CRO Outlook

How Artificial Intelligence Will Change the Way We Manage Compliance

What's the role of the modern chief compliance officer, and how can AI-driven data management and analytics improve oversight of compliance ?

Friday, November 13, 2020

By Brenda Boultwood


Ahead of the recent U.S. presidential election, regulators doled out billions of dollars in penalties to several large banks, shining a clear spotlight on risk management and compliance failures. It can be argued that the problems at these banks were primarily the result of inadequacies in risk culture. However, there is also a question of whether they had sufficient advanced technology in place to foster more accurate compliance.

Artificial intelligence (AI), for example, can not only enable firms to meet regulatory requirements, assess rule changes and integrate data but also help them build and distribute a clear compliance policy that both businesspeople and compliance experts can understand and follow.

The Role of the Chief Compliance Officer
The Role of the Chief Compliance Officer

Last month, we discussed four AI techniques useful in risk and compliance. In this article, we will explore how AI could aid the chief compliance officer (CCO) in both managing mandates and adding business value.

Managing Compliance Mandates

Before delving into the ways in which disruptive technologies like AI have changed compliance management, we need to understand the responsibilities of the modern CCO. Regulators expect firms to have the expertise and data needed to understand their rules, and the head of compliance must meet the following mandates:

Brenda Boultwood headshot
Brenda Boultwood
  • Manage a complete and accurate inventory of laws, regulations and industry standards, including internal policies that may have more stringent requirements;
  • Derive accurate and complete obligation statements, or summaries of the frequently overlapping rules, into a concise summary of what is required;
  • Align policies to obligations to ensure internal policies reflect an accurate compilation of current rules;
  • Align controls to obligations, and corresponding policies, to ensure employees are performing required tasks to manage acceptable risks;
  • Manage rule changes that impact their business and assess the impact of the rule changes on operations; and
  • Perform regular compliance risk assessment on rule changes and business operations to understand the adequacy of policies, controls and employee training.

How Can AI Assist?

AI can help CCOs meet all of these obligations by enabling firms to acquire strategic data, unify data lakes and reduce manual labor. Let's now take a closer at these benefits:

Strategic Data Acquisition. There's a lot of overlap in existing and new rules (such as regulations, standards and laws/acts) and authoritative sources - like speeches, litigations, court orders, advisories, and enforcement actions across jurisdictions.

All of this data must be curated to understand the language and to recognize semantic similarities - and the natural-language processing branch of AI can manage this task. A third-party vendor that offers tailored repository rules as a service can provide a further strategic data boost.

Data Lake Unification. AI can understand and semantically relate, classify and cluster the natural language of regulations, policies, processes and controls. Moreover, it can define key phrases and common ontology, integrating all elements of a firm's data lake.

Manual Labor Reduction (via Automation). AI reduces the manual and effort-intensive tasks of making sense of unstructured data by (1) emulating human intelligence to perform semantic searches; (2) correlating regulatory requirements across legislation and standards; (3) classifying and clustering rules for easy consumption; (4) generating obligations across jurisdictions; (5) identifying compliance gaps; (6) identifying opportunities to rationalize and harmonize policies and controls; and (7) automating the impact assessment of external rule changes.

Moreover, patterns in cases, issues, risks assessments and test results can be proactively detected (at scale) by machine-learning applications.

Second-Line Support for the Business

The same AI-driven data management and analytics that ensure regulatory compliance should ideally provide value to the business. These tools should expedite revenue cycles through speedier compliance approvals of new and large transactions. What's more, they should give firms the ability to rationalize training requirements and to link business process to rules, risks and issues more transparently. (The latter could end, or at least decrease, “second-guessing.”)

These tasks are all part of the “value-added” CCOs should bring to an organization. On top of meeting regulatory mandates, the CCO should strive to rationalize and harmonize internal policies to reflect company rules consistently. Similarly, he or she should triple-check compliance controls to guarantee that correct actions are taken to manage risks.

To meet his or her remediation responsibilities, a CCO must manage compliance cases, incidents and issues. A CCO can also add value to the business areas he or she supports by providing timely and accurate advice about rules impacting business process and products.

Parting Thoughts

A collection of AI-fueled RegTech solutions operating on a common data lake are required to improve compliance management. Ideally, 99% of a firm's employees should be responsible for risk and compliance, with 1% administering the technology and methods. To implement such an approach, and to drive the enormous change that could help transform a financial institution's compliance across several years, the CCO and CIO must partner.

A business strategy that ensures first-line accountability for risks and controls should be implemented from the start. Advanced data management and technology are also required, as is change management and a stronger risk culture.

Many challenger banks (like financial technology companies) have already built advanced compliance techniques into their operations, and traditional banks need to respond to these competitors or risk obsolescence.


Brenda Boultwood is an independent risk management consultant and company advisor. She is the former senior vice president and chief risk officer at Constellation Energy, and has served as a board member at both the Committee of Chief Risk Officers (CCRO) and GARP. Previously, she was a senior vice president of industry solutions at MetricStream, where she was responsible for a portfolio of key industry verticals, including energy and utilities, federal agencies, strategic banking and financial services. Before that, she worked in a number of risk management, business roles and as the global head of strategy, Alternative Investment Services, at JPMorgan Chase, where she developed the strategy for the company's hedge fund services, private equity fund services, leveraged loan services and global derivative services. She currently serves on the board of directors at the Anne Arundel Workforce Development Corporation.


We are a not-for-profit organization and the leading globally recognized membership association for risk managers.

weChat QR code.
red QR code.

BylawsCode of ConductPrivacy NoticeTerms of Use © 2024 Global Association of Risk Professionals