AI-Driven Innovation: Opportunities for Startups in Financial Compliance and Risk Management  

AI is changing how financial institutions handle risk management and compliance. With markets and regulations getting more complicated, AI is starting to become the go-to tool for making things faster, more accurate, and more efficient. 

To learn how, we’ve spent months talking to executives and researched financial institutions—everything from big Tier 1 and Tier 2 banks to Fintechs, Banking as a Service (Baas) providers, payment companies, community banks, regional banks, and credit unions. We dug into how they are (or aren’t) using AI, took note of who’s making moves in this space, and asked them about the challenges they’re running into. The big question we asked: “If you could have a tool that did anything you wanted, what would it be?” That helped us pinpoint some exciting opportunities where startups could come in and create immediate impact. 

Here, we’re diving into the trends we’ve spotted in AI for risk management and compliance, giving you a rundown of some players, and breaking down the challenges that need solving. We’ll also highlight areas of opportunity where startups can make a difference—and, of course, provide a roadmap for how startups can get their foot in the door with financial institutions and the best pathways for selling into these companies. 

Integration of AI into Enterprise Risk Management (ERM)  

Enterprise Risk Management (ERM) is one of the first places financial institutions are using AI to manage risk and stay compliant. With AI’s ability to sift through huge amounts of data, automate many hours of manual work, and provide real-time insights, institutions are getting better at spotting potential threats early and keeping up with regulatory changes more easily. 

ERM is all about taking a broad look at risks across the whole organization and managing them effectively. Typically, ERM covers four big categories, which come from the Committee of Sponsoring Organizations of the Treadway Commission (COSO) framework: Financial, Operational, Strategic, and Compliance risks. 

These are defined as:  

• Financial Risks include credit risk, market risk, and liquidity risk, among others. These risks directly impact a financial institution’s financial health and stability. 
• Operational Risks involve risks related to internal processes, systems, and people, such as cybersecurity threats, fraud, and business continuity. 
• Strategic Risks relate to the external environment and business strategy, including competition, customer retention, and mergers and acquisitions. 
• Compliance Risks involve adhering to laws, regulations, and standards, including anti-money laundering (AML) regulations, data privacy laws, and ethical practices. 

From our interviews and research, we found that most companies are tackling AI solutions in three of the four key risk areas: Financial, Operational, and Compliance. But when it comes to Strategic risk, we didn’t come across many solutions—financial institutions are not yet comfortable automating this often complex and intuition-led part of the framework.

Current Trends and Players in AI for Risk Management and Compliance 

It’s no shock that generative AI has huge potential for banks, whether it’s about boosting efficiency or driving revenue. In fact, McKinsey put out a report in December 2023 called “Capturing the Full Value of Generative AI in Banking,” estimating that AI’s potential value could hit around $340 billion (about $1,000 per person in the US).

But even with all that potential, we’re still in the early innings of integrating AI in financial institutions. Some institutions have outright blocked tools like OpenAI/ChatGPT, others are working on acceptable use policies, and many are just testing certain features. For those already using AI in risk and compliance, most are focusing on machine learning applications for model validation, fraud detection, third-party risk management, and automating compliance tasks. 

In one of our chats with Dana Lawrence, an Audit, Risk and Compliance expert with 20 years of experience, she pointed out that AI is changing the way banks handle content analysis, social media monitoring, compliance automation, and third-party risk management. Some of the key trends we picked up during our conversations include: 

• The automation of compliance testing checks and regulatory reporting, which reduces the time and effort required for these processes. For instance, AI tools are helping financial institutions ensure compliance with Unfair, Deceptive, or Abusive Acts or Practices (UDAAP) regulations.  
• In model risk management, AI is enhancing the automation of validation and governance processes, thereby reducing the time needed to develop and validate models.  
• For fraud detection and prevention, AI-driven systems use machine learning algorithms to identify suspicious activities and potentially prevent fraud before it occurs. This is particularly valuable for monitoring transaction patterns and detecting anomalies.  
• Additionally, AI is being applied to third-party risk management, improving the ability to assess and monitor risks associated with external partners and vendors. 

Through our interviews and research, we also identified several startups and established players that are focusing on Financial, Compliance, and Operational risks with AI solutions. (Note: this is not a comprehensive list, but the names of the organizations that came up during conversations, with a focus on newer companies rather than incumbents).

Several Foundation Capital portfolio companies are focusing on different aspects of AI for compliance. ComplyCo, which creates compliance software tools and systems for highly regulated industries, enables continuous monitoring and reporting around managing end-user relationships. Sedric.ai allows banks and lenders to move beyond random sampling of customer interactions (think of all the times you’ve heard the phrase “this call may be monitored for compliance purposes”…) with their proprietary financial services compliance AI for customer communications and marketing material reviews. By automating the error-prone, costly, and ineffective manual review process, Sedric is helping turn compliance from a burden into a real growth driver for their customers.

Challenges and Considerations

According to Gene Yoshida, CCO and CRO of the startup Bonumai.com and an operator with over 25 years of experience in financial services, banks are increasingly using AI in a “co-pilot” role—AI offers suggestions, but humans still make the final decisions. Banks position this workflow as out of scope for model risk management, and to manage it, financial institutions are rolling out AI policies, forming AI committees, and setting up governance frameworks. These might include: 

• Keeping a list of personnel approved to use AI for specific tasks 
• Monitoring to make sure employees are using AI as intended, keeping their “hands on the wheel” and not relying entirely on AI 
• Safeguarding cybersecurity, data, and model output integrity, including preventing data loss and avoiding issues like hallucinations. 

Regulators are also paying attention to AI’s potential. They’re open to it but want to make sure it’s used responsibly, especially in three key areas: developing internal AI, setting up strong data governance programs, and dealing with potential biases in datasets. The Office of the Comptroller of the Currency (OCC) has even put out some guidance on using AI, encouraging banks not to use it for credit decisions just yet and to keep a close eye on model governance. 

Kevin Greenfield, the Deputy Comptroller for Operational Risk Policy, has said that AI can help banks strengthen their “safety and soundness,” and they’re supportive of using it in areas like consumer protections and fairness. But financial institutions also need to be careful with AI—poorly designed models, bad data, or not enough testing and human oversight can cause big problems. 

One other thing worth noting: while the tech side of AI is handled by experts, it’s crucial to have risk and compliance folks involved too. A major fintech Chief Risk Officer pointed out that many AI tools get built and sold without input from these subject matter experts and the people who use them, which can hurt how effective, accepted, and adoptable those tools are. 

Opportunities for startups using AI for Risk and Compliance Processes

AI is opening a world of opportunities for startups to revolutionize risk management and compliance in financial institutions. Many of these institutions, especially the smaller ones, are stuck juggling multiple tools that each solve just one problem. It’s a hassle, and Chief Compliance Officers (CCOs) and Chief Risk Officers (CROs) are increasingly on the hunt for more holistic solutions that can tie together various aspects of risk management and compliance. 

One huge area where startups can make a splash is by automating the entire risk management cycle—from spotting risks to analyzing correlations and evaluating models. AI can help uncover hidden patterns and data points that might otherwise get missed, giving early warnings when risk indicators start to drift. This comprehensive approach can seriously boost the accuracy and efficiency of risk assessments. 

Predictive analytics is another hot area. AI-powered tools can forecast potential risks and vulnerabilities by digging into historical data and identifying patterns that hint at future issues. Plus, AI-driven systems can provide real-time risk monitoring and catch anomalies on the fly, letting institutions tackle emerging threats head-on. 

In the Banking-as-a-Service (BaaS) space, there’s a need for AI solutions that can speed up and simplify the onboarding process for fintech companies. Startups can create tools that reduce the manual effort involved, making it smoother and faster for these companies to go live. 

Cybersecurity is also ripe for innovation. Startups can develop AI that uses customer behavioral analytics to detect unusual activities and stop cyber threats or fraud before they happen. A top executive at one of the world’s largest payment platforms mentioned they are building tools to proactively catch fraud rather than reacting after the fact—acknowledging that AI will supercharge fraudsters with new weapons like deepfakes and voice cloning.

On top of that, AI can streamline compliance monitoring and reporting. By automating the analysis of regulatory documents and using Natural Language Processing (NLP) to interpret complex regulations, startups can provide actionable insights and make staying compliant a whole lot easier. 

A common refrain among the executives we spoke with was that they’d love a more holistic, end-to-end solution that covers all aspects of Enterprise Risk Management (ERM)—from risk identification to assessment and ongoing monitoring. They see this as the “golden opportunity” in AI for risk. There are already many players building AI for risk – but none yet that can bring this end-to-end automation.

All these advancements not only improve operational efficiency but also enhance the effectiveness of risk management and compliance efforts. With the right approach, startups are poised to tap into that massive potential valuation of $340 billion that McKinsey noted in their article. 

How Startups Can Tap Into This Huge Opportunity

If you’re starting an AI company focused on risk and compliance, the first thing to get right from day one is building a solid product that addresses the real pain points for risk and compliance teams of financial institutions. A lot of banks, especially smaller ones, are still doing risk and compliance the old school way, so there’s a huge opportunity for a solution that can streamline and automate these processes. If possible, your product should be holistic—banks are tired of juggling multiple tools, so offering an integrated solution will give you a real edge.  It is also worth noting that community banks are having a particularly hard time with AI as they rarely have the skills or resources to exploit the tech. This is both an opportunity and a challenge. Think carefully about your initial target market in terms of bank size (Top 10, super-regional, midsize, small, community, credit union), focus (retail bank, merchant bank, etc.), and technological capability.

One area you can’t overlook is data. Your AI tools need to be built with high-quality data in mind, and data security is non-negotiable. Financial institutions are rightly cautious when it comes to AI, especially around bias, so make sure your models are transparent and bias-resistant from the start. Building a strong data governance framework will not only build trust but also help with the complex regulatory requirements these institutions face. 

As you develop your product, you’ll also need to think about your market entry strategy. Adoption of newer technologies can be slow for traditional banking institutions (particularly the biggest ones, called Tier 1 or Tier 2 banks), but for Fintechs and newer players like BaaS providers are much more open to experimenting. They’re nimble, competitive, and often more willing to adopt innovative solutions. While the prospect of huge ACVs is attractive, large banks have stricter due diligence and compliance requirements and are not quick to jump on board with a new startup. 

Speaking of due diligence, it’s something you’ll need to be ready for when dealing with any of these financial institutions due to regulations around third-party risk management. They’ll want to see strong third-party risk management related policies and procedures, proof that you’ve done your homework, and that you’re not a risk to their operations. Landing a contract with a Tier 1 or Tier 2 bank is possible, but it’s going to take time and trust-building. In the meantime, consider targeting smaller, more flexible players where you can gain traction and refine your product.  

Finally, as you lay out your plans, focus on building a solid product foundation that you can scale. Make sure you’re solving real problems in risk and compliance, especially in areas like AI-driven fraud detection, compliance monitoring, and due diligence automation. If you can nail these from day one, you’ll set yourself up to grow into larger institutions down the line. With the right mix of technology and a smart go-to-market approach, you’ll be well on your way to making a mark in the financial services industry. 

What Banks Need for Successful AI Implementation

For you and your customers to fully leverage and implement AI in risk management and compliance, financial institutions should: 

1. Have a solid AI strategy: Set clear goals for what you and your potential customer would want AI to achieve and create a step-by-step plan for rolling it out across your organization. 
2. Speed is king: Gone must be the days of banks taking 18-36 months to pick, test, and implement new technologies or technology partners. If you take more than a year to onboard the “latest tech”, by the time you’re done that will no longer be the latest tech! AI innovation is advancing more rapidly than almost any previous technology – your business depends on getting this right, which means your business depends on implementing AI quickly.
3. Prioritize data quality: Good AI needs good data, so all parties should invest in top-notch data management and governance to make sure your models are built on solid, accurate information. 
4. Stay compliant and ethical: Make sure there are good governance frameworks in place to keep AI efforts in line with regulations and ethical standards. 
5. Keep learning and improving: AI is always evolving, so it’s important to regularly assess how systems are performing and stay up to date with the latest trends and tech. 

Final Thoughts

AI is reshaping the landscape of risk management and compliance, bringing new efficiencies and capabilities that were once unimaginable, offering startups a unique chance to innovate on risk and compliance processes, enhance accuracy, and improve decision-making for these incumbents. The need for smarter, more integrated tools in financial institutions is clear, and startups that can meet these demands with reliable, ethical, and scalable AI solutions are poised to make a big impact. As the financial landscape continues to evolve, those embracing AI will be better positioned to tackle the complex challenges of risk and compliance in a fast-moving world.

If you’re building in this space, we’d love to hear from you! Please reach out at nstainfeld@foundationcap.com.