As Artificial Intelligence (AI) technology and its use in regulatory compliance continues to mature, it has taken on a life of its own. These days, it is hard to pick up any publication focused on legal or compliance matters and not come across at least one article touting the emergence of AI and its implications, both good and bad. But it’s not just hype, AI is rapidly transforming the regulatory compliance landscape and the trend will only accelerate in the coming years. With all the developments surrounding the use of AI in compliance, however, it is getting increasingly difficult to separate signal from noise. It’s important to take a step back and truly appreciate how AI is already impacting compliance, as well as the immense potential it has to fundamentally change the field as we know it. This article seeks to: arm readers with a basic understanding of AI technology, describe how AI is currently being leveraged to dramatically disrupt compliance spaces, and discuss the promise (and pitfalls) of AI usage in compliance in the coming years.
What is AI?
To start, it is important to have a basic understanding of what AI means within a compliance context. When discussing AI in business and compliance settings, commentators usually are not referring (at least not yet) to a sentient intelligence that approximates or is indistinguishable from human intelligence. Instead, AI is often used as a shorthand for one or more of the following, often overlapping technologies and concepts:
Machine Learning (ML)
The ability for a machine to “learn” how to perform tasks from inputs, without direct human programming or instruction. The fundamental idea of ML is that a computer system can improve its ability to perform given tasks (i.e., “learn”) over time as it works with bigger reference data sets.
A programming paradigm that seeks to model, at a basic level, how information is processed and acted on by the human brain and its interconnected biological nodes. It is one of many techniques used within “machine learning” to achieve AI.
A type of machine learning that uses a cascade of processing layers to automatically interpret data on multiple levels without programmed rules or human intervention. It is often use in fields that have large set of unstructured and unlabeled data, (e.g., computer vision, speech recognition, natural language processing) to understand, abstract, and interpret data on multiple levels. Deep Learning techniques can encompass the use of neural networks to perform pattern recognition and decision-making tasks. One example of this type of AI is Google’s automatic picture captioning system.
Natural Language Processing (NLP)
The area of computing concerned with how to intake, process, and “understand” natural, human language. This area of AI includes speech recognition, human language comprehension, and natural-language generation. The most high-profile examples of this technology include Apple Siri, Amazon Echo, Google Assistant, and similar products.
Code-based self-executing and monitoring representations of legal contracts that can self-regulate and execute the terms of encapsulated contracts. Smart Contracts often utilize blockchain technology – another technology with potentially great promise in compliance – to memorialize and validate actions and transactions. The Chamber of Digital Commerce offers a number of use cases for Smart Contracts including identify management, record integrity, land title management, supply chain integrity, and healthcare.
Robotic Process Automation (RPA)
Technology that allows computers to observe, mimic, and automate human-performed business tasks that are repetitive in nature. RPA is often a first step in “digitizing” business operations in preparation for more advanced automation and AI applications.
Data Mining & Predictive Analytics
The practice of examining and inspecting large data sets using statistics and modeling techniques to identify behaviors, relationships, patterns, and variances and then utilizing these insights to extrapolate and predict future outcomes. Although not academically considered true AI, a lot of companies and service providers lump these technologies and services under the AI umbrella.
What's the Big Deal?
The frantic business developments of the past quarter century, fueled by globalization and the rise of the digital age, have made the utilization of AI in the compliance context almost inevitable. Simply put, the pace of regulatory developments and the scale, complexity, and interconnectivity of business transactions have grown beyond the ability of businesses to effectively manage compliance using unaided human resources alone. Recognizing the problem of complexity and scale, regulators in many industries are now insisting businesses implement new technologies and systems to keep on top of their compliance obligations.
On the flip side, new research in AI, new algorithms, and vast amounts of computing power on demand have made the use of AI in various fields feasible in ways that were hard to imagine even 10 years ago. AI has the promise to radically enhance an organization’s ability to comply with applicable regulations by allowing companies to marry human expertise with the almost limitless capability of computer systems to consume large sets of data and reduce problem complexity. Coupled with robust, real-time monitoring and anomaly detection, as well as automated response mechanisms, companies can leverage AI to effectively respond to the challenges of compliance in the digital age.
AI in Action
The use of AI in regulatory compliance is not the next flying car. AI is already being explored, developed, tested, and utilized by regulators and companies to aid compliance, especially in the financial services industry:
- Businesses and regulators are beginning to use AI to monitor online activity (e.g., social media) using natural language processing. By applying this technology, businesses can oversee consumer opinions, concerns, and levels of trust, while regulators can identify possible firm and market abuses. In addition, natural language processing can also be used to triage employee ethics and compliance complaints and even as a tool to identify non-compliant behavior in real-time via automated review of corporate emails.
- For financial institutions that must comply with and report on Know Your Customer (KYC), Anti-Money Laundering (AML), Bank Secrecy Act (BSA), Sanctions, and other similar compliance regimes, AI can help personnel quickly identify red flags and other issues requiring follow-up. Indeed, various vendors in the diligence space have already introduced products that use machine learning and other AI techniques to make sense of publicly available information on third-party individuals and entities in order to identify such red flags. Banks and large financial institutions have also increasingly turned to AI for more powerful approaches to identifying and preventing fraud, managing risks and executing on regulatory obligations.
- Already in practice, IBM’s Watson Compare & Comply uses natural language processing and other AI methods to enable identification, analysis, classification, and management of contracts, while also detecting and managing risks.
- The UK Financial Conduct Authority (FCA) has been working to find ways to link rules and regulations as well as compliance procedures, policies, and standards, together with transactional applications and databases through Machine Learning. During their recent TechSprint, participants successfully converted regulatory handbook requirements into a machine-readable language for automatic execution of reporting rules. Similarly, by leveraging Smart Contract technology, regulators have the potential to develop automated regulation systems where authorities can codify regulations and assess the potential market impact of a new regulations before imposition.
The Road Ahead
As with most coming of age stories, there are some unavoidable challenges that will need to be overcome with AI in compliance:
Finding the Right Problems
Like any tool, AI will be effective when it is applied to the right kind of problems. Given the amount of time and money currently required to implement AI solutions (not to mention disruption caused), it is vitally important to find problems that are amenable to AI solutions. Hallmarks of such problems are those involving large amounts of data, disparate data sources, and complex transactions. Conversely, compliance tasks that are low-volume and non-linear or require human judgement are likely not good candidates for AI solutions.
Overlooking the Human Element
Even in the age of AI, human judgment is still vital to a well-functioning compliance program. By taking into consideration things like existing interpersonal and business relationships, supplemental verbal communications and nonverbal cues, as well as irregularities in behavior, humans have the ability to make more knowledgeable and precise conclusions and judgments regarding appropriate courses of action in a compliance setting. The most successful AI implementations in the compliance space will ensure that the framework takes advantage of human expertise where appropriate.
Getting the Right Data
“Garbage in, Garbage out” is an often-used idiom in Computer Science that is especially true for AI implementations. Since AI relies heavily on “learning” the right behaviors (as opposed to a human programming the behaviors), it is vital to any AI implementation to have a good set of “training data” that can allow the AI system to learn the right outcomes.
Showing the Homework
Expect a failing grade if your final exam is turned in with only the answers written. In the compliance arena, management and regulators will demand to see the work behind reporting results to understand if a company is actually meeting its requirements. While AI reaches final outcomes, it doesn’t explain the steps it took to get there. The importance of interpretability in decision-making processes simply cannot be overstated in the compliance context.
Along with the emergence of AI, increased attention to data privacy is the other big story in compliance. Indeed, almost every aspect of corporate regulatory compliance implicates in some way data that may be subject to privacy protections, especially if European data subjects are involved. Accordingly, AI systems for compliance will have to take into account in the first instance whether certain data subject to privacy protections can be used to train the AI system and also whether the AI can utilize specific data to make compliance decisions.
Avoiding the Trough of Disillusionment
Like many previously emergent technologies, it is conceivable that despite the immense promise of AI in compliance, it may take years for the technology to reach a stage of maturity where it is widely adopted and widely successful. Indeed, even IBM’s much-vaunted Watson system has had its share of woes. Nonetheless, the promise of AI is too immense to ignore and eventually compliance systems that don’t utilize AI will become anachronistic,. generate generating more risk than they mitigate, especially in comparison to AI-enabled compliance programs.
Despite these challenges, the adoption of AI in compliance is both necessary and inevitable. AI is a fundamentally transformative technology that will help companies more effectively manage the complexities of today’s business environment, and potentially help compliance professionals unlock insights and efficiencies that are just out of reach today.
© Copyright 2018. The views expressed herein are those of the author(s) and not necessarily the views of Ankura Consulting Group, LLC., its management, its subsidiaries, its affiliates, or its other professionals. Ankura is not a law firm and cannot provide legal advice.