I am exploring the use of artificial intelligence (AI) to make compliance more robust in the three prongs of prevent, detect and remediate. This series is based upon an article in the Harvard Business Review (HBR), entitled “Artificial Intelligence for the Real World” by Thomas H. Davenport and Rajeev Ronanki, which laid out a structure that every Chief Compliance Officer (CCO) and compliance practitioner can use to think through how AI could be applied in your organization. Today I want to explore how to think through an implementation.

Testing Through a Pilot Program

Bringing in an AI initiative to a corporate compliance function may initially seem like a daunting project. So the first thing to remember is that it is at its most basic simply that—a project. It may be more sophisticated in scope and more high profile than other projects, but it is still a project. You should approach it in this most basic form. This means you should have a project manager who has the talent, resources and skill to navigate the exercise. It may also mean you have to delve far outside your normal compliance function resources. Your organization may have a cognitive center of excellent or other similar structure to assist you in this project, as you will need superior technological skills which are probably a step or two beyond the capabilities of most compliance professionals.

The next is to determine where or over which compliance process you want to try your AI initiative. The authors reported the global automation group of one organization “uses end-to-end process maps to guide implementation and identify automation opportunities. The group also uses graphical “heat maps” that indicate the organizational activities most amenable to AI interventions. The company has successfully implemented intelligent agents in IT support processes, but as yet is not ready to support large-scale enterprise processes, like order-to-cash.” Such a data driven process in compliance such as gifts, travel and entertainment (GTE), coupled with third parties and charitable donations might prove equally fruitful for such a pilot project.

The next step is to consider the compliance process and its redesign, “focusing specifically on the division of labor between humans and AI.” This allows you to mix the right amount of effort by both the machines and compliance personnel so they “augment each other’s strengths and compensate for weaknesses.” Here you need to decide if the AI initiative is simply to “pave the cow path” of simply automating work flows, which can lead to some quick wins and achieve return on investment (ROI), and  forgo the opportunity to take full advantage of AI capabilities and substantively improve the compliance processes.

AI initiatives which move towards the cognitive work redesign efforts often benefit from applying design-thinking principles: understanding employee (i.e. your compliance customers) needs, involving those within your organization whose work will be restructured and treating designs as experimental first drafts of your initiative. There may be consideration of “multiple alternatives, and explicitly considering cognitive technology capabilities in the design process. Most cognitive projects are also suited to iterative, agile approaches to development.”

Scaling Up

If your pilot is successful it is time to scale up the AI initiative across your organization. This will require even greater collaboration between the compliance function, your IT department, technology experts and the business process owners (assuming of course you have operationalized your compliance processes). The authors believe it is in scaling up that the greatest number of challenges are faced. Scaling up throughout your organization may require a rethink of your compliance processes through modernization of your existing systems. This means rather than simply appending your AI initiative onto your existing technologies, use this as an opportunity to take a much more holistic approach to look at and improve a wider variety of compliance processes.

The authors warn this will require change-management adaptions. Yet if the compliance processes both in the compliance function and operationalized into the business units, can free employees of more mundane tasks, you can certainly ask those employees to take on more high value tasks. The authors provided one example from the supply chain of a clothing organization that has an AI pilot project which used machine learning for online product recommendations, predictions for optimal inventory and rapid replenishment models, and – most difficult of all – merchandising. Buyers, used to ordering product on the basis of their intuition, felt threatened by the project and asked that it be terminated. Management pointed out that these buyers were now free to make inquiries into and gain a deeper understanding of their customer’s preferences and even desires, in explaining how the convergence of AI and human intellect made for a stronger overall assessment.

How could all of this work in the compliance arena? An AI initiative could assist to generate a compliance plan and then provide goals-based forecasting in real time. It could consider a variety of mechanisms to target your organization’s outside customers in a manner which would take into account compliance risks, while tracking such risk areas as GTE, charitable donations, and your third-party sales agents (assuming you are actually managing your third-party sales agents). Finally, it would track of all the spends and then engage your internal customer (your company’s employees) virtually on a real time basis.

For the compliance professional, it would allow a greater understanding of the true risks involved, through a full risk management process, allowing a customized implementation plan for each sales effort. It would promote the ability for the compliance professional to not only set overall risk management strategies but act as a trusted advisor in the entire sales cycle by delivering more timely compliance support on an as-needed, real-time basis. Finally, it allows the compliance function to “see around the corners” of risk management and anticipate to more fully manage risks going forward.

Tomorrow I will conclude with some final thoughts on the future of the cognitive compliance function.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2018