RegTech promises to turn policy documents to rule sets that describe what good looks like in the operational language of the systems used by the business. AI can play a role in applying controls, but it needs to be carefully supervised so that the humans are in the loop and overseeing the code.
Experts at JWG’s 22 March Trading compliance seminar discussed what it takes to successfully digitize compliance and the role of generative AI.
Register for 29 June 2023 virtual pass
chatGPT and compliance
On paper, asking a GPT to suggest the appropriate course of action seems like a great solution. Plug in your robot behind the scenes to do all the thinking for you – but is it as easy as it seems?
In the news last month, we saw Italy ban chatGPT, stating there is a failure to age check its users and has no legal justification of both the collection and storage of personal data, which it uses to train the chatbot.
Other countries may soon follow suit, with Germany, France and Ireland looking into the tool. Last week, the European Data Protection Board said it would launch a dedicated task force on the matter.
Compliance experts at our virtual trading compliance seminar discussed what it took to bring interpretation into the digital age and AI’s role. The panels will be on-demand until September 2023 – don’t miss you chance to listen in here.
Governing AI compliance solutions
Although AI has been around for decades, few serious firms rely on the robot for the answer unless the instructions are crystal clear and humans are in control. Any black box solutions are generally frowned upon.
Adam Schneider, an Advisor to the Global Digital Currency Association saw a space for AI in compliance tooling: “I am somewhat optimistic that the AI capabilities recently come to play give the industry the opportunity to take some of the compliance situations that are based on judgement, and make them far more consistent with potential to improve over time.”
One of the more complex questions around AI is how to evidence how it actually makes those decisions. “The problem is that you don’t know how the model works. It is purely based on statistics of what it has seen in the past,” David Silverman, a senior Risk and Compliance executive and author of the book ‘Stop Harming Customers: A Compliance Manifesto (expected Q323)’ added.
Even when we feed our AI robots with data, they can only regurgitate their food. They can’t digest all the small factors that come into play when interpreting policies, standards and information.
Ralf Huber, a lawyer and Co-Founder & CRO of APIAX agreed with the challenges of AI, explaining that the auditability of AI tooling doesn’t cut it: “how can I explain to the regulator or to my auditor that the algorithm answered this question at this particular time for this employee, like this or like that?”
It seems that AI can be used to assist employees, as Ralf adds “we probably would feel comfortable if an AI would make this interpretation even a bit more standardised than it is today,” but AI seemingly can’t be a solution exclusive of any human interaction as it currently stands.
Technology and Compliance tend to come at AI from very different perspectives. The latter requires 100% precision and abhors the ‘magic pixie dust’ of AI.
Compliance needs technology to provide the provenance of the AI with the analysis which humans can improve on.
RegTech gives compliance the opportunity to get beyond large policy documents with rule sets that describe what good looks like in the operational language of the systems used by the business.
With so much of the business now digitized, checks can be automated at the point of transaction and good RegTech can provide the audit trail to the rule books.
David Silverman saw this as an entry point to the discussion about how to introduce compliance to every level of a business:
Without the right tooling and compliance culture around that it often results in more frustrated clients and unmet growth targets, as businesses spends all their time trying to work out what it can and can’t do, as opposed to just getting out there and doing it.
“On the one side, the whole fine thing isn’t, isn’t really working… On the other hand, I’m going to say almost no one’s coming to work looking to do a bad job or to harm customers or to break the law, and certainly not a top management… that culture of compliance has to flow from the top down…”
David continued: “Compliance should, like audit, report to the board. Because compliance needs to be able to stop those products and services, where it goes against the firm’s policies. It goes against the firm’s ethic… and what we’ve got running right now  the interpretation part can happen lower in the organisation, and you can overrule or push over compliance.”
Ralf Huber, also agreed with this point, referring back to how the top-down approaches have been typically structured in the past: “We provided our business colleagues with thick policy documents, maybe we did once a year training and the certification, right, that was our type of breaking the requirements into the business lines, and I think, did it work 20 years ago? Probably not. Does it work today when huge volumes of client interaction are happening digitally? Obviously not.”
Compliance by code
So, does that mean we need to get our chatGPT robots in to do the heavy lifting in this digital landscape?
Taking the conversation deeper, Jackon Mueller – Director of Policy and Government Relations at Securrency – shed light on how smart contracts could be part of the solution:
“Smart contract(s) with built-in regulations will determine, who the token can be issued to, where it can go, and ultimately, from a regulatory perspective, it allows for auditability where they can come in view the smart contract, view the built in if-then statements that our technology provides for to understand exactly how it is that the issuer built that code into the contract itself in enabling it to become self-executing”
This aligns well with findings from the recent breakthrough in Digital Regulatory Reporting for derivatives with the open-source FINOS model which JWG helped deliver for CFTC last year.
The DLT-based model enables business transactions to be modelled to align to regulatory obligations. Though not AI, it can revolutionise how the industry applies standards to Derivatives and other reports.
The big takeaway is that while AI could improve efficiency, it needs to be applied carefully so that the humans are in the loop and overseeing the code.
Tips from the panellists
David Silverman, Risk and Compliance senior executive
“I’m trying to get people off the idea of trying of collecting all the law and figure out which law applies. I’m trying to go the other way, and say we are an institution, let’s go figure out what we are already doing. We already know what the law is, let’s go to the people who know which pieces they need, give them their data, and then connect it internally.”
“We always tend to look at the negative, there’s a lot of positives going on. I think compliance is more empowered than it ever has been. And it’s certainly come a long way. So let’s keep going. Let’s get the technology people helping us.”
Ralf Huber, Co-Founder & CRO, Apiax
“I think priority should remain having truly digital strategy within compliance because our organisations are turning more and more digital everyday”
“The three lines of defence are too complex for today’s environment. More controls should be with the business and thus allow for embedded tools to help bridge the gap between technology and compliance. By embedding compliance checks into core business processes, you boost your front-office’s efficiency.”
Adam Schneider, advisor Global Digital Assets & Cryptocurrency Association
“It’s always better to prevent a problem than to detect it afterwards and deal with the ramifications. I would really like to see a focus on preventive processes and controls. We would all be happier if compliance was able to stop issues before they occur. This would be a far higher return on investment than automating resolving a problem that has occurred.”
Jackson Mueller, Director of Policy and Government Relations, Securrency
“I think we’re heading to a point where traditional financial services start to take advantage of decentralised finance tools, and the transformation of our capital markets is going to be really interesting over the next several years.”
PJ Di Giammarino, CEO and Founder, JWG Group
“The last decade has been subsumed by a lot of reg talk. We need to get back to coalition’s that want to collaboratively generate open-source RegTech IP. The thing I love about trading rules is that they are data-centric and already have a narrow framework for thinking about how to control the underlying technology. This is a great base for articulating a real business case for collaboration and better tooling.”
Don’t miss this opportunity to frame the big picture for your reporting programmes and mitigate your regulatory risks. Listen to our RegCast for more background here.
Register for 29 June 2023 virtual pass