Risk and Compliance Research Outlook 2024

Create a vendor selection project
Click to express your interest in this report
Indication of coverage against your requirements
A subscription is required to activate this feature. Contact us for more info.
Celent have reviewed this profile and believe it to be accurate.
We are waiting for the vendor to publish their solution profile. Contact us or request the RFX.
Projects allow you to export Registered Vendor details and survey responses for analysis outside of Marsh CND. Please refer to the Marsh CND User Guide for detailed instructions.
Download Registered Vendor Survey responses as PDF
Contact vendor directly with specific questions (ie. pricing, capacity, etc)


One quarter into 2024, the imaginative possibilities unleashed by generative artificial intelligence (GenAI) are growing into practical applications. In 2023, the promise of GenAI caught the limelight, bringing both opportunities and concerns for financial institutions. As these initiatives come to fruition, the opportunities look more modest and the risks look more manageable.

In terms of opportunity, the first GenAI initiatives are largely internal and risk departments are early adopters within their larger organizations. We are seeing GenAI being used to interpret and draft potential actions for new regulations, accelerate fraud and AML investigations, and explain rationale for the findings of predictive AI—all solid building blocks for more impactful revenue-generating GenAI initiatives.

With the exception of hallucination, the risks of GenAI are much the same as the risks for AI in general. Risk managers have been able to handle most of these (data privacy implications, model bias and drift, regulatory compliance) by extending current AI governance to GenAI as well. Hallucination is the only risk that is specific to GenAI and firms are having success mitigating that risk by constraining prompts, using vector databases to detect and correct errors in GenAI output, and limiting the data used to train bespoke LLMs.

Meawhile, the halo of GenAI is illuminating broader AI opportunities. We are seeing firms greenlight initiatives based on predictive AI and machine learning as the senior management now views AI as disruptive technology.

As we move into the second quarter of 2024, we will continue to explore the five technology themes that we see as priorities for risk executives with AI taking the top two spots. They are:

1. Gen AI moves into production

Generative AI tops the list of emerging technologies with which firms are experimenting. At a global level, 44% of FIs are currently exploring use cases for this technology, while a further 31% have projects related to this technology on their roadmap for 2024—meaning they are running Gen AI POCs and intend to move at least one use case into production in 2024. Fraud detection is at the top of the list of use cases being piloted, putting CROs at the vanguard of this new technology.

As we move closer to production, two types of GenAI risk become evident. The first area that risk executives are grappling with is the risk in their firms deploying Gen AI, including model bias, hallucinations, false output, and data privacy concerns. The second challenge they face is the external risks stemming from Generative AI, including potential regulatory violations, intellectual property infringement, and empowered bad actors. Our recent report on Generative AI – What are the Risks? gives risk executives a blueprint for striking the balance between these risks and the substantial rewards that innovation in GenAI can bring.

2. Building Data Foundations for AI

Interest in GenAI is raising awareness and acceptance of other advanced AI technologies. Risk and compliance Initiatives that use machine learning and natural language processing are also being green-lit by boards and c-suites at financial institutions. To feed these models, FIs are using next-generation data management techniques including data fabric and data wrangling to integrate and prep enterprise data. Firms are improving their data hygiene and deepening their model risk governance in order to minimize the risks of accelerated AI adoption.

3. Moving from Compliance to Combatting Financial Crime

Financial criminals are also capitalzing on new technologies, digital assets and GenAI in particular. Recent Celent research estimates the total annual amount of money laundering to be $3.1 trillion globally. With all the investment that banks, capital markets firms and insurers make in detecting and ferreting out these criminals from their customer base, FIs want to see material impact in reducing financial crime. To this end, the shift from rules-based behavior detection to pure machine learning-based detection is accelerating. Several vendors, including Google, are championing this shift and deploying pure machine learning transaction monitoring systems. Users cite substantial improvements in finding new types and patterns of financial crime, while still reducing the total number of investigations due to 70-80% reductions in false positives. FIs are also looking for increased collaboration among themselves and with law enforcement to focus efforts across organizations to fight financial crime.

4. Technology Transformation to Increase Operational Resilience

The geo-political volatility and economic shocks of 2023 have proven the need for decisive, coordinated responses to unforeseen threats that are quickly executed across the organization. The norm in most financial institutions is governance, risk, and compliance (GRC) systems with highly manual processes, and deeply siloed operations. In 2024, we will see even greater regulatory focus on operational resilience. The UK, Hong Kong and Singapore are already past their initial deadlines for operational resilience, and EU and UK institutions must be fully prepared by the beginning of 2025 for DORA and the Operational Resilience Framework, respectively. FIs are launching GRC technology transformations to integrate divisional silos and fragmented risk functions. Broad use of APIs and advances in bidirectional integration make possible an “Extract and Integrate”, rather than “Rip and Replace”, approach to this technology transformation.

Our research agenda for the rest of this year closely follows these prorities, combining observations and insights from client conversations, desk research and primary surveys.

Contact us for more information about what we have planned in Q2.

If you are a client, please sign in to access a detailed view of our 2024 agenda.