Red Hat: How Banks Should Leverage Gen AI for Transformation

While some are optimistic that 2024 proves to be the year of large-scale Gen AI adoption across banking and financial services, for Richard Harmon, Red Hat’s VP & Global Head of Financial Services, the hype is set to continue for some time yet. 

We spoke to him, and colleague Monica Sasso, Red Hat’s Global Financial Services (FSI) Digital Transformation Lead, on the topic at 2024’s MoneyLIVE Summit in London.

“When it comes to Gen AI, there’s still constant innovation coming across,” Harmon says. “For banks today, it’s about understanding how and where they can best apply Gen AI while making sure they are collaborating with regulators to evolve the regulations in this space.

“The scope for Gen AI’s use is so much broader than we’re seeing, so – as more innovations arise – it may be a bit of a waiting game for banks to see what the best use cases for Gen AI are in their organisations.”

Gen AI in banking: Regulatory hurdles 

Indeed, in Europe and the UK, banks that deploy Gen AI must comply with the recently passed EU-AI Act (although they still have time to get their houses in order before it is implemented), which will place how banks already utilise AI in the ‘high risk’ category. 

This includes AI-based creditworthiness assessments by banks, as well as pricing and risk assessments, meaning banks must comply with heightened requirements for such AI applications.

As such, for Harmon, while this new technology “could be really exciting, gain efficiencies and insights into customer behaviour, it must be implemented correctly”. 

“If a bank does not implement AI to the latest, most relevant regulatory standards, it can lead to serious consequences.

“So even though banks could do a lot, I think at first they're going to select Gen AI application use cases that have immediate value, don't require regulatory approval and don't expose any customer data. This will include more sophisticated versions of what banks have already done, such as natural language processing.”

Red Hat customer Banco Galicia, an Argentinian bank, leveraged predictive AI and natural language processing to process corporate onboarding and new corporate customers, a process that previously would’ve taken weeks.

With natural language processing, the bank was able to quickly digitise paper-generated information, quickly analysing and processing it. 

“Today, with Gen AI, a bank could reduce that processing time even further, while taking the opportunity to suggest embedded offerings, providing a more nuanced, personalised and accurate onboarding experience for customers.”

Gen AI: Empowering banks’s cybersecurity tools 

Of course, the potential applications for Gen AI in banking extend far beyond customer onboarding use cases. 

As Sasso notes, the scope for Gen AI to automate a bank’s cybersecurity activities is vast. 

“AI is already here, we've been using it for years,” she says. “Anytime a bank wants to do anything in real-time, they have to use it. 

“So if banks start to think about some of these efficiencies and put an operational resilience lens on it and integrate AI with threat hunting software, this will enable them to start automation of some cybersecurity activities.”

Cybersecurity measures are so important for banks today, with institutions like JPMorgan facing up to 45 billion hacking attempts a day, employing over 60,000 technologists for the primary aim of combatting cyber attacks. 

As such, leveraging AI to support cybersecurity is an area Red Hat works closely with its customers. “We’re starting to help them work with some of these newer AI-based tools,” notes Sasso.

“It is so critical because these things keep the lights on,” she adds. “AML efforts are traditionally very onerous processes. It would take hundreds of people to do it. But now, these new technologies speed the process up significantly and more accurately. So that’s where I think the focus should be for banks.”

For Sasso, it’s vital that automated threat-hunting and cybersecurity tools are integrated back into a bank’s main system so that when there is a threat, action can be taken immediately. 

“If an attack happens at 2am, who’s waking up to deal with that? With Red Hat solutions like Ansible Lightspeed talking with Advanced Cluster Security or Advanced Cluster Management, threats can be automatically averted to keep systems up and running,” Sasso adds. 

And, much like the aforementioned JPMorgan, the bigger a financial institution is, the broader the service is to be hit by an attack, making cybersecurity considerations all the more important. 

Making AI simple: Upskilling the workforce

With the threat of cyberattacks a leading concern for banks and FIs, AI applications must be made as simple as possible. A key consideration of this is upskilling the workforce, while huge swathes of employees need to retrain to meet the technological demands of today. 

For Sasso, the simple use of AI “comes down to two things, culture and upskilling”. 

She continues: “Banks have to put a torch on all this stuff and actually lift up the bonnet to see what they’re working with, and how AI can help drive efficiencies in their existing infrastructures.

“How it can affect different processes is so important too, like risk. When banks outsource to third, fourth and fifth parties, some may assume they are also outsourcing risk, but what they may not realise is that by doing this, new risks are created. 

“This comes down to having the right expertise and skills to effectively understand the new risks that are created, and banks that don’t have this knowledge or understanding become at risk of malicious attacks. 

“Banks can pay for the privilege to ignore the stuff going on inside the box, but that doesn’t mean they don't need to know what string is plugged into which box, what software infrastructure is on which box and what small applications from that box are calling to other services.”

It is in this way banks, when leveraging technologies by outsourcing to third parties, must understand their software supply chain, as well as their software bill of materials to ensure that code employed on a bank’s code base is verified and malware-free. 

“This is where we at Red Hat are working tirelessly with our clients,” continues Sasso. “It’s really about educating them on the things they need to know, the things they need to be aware of and have some kind of control over. We will continue to do that as the technologies mature and become more ubiquitous.”

How banks should revolutionise existing infrastructures 

Of course, when outsourcing to third parties, compatibility is needed between third-party software and the often legacy infrastructure employed by banks.

Overhauling banking infrastructures has been a hot topic for some time, but, as Sasso attests, banks can’t do this in one fell swoop – it is a gradual process.

“Technology is moving quickly, and sometimes decisions are being made at large institutions without understanding fully what integrations are, or what they can do for you as a bank,” she says. 

“What I always say to clients is that the decisions they make today can create tech debt tomorrow. Now, we’re in the process of unpacking 40-year-old tech debt at large institutions, which is never going to be a simple process.”

To achieve consistency, banks can containerise new technologies. This is something Red Hat has been working on for almost ten years with Red Hat OpenShift, a hybrid cloud application platform enabling banks to modernise software on legacy systems as well as migrate to cloud-native systems. 

What’s more, hybrid multi-cloud services are helping banks reduce technology duplication and cognitive load on developers and operators. Harmon explains: “If banks develop natively on one cloud, then they have to develop a different version of that same thing in every place they want to run. 

“With a hybrid multi-cloud system, you can deploy applications enterprise-wide, running anywhere, meaning technicians need to support just one piece of code and shift it across to the areas needed.”

Back-up clouds are needed to meet regulatory requirements too, so by leveraging a multi-cloud model, banks and financial institutions are favouring a multi-cloud model where one cloud can act as a backup to another. 

It is therefore clear that while AI has the capacity to revolutionise banking and financial services, it’s important to have a rigorous understanding of its best use, and the right systems in place to support AI integration. 

**************

Make sure you check out the latest edition of FinTech Magazine and also sign up to our global conference series – FinTech LIVE 2024. 

**************

FinTech Magazine is a BizClik brand.