I have long been an advocate of technology in compliance to facilitate more effective, cost efficient operationalization of a corporate compliance function or as I call it ComTech. I find the intersection of compliance, technology and artificial intelligence (AI), to be particularly compelling as I believe it will make compliance much more robust in the three prongs of prevent, detect and remediate. I recently came across an article in the Harvard Business Review (HBR), entitled “Artificial Intelligence for the Real World” by Thomas H. Davenport and Rajeev Ronanki, which lays out a structure that every Chief Compliance Officer (CCO) and compliance practitioner can use to think through how AI could be applied in your organization. Over the next couple of blog posts I will be considering how the authors concepts can be used in the compliance space.

Moon Shots v. Low Hanging Fruit

The most basic problem in AI projects is the ambition of the project itself. They are so large, expensive and moving into uncharted territories that inevitably setbacks occur which derail the project. Many pe ople think of AI use in the ‘moon shot’ project that would be truly business transformative. The authors point to the MD Anderson Cancer Center 2013 project designed to diagnose and recommend treatment plans for certain forms of cancer using IBM’s Watson cognitive system. The projected ended without having been put to use on patients in 2017 at a spend of $62 million. In spite of this non-success, MD Anderson remains committed to “using cognitive technology—that is, next-generation artificial intelligence—to enhance cancer treatment, and is currently developing a variety of new projects at its center of competency for cognitive computing.”

At the same time this Cancer moon shot was launched, MD Anderson also began “experimenting with using cognitive technologies to do much less ambitious jobs, such as making hotel and restaurant recommendations for patients’ families, determining which patients needed help paying bills, and addressing staff IT problems. The results of these projects have been much more promising: The new systems have contributed to increased patient satisfaction, improved financial performance, and a decline in time spent on tedious data entry by the hospital’s care managers.”

These low hanging fruit were prime for the types of solutions and efficiencies AI can bring to a company. The authors found that the MD Anderson experience was not uncommon, as found in the companies they researched for their article. They also specifically noted, “This shouldn’t be surprising—such has been the case with the great majority of new technologies that companies have adopted in the past.”

The authors believe that companies should take a more incremental approach towards AI projects rather than an all ambitious moon shot approach. The focus should be supplementing rather than replacing human capabilities. Yet the key is for companies to appreciate the tasks that AI technology can perform and then “create a prioritized portfolio of projects based on business needs, and develop plans to scale up” throughout the organization. To do so, a compliance professional needs to consider AI through the lens of operationalized compliance. This requires a consideration of the types of AI suited to such a task.

Types of AI for Operationalizing Compliance

A. Process Automation

The first is the most basic, process automation, which the authors call “robotic process automation” (RPA). This type of automation focuses on typical back-office administration functions, such as administrative and financial, which seem tailor made for an operationalized compliance program. RPA works well with inputting of information, collating and then synthesizing information from multiple IT sources, such as:

  • transferring data from e-mail and call center systems into systems of record—for example, updating customer files with address changes or service additions;
  • replacing lost credit or ATM cards, reaching into multiple systems to update records and handle customer communications;
  • reconciling failures to charge for services across billing systems by extracting information from multiple document types; and
  • “reading” legal and contractual documents to extract provisions using natural language processing.

RPA is the least expensive and most straight forward to implement. It can produce the quickest results and the all-important return on investment (ROI). The authors cited an example from NASA where the space agency implemented RPA pilot programs in accounts payable and receivables, IT spending and Human Resources (HR). They were all managed by one central project management team and greatly improved efficiencies. Most interestingly, this process did not put employees out of work but only reduced costs on tasks which could already be offshored.

B. Cognitive Insight

The authors, somewhat jokingly, called this type of project “algorithms on steroids” as they use AI to see patterns in raked leaves and hay stands by detecting forms in huge volumes of data and then interpret the meaning. Some of these applications are used for the following:

  • predict what a particular customer is likely to buy;
  • identify credit fraud in real time and detect insurance claims fraud;
  • analyze warranty data to identify safety or quality problems in automobiles and other manufactured products;
  • automate personalized targeting of digital ads; and
  • provide insurers with more-accurate and detailed actuarial modeling.

It is easy to see how projects with a just a different focus would work for the compliance function. These types of AI projects differ from RPA projects in three significant manners. The authors related, “They are usually much more data-intensive and detailed, the models typically are trained on some part of the data set, and the models get better—that is, their ability to use new data to make predictions or put things into categories improves over time.” As both data input and data curation have typically been labor intensive; an example for the legal world is 20 lawyers engaged in contract review; cognitive insight can review massive amounts of data across multiple databases.

The authors provided three examples of cognitive insight. The first was General Electric (GE), which used this type of AI project to integrate supplier data to eliminate redundancies and negotiate contracts that were previously managed at the business unit. The second was an un-named financial institution which this type of AI “to extract data on terms from supplier contracts and match it with invoice numbers, identifying tens of millions of dollars in products and services not supplied.” Third was Deloitte whose audit practice used this type of AI to facilitate audits by extracting contract terms and conditions allowing review of a much higher proportion of documents for anomalies or red flags. This type of AI brings much greater efficiency through high-speed data and number crunching so once again it is not a threat to human jobs.

C. Cognitive Engagement

The third and final type of AI involves putting together business, process and customers. For the compliance professional translate customers into your company employees and you begin to see the possibilities. This type of AI project uses natural languages, processing chatbots, intelligence agents and machine learning to facilitate growth. Some examples include:

  • intelligent agents that offer 24/7 customer service addressing a broad and growing array of issues from password requests to technical support questions—all in the customer’s natural language;
  • internal sites for answering employee questions on topics including IT, employee benefits, and HR policy;
  • product and service recommendation systems for retailers that increase personalization, engagement, and sales—typically including rich language or images; and
  • health treatment recommendation systems that help providers create customized care plans that take into account individual patients’ health status and previous treatments.

This list makes clear the uses for the compliance function.

Yet these types of services will not be replaced by AI technology, but it can supplement an employee facing function such as compliance. The goal would not be to reduce head count but to provide greater employee resources, leading interactions in a more-timely manner. For instance, a compliance function might turn over routine communications to AI, while transitioning compliance-support personnel to more-complex activities such as higher risk issues that escalate but before they become such things as Code of Conduct or even Foreign Corrupt Practices Act (FCPA) violations or reaching out to employees before they call in with problems.

You can also see how all three types of AI projects can interact together using deep-learning technology to search for frequent inquiries to the compliance function, as well as previous compliance incident reports to deliver compliance solutions. However, many companies face obstacles with such development and implementation. In our next installment, we will consider a framework for integrating AI into your compliance function.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2018