What is risk management?

Risks are future events that cause ambiguity and may lead to undesirable outcomes. They aren’t just financial: they can also be reputational or health-related. But risks exist for everyone, from governments and companies to biological species and even specific individuals.

“Risk management is something that exists in us on an evolutionary level. The actions that we – or other living beings – take in life help us manage risks. Those dinosaurs that couldn’t run away from larger predators had less of a chance to propagate their genes. And conversely, those that managed to reduce the ambiguity by evading predators altogether had a better chance to continue their lineage,” explained Dzhangir Dzhangirov.

To reduce either the chance of the risk manifesting itself or the impact of its consequences – or to delay it altogether – actions must be made (or planned out) in the present moment. That’s what risk management is. This is why woodland creatures, such as bears, consume as much as they can in the autumn before going into hibernation, and it’s why people insure their lives and property from natural disasters.

At the same time, balance is crucial in risk management. On the one hand, a high-risk behavior strategy comes with serious consequences and expenses that can sometimes be incompatible with profit. For instance, if a company spends years adhering to a high-risk strategy, it’ll earn more than everyone else – right until a crisis hits and bankrupts the business. On the other hand, a company that stays away from risks and adopts a careful approach will more easily weather years of crisis – but may eventually lose its profit and role on the market by missing out on new niches. The company Eastman Kodak invented the first color photo film and became a leader on the photography market. But it went bankrupt by refusing to invest in the growing market of digital photography.

How AI helps manage risks

Artificial intelligence can be used to automate risk management and conduct complex calculations more quickly – such as when analyzing an investment portfolio or approving a bank loan.

Sberbank’s risk-management divisions are always looking for professionals (link in Russian) in IT, machine learning, and finance. Within one of the company’s teams, which subscribe to the Agile methodology, they can grow as T-shape professionals (meaning those who possess deep expertise and skills in one field, but also have a basic understanding of adjacent subjects). Sberbank’s risk management staff work with a great number of modern technologies: integration and support for machine learning models (MLOps), automation of code generation and model validation, digital twins of IT infrastructure, AI-boosted data quality control, and systems for business analysis and process modeling.

How does a business manage its risks?

There are several stages of risk management:

• Identification: at this stage, you compile a list of risks associated with the situation at hand.

• Risk level assessment and identification of potential consequences: some risks are considered unacceptable and must be avoided at all costs. For businesses, examples include bankruptcy, criminal acts, human losses, and leaking of client data. The next category are undesirable risks, which can be managed. That includes reputational and technological risks, such loss of company image or the use of foreign-made informational software. All other risks are ones that companies take consciously and can profit from.

• Establishment of a risk management system: at this stage, decisions are made as to how the company will gain its profit, which consequences it will aim to avoid, how they can be minimized, and who will be responsible for the decisions taken.

• Control and monitoring: at this stage, a system of regular reporting is set up, along with a notification system.

• Integrated risk management: threat scenarios are defined, all potential consequences are evaluated in the aggregate and discussed, and the relevant decisions are made.