What will be the role of Artificial Intelligence (AI) in compliance going forward? In Wednesday’s Compliance into the Weeds podcast, Matt Kelly and I continue our discussion, that we began several years ago, of how technology is changing the role of the Chief Compliance Officer (CCO). Matt tends to see things through an Enterprise Risk Management (ERM) framework while I consider the issue through more of a legal/compliance context. A recent article in the Financial Times (FT), entitled “Cheap, accurate artificial intelligence closes in on the work of junior lawyers”, reviewed the LawTech world and how it is reshaping many areas of private practice. I found the article had multiple implications for the compliance function. Indeed, I wondered if there might even be a ComTech industry lurking down the road.
Obviously, document review is one area where ComTech would be most useful. There are many companies who provide key word searches and these same concepts translate readily into the compliance world through massive database searches for key words, such as an ongoing email review through email sweeps. The concept is straightforward; at regular intervals, you sweep through your company email database for identified key words that can be flagged for further investigation, if required. Such a sweep is not limited to anti-corruption compliance but any of the risk factors identified for your company.
The objective of this approach is to find the evidence of a compliance breakdown by sweeping systems to uncover items that may contain real issues. From here, you can assess and prioritize, by checking and verifying if an issue needs investigating and focusing on the issues you want to investigate first. Further, and if warranted, you can invoke your investigation protocol, with all the requisite protections and securities. AI can help you to perform all of this more cheaply and efficiently.
Soon compliance will be pushed more to the forefront in the area of anti-money laundering (AML). As banking institutions continue to tighten and strengthen AML controls, criminals and other nefarious actors will move into non-financial corporations to move money for the simple reason that such robust controls required in the financial and financial services world are not generally required in the non-financial corporate world. Non-financial corporations should have robust AML controls in place and one of the requirements for any best practices AML policy is to “Know Your Customer” (KYC). AI will allow a more robust KYC approach.
Another area where compliance is often left behind is in the arena of Mergers and Acquisitions (M&A). Since the 2012 FCPA Guidance, the focus of compliance in M&A has been more and more on the pre-acquisition phase of a deal. Often the compliance function is either brought in at the last minute and does not have the time to perform adequate compliance due diligence or there is an overwhelming amount of data to be reviewed and the resources available (or made available) to the compliance function is woefully inadequate. AI can help in this area. The FT article cited to one company which has software that allows thousands of documents to be reviewed in the M&A context.
The review could include such issues as whether third party sales representatives have the requisite background due diligence in the files, their status and commission rates paid. There could be a review of top sales and business developments folks in high-risk regions, correlated with a gift, travel and entertainment analysis. Finally, you could consider sales in high risk regions or even sales spikes from low risk areas from the compliance perspective.
A prime example of where AI can assist the compliance function is with third parties in the Supply Chain arena. Every multi-national has literally thousands of vendors. Getting a handle on those is always a challenge simply because of the numbers involved. Through the use of AI, a compliance practitioner can immediately identify vendors that present anti-corruption compliance or other risks to an organization. Once again, having led an effort to list out all employer’s vendors by hand to begin the risk ranking process, I can personally attest to the greater efficiencies AI can bring to the exercise.
Blending over from the LawTech sector space, there is yet another set of AI tools which can review contracts to see if any specific types of clauses are non-standard. It would seem a relatively easy software coding exercise to adapt such products to compliance clauses. This type of approach could also be used for non-standard governance clauses in joint venture (JV) or other types of partnerships agreements. Having once been assigned the task of reading all my employer’s JV agreements (87) and third party sales agents contracts (211) from across the globe and recalling the amount of time it took to do so, I can personally attest again to the greater efficiencies we are considering.
This final example also points to the limitations of AI. While it might have helped to have AI review all my former employer’s JV agreements and third party sales agents’ contracts, it only could identify non-standard contract language. Unfortunately, since most of the aforementioned agreements and contracts were bespoke they were uniformly non-standard. Further, the assignment I was given required an analysis of each non-standard contract so the judgment of a human was required. Even as AI becomes more sophisticated, the judgment of a professionally trained compliance practitioner is still required to validate the areas flagged by AI as anomalies.
Gary Kasparov recognized this after his loss to IBM’s Big Blue in a chess match. In a review of his recent book Deep Thinking-Where Artificial Intelligence Ends and Human Creativity Begins, it noted that Kasparov “recognized that computers do well what humans do badly and vice versa, suggesting a useful complementarity.” Moreover, “he argues that humans are often fallible, finding patterns in randomness and correlations where none exist. Computers can help us be more objective and amplify our intelligence. Technological progress can never be stopped even if it should be better managed.” Kasparov even formulated his own theorem, which he calls “Kasparov’s Law” and it reads, “Weak human + machine + better process is superior to strong human + machine + inferior process.”
There have always been technological innovations which help make corporate disciplines run more efficiently, more smoothly and more profitably. AI is simply another step in this line of technological developments. There is certainly no reason to be afraid of using it. Put another way, if disruption hits the legal world through LawTech; disruption is not far behind in the compliance world through ComTech.
This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at firstname.lastname@example.org.
© Thomas R. Fox, 2017