Artificial intelligence set to transform regulatory compliance
Most people have heard of the headline-making achievements in artificial intelligence (AI); systems winning quiz shows and beating world champions in chess. These are the poster children of the discipline but there is a quieter revolution taking in shape in other areas, including regulatory compliance in financial services.
Writing for Banking Technology, Mike MacDonagh, London-based director of enterprise risk management at Wolters Kluwer, examines how AI technologies are promising to transform the way that firms ensure they can comply with a global explosion of new regulation.
The problem with regulation
Looked at in isolation, a piece of regulation is a relatively simple affair – a legal document containing text that describes what needs to be done, by whom, when, and (sometimes) how. With some understanding of the underlying topic, a compliance officer can read the document; understand what is mandated and where it will affect his or her part of the organisation.
The compliance officer can determine what is required in order to ensure compliance, what is required and how to demonstrate that compliance is met, not only to his management but also to the regulator. Of course things just aren’t that simple, this approach doesn’t scale easily and yet the scale and scope both of regulations and of the businesses of firms themselves continues to grow apace. In the real world, firms struggle to understand what legal and regulatory requirements they face everywhere they do business. Inevitably, they struggle to ensure compliance everywhere and are unable to demonstrate it to management and regulators, resulting in compliance failures, regulatory fines and, increasingly, personal legal sanctions for their management.
The problem is that, for each legal or regulatory text, someone has to read it, analyse it, understand the impact on their organisation, and then undertake and manage whatever actions are needed to ensure compliance. This task is multiplied for each regulation issued by each regulator, in each jurisdiction and for every line of business. As markets, and ultimately firms, are evolving, they can end up having to comply with thousands of regulations from dozens of regulators. Even if this mammoth task is achieved that is not the end of it: regulations change, their interpretation changes, and of course the firm itself changes. Firms have to keep up with all of this change. A medium-sized firm may have to scan hundreds of updates every week, identifying which ones affect regulations that contain requirements that affect them and then deciding what, if any, action is required in order to ensure continuing compliance. And the broader the business and product offering, the more complex the regulatory landscape they have to adhere to, becomes.
This is a process that cries out for automation but both the regulations and the updates to them are in the form of unstructured documents that have to be read, interpreted and contextualised by skilled and experienced staff.
The promise of AI
AI isn’t a single technology, it is a collection of related technologies, including a, b, c, natural language processing (NLP) and machine learning. Each of these technologies has specific uses and NLP in particular is starting to come into widespread use in helping to analyse unstructured content such as laws and regulations. Together with machine learning, NLP solutions can “read” such documents and perform a range of tasks including: extracting metadata, identifying entities that are referred to, and “understanding” the intent or purpose of specific parts of the document. For regulatory compliance this means that there is the promise that we can use NLP to:
- Extract metadata – this helps us to understand what the regulation is about by identifying financial products (e.g. loans or swaps), regulatory topics (e.g. anti-money laundering or market abuse) and business processes (e.g. trade settlement or customer due diligence). With this information, it becomes possible to determine whether the regulation is relevant, what parts of the organisation are likely to be affected and who needs to review it.
- Identify entities – entities provide the “who” in a regulatory document. Who is the document addressed to (perhaps the firm), by whom (a regulator) and who are the other actors (customers, other market participants, etc.)?
- “Understand” content – in regulatory compliance it is vital to understand what requirements or obligations are contained in a law or regulation. These are the parts of the text that tell firms what they must do or must not do. NLP is able to help us to identify the requirements that are contained within a document and, using the entities and metadata, determine who they apply to and what products, topics and processes they refer to.
Linking these processes to another AI technology, like machine learning, means that we can train systems to get better at these tasks, further increasing their utility.
How will this transform regulatory compliance?
Enriched content is valuable simply in enabling existing tasks, making them easier and faster but how can it transform compliance?
Once we can treat regulatory content as data it becomes possible to manage it programmatically and this opens up a range of new opportunities. Regulations themselves and the obligations within them can be represented in systems and linked to the relevant parts of the business automatically using metadata e.g. UK requirements around mortgage advertising can be tagged appropriately and assigned automatically to the UK Mortgage Sales department that shares the same metadata. At the same time updates to those rules or their interpretation come into the system as an XML feed and can be routed directly to the same team with no human intervention, using the same metadata and the rules that are referred to in the updates.
What was once a static environment becomes dynamic as the process of identifying and mapping regulatory requirements across the business is automated. Firms can start to ask questions and make comparisons: e.g. how do the requirements around mortgage advertising in the UK compare with the rest of the EU or with the US? The answers to these questions help firms not just to ensure that they comply but to make regulation a more central part of their business decisions. For example, regulatory requirements can be linked to controls in a library that has costs associated with each control. Now it becomes possible to look at and compare the cost of complying with regulations in each part of the business.
Finally, the newly acquired data around regulatory compliance can be brought into the risk environment. For example, enforcement and disciplinary actions and their resulting sanctions can be linked to specific rules and regulatory topics, giving firms a picture of the potential cost associated with non-compliance. Putting this information together with control performance and effectiveness data provides the fundamental information required to take a genuinely risk-based view of regulatory compliance.