AI as a Module – A New Kind of Service

Motivation and Concept

In order to meet the customers’ need for effective solutions in the field of Artificial Intelligence, various approaches – and combinations of them – are possible

  • Consulting: the complete development takes place on site at the customer, who also receives all rights
  • Software Development (“Software”): the customer aquires licences of a product and operates it on his own infrastructure
  • Software as a Service (SaaS): the customer aquires licences of a product that is operated on the remote infrastructure of the SaaS provider

For the customers, each of these approaches has specific advantages and disadvantages.

Today’s technological possibilities make a further prototypical approach – AI as a Module (AIaaM) – possible

  • the client acquires a pre-trained model (such as neural network) for specific tasks (such as translation of texts), which he operates independently
  • the model is not a software in the narrow sense, but requires e.g. a Python environment. The procedures and data for the training remain with the supplier

As shown below, this approach combines several advantages of consulting, software development, and SaaS for customers.

Advantages and Disadvantages from the Customer Point of View

For the customers, each of the mentioned service types has specific pros and cons

  • Consulting
    • Pros
      • Very high flexibility: Consulting projects are extremely tailored to customer needs
      • Know-how build-up: Customers can acquire knowledge from the consultants and use it for further tasks
      • Contact persons: There are contacts available for every requirement at least throughout the project
    • Cons
      • Time comsumption: Consulting projects are often extremely time-demanding and can take up to years
      • Expensiveness: Correspondingly, the costs are also very high – and can even continue to rise
  • Software
    • Pros
      • Low price: In general, software is relatively cheap – in some cases even free
      • Standardization: Software for specific tasks is often standardized and allows the customer to use best practice approaches
    • Cons
      • “Black box“: Often, customers have no possibility to examine how the used procedures in the software really work. (This is not the case for Open Source software, of course.)
      • Lengthy approval processes: Companies in regulated industries – like banks – have often lengthy approval processes in place. The effort can even reach proportions of projects.
      • Security risks: Complex software may have unknown security vulnerabilities, and open e.g. the door for hackers
  • SaaS
    • Pros
      • Low price: In general, SaaS is relatively cheap
      • Resource saving: Customers need only very limited resources for operating the service
    • Cons
      • “Black box“: As with software, customers often have no possibility to examine how the used procedures of the service really work
      • Supplier dependency: Customers depend on the service of third parties and are directly affected, e.g. in the case of an insolvency
      • Hurdles due to outsourcing: SaaS is often seen as a form of outsourcing. Depending on industry and legislation, legal hurdles can arise
  • AIaaM
    • Pros
      • High flexibility: Pre-trained models can be used extremely flexible inside an organization’s processes. E.g., a translator module can easily be a connected upstream of a classification routine
      • Build-up of relevant know-how: Customers can learn how to apply the modules with own, customized procedures
      • Lower regulatory hurdles: Since AIaaM is no full software in the narrow sense, hurdles should be significantly lower
      • Transparent tools: Customers can integrate the modules into their own and maintain an overall transparency
      • Low price: The price of a module is generally even lower than that of a commercial software since there is no there is no superstructure.
      • Efficiency: Customers are not forced to purchase unnecessary features that are already covered by other tools
    • Cons
      • No access to training procedures: Customers just acquire the trained model and not the training data or the training procedures. This is not necessarily a disadvantage, however, if only limited resources are available and the core business is a different one
      • Medium implementation effort: The installation needs some minimum programming, e.g. in Python. The knowledge for that should be available in each medium or large organization, however

In summary, AaaM combines several advantages of consulting, software, and SaaS – and avoids most disadvantages.

We are happy to support our customers with related issues.


Dr. Dimitrios Geromichalos
Founder / CEO
RiskDataScience GmbH
Nördliche Münchner Straße 47, 82031 Grünwald
Telefon: +4989322096365
Twitter: @riskdatascience

Data Science-based identification of co-occurring operational damage events

Overview Challenge and Offer

Operational risk is as great a threat as it is hard to analyze for both financial services and industrial companies.
In spite of complex models in practice, connections between different OpRisk events can hardly be identified in practice, and underlying causes often remain unrecognized.
On the other hand, data science methods have been already established for similar questions and allow the analysis of large amounts of different data in order to identify interdependencies, e.g. in the buying behavior of customers in online trading.

RiskDataScience  has adapted existing data science methods to the requirements of operational risk management and has developed algorithms to identify interdependencies between operational losses.
Herewith, companies are able to identify causal relationships between damages and spend less time in the search for common causes. The entire accumulated knowledge can be used efficiently in order to prevent future damage as far as possible or to anticipate it at an early stage.

Operational Risks


Operational risks can be assigned to the following categories, depending on the cause

  • People: e.g. fraud, lack of knowledge, employee turnover
  • Processes: e.g. .g. transaction errors, project risks, reporting errors, valuation errors
  • Systems: e.g. programming errors, crashes
  • External events: e.g. lawsuits, theft, fire, flooding


Usually, operational risks are categorized according to extent of damage and probability. Accordingly, suitable management strategies are:

  • Avoidance: for big, unnecessary risks
  • Insurance: for big, necessary risks
  • Mitigation: esp. for smaller risks with a high probability of occurrence
  • Acceptance: for risks that are part of the business model

Methods and Problem

The handling of operational risks is strictly regulated, especially in the financial services sector. For example, under Basel II / III, banks must underpin operational risks with equity capital. There are compulsory calculation schemes such as the Standardized Approach (SA) based on flat-rate factors and the Advanced Measurement Approach (AMA). The latter is based on distribution assumptions and will in future be replaced by the SA.

In terms of methodology, the following distinction is made among others between the treatment of operational risks:

  • Questionnaires and self-assessment: probablities and extents are determined in a rather qualitative way
  • Actuarial procedures: these are based on distribution assumptions based on past damage
  • Key risk indicator procedures: easily observable measures are identified that serve for early warning
  • Causal networks: interdependencies are mapped using Bayesian statistics

Interdependencies between and causes of operational risk can either not be determined at all or only in a very complex and error-prone manner.

Detecting relationships using data science techniques

Association analysis

For the analysis of the connections of several different events (“items“) methods from the field of association analysis are recommended.
The respective “market basket analysis” methods have already been established for several years and are used in particular in online commerce (for example, book recommendations in online commerce), search engine proposals or in retail (products on shelves).
Using association analysis, the common occurrence of different events can be identified directly and without distributional assumptions.
The enormous number of possible conclusions can be efficiently and properly limited by means of specially developed measures such as support, confidence and lift.
The analyses require programs based on appropriate analysis tools, e.g. Python, R or RapidMiner.

In addition, we offer a free web app for simple association analysis based on CSV files.

Analysis preparation

First, the damage data must be brought into a usable format for the analysis.
Depending on the type of damage, temporal aggregations (for example on a daily, weekly basis) must also be carried out.
Too often occurring or already explained types of damage have to be removed on the basis of expert assessments.

Analysis conduction

Before the start of the analysis, the criteria for the relevant inference rules should be set according to support and confidence. The determination of the criteria can be supported by graphics.
Subsequently, the conclusions of experts must be made plausible.
The steps should be repeated for all relevant time aggregations.

Use Case: analysis of a fictitious damage database

As an application example, a fictitious loss database of a bank was constructed for an entire year.
There were a total of 23 possible types of damage, including e.g. a flu epidemic, late reports, wrong valuations, and complaints about wrong advice. The following assumptions underlie the test example:

  • Bad transactions are very common
  • Deficiencies in the outsourcer hotline become apparent through requests for PC head crashes
  • Reporting staff usually drive by car and are affected by a snowstorm
  • After a valuation system crashes, wrong valuations occur
  • Thefts occur during work after fire in the meeting room
  • Staff shortages at suppliers lead to failed projects
  • Massive customer complaints after experienced employees leave customer service

Because the wrong transactions were very frequent and incoherent, they were removed first:

Damage frequency

First of all, all determined rules were graphically displayed to find the relevant support and confidence measurements.

Display of the rules on a daily basis

The restriction of the confidence to a minimum of 0.6 gives the list shown below.

Indentified interdependencies on a daily basis

Of the found coincidences, the green ones turn out to be valid after plausibility check.

On a weekly and monthly basis, the procedure was analogous:

Display of the rules on a weekly basis


Identified interdependencies on a weekly basis


Possible interdependencies on a monthly basis

After a plausibility check of possible causal relationships, all assumptions used in the preparation could be identified in the data.

Offer levels for using association analysis in OpRisk

RiskDataScience enables customers to use and develop the described processes efficiently and company-specifically. According to the respective requirements, the following three expansion stages are proposed.

Stage 1: Methodology

  • Introduction to the methodology of association analysis
  • Handover and installation of existing solutions based on Python, R and RapidMiner – or, depending on customer requirements, support of the on-site implementation
  • Transfer and documentation of the visualization and evaluation techniques

Customer is able to independently use and develop methodology.

Stage 2: Customizing

  • Stage 1 and additionally
  • Adaptation and possibly creation of criteria for rule selection according to circumstances of the respective customer
  • Analysis of specific risks, processes and systems to identify optimal applications
  • Development of a process description for an efficient use
  • Communication and documentation of results to all stakeholders

Customer has custom procedures and operational risk analysis processes.

Stage 3: IT Solution

  • Stage 1, Stage 2, and additionally
  • Specification of all requirements for an automated IT solution
  • Suggestion and contacting of potential providers
  • Support in provider and tool selection
  • Assistance in planning the implementation
  • Professional and coordinative support of the implementation project
  • Technical support after implementation of the IT solution

Customer has automated IT solution for efficient association analysis of operational risks.

Depending on customer requirements, a flexible design is possible. We are happy to explain our approach as part of a preliminary workshop.


Dr. Dimitrios Geromichalos
Founder / CEO
RiskDataScience GmbH
Nördliche Münchner Straße 47, 82031 Grünwald
Telefon: +4989322096365
Twitter: @riskdatascience