SPONSORED CONTENT FROM 4CRISK
What’s the role of the modern chief compliance officer, and how can AI-driven data management and analytics improve oversight of compliance?
A large global bank recently disclosed that more than 30,000 of its employees—or 15 percent of its total workforce—are now categorized as “risk, regulatory and compliance staff.” Nonetheless, despite the three-fold increase in risk and compliance employees over the past 10 years, a regulator fined the bank millions for multiple risk management and compliance-related deficiencies.
It can be argued that large bank regulatory compliance woes are primarily a reflection of inadequacies in risk culture. However, there is also a question of whether the bank had sufficient advanced technology in place to foster more accurate and timely compliance.
Artificial Intelligence (AI) can enable firms to identify regulatory requirements and help them ensure that their regulatory requirements are traced end-to-end to their risk and compliance taxonomy. The AI technology can further assess the regulatory changes, identify the impact on the taxonomy and keep the compliance maps updated at scale and in real-time.
Neural language models based on transformers have drastically changed the field of language modeling in recent years. These neural networks are fine-tuned on compliance data such as regulations and legislation to automate, at scale, manual and time-intensive compliance tasks.
Figure 1: Compliance Data Trained on Neural Networks
AI-driven predictive analytics can be broken into several categories: search, comparisons, visualization, classification, clustering and forecasting.
Figure 2: Categories of AI-Driven Predictive Algorithms
Semantic search is a data research technique in which a search phrase query aims to find keywords and determine the intent and contextual meaning of the words a person is using for a search.
Comparisons allow the evaluation of correlations between statements from different sources. Firms can use AI to convert unstructured or free-form text into high dimensional vectors and then either rate the goodness of fit or rank the level of similarity—much like Google’s presentation of search results. Comparisons allow us to find similar statements across your taxonomy.
Data visualization refers to the graphical representation of information and data. High dimensional vectors allow us to view unstructured or free-form text using new visualizations like scatter plots, chord diagrams and Sankey diagrams to see and understand trends, outliers and patterns in data.
Classification is evident when using yes/no response data but can also be applied when key phrases in unstructured data have the same meaning. Through classification, we can answer questions about whether sentiment is positive or negative and whether a compliance rule is an explanation, guidance or requirement.
Clustering is a process of grouping similar items together. Each group contains items that are similar to each other. Clustering allows us to understand which issues across the company are similar and whether these issues are related to external rules and similar to the key risks we have already identified.
Forecasting is enhanced through AI when we use either historical trend data or recent internal and external data to help us predict outcomes—even when data sets appear diverse and unstructured. We can, for example, apply algorithms to understand whether a repeated control failure will lead to a loss or reputational damage. Similarly, compliance teams can combine internal and external data to determine if an audit or regulatory exam will lead to moderate or severe findings.
Predictive algorithms, moreover, allow us to understand where regulations overlap with legislation and industry standards—as well as whether statements in our policies and procedures are well-aligned with regulatory and legal requirements.
The Role of the Chief Compliance Officer
Each bank’s regulatory compliance function will vary slightly in their core roles and responsibilities, but the role often boils down to some key capabilities.
Figure 3: Chief Compliance Officer key capabilities
Managing Compliance Mandates
Before delving into the ways in which disruptive technologies like AI have changed compliance management, we need to understand the responsibilities of the modern CCO. Regulators expect firms to have the expertise and data needed to understand their rules and the head of compliance must meet the following mandates:
- Scan the horizon for rule changes that are applicable to their business and assess the impact of the rule changes on operations
- Manage a complete and accurate inventory of laws, regulations and industry standards, including internal policies that may have more stringent requirements
- Understand the impact of enforcement orders against other organizations
- Derive accurate and complete obligation statements, or summaries of the frequently overlapping rules, into a concise summary of what is required
- Align policies to obligations to ensure internal policies reflect an accurate compilation of current rules
- Align controls to obligations, and corresponding policies, to ensure employees are performing required tasks to manage acceptable risks, and
- Perform regular compliance risk assessment on rule changes and business operations to understand the adequacy of policies, controls and employee training.
How Can AI Assist?
AI can help CCOs meet all of these obligations by enabling firms to acquire strategic data, unify data lakes and reduce manual labor. Let’s now take a closer at these benefits:
Strategic Data Acquisition. There’s a lot of overlap in existing and new rules (such as regulations, standards and laws/acts) and authoritative sources—like speeches, litigations, court orders, advisories and enforcement actions across jurisdictions.
All of this data must be curated to understand the language and to recognize semantic similarities—and the natural-language processing branch of AI can manage this task. A third-party vendor that offers tailored repository rules as a service can provide a further strategic data boost.
Data Lake Unification. AI can understand and semantically relate, classify and cluster the natural language of regulations, policies, processes and controls. Moreover, it can define key phrases and common ontology, integrating all elements of a firm’s data lake.
Manual Labor Reduction (via Automation). AI reduces the manual and effort-intensive tasks of making sense of unstructured data. The AI-based solutions include:
- Scan horizon of authoritative sources for new and changed compliance rules
- Regulatory research to emulate human intelligence to perform semantic searches
- Create and manage obligation statements based on highly correlated rules across regulatory requirements, legislation and standards, as well as overlapping jurisdictions
- Perform impact assessments of changed rules on internal policies and controls
- Align policies and procedures to external rules or obligations
- Align internal controls to external rules or obligations
- Align internal controls to compliance policies
- Rationalize and harmonize internal policies and procedures, for example between group and business unit policies
- Rationalize and harmonize internal controls, for example between level 1 and level 2 controls
Moreover, patterns in cases, issues, risks assessments and test results can be proactively detected by machine-learning applications
Second-Line Support for the Business
The same AI-driven data management and analytics that ensure regulatory compliance should ideally provide value to the business. These tools should expedite revenue cycles through speedier compliance approvals of new and large transactions. What’s more, they should give firms the ability to rationalize training requirements and to link business process to rules, risks and…