When I talk with chief ethics and compliance officers (CECOs) and ask them what is their biggest challenge in doing their job well, often the answer is something like “I don’t have time to take a step back, think and strategize.” Everyone is always busy putting out fires and trying to prevent the next one. They know they need to step back and evaluate what is working and what isn’t, but that task most often gets pushed to the bottom of the to-do list. This is further complicated by the very human desire to have completion of a task—to put something in place and then move on to the next urgent issue that must be addressed.
While the CECO receives reports, and may have some useful analytics about controls put in place to address regulatory obligations, it is virtually impossible to distill even that limited information and draw meaningful conclusions from it without the opportunity to really discuss and think about what it means. The level of understanding, in many cases, is merely “shallow knowledge,” as discussed by Daniel Willingham in his column entitled “Ask the Cognitive Scientist, published by AFT, the American Federation of Teachers.”
In an installment entitled “Students Remember … What They Think About (Spring 2003),” Willingham explains that deep knowledge comes from understanding both the facts taught and the connections between those facts. Shallow knowledge, by contrast, understands each isolated part but lacks understanding of the deeper meaning found in the relationships between the information. Willingham writes, “Cognitive science has shown that what ends up in a learner’s memory is not simply the material presented—it is the product of what the learner thought about when he or she encountered the material.” He notes that knowing facts without an integrated understanding of how they relate to each other results in a situation where “[t]he student has the trees, but no view of the forest.”
I suggest that it is time to do some focused thinking, and gain some deep knowledge, about the tools that can help overcome the challenge of needing more time to just think.
As I read this, I thought how it might apply in the context of gaining deeper understanding of the workings (and failures) of a typical compliance program. I pondered how easy it is for a CECO to be focused on information being reviewed for only one purpose and totally miss other perhaps more important information that could be gleaned. I also thought about the difficulty of synthesizing large quantities of information and the challenge of finding patterns when that may not have been the initial reason for the review. Even with the best metrics and reports, the human mind can only handle so much information. Based on cognitive science, meaning that is out there waiting to be understood will be missed and won’t end up in memory if the CECO only thinks about the material available in a shallow way.
Thinking about the right things in a focused way is essential to developing deep knowledge and understanding. Having that deep knowledge is foundational to creative problem identification and solving. Without deep knowledge, we are prone to having a “checked that box” attitude and continuing to do things “the way we always have” until something disastrous happens. Then, by the way, we do usually really focus and gain some deep knowledge, just a little too late.
So what is the answer? How can a CECO with limited resources, overtaxed staff, and too much raw data ever gain deep knowledge needed to continually improve the compliance capability he or she oversees? Perhaps the answer is to engage technology that can do some of that thinking for you.
Cognitive, artificial intelligence systems available today can do the thinking that even the largest compliance team can’t complete in a timeframe that enables action. Cognitive compliance systems can evaluate and rank the importance of obligations based on the activities of the organization and make recommendations on how to address them. But it doesn’t stop there. As recommendations are accepted or altered by the staff, the system begins to learn preferences and adjust recommendations accordingly. A cognitive system can track both internal and external changes that may call for reconsideration of controls and make new suggestions. A cognitive system can scan dozens or hundreds of obligations from a range of regulations extremely quickly to identify similar ones and suggest common controls and identify relevant existing controls.
This doesn’t mean that we can stop thinking and let the technology do all the work, far from it. What it does mean is that we can think more deeply about the things brought to our attention and develop real understanding of our challenges and solutions. I suggest that it is time to do some focused thinking, and gain some deep knowledge, about the tools that can help overcome the challenge of needing more time to just think.
Compliance with cognitive computing: An OCEG Roundtable
Switzer: There are many challenges in regulatory compliance, from identifying relevant regulations and proposals to selection of controls and assurance of their operation. What are some of the limitations in having people perform these tasks that can be reduced or removed when cognitive computing systems are used?
Andrews: Compliance professionals must read hundreds of regulatory documents and determine which of the thousands of lines of text constitute true requirements. Given the same document to assess, different staff can arrive at different conclusions. This adds another layer of issues to track while the parties resolve whether the identified text is or is not a requirement.
Cognitive computing is a natural fit for the regulatory compliance space because it can help accomplish the vast amount of analysis required to interpret rules in a much more efficient manner. It doesn’t replace the need for human intervention, but can handle the more cumbersome up-front review of constantly changing regulatory documents, providing compliance experts with a better starting point to streamline the process.
Hilton: The sheer volume of information is difficult for compliance departments to manage. A single regulatory obligation may apply to hundreds of business processes, requiring hundreds of individual assessments. Controls may relate to multiple regulatory requirements across multiple business processes. The number of individual assessment points increases geometrically any time a new layer of regulation is added.
Existing technology helps compliance departments manage this information but doesn’t keep it fresh. Typical compliance departments perform an annual risk assessment, with some departments updating assessments quarterly. With cognitive technology, the goal is to assess compliance risks daily. To do this, we’ll rely on cognitive technology to identify and ingest new regulatory obligations and map them to appropriate business processes. We’ll also rely on it to monitor our controls, to take in data on control failures and control effectiveness, and to update assessments of inherent and residual compliance risk on a continual basis.
Switzer: I’ve heard that a cognitive system “learns” as its use continues over time. What are some examples of how this works in the context of compliance?
Hilton: Like humans, cognitive machines learn with experience and improve over time. And the pace of improvement depends on the quality of teaching it receives. Unlike humans, the cognitive machine never forgets lessons, never tires, and is capable of working day and night without work quality suffering. Cognitive technology can help identify regulatory obligations and map them to business processes and controls. Initially, this mapping relies on a few key words and phrases the machine is “taught” (e.g., if the regulation mentions “derivatives,” it probably applies to the swaps desk; if it mentions “stress testing,” it probably applies to capital requirements). We’ll help expand the machine’s reasoning capability by correcting its mistakes and helping it “learn” (e.g., if a regulation mentions “stress testing” and “liquidity buffers,” it’s referencing liquidity management and an organization’s treasury function, not capital management). The more time spent with the machine, the better its decisions will be.
Andrews: Cognitive systems are trained by humans and learn as they ingest and interpret new information. Rather than being explicitly programmed, they learn and reason from their interactions with us and from their experiences with their environment. As a regulation is first fed into the system, people with expertise can tell the system what should be highlighted and what is of relevance. As additional regulatory documents are processed, the system will be able to automate the tagging of those documents, identifying the jurisdiction, lines of business, products, processes, and compliance themes that regulation applies to. And the more that gets reviewed and processed, the more accurate the system will be. This same capability can be applied to extract specific requirements and potential obligations from the regulatory documents, and attempt to match those to existing controls.
Cognitive systems understand the world similarly to humans: through senses, learning, and experience. IBM Watson uses natural language processing to analyze structured and unstructured data, understand grammar and context, and propose evidence-based answers to complex questions.
Moderator: Carole Switzer
Co-Founder & President
Watson Financial Services
Promontory, an IBM Company
Switzer: Drawing from collective knowledge is a key benefit of a cognitive system. How does a compliance manager interact with the system to act on that knowledge most effectively?
Andrews: With cognitive computing, a compliance manager will be less reliant on reporting from a traditional data warehouse and have more interactive conversations with their cognitive system to help their team understand the impact of the ever-changing regulatory landscape. Data warehouses are not going away anytime soon. However, there will be a paradigm shift to cognitive computing that will help lessen the reliance on traditional reporting, as organizations will have the ability to simulate various scenarios as regulations are being proposed or are changing. Examples include the ability to receive alerts about regulatory changes and their relative impact on the organization; the ability to perform concept-based searching across internal and external documents; and the ability to ask a question, such as “compare the differences between two regulations.”
Hilton: A cognitive system allows a compliance manager to conduct a search across internal and external data, like Google; organize and summarize the results like an analyst; interpret the results like a manager; and identify solutions or alternative courses of action better than any human could in a short period of time.
When a business line wants to offer a new product, the compliance manager can provide a more informed response, much more quickly. When a board or management committee wants a report on top compliance risks overall or in a particular area, the compliance manager can produce a high-level summary supported by a combination of internal and external evidence. When a developing compliance issue in a particular business line (e.g., an increase in customer complaints related to overdraft fees) goes unnoticed by humans, the compliance manager will be alerted by the cognitive system, with further data, such as a risk rating, contact list, and suggested next steps.
Switzer: What is the future of cognitive computing for compliance management? Are there new uses and capabilities on the horizon?
Hilton: The future of cognitive computing for compliance management relates to trend identification and predictions, i.e., “preventative risk management.” Automated monitoring (of trades, e-mails, complaints, regulatory inquiries, etc.) is already here. The future of compliance is leveraging that information to make strategic decisions. The ability to predict when a trader is going to make a wrong move (think of the movie Minority Report) based on patterns from other traders who have made similar compliance violations in the past is on the horizon. Cognitive systems will be able to prevent a breakdown in controls before it occurs.
Andrews: Only when the human effort can shift from the tedium of manual processes (collect regulations, identify requirements, and track compliance issues via spreadsheets) to an automated solution will end-to-end visibility and transparency be realized. Cognitive computing technology can help an institution realign its approach from outdated information processing techniques to a state-of-the-art solution that enables this transformation.
Imagine a future where your cognitive system could respond to questions such as “Are we in compliance in our Latin America operations?” and “Are there any new issues in our Anti-Money Laundering Program?” Or receive a proactive alert about an issue you asked it to monitor. As cognitive computing evolves and advances reporting capabilities beyond the traditional data warehouse, this vision may become a reality.