Compliance is tough. From Anti Money Laundering (AML) and Know Your Customer (KYC) through to following the minutiae of legal texts and internal company policies, compliance takes a heavy toll on practitioners. So, can artificial intelligence (AI) help lighten the compliance burden?
Information Age asked the world’s leading practitioners to explain how AI can work its magic when it comes to compliance.
#1 – Automate KYC and onboarding
Know Your Customer and onboarding are already being improved by technologies such as digital IDs, automatic form filling, and facial recognition tools. But artificial intelligence can handle so much more.
Alix Melchy, vice president of AI at Jumio, which helps the likes of Monzo, Nationwide and TSB with their customer processing, says: “AI can analyse vast amounts of data in real-time, hence better contextualising individual KYC processes and making it easier to detect fraudulent activity and prevent financial crime.
‘It is critical to ensure that AI systems are designed with diversity, equity, and inclusion in mind to ensure the true potential of the technology is realised’
“Leveraging AI systems developed on large, diverse and representative datasets makes it possible to accurately extract data that can then be used to ping third-party databases or to verify a person’s age based on the date of birth. This is particularly important for KYC, where the risk of fraud is high. AI can quickly identify red flags and alert compliance officers to potential risks”.
However, there are downsides, as, according to Melchy, while AI has enormous potential, there are also risks which need to be considered.
Says Melchy: “One of the biggest challenges is the potential for bias in AI algorithms. If not properly designed and trained on a range of people, nationalities and documents coming from real production environments, AI systems can propagate biases at large scale. As this could lead to discriminatory outcomes in the onboarding and KYC processes, it is critical to ensure that AI systems are designed with diversity, equity, and inclusion in mind to ensure the true potential of the technology is realised.”
Speed of the essence for data centre compliance – The larger your business, the more important it is to consider data centre compliance. A non-compliant data centre could lead to a breach of data protection and privacy regulations
#2 – Classify data with an audit trail
Compliance is all about controls. Data must be classified according to multiple rules, and the movement and access to that data recorded. It’s the perfect task for AI.
Ville Somppi, vice president of industry solutions at M-Files, says: “Thanks to AI, organisations can automatically classify information and apply pre-defined compliance rules. In the case of choosing the right document category from a compliance perspective, the AI can be trained quickly with a small sample set categorised by people. This is convenient, especially when people can still correct wrong suggestions in the beginning of the learning process.
“In addition to the automatic classification, specific tasks like recognising PII-data can be achieved by AI models that have been pre-trained with large quantities of data to detect the required patterns.
“When the information is appropriately categorised, information systems can manage access, editing, business rules and compliance controls and leave an audit trail ready to be demonstrated compliance to auditors, clients and regulators.”
#3 – Improve cyber security
AI is already a big part of any modern cyber defence. Generative AI can fill in the gaps. For example, cyber-attacks can be simulated to test staff, and then train them afterwards.
Nathan Charles, Head of Customer Experience at OryxAlign, explains: “We provide businesses with the ability to simulate a phishing attack by sending randomised fake phishing emails to their employees every quarter. The emails are designed to look like real phishing emails that employees may receive. The tool allows organisations to track who clicked on the links in the email or provided sensitive information in response to the email.
Based on their responses, users are given a cybersecurity awareness score, which is used to provide them with an ongoing programme of cybersecurity training, via an online library of webinars, quizzes, games and even a Netflix-style TV series.
By using this tool, organisations can assess their employees’ ability to identify and avoid phishing attacks. The results of the test can help businesses identify areas of weakness in their security, from shop-floor workers to the CEO.”
Five years of GDPR — the data compliance state of play – Five years on from the inception of the EU General Data Protection Regulation (GDPR), we explore what businesses need to consider when it comes to compliance
#4 – Detect fraud
Data pools are too big for humans to comb through. AI is the only way.
In some sectors, adoption of AI has been delayed owing to regulatory issues. However, full deployment ought now to be possible.
Gabriel Hopkins chief product officer at Ripjar, says: “Banks and financial services companies face complex responsibilities when it comes to compliance activities, especially with regard to combatting the financing of terrorism and preventing laundering or criminal proceeds.
“Since the early 1990s, artificial intelligence and specifically machine learning have played an important role in the detection and prevention of fraud within financial services. Sophisticated banks are now leveraging AI to improve detection of terrorist financing and money laundering. Unfortunately, the adoption of AI has not been fully realised due to risk aversion and structural issues with the way that regulators calibrate anti-financial crime measures. And innovations such as ChatGPT may now add to risk concerns.
“For AI to be used effectively in compliance processes, it must be explainable, measurable, and endorsed by regulators. In those circumstances, AI’s potential is to revolutionise current inefficiencies and thwart criminal activity and terrorism.”
#5 – Identify money laundering
Anti Money Laundering is a compliance core function. It’s also a sophisticated terrain, requiring specialist skills across finance and technology. Fortunately, AI is increasingly potent at AML.
Nick Henderson-Mayo, director of learning and content at compliance eLearning specialist VinciWorks, says: “AI tools can detect money laundering in several ways using specialised algorithms. Essentially, these algorithms analyse vast pools of data and raise a red flag if something is found, such as unusual transactions or account activity that could be considered suspicious.
AI can analyse customers’ transaction behaviour to make predictions about that user in the future. This system becomes sensitive to changes in behaviour, no matter how subtle, and can flag any suspicious changes in behaviour that traditional AML systems could miss.”
So far, AI is proving an able assistant to human activity when it comes to compliance, rather than a full replacement.
More on compliance
The best IT compliance tools for your business – Antony Savvas looks at some of the best IT compliance tools and methods that are suitable for all types of business