Alex Sidorenko, chief risk officer and founder of RISK-ACADEMY, and group head of risk, insurance and internal audit at Serra Verde Group, shares how AI has transformed risk management at his organisation

When I moved from a multibillion dollar global fertiliser company to a ramping up rare earth mining company in Brazil, my operational risk team went from 9 to 3 people.

I thought we would have to scale back on the risk management projects and the types of quant risk models our team built. But then, AI happened.

SR_web_Alex Sidorenko

First, Large Language Models allowed us to improve risk communications, risk descriptions and integrating risk information into management reporting.

Updating our corporate risk management policy became a breeze. And the policy talks about integrating risk management into decision making and risk based planning, budgeting and performance management by default.

Then, LLMs introduced python support and I could now run proper quant risk analysis, calculate and graph rolling correlations, fit distributions, run and graph simple monte carlo simulations and extract SIPs to excel.

Then, LLMs introduced GPTs and I could roll out purpose-built mini AI tools to my team. We now have multiple AI tools for turning any phrase into a perfect risk description for monthly reporting, for writing risk management policies, for generating mitigation suggestions, for developing risk interview questions, for doing due diligence on the vendor insurance policies (this model identifies coverage gaps, hidden exclusions, or unusual terms that might leave us exposed), for checking risk engineering controls against insurance industry best practices.

Then, LLMs introduced RAG support and I was able to build a digital risk management knowledgebase based on my articles, videos, RAW workshops, books and publications.

My team now has a digital version of me for any kind of methodology questions and brainstorming best ways to perform risk management tasks. It acts as a full time junior risk analyst, who can research, write and quantify risks faster than most humans with a comparable and acceptable error rate.

I made a version of these models available publicly, so I can collect feedback from people and continue to improve the instructions and design and all of you can benefit from our models.

You can try our most advanced model RAW@AI as well as many of the smaller AI tools here https://riskacademy.ai. They are all built on publicly available information carefully curated by me, so nothing secret. Use them and make your risk management lives easier.

This was just the beginning. Various AI models automated some of the most common and mundane tasks. It didn’t really “reshape the future of risk management” as I claimed in the title. But what happened next blew risk management out of the water.

Once agentic frameworks became available to the public, I was finally able to automate more complex risk management workflows.

One of my favourite models today is our risk identification multi-agent model. It is designed to use multiple pre-trained agents (digital CFO, digital legal officer, digital ESG officer, digital procurement manager and digital operational manager) using multiple risk identification techniques (we have tested over 20 various risk identification techniques and found 3 that performed best with LLMs, by the way they are not the ones you use in real life) to identify risks for any given contract, business or project.

And here is the revolution, it used to take my team couple of weeks to interview key stakeholders and document the identified risks in the past, now it takes between 2 and 5 minutes. And the risks identified are much deeper, more technical and more unique that I ever saw in risk conversations over the last 20 years in risk management.

My biggest challenge today, the model identifies too many risks and we are now working on prioritising and focusing on the most significant ones.

Given the volume of new contracts and decisions up for risk analysis, this AI model alone saves at least a couple of full time risk managers. We are also working on extracting these risks into downloadable reports and using them for third-party risk management.