Today’s proponents of artificial intelligence (AI) tend to focus on its spectacular uses such as self-driving cars and uplifting ones such as medical treatment. AI also has the potential to aid humanity in more modest ways such as eliminating the need for individuals to do tedious repetitive work in white-collar areas. Along these lines, at its recent Vision users conference, IBM displayed an application of its Watson cognitive computing technology designed to automate important aspects of regulatory and legal compliance. Should it prove workable, the application of cognitive computing to compliance could be the first step in achieving what various “Paperwork Reduction Act” legislation has failed to do: substantially cutting the time needed to comply with rules imposed by government entities.
Regulatory compliance requires plenty of effort, especially in heavily regulated industries and especially during periods of rapid change in rules. Regulatory burdens on business in the United States have been increasing and growing more complex. For example, the number of pages added to the U.S. Federal Register, a rough measure of rule-making, grew 38 percent, from 529,223 pages in the 1980s to 730,176 in the 2000s, and that growth is on pace to reach 800,000 for the decade ending in 2019. Not all of these additions apply to a specific company’s business, and not all changes are relevant. But poring through pages of laws, rules and judicial rulings to identify relevant new requirements or changes to existing ones requires expertise and often considerable effort. Determining how to address regulatory changes and ensuring that these requirements are being met also entails knowledge and experience and consumes time. While necessary virtually none of all this work adds to the bottom line (except to the extent that it avoids fines or penalties) or improves a company’s competitiveness.
In concept, cognitive computing is well suited to help manage compliance because it has the ability to continuously scan all sources of rule-making, identify those that may be relevant to an organization, and provide suggestions on how best to comply with rules and oversee the compliance program. It can improve the effectiveness of the compliance process by reducing the risk that a company will overlook regulations that apply to it or will implement a compliance program that does not adequately address requirements. In short, by using automation, cognitive computing can increase the efficiency with which a company addresses its compliance requirements. Our benchmark research on governance, risk and compliance (GRC) finds that this is important: Companies most often focus on GRC to contain overall risk and the risk of failure to comply with regulations (77% and 74%, respectively) and much less often to cut costs (31%).
The primary steps any company faces in addressing regulatory compliance are identifying and understanding regulations that apply to it; determining how to address each of them; creating the appropriate measures and governance to achieve compliance; ensuring that the necessary documentation is created to confirm conformance; and guaranteeing that issues that arise are handled properly. Companies face challenges in doing this correctly and in a timely fashion. The process of interpreting the regulations and linking them to the appropriate controls is difficult and costly. Expertise is necessary, on the part of internal staff, external consultants or legal counsel. Historically companies have devolved responsibility for regulatory compliance to the individual business units most closely affected because it was the practical approach. However, decentralized approaches make it difficult to gauge overall compliance, and as the scope of regulation increases over time they lead to duplicate controls and increased costs of compliance.
IBM Watson is potentially a good fit for managing regulatory compliance because it pools knowledge of a topic. As in the case of medicine, the collective efforts of all companies using Watson to assist in managing regulation help all of the participants. Because their combined learning processes are cumulative, Watson can build a knowledge base fast and absorb new facts and conditions quickly. It’s to all participants’ advantage to expand the capabilities of the system cooperatively. In both disciplines, learning involves mastering a technical language and syntax and being able to link their meaning to specific recommended actions.
Watson’s approach to cognitive compliance starts by parsing the body of regulations in a fashion similar to the work it has done in consuming the scientific literature in the field of medicine. It then would identify all compliance requirements that may be relevant to a specific financial institution. The company would vet the list it produces to arrive at a list of validated compliance requirements. The cognitive compliance system would then use Watson to generate a recommended set of controls and procedures based on accepted practices (which may be rooted in anything from black-letter law to actions taken by similar companies). The user company would select those that it deems appropriate. These decisions would be made by trained individuals – for example, those with compliance responsibilities in a particular area, internal counsel or attorneys specializing in a relevant practice area. Once established, a cognitive compliance system could automate the process of monitoring regulatory actions and rule-making that is relevant to the company and flagging anything that requires review.
IBM intends to focus Watson’s cognitive compliance efforts initially on the financial services sector. In part this is because the company already has a significant presence in this market segment, but the main reason is because in the United States the complexity of the rules governing this industry has mushroomed since the financial crisis of the past decade. For example, the so-called Volcker Rule, intended to prevent banks from engaging in speculations that put government deposit insurance and the financial system at risk, was spelled out in just 165 words in the 2010 Dodd-Frank Act. However, translating that concept into practice required the collaboration of five regulatory agencies: The Federal Reserve, the Securities and Exchange Commission (SEC), the Commodity Futures Trading Commission (CFTC), the Federal Deposit Insurance Corporation (FDIC) and the Office of the Comptroller of the Currency (OCC). It took about five years for this group to assemble a 71-page rule (not written in plain English) that has an 891-page preamble. As to cost of dealing with this complexity, in 2015, the OCC estimated that the cost of complying with Dodd-Frank for the seven largest U.S. banks in 2014 was US$400 million. In another example, 13 Europe-based banks spent between $100 million and $500 million each to achieve compliance with a rule requiring them to create umbrella legal structures for their local operations and take part in the Fed’s annual stress tests. To be sure, the current regulatory conditions affecting banks is an extreme example. However, for that reason it’s an attractive potential market.
If applying cognitive computing to regulatory compliance works for financial services, there are likely to be many other industries in which the regulatory requirements are demanding enough to track and implement to make its use worthwhile. One intriguing possibility for the longer term is Watson’s potential to identify duplicate or conflicting regulations and laws and enable legislators and regulatory bodies to streamline or rationalize them. We recommend that financial services organizations and perhaps others look into this intriguing possibility.
Senior Vice President Research