As a software provider, when testing new concepts or collecting enhancement requests, we naturally turn to our most expert stakeholders: our customers and our partners.

And this is precisely what we did when we started working on our concept for Regulatory Intelligence: we listened to what customers wanted, what analysts suggested the market needed, and what partners recommended. Armed with these inputs, we put together a proposal and then opened a Customer Influence program – Innovation project regulatory intelligence for SAP GRC, to share our findings, detail our concept, and obtain direct feedback, validating or invalidating our assumptions and design on how Artificial Intelligence can facilitate this core compliance step.

But AI being AI with all its unknown at this stage, we also decided to pursue a parallel thread: asking an external party to look at this topic with fresh sets of eyes and tell us what they thought we could be missing in our analysis. To get an unbiased outside-in perspective.

We were lucky to have 3 students from the Lancaster University Management School in the UK elect to work on a report on this matter: Implications of AI in the field of Regulatory Compliance; A study into the benefits and risks of delegating the analysis of regulatory changes to an AI.

This short blog is a summary of their findings that I thought I would share as there are valuable insights for any organization wishing to adopt AI for regulatory intelligence.

Why do companies consider using AI for regulatory surveillance?

As I am sure you are aware, the number and complexity of regulations keep on increasing and organizations, especially SMEs, feel the heavy burden of tracking these ever-changing rules with limited resources.

Many compliance teams therefore wish to automate the process to reduce the manual workload and hope to use AI to:

• Stay up to date with local, regional and global regulations
• Identify required changes to internal controls to stay compliant with new requirements 
• Find out the coverage of regulatory frameworks and leverage AI-generated suggestions to bridge any potential gaps

But are there any hidden traps that could negatively impact the outcomes and that need to be identified and kept on the radar? This is the question that we asked the students!

After considering the literature available, expert feedback, etc. They identified 3 main categories where AI could prove a formidable to the regulatory compliance field provided biases and impediments are adequately addressed: Efficiency, Accuracy, and Transparency.

Efficiency

Automating regulatory surveillance, intake and assessment can of course reduce manual efforts associated with these activities. Which is ultimately the goal. Furthermore, with more details on the regulation, its impacts, etc., technology can also improve human efficiency by providing subject matter experts with granular specifics at their fingertips. But organizations – and especially Legal and Compliance departments, should not forget that despite being automated, this activity still requires supervision. And therefore, professional competence in examining regulatory detail to ensure that the analysis is veridic. In-house or externally contracted compliance expertise is therefore here to stay and should not be underestimated. Even if technology progresses.

Hopefully, human interpretation and error would be mitigated with adapted regulatory intelligence technology. But one of the findings of the reports is that “Due to a complicated regulatory detail, regulatory practice is principle-based, which leads to different interpretations among stakeholders, aggravated by the need for extensive documentation verification and the high number of false positives generated by monitoring systems”. If the technology lacks in-depth regulatory knowledge, then it will de facto affect the accuracy and applicability of the output. The choice of the underlying technology, including the LLM used of course, is therefore crucial for the success of the endeavour. A generic model, without the relevant body of knowledge will most likely provide misleading if not erroneous recommendations.

Accuracy

Transparency

We have all heard cases of AI hallucination – especially when it comes to Generative AI. If it can be anecdotic when using GenAI for recreational purposes, for audits by regulatory bodies for instance, traceability of the sources used (guidelines, legislations, citations, etc.) will be a foundational requirement to ensure that there hasn’t been any fabricated response. Without it, trust will be impaired and so will Regulatory Intelligence initiatives.

Since these students followed the MSc Digital Business Innovation program, they also applied an “IT-lens” to their research. And one of the very last recommendations they made related to the IT landscape itself.

As per their feedback, recent studies have shown that AI can speed up compliance by eliminating the need for many of those manual processes that are generally slow and error prone. And this is great of course… Provided all systems are integrated. One of the main hurdles flagged in addition to the 3 main categories above resides in gaps in the integration between new technologies and long-standing legacy systems where a lot of the data resides. Which can prove cumbersome – and expensive if not included in the design of the initiative at its inception.

All in all: AI supporting compliance departments represents a great opportunity, but there are potential obstacles that need to be considered from the get-go to ensure a successful – and trustworthy, approach to Regulatory Intelligence powered by AI.

I hope this blog has given you a glimpse of what to look out for!

I would like to take this opportunity to sincerely thank Kainat Zanab, Kantida Apiraksattayakul, and Nikitha Keerthana Suthram Rajesh from Lancaster University Management School who have shared their great findings.

I look forward to reading your thoughts and comments either on this blog or on Twitter @TFrenehard