top of page
  • Writer's pictureWilliam Webster

Red, Amber, Green - GPT-4 Does Risk

Updated: Apr 3

I've noticed that GPT-4 is getting better all the time; you can do more, and the results are better. I decided to try a little test.

Could GPT-4 take a red, amber, green risk report and explain what it was seeing? Could it then write the narrative so that anyone reading it got a clear understanding of the risks present?

Here is the report that I gave GPT-4:

Note, this is a photograph of a spreadsheet rather than the spreadsheet itself. The reason is that by trial and error, I've learnt GPT-4 is good with pictures, and it's a feature that has improved over the past few months.

This is the prompt that I used:

Here is a colour coded report for the board of a building society showing some of its financial risks. Please write a narrative and explain anything you think is important to them or any action required

This is the response that I got from GPT-4:

The provided image appears to be a financial risk report for a board of a building society, detailing various metrics related to credit exposures, liquidity, interest rate risk, basis risk, and the investment portfolio. Here’s a narrative explaining the key elements:

Credit Exposures:

  • Barclays: The actual exposure is £5 million, which is well within the limit of £10 million.

  • Lloyds: The exposure has slightly exceeded the limit by £1 million, which is a point of concern.

  • NatWest: The exposure is £9 million, safely under the limit.

Recommendation: The board should discuss why Lloyds' exposure went over the limit and consider strategies to mitigate this risk, possibly adjusting the limit or reducing the exposure.


  • High-Quality Assets: There's a positive variance as the actual high-quality assets are £10 million higher than the limit.

  • Days No Action - Stressed: The society has fewer days than the limit when no action is required in stressed conditions, indicating potential liquidity risk.

  • Stressed with Action: Here, the actual days are above the limit, showing a buffer in the case of stress which requires action.

Recommendation: It’s advisable to investigate the reasons for the negative variance in 'Days No Action' and consider reinforcing liquidity management policies.

Interest Rate Risk (for a 100 basis points shift):

  • The risk seems to be generally well-contained within limits, but for the 1-3 years category, there's a net loss exposure of £1.1 million.

Recommendation: Review the interest rate risk management strategy, especially for the 1-3 years maturity period, to ensure it aligns with the society's risk appetite.

Basis Risk (between different interest rates):

  • There is considerable exposure in several categories, with particularly large short positions in the "administered rate" and "fixed rate" categories, leading to a net negative exposure.

Recommendation: The board should carefully review basis risk positions, especially those with large short exposures, and consider hedging strategies to mitigate these risks.

Investment Portfolio:

  • 0-1 Year: The society has an actual surplus of £10 million compared to the limit.

  • 2-5 Years: Actuals are aligned with the limit.

Recommendation: No immediate action is required for the investment portfolio, but ongoing monitoring is essential to ensure it continues to meet the society's strategic objectives and risk tolerances.

Overall: The colour coding indicates areas of concern (red and yellow) and areas where performance is satisfactory or better than expected (green). The board should focus on addressing the red areas as a priority, particularly the overexposure to Lloyds and the negative variances in the liquidity and basis risk sections. Monitoring and possibly adjusting exposure limits and risk management strategies will be crucial for maintaining financial stability.

GPT-4 provides a straightforward explanation of what it is seeing for all the risks. It differentiates between the colour codes and draws attention to the things that need action. It also raises an early warning for things in amber and doesn't just see things as being right or wrong. This subtle distinction is important because it acts to help preempt future problems rather than waiting for them to happen.

Any risk manager would need to apply their oversight to GPT-4's output, but it shows we should be integrating it into workflows rather than spending hours writing things longhand. There is no doubt that by using GPT-4, we will be saving a lot of time.

Now, if you can picture this report, or similar, being presented to a board committee complete with the narrative, it's only one more step to give the board the power of GPT-4 to find out more.

They could ask about a particular risk and how it was measured, or they could drill down into the bedrock of assumptions to give them comfort concerning their oversight. Let's try this out.

Here’s my prompt:

You mention the exposure to Lloyds what should I as a board member be concerned about

This is GPT-4's response:

As a board member, the overexposure to Lloyds should raise several concerns:

  1. Risk Concentration: The overexposure indicates a concentration of credit risk with Lloyds. If Lloyds were to face financial difficulties, your building society's financial health could be significantly impacted due to this concentration.

  2. Compliance Issues: Credit limits are often set based on regulatory requirements and internal risk management policies. Exceeding these limits can indicate a breach of compliance protocols, which can lead to regulatory sanctions and reputational damage.

  3. Risk Appetite Alignment: The limit breach suggests that the society's current dealings with Lloyds may not align with its stated risk appetite. As a board member, it's crucial to ensure that all investments and exposures align with the society's risk tolerance.

  4. Risk Management Effectiveness: The overexposure could imply potential weaknesses in the risk management framework or in the operational processes that monitor and control exposures.

  5. Liquidity and Capital Implications: If there were to be any issues with Lloyds that affected its ability to meet its obligations, your society could face liquidity constraints or capital losses, affecting its ability to lend or meet its own obligations.

Actionable Steps:

  • Review and Assess: Initiate a review of the circumstances that led to the overexposure to understand whether it was a result of a specific investment decision, an oversight, or a lack of adequate controls.

  • Rectify Compliance: If the overexposure is a compliance breach, take immediate steps to bring the exposure back within limits and review policies to prevent future occurrences.

  • Risk Mitigation: Consider diversifying the credit exposure or implementing hedging strategies to mitigate the risk associated with Lloyds.

  • Engage with Management: Discuss with the management team to get a full picture of the relationship with Lloyds, the rationale behind the current exposure, and any measures they are planning to address the issue.

  • Monitor Regularly: Ensure that the situation is monitored closely and regularly, with clear reporting lines to the board.

The key is to respond proactively to the overexposure, ensuring it's addressed in a manner consistent with the society's overall strategic goals and risk management framework.

All of the points raised by GPT-4 are relevant, although it will be up to individual board members to decide what's important in the context of what they know.

GPT-4 isn't doing the board's role but it's helping them think through the issues. If it was felt that some follow-up questions would spark discussion, GPT-4 is there to assist:

Me: Please could you suggest five questions that would be high-level and would encourage discussion on this


Certainly, here are five high-level questions designed to provoke thoughtful discussion on the board regarding the overexposure to Lloyds:

Risk Management and Oversight:

  • "What factors led to the overexposure to Lloyds, and how did our risk monitoring processes allow this to happen?"

Strategic Implications:

  • "Considering our current risk appetite and investment strategy, how does this overexposure to Lloyds align or misalign with our society's strategic objectives?"

Compliance and Regulatory:

  • "What are the regulatory implications of our overexposure to Lloyds, and what immediate and long-term steps should we take to ensure compliance?"

Operational Control:

  • "Can we discuss the adequacy and effectiveness of our operational controls and whether they need strengthening to prevent future occurrences of limit breaches?"

Remedial Actions and Future Prevention:

  • "What specific actions will management take to rectify the current overexposure, and what preventive measures are we considering to mitigate such risks in the future?"

These questions aim to not only understand the root cause of the issue but also to engage the board in a strategic conversation about aligning investment decisions with the society's risk profile and compliance requirements.

What you see is that not only can GPT-4 respond to RAG-based risk reports, it can write the narrative flagging the risks that need to be monitored and then go on to explain some of the concerns that would be relevant to a board member, providing questions that would elicit more discussion.

Whether you are a treasurer, risk manager, or board member, you cannot ignore the fact that the way we are doing business is being transformed. Yes, ChatGPT is not perfect and if you run this again you will get slightly different results. But by undertaking these experiments you will learn how to integrate AI into your business.

If you have found this helpful would you like to leave a comment on how you use or plan to use AI?

21 views0 comments

Recent Posts

See All


bottom of page