An AI helper for third-party risk management

Michael Berman (left), founder and chief executive of Ncontracts, and Ginger Devine (right), senior vice president and senior risk officer at Citizens First Bank, a client of Ncontracts. “This is going to really put financial institutions in the driver's seat for understanding those control factors earlier in the process," Berman says of his company's artificial intelligence assistant for reviewing legal agreements.

For banking executives negotiating contracts with new and existing fintech vendors, careful review of the terms is essential. But as their list of partners grows, the task of analyzing every contract for compliance with current guidelines and continuously monitoring them can become unwieldy.

Meeting the ever-changing standards of regulators is a necessary cost of doing business for both fintechs and financial institutions. Banks and credit unions accordingly scrutinize every third party with which they work to avoid any possibility of missteps in risk management.

Ncontracts, a risk management software firm located in Brentwood, Tennessee, has spent the past year training its new Ntelligent Contracts Assistant to help automate the review process by feeding it vendor contracts with financial institutions and having it learn key terms such as "notice permissions" and "business continuity." The product made its debut last month. 

The assistant scans files one word at a time using optical character recognition and isolates clauses such as price changes and renewal dates using entity extraction. Then it uses a proprietary model powered by generative artificial intelligence to create a comprehensive score and summary that shows how well — or how poorly — the agreement complies with regulatory requirements.

Organizations large and small can "have hundreds of vendors, so being able to automatically process this information as well as identify any exceptions, is a far more efficient use of time than having" a human read each and every agreement, said Michael Berman, founder and chief executive of Ncontracts.

Berman emphasized that the tool, which is offered as part of the firm's third-party Nvendor platform hosted on Microsoft Azure, is not designed to be a substitute for a lawyer but rather an additive product for running initial checks on contracts and identifying problem areas early on in discussions.

"Having a way to preliminarily run an agreement through a tool [like the Ntelligent Contracts Assistant] and make sure it checks the boxes for all the regulatory issues before you spend thousands and thousands of dollars with a law firm is extremely useful, because nobody wants to spend all that time and money with outside counsel to learn that a vendor doesn't have everything in place," Berman said. "This is going to really put financial institutions in the driver's seat for understanding those control factors earlier in the process."

With the proliferation of cybersecurity breaches and other third-party issues across the banking industry last year, officials with the Federal Reserve, Federal Deposit Insurance Corp. and the Office of the Comptroller of the Currency finalized guidance in June detailing proper steps for overseeing relationships with external vendors.

"As part of sound risk management, it is the responsibility of each banking organization to analyze the risks associated with each third-party relationship and to calibrate its risk management processes, commensurate with the banking organization's size, complexity, and risk profile and with the nature of its third-party relationships," the guidance said.

Organizations that have been hit with consent orders over their fintech relationships include the $3.2 billion-asset Blue Ridge Bank in Martinsville, Virginia, which has been offloading fintech partners to address compliance shortcomings in its banking-as-a-service relationships.

Ginger Devine, senior vice president and senior risk officer at Citizens First Bank in The Villages, Florida, was looking for help managing vendor relationships when she began partnering with Ncontracts more than five years ago.

"We were challenged in our ability to be able to process all the information related to our vendors, effectively obtain due diligence documentation, conduct risk assessments that were appropriate for the level of risk that the vendor [posed to] us and then do ongoing coordination with the vendor as everything was changing," Devine said.

The $3.7 billion-asset bank uses several of the products offered as part of the Nvendor platform to manage internal and external audits, conduct custom risk assessments, stay up to date on relevant regulatory changes and more. As the bank continues its expansion, contracts are becoming more complex, leading executives to explore the potential benefits of Ncontract's assistant.

Tools such as these are valuable "for all of us that are in [risk-oriented] roles where we're expected to have a good understanding of what's happening across the board, because we can't be experts in everything," Devine said.

Ncontracts is among a number of vendors that have recently begun offering AI-powered contract assistants such as the New York-based SpotDraft's VerifAI and the Bellevue, Washington-based Icertis' Contract Intelligence Copilots that entered the market in the middle of last year.

While interest in the applications of AI in banking continues to grow, federal agencies are taking a closer look at both developers of qualifying AI models and the institutions that use them in the wake of President Biden's executive order in October to monitor the possible risks. Regulators remain certain that current legislation and safeguards are enough to prevent such risks from affecting individual consumers as well as the financial system.

On an institutional basis, that means instituting a "robust governance framework" before using any AI-powered tools and "ensuring proper due diligence is done to better understand their scope," said James McPhillips, a partner at the New York-based law firm Clifford Chance.

"Like any financial institution that has to analyze its third-party relationships, especially those that are critical, undertaking a due diligence process and performing a robust governance process on the use of [those tools] is really what all the banks are setting up and doing right now," McPhillips said.

Executives seeking to address these gaps with outside help must remain dedicated to solving issues at their root cause, rather than adopting products as a temporary solution.

"Perhaps most crucially, banks and all industries should not rely on hopes that technology will eventually come out tomorrow to face the challenges the technology brings today," said Gilles Ubaghs, strategic advisor on commercial banking and payments for Datos Insights.

For reprint and licensing requests for this article, click here.
Fintech Artificial intelligence Bank technology
MORE FROM AMERICAN BANKER