Close

Are you in compliance?

Don't miss out! Sign up today for our weekly newsletters and stay abreast of important GRC-related information and news.

Rise of the machines: how artificial intelligence could revolutionize compliance

Joe Mont | August 2, 2016

The concept of “thinking” machines and artificial intelligence is a familiar science fiction trope, one populated by nihilistic computers and robots with a Pinocchio complex. Computers may not be so fantastically self-aware yet, but artificial intelligence is nevertheless poised to revolutionize compliance.

Already, firms are offering software platforms that promise to automate otherwise routine tasks and improve upon fraud detection audits, anti-money laundering protocols, and know-your-customer screening. The pitch is as simple as the technology is complex: let machines scan through a company’s data to do the grunt work of simple investigations, better utilizing the skills and expertise of human personnel.

Advanced automation isn’t without concerns and pitfalls. Do cutting-edge technologies fit with legacy systems and existing automation? What of that utmost “legacy” concern: employees? How can, for example, compliance officers maximize the benefits of AI, and have it compliment their efforts, without losing a necessary “human touch”?

A recent study by audit, tax, and advisory firm KPMG concluded that “the convergence of robotic process automation, machine learning, cognitive computing, artificial intelligence, and advanced analytics are driving unparalleled business model transformation.”

Less promising, 81 percent of CEOs it surveyed as part of its 2016 U.S. CEO Outlook said they are concerned about having to consider the integration of basic automated business processes with artificial intelligence and cognitive processes. Only a third of those polled say they have a high level of trust in the accuracy of their data and analytics; one-out-of-five have limited trust for nearly every aspect of the way their organization uses data and analytics.

Aside from concerns, the technology will be “absolutely transformational,” says Cliff Justice, principal, innovation & enterprise solutions at KPMG.

“At current trajectory, rule promulgation in money-laundering, know your customer, and insider trading will shortly render existing compliance teams functionally obsolete.”

Mallinath Sengupta, CEO, NextAngles

“The ability to use technology to augment decisions and effectively automate capabilities that currently require a lot of human labor—from transaction processing in the back office, all the way to call center activities and, on the high end, areas like audit and tax compliance—might be considered the digitation of white-collar research work … You are automating the mundane, repeatable tasks and activities that are best done by machines and technology, refocusing human skill sets and judgment on areas machines can’t solve.”

While exciting developments are underway, Justice sees the full effect “playing out over a generation.”

“You are not looking at one technology that might get outdated and replaced,” he says. “These technologies are going to evolve over time. Business and operational models need to change.”

Whether they consider AI an evolution of revolution, companies will need to continually assess the quality and quantity of the data they collect and process. “If you consider AI and cognitive technology as a weapon, you need to consider data and content as ammunition,” Justice says. “You need to get better at using it and curating it. The best artificial intelligence in the world is going to be useless without expertly curated data to drive and fuel the algorithms.”

Among those bringing artificial intelligence to financial firms is Mallinath Sengupta, CEO of NextAngles, a start-up style company operating within Indian technology company Mphasis.

His promise: computers that can process the bulk of 80 percent of routine bank activity so that human compliance officers can focus on the 20 percent that might be a problem. Among the areas his technology focuses on are anti-money laundering alerts, know your customer, financial crimes investigation, liquidity risk management, and keeping pace with regulatory change.

“At current trajectory, rule promulgation in money-laundering, know your customer, and insider trading will shortly render existing compliance teams functionally obsolete,” he warns. “There are not funds or competent staff available to keep up. A proliferation of regulations intended to prevent financial crimes and money laundering means institutions are devoting unprecedented resources just to monitor and identify compliance violations. Compliance professionals need assistance in order to retain top talent and focus on material risks rather than data gathering.”

NextAngles’ concept is an artificially intelligent compliance system that learns from context, not just flagging suspicious patterns but also seeking them out.

OVERCOMING AI FEARS

The following is from a KPMG client advisory, “Got automatonophobia? Four Steps for Overcoming Your Fear and Getting Started with Process Automation.”

Consider the culture of your company, and start with the right-sized pilot.

Your adoption of robotic automation will be based in large part on the culture of your company. Is your enterprise comfortable on the bleeding edge of innovation? Or is it more of a technology follower?

If you are like most organizations, you are not going to rush to cognitive solutions such as IBM Watson out of the gate. Rather, when your culture is on the more risk-averse end of the spectrum, you are wise to build some experience with small, tactical pilots in robotic process automation (RPA) before graduating to more sophisticated, cognitive capabilities.

In finance, for example, if you have employees processing thousands of invoices a day, RPA can drastically reduce costs while improving speed and accuracy. Software robots can be “trained” to extract attributes from invoices in a certain format, enter the invoice data into the enterprise resource planning (ERP) system, progress it through a workflow, and assign it to appropriate approvers.

Create a center of excellence to operationalize automation throughout the enterprise

After you have built some experience with Class 1 automation and want to scale automation at the enterprise level—or if your company is already on the bleeding edge of innovation and is willing to dive right into new enterprise technology—

it is important to create a central automation team. This team, or center of excellence (COE), should consider the role of automation in the enterprise strategy, develop an automation plan, manage implementation, and drive adoption throughout the organization.

Which parts of the business could benefit from automation? What is hype versus reality? How can your company get value from currently available technologies, while also considering fast-emerging technologies? The automation team should answer these types of questions, focusing heavily on strategic alignment and change management.

This team will ultimately take the lead on automation projects throughout the enterprise, including the establishment of standards, response to business units’ requests for new solutions, management of vendor relationships, assessment of benefits, and development of controls to prevent rogue “bots” that could cause legal, regulatory, or IT issues.

Identify initial targets for automation projects, and choose the right technologies

While your functional RPA pilots demonstrated the benefits of automation technology, the COE can formally operationalize and scale those solutions, while identifying opportunities for others. To determine enterprise targets for RPA, the COE should identify high-volume, highly transactional process areas.

Assess the benefits of automation projects, and prioritize them accordingly

A key way for the COE to identify project opportunities is by educating the business units on the capabilities of RPA and other classes of automation—and then calling on them to identify automation projects. However, the incoming requests may soon be more than the development teams can handle. That is one reason the COE should continually evaluate the automation benefits and prioritize them accordingly, while staying true to the strategy. 

 

Source: KPMG

An implementation-level challenge is the collating of data. “Banking systems grew over the past 50 years to be very siloed,” Sengupta says. “You need to pull multiple data from different sources to bring them together and get a good view. That is the first pain point.”

Rather than unify data systems, he merely wants to be a stopping point for data streams. “Banks have transaction systems, customer profiling, and on-boarding systems,” he says. “They already give those feeds to a data warehouse or wherever. All I ask is for them to give me those feeds.”

AppZen is another startup seeking to marry compliance with artificial intelligence. Among its clients are Hitachi, SunRun and Cantor Fitzgerald, says co-founder and CEO Anant Kale. His focus is a narrow one for now: employee expense reports.

The pitch: due to the high cost of expense auditing, most companies use random sampling and threshold-based auditing to catch policy violations or fraud, which has made them passive and leaves them at risk. With machine-learning algorithms, however, companies can review expense report data, crosscheck it with external sources (including sanctions and Politically Exposed Persons lists) and social media in real-time, and detect compliance problems.

“We saw that managers were really worried about compliance issues and things like the Foreign Corrupt Practices Act,” Kale says. “Looking at expenses and trying to find a problem with them is trying to find a needle in a haystack. It takes reading through every document every receipt that is attached, and every justification you are provided. It takes an immense amount of time and trying to understand the context around expenses is a very difficult thing.”

His firm’s approach is to evaluate and review expenses just as a human auditor would. Every receipt, boarding pass, or whatever documentation there is can be read line by line and be compared to both company policy and regulations, all while being screened against external data sources that range from Yelp and Google to the Treasury Department.

An expense claiming dinner for two at the Olive Garden, for example, will be evaluated to ensure that the claimed cost was within reason and to verify the identity of the recipient. A report from “John’s Grille,” a lesser known establishment, will be verified. Is it a legitimate restaurant, or a policy-prohibited strip club?

“We can find out if an expense is legitimate or not,” Kale says. “It could be somebody’s family meals that are being claimed as business expenses, or it could be at an establishment where you really don’t want employees to spend money. The most important thing is to really understand the context around attendees. We really need to see if they are legit.”

“The idea behind using AI to do this is that now you have your auditors looking through hundreds of documents trying to figure out if there is something wrong,” he says. “We filter it down into maybe four or five high-risk areas and present all of this information back to the auditors. The auditors who are doing the job today are ineffective because 90 percent of the time they are not finding anything. Now, they are presented with a subset of data that has already been checked, analyzed, and researched.”

Kale stresses the importance of human expertise being the final and most important step in the process.

“The final judgment and decision that has to be made relied on the skills and the training of auditors,” he says. “What we are doing then is giving them the chance to apply their skills and knowledge to see if something is non-compliant, and they should be acting on it. That makes them far more effective and solves a compliance problem, because they are doing a lot of work that wouldn’t otherwise be looked at.”

Automation and IA may also help stem the costs associated with compliance and risk management, especially in financial services.

The increased regulatory scrutiny facing banks has led to massive investments in compliance. For example, HSBC’s total expenditure on regulatory compliance in 2015 was $2.9 billion, a 33 percent increase from 2014.

The question: Is arbitrarily boosting compliance personnel effective? The concern: Will investors start to balk?

“One of the things we find with the banks we are working with is that the way they react to regulations now, and will probably continue to in the near term, is that they just hire a ton of people in their compliance department,” says Sachin Sachdeva of SSA & Company, a technology consultancy. “They just try to throw bodies at everything. Investors have been ok with it, because they are avoiding risk, but I think the appetite for just throwing money at the problem is decreasing. We need to come up with more creative solutions and using something like natural language processing can have a big impact.”

Another issue is that this approach can actually harm compliance efficiency. “We’ve seen some banks that really staff up their compliance department, but then operational and technology budgets get cut,” Sachdeva says. “They have this mismatch where they don’t have the staff to implement these policies and are opening themselves up to risk again. That’s where automation and using technology as a solution for the lack of manpower can have a big impact.”

There are basic operational changes offered by emerging technology that can make the lives of compliance officers easier.

“When it comes to taking a regulation, translating it into a policy, and then figuring out how it is going to be implemented operationally, even today a lot of it is very manual and very paper-based, with a lot of PDFs and Word documents going around,” Sachdeva says. “The use of natural language processing to automate some of those activities allows humans to review the most important parts of the document, rather than having to review an entire document. Simple things like that can have a pretty big effect.”

Order a Reprint