Add a bookmark to get started

Abstract_Stairs_P_0051
30 September 20247 minute read

The risks and rewards of AI in compliance and investigations

How can AI support your compliance function? We've summarised what you need to know about AI as a compliance and investigations professional following our recent CIRCLE event. CIRCLE is our professional network for compliance and investigations professionals. 

The discussion considered the evolution of AI, its unrivalled opportunities, and the potential use-case in our world of compliance. We've outlined the key takeaways for you here. The data referenced was captured live in the room via “Slido”. 

 

The evolution of AI and good governance

In the uptake of AI across global businesses, a well-designed, thorough governance system is imperative. AI Governance and Responsible AI systems (also known as RAI) should be backed by strong foundations and successful implementation “on the ground”. There is a balance to strike between a gold-plated RAI system and a commercial approach. However, what's imperative is a trustworthy model, which inspires cast-iron user confidence.

A live poll of the compliance and investigations professionals in the room told us that organisations are seeking both to deploy AI to improve internal efficiencies, and to transform the way of working. This is reflected in the Wall Street Journal report that over 35% of investments during the course of next year will be in AI technology.

Importantly, AI deployment is not just a technology conversation; the full C-suite must be involved, with specific, well articulated roles and responsibilities within teams. The regulatory and AI Act requirements ensure AI is not a “fire and forget” project. There is a risk that without carefully considered deployment, the compliance function might inherit shaky foundations.

Despite this, the outlook is optimistic. 

AI is an important disruptor for white collar and professional services that should be exploited and not ignored. The intention of AI is to augment our work, which is within the art of possible. The DLA Piper AI Governance Report gathered cross-sector data from 600 respondents, and asked companies about deployment of AI [AI Governance Report: policy, compliance and business value | DLA Piper]. What's clear is that everyone wants to do something with AI, but many are not clear where to start. Unstructured datasets, IP issues and customisation means it is not as simple as plugging an LLM into a computer!

Several companies are contemplating what to do next with AI; 71% of companies surveyed in our Governance Report are in the “explorer” phase. There are companies that may have successfully formed their organisation around the requirements of UK and EU GDPR, and this was a huge milestone in 2016. However, AI is the next, current disruption pillar, and is as challenging to implement. 

 

AI in compliance 

Our live poll revealed that the uptake of AI in the compliance function is much lower than the use of AI by the organisation as a whole.

The poll also suggests that data protection, data quality and hallucination are the top three concerns for compliance and investigations professionals. Bias and accountability plus fragmented global regulation are also key risk areas, and the knowledge and skills gap is the greatest barrier that prevents companies from leveraging AI in investigations. Interestingly, data suggests that cost is not the number one constraint. It is a concern, but not the determinative factor. 

As well as risk, there are clear challenges. Boards may not regard AI for compliance projects as a priority, and there are questions as to whether AI solutions in this area are capable enough. Will it push non-compliant behaviours into offline environments? Does it offer complete, or only partial solutions? AI-assisted contract review might be useful for a commercial lawyer, but from a compliance and investigations perspective, is AI really transformative? Legal compliance is inherently risk-averse; compliance professionals aim to evade legal and reputational risks, and to maintain operational integrity and good governance. Therefore, perhaps there is an inherent tension between the use of disruptive technology and accepted compliance practice. 

Nonetheless, there are inherent opportunities; the ability to identify high-risk behaviour, assess suspicious trading patterns, monitor red flags for money laundering risks, and to manage existing systems and controls. Indeed, the Department of Justice is now weighing how companies manage risk related to artificial intelligence. Nicole Argentieri, principal deputy assistant attorney and head of the DoJ’s Criminal Division, said that prosecutors will evaluate how firms assess and manage the risks of new technology.

There are also a range of AI compliance products available, which include the following: 

  • Predictive Compliance Analytics; 
  • AI-Enhanced Whistleblower Systems, including anonymisation of reporters (although we queried whether this is really AI); 
  • Compliance Automation Software; 
  • AI Tools for Risk Assessment & Management; 
  • AI-Powered Document Analysis and Review; and 
  • Regulatory Change Management. 

There are clear risks and challenges in adoption, and older, classic technologies still have value in the key compliance tasks of identify, assess, monitor, and manage. The role that AI has to play in fostering a compliance culture is still unclear. AI is subject to extensive regulatory scrutiny. Indeed, plenty of products and solutions have a heavy US accent, and that indicates potential jurisdictional differences and benchmarking issues.

It's important that businesses think deeply about this technology. Consider the true value it offers to the compliance function, ensure current guidance is followed and that implementation is well thought out. The Information Commissioner's Office insists that the use of AI technology in any application must be explainable and transparent. The US Department of Justice have also explained the regulatory impacts of misusing AI but also encourage deployment of AI to prevent crime in the same breath.

AI is not at a stage where it can match the sophistication of human intelligence across the compliance spectrum, especially given that great compliance relies very much on professional human judgment.

AI in investigations 

Whilst it is common to talk about the risks of AI in the abstract, AI and therefore its risks are already here. Interestingly, most of the compliance and investigations professionals polled use AI tools in reactive situations not proactively.

There are new, evolving approaches to reviewing large data sets, where a manual review can be time-consuming. There are challenges to address when assessing sensitive data and it is crucial to sequester sensitive data before review. There is also a difficulty in using the technology to identify “non-events”, for example the occurrence of fewer meetings. It is however possible to spot trends such as abnormal behaviours and gaps, and peculiar patterns of communication at certain hours of the day. This is where sentiment analysis could help, looking at positive and negative emotions, as well as desire and anger.

Another AI-related issue falls on cross-border investigations, where it is frequently required to move data overseas, raising data privacy and security law issues. These investigations need careful consideration to remain on the right side of complex legislation and risks, and compliance officers must plan and execute these projects with careful consequences.

This session concluded that whilst helpful, AI tools might not actually deliver exactly what the buyer wants. Therefore, it is vital to augment the use of AI with human intuition.

Aiscension 

Our in-house e-discovery software, Aiscension, is an AI-powered document review platform used to detect bribery and cartel risks. Aiscension uses neural-net deep-learning AI, to “find the needle in the haystack” and zero in on the most relevant documents. 

For more information, book a call with Ilan Sherr and Rob Holmes.

 

Horizon scanning

The next CIRCLE event is on horizon scanning of key regulatory and compliance issues (and opportunities) in 2025. 

Register now. 

Print