots as an Iowa Savings and Loan and a reemergence as a community bank. With its current branding, Pathward operates in personal banking, commercial finance, and as a contracting partner to other banks. For instance, it offers a payments platform, co-branded lending programs, and more.
Before his current role as Pathward CEO, Pharr held a range of risk management positions at the organization. That means years in traditional banking also inform his perspective on the modernization of risk and compliance practices. Pharr served as Senior Risk Director at Citizens Bank, where he helped expand and uphold the institution’s ERM approach. Prior to Citizens, Pharr was at Bank of America for three decades, holding roles in the commercial and consumer lines of business, including business transformation, mergers and acquisitions, and risk.
Some answers have been edited for clarity.
ProSight: I think it’s important to talk about your path, pardon the pun, and that of the institution because I’d imagine a banking leader with a start in risk never really abandons that foundational mindset, no matter how much technology changes banking.
Pharr: It’s interesting, of a 43-year career in banking the first roughly 20 years were focused really on only one kind of risk. One. And that’s credit risk. It was an important skill, and it’s still the principal reason that a bank may fail over time. But if I had been asked then what our risk discussions might look like now, I would have had no idea. And it’s been a shift over time: The Patriot Act in response to 9/11, Dodd-Frank in response to the financial crisis, and more. Now, we talk about credit risk, market risk, liquidity risk, and we get very much into operational risk, BSA, AML.
There’s a very large suite of issues under the category of risk that are a part of banking, and frankly, of shoring up our reputation in society. I’ve also had the vantage point of watching these changes from Pathward growing out of traditional community banking into what at one time was largely known more as “sponsor banking,” or delivering products through third parties, and onto the direct banking and vendor platform we are now. I call it third-party delivery of banking services. Some in our industry call it Banking-as-a-Service (BaaS), of course. And with it comes layers of opportunity, interchange income and more, and always, risk considerations.
Banks are not just looking at risk and compliance within their four walls. You’re looking at many kinds of distribution for many different opportunities, including greater financial inclusion. We’ve built an entire business on that. And three or four years ago, we sold our community bank, and we’re all in on this third-party delivery that requires this very robust risk and compliance framework on top of it.
ProSight: We know at a minimum that AI dominates many conversations in banking, including among risk practitioners, but mature use cases may be limited to contact center and easily automated tasks. Do we have a sense of AI’s use in risk management?
Pharr: Anecdotally, I agree that we see the rise in discussion and experimentation. And AI and risk considerations are very top of mind for us because—and this is part of our business, such as digital payments for partner solutions, credit partner solutions, for instance—we are advising partner banks on vendor relationships, and we have third-party relationships and beyond. So as AI spreads, banks must understand their risk exposure. But they can and should understand the full picture of AI use cases.
The Digital Banking Report’s State of AI in Banking shows that 40% of banks across all sizes are leveraging AI to some degree in daily operations. And while it’s not the topmost use cases, risk-related use cases do crack the top 5, including predictive modeling of risk scenarios.
ProSight: I think back to your historic first risk pillar, credit risk, and your new delivery mechanism and marketing, which has far greater reach, plus your target of the historically underbanked, who may or may not be thin-file borrowers, for instance. Putting that all together, this sounds like a scenario for old-school risk considerations elevated with newer technology, like automation or AI.
Pharr: That’s right—although our credit pillar tends to be more in what we do with the deposits we receive, and we directly lend through our commercial finance unit. The consumer lending that you’re sketching out here, including near prime, subprime, deep prime, we structure those to offset the risk with the partner holding the loan. We structure those in a way so that the credit risk is largely not with us; they can engage with us, a chartered bank lending with a true lender, but they give us the coverage on all the credit exposure, or the majority of it, so that we’re not taking on the “naked” consumer.
But we are responsible for that value chain all the way through to the consumer, which is where risk and compliance and technological tools come into play. And I’ll give you a related AI example. Our customer-facing content, sites, applications, etc., all must meet certain compliance requirements and a robust compliance review. If you think about it, how many pages does that involve, how many words, and how fast can changes be made? Not to mention, the work itself creates a level of internal frustration that can creep into quality overall.
And, if in a period of regulatory change, or deregulation, but at an institution that has set high standards, a mix of AI and manual work is the best practice. The experts, the humans, focus on the exceptions. It’s been a huge shift here because there is so much content, apps, and so on, to scale out there. We have to cover a very large volume.
ProSight: AI remains vulnerable, especially perhaps if its use to back up risk and compliance practices were to be questioned. AI, after all, is only as strong as the data feeding it. Of course, humans are not without error either. So, do you still find yourself defending the role of AI in risk and compliance?
Pharr: I think this is going to continue to grow and evolve, and I have learnings, and there’s going to be mistakes. All of that is true. The trick right now is to use the tool, but to understand how the tool is working and check the tool. You’ll eventually get widespread model risk management around all this. That’s a big deal. There will be more proving out for certain applications. But I am very bullish on this use case. We have a top-tier AI team with advanced training and data science working on this. And for a $7 billion bank, that is saying quite a bit. But we expect to benefit from it quickly because of our business model. In fact, we are reinvesting in building out this model, because we expect to use it for a long time.
ProSight: Does AI’s use as a tool help unify departments, or do you have to be careful about inequity, maybe one department leaning on it more heavily than another? It might seem that if risk and compliance use it, additive to their operations, that sets a tone?
Pharr: Because risk and compliance are such a large feature of our approach, it’s a department that is actually asking for AI. Taking the first step. Evaluating it. I can imagine use cases in our industry for product pricing models or commercial credit decisions, so maybe they lead the growth. Here, risk and compliance need AI for efficiency because of the scope of their demands across external partners, because of the large scale of that aspect of our operations.
As far as department by department, I think it would help if banks were already speaking the same language, and maybe that is more of a data case than an AI-specific case. Data is so important to this whole growth story, which is why several years ago we began investing heavily in data and data platforms.
ProSight: Your model has shifted from community banking, but many will see your organization’s roots there, and the historic risk and compliance foundation, and perhaps wonder how you made the leap to AI adoption, even if, as you stress, it remains vetted and measured. There’s a mixed bag of adoption among the banking leaders we regularly talk to. Any parting remarks to those still hesitant?
ProSight: For me, the business has shifted so much I don’t really have a choice. I have some significant differentiators. And one is I’m managing third parties that are large enough that I have to use any efficiency mechanism that I can. AI is going to be one of those efficiency mechanisms, and so I’ve invested in it. But that may be translatable across our industry: How much has your operation expanded? How can you get more efficient and at a pace these new market dynamics require? And how can you leverage AI as a risk and compliance tool because you choose to bring it on board this way, and can vet it appropriately?
Rachel Koning Beals
