Close

Are you in compliance?

Don't miss out! Sign up today for our weekly newsletters and stay abreast of important GRC-related information and news.

The Difference Engines

Bill Coffin | June 12, 2017

Almost 35 years ago, science fiction author William Gibson published his landmark cyberpunk novel, Neuromancer, which predicted the rise of cyberspace and an unprecedented merging of data, media, AI, and culture. The funny thing was, Gibson wasn’t a futurist. He didn’t even own a computer when we typed his novel. He simply saw kids engrossed in video games and wondered what it would be like if you could actually enter the digital world of a computer. The rest was just his imagination. But it was so on point, he became a kind of oracle for the PC generation, and in 1990, he collaborated with fellow author Bruce Sterling to write The Difference Engine, a Victorian-era collection of stories that imagined a world where computers had become commonplace by the 1850s. Although driven by waxy punchcards, these computers—known as Difference Engines—are powerful, and by the end of the novel, one even achieves intelligence.

I thought of Neuromancer and the Difference Engine as I read a recent report from GRC solutions provider MetricStream—2017 MetricStream Labs Report: From M7 to the GRC of Everything—that spoke of the many technological revolutions currently shaping the world of compliance. Any one of them would count as a major innovation, with substantial implications for how compliance officers might better do their work in the years to come. But taken together, they suggest a change so enormous that we have difficulty even imagining what new context they might inherit. And as exciting as that may be to the futurists among us, to those who crave certainty, to those who seek stability, this kind of unknown future can be a little scary. For those who have read about things like data correlation, artificial intelligence, the Internet of Things, and blockchain, allow me to offer you a primer. (Even better, if you can attend the upcoming Compliance Week Artificial Intelligence conference on June 27 in New York City, you’ll learn everything you need to hit the ground running on this subject.)

We all know that the volumes of data handled by the average compliance program have become so vast, and move so swiftly, that simply having a large staff of auditors checking over individual transactions and communications logs by hand (and in some cases, on paper), is grossly inefficient. It’s too expensive, too slow, too unreliable, and too inflexible. No, these processes need to be automated with systems that can gather all incoming and outgoing data, correlate it to find keywords that suggest off-limits discussions or activities, or cross-check certain kinds of transactions that might warrant an automatic red flag. Such systems can also capture data from these processes more comprehensively, and be recalled swiftly in the event a regulator comes calling for certain information (which they do, and which they expect to receive with the kind of swiftness that only a computer can deliver). And as businesses increasingly rely on innovations such as the Internet of Things (which can theoretically network almost any piece of electronic technology to any other piece of technology, creating new data streams and security concerns), blockchain (a secure data format suitable for recording any kind of transaction), the data volume will require predictive correlation on a level brute force computing can’t really address. We must apply machine learning to it—programs that can take initial instructions, and further develop and refine those instructions as it incorporates more and more data and context into its original programming. This is machine learning, and it is the future of compliance. Will we still need humans to make the most important kinds of qualitative analysis? Yes. But what will that analysis look like, going forward? That may be determined by how much we can delegate to the machines.

I raise all of this because I keep hearing compliance officers address AI with a mix of wonder and dread. It is understood to a point where its potential becomes a kind of magic, but its downsides are understood to a point where they become a form of voodoo. It’s just technology, and the smart play is to understand it for what it is, how it works, why you’d want to use it, and what your role in the organization might look like were it incorporated into your compliance program.

I have both a smartphone and a home device installed with digital assistants. Their intelligence is powerful, but crude, and I know that the more we use them, the smarter they get. It’s one thig to ask Alexa something weird only to hear her repeat back to you what she thought she heard, and for it to be wildly off-base. That always gets hearty laughs from my kids, but Alexa is listening. And more importantly, she is learning. And when my kids ask the same question again, one day, she will give them the answer they expect because they will have given her enough chances to get it right. But more important than all of that is how we interact with such technology. Think back to the first time you asked a digital assistant for anything. How stilted was your voice? How stiff did it all feel? Now think back to the last time you asked Siri where the nearest coffee shop was. Was the same inflection in your voice that you would have used if asking a person for the same information? Have you ever reflexively said “Thank you” to your digital assistant? The reasons why you might have answered yes is because these things are increasingly familiar to us. Their powerful application is becoming our digital background, and asking a computer what song you might want to listen to because you’re feeling down is starting to feel like a normal thing to do. Just think of how normal it’ll feel to ask your compliance assistant Archimedes to pay close attention to possible money laundering out of Miami or Vancouver in a few years’ time and to get back to you with what it finds. Sound far-fetched? Once upon a time, a global information superhighway did, too.