What are the crucial capabilities which a compliance function must have to implement an Artifical Intelligence (AI) compliance solution? Interestingly, such capabilities also are more broadly discussed in the Department of Justice’s (DOJs) Evaluation of Corporate Compliance Program, 2019 Guidance, under the rubric of competency and quality of your corporate compliance function. Simply put, a compliance function must also evolve and have the technical skills and competence to operate in a 2020 and beyond business environment. If you find yourself in front of the DOJ for a corruption matter, you will be asked about your compliance team’s capabilities around AI, ComTech and the use of data analytics in your compliance program.

An MIT Sloan Review article, entitled Using AI to Enhance Business Operations, by Monideepa Tarafdar, Cynthia M. Beath and Jeanne W. Ross, is instructive as an introduction into how the corporate compliance function can use an AI program to not only enhance the compliance function but also business operations. The authors state, “the use of AI to enhance business operations involving embedding algorithms into applications that support organizational processes” can be used to improve the speed of information analysis, the scope of data reviewed, the reliability and accuracy of outputs. Moreover, “The power [AI programs] stems from their ability to reduce search time and process more data to inform decisions.” This all leads to enhanced operational excellence, more efficient business processes, and a more robust compliance experience.

Generating value from AI programs is not easy for compliance professionals as there can be multiple roadblocks to successful design and implementation. The problem is, many companies who desired to benefit from AI programs failed to do so have failed to develop the necessary organizational capabilities. We now turn to the authors’ five capabilities that companies need to create or have to operationalize AI programs in compliance into their organization DNA. I have adapted their strategies for the compliance function.

Data Science Competence

Data science competence encompasses a wide range of skills essential to create, develop and implement an AI program for compliance. It includes skills such as determining the availability and usefulness of massive amounts of data: collecting, cleaning, curating, tagging, and analyzing internal and external data from multiple sources. Data science competence also entails identifying and describing relationships between data, as well as developing AI algorithms that have learned from the data how to identify patterns and probabilities. This is definitely not the strong suit of lawyers or law schools which train them. This means that compliance professionals will need to hire “data science competence”.

Compliance Domain Proficiency

Compliance professionals should have better chance with the domain expertise. And yes, this does include the ability to read a spreadsheet. The reason compliance proficiency is needed is to understand the tasks, workflows, and logic of existing compliance processes, as well as to imagine how AI programs for compliance could improve them. Compliance domain proficiency also means the ability to understand the relationships among the data from a process and compliance point of view which is important for creating the business rules that shape how the outputs from the algorithm are handled by the AI program.

Enterprise Architecture Expertise

This means building the AI infrastructure because ECC applications do not deliver value by simply processing data and delivering outputs. Rather, “ECC applications deliver value when the organization changes its behavior — that is, when it changes processes, policies, and practices — to gain and apply the insights from those outputs.” This sounds suspiciously close to what Chief Compliance Officers (CCOs) currently perform. This role clearly transitions into expert enterprise architecture design because it is needed to create business value from ECC applications and then help manage the transition from the old organization to the new one. Essentially, an ambitious ECC application in compliance will affect and impact several, often fundamentally different business processes. In such cases, enterprise architects are needed to orchestrate the redesign of the systems, processes, and roles across organizational units. The more ambitious the ECC compliance application, the more likely it will require far-reaching organizational changes.

Operational IT Backbone

Once again this will likely be outside the subject matter expertise (SME) of a corporate compliance function. However, an organization’s existing technology and data foundation, what the authors term “its operational IT backbone and the people responsible for it support the development and running” of AI program for compliances, are critical elements as they provide the resource capabilities needed to store and access critical data, integrate ECC applications with other applications, provide reliable operations, and ensure privacy and security.

Even though this may be out of the compliance professional’s wheelhouse, the reality is that no new enterprise application can operate in isolation from other enterprise applications and this is the same for AI programs. If a compliance AI program is not properly integrated into the business operations, acceptance will not be forthcoming and its use will be limited.

Digital Inquisitiveness

A key to the continued need for compliance professionals is that algorithms in AI programs for compliance do not produce definitive answers. Rather, they produce predictions based on probabilities: that there could be payments outside a gift, travel and entertainment parameter or that monies claimed to be marketing expenses or charitable donations may be illicit payments. However, there are situations in which the compliance professional users must consider these predictions and apply human judgment to arrive at decisions about how and where to deliver a compliance solution. To do this effectively, they need to possess digital inquisitiveness — a habitual inclination to question and evaluate the data before them. They must use that skill to better understand the options provided by AI programs for compliance and continually improve outcomes.

By applying these practices, business leaders can full operationalize AI applications for compliance into their organizational DNA and set themselves up to reap those rewards. It is a continuous cycle. The capabilities enable employees to execute the practices, and the practices themselves exercise and strengthen the capabilities. This cycle helps companies continually adapt at developing and using AI applications that make operations more efficient and create business value through greater profitability.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2020