How AI can actually accelerate compliance efforts in financial services

Due to increased regulatory requirements and heightened attention to compliance, many financial services companies are increasing their focus on, and investment in, ensuring that they’re compliant. Estimates show that financial institutions will increase their spending on regulatory technology (RegTech) investments by approximately 124% between 2023 and 2028.

Driving this additional investment is the increase in fines for noncompliance with record keeping, and other regulations. In a survey, 69% of financial services executives reported that they expect regulators to increase the value of fines for record-keeping breaches.

Graphic: 2024 THE STATE OF FINANCIAL SERVICES COMPLIANCE Annual Compliance Health Check Report

In February 2024 alone, the SEC imposed $81 million in fines for record-keeping infractions. Globally, fines have been assessed to companies that failed to record or retain electronic communications information. Some of the largest institutions including Wells Fargo, JP Morgan, Goldman Sachs, Morgan Stanley and Citigroup have been punished with fines in the hundreds of millions, with total penalties exceeding $2 Billion. 

Factors contributing to the increasing number of regulations and strict enforcement include global geopolitical conflicts and changes, technological advancements in financial industry systems, and the use of artificial intelligence in financial crime.

Changing circumstances in global markets, developments in technology, and organisation-specific strategies can affect which of the many areas of compliance pose the greatest risk, and therefore require the greatest attention from financial service company leaders.

Some of the current areas that many organisations are focusing on are: Artificial Intelligence (AI), operational resilience, compliance risk assessment, compliance monitoring, and environmental, social and governance (ESG issues).

Compliance and governance are typically already part of most digital systems, and there are a number of different procedures, checks, and monitoring capabilities that assist compliance efforts. These include regulatory compliance checks such as Anti-Money Laundering (AML), Know Your Customer (KYC), General Data Protection Regulation (GDPR), and others. Data encryption and security measures are required to keep customer data secure, and records of all user activities and transactions (audit trails) are required in order to show that organisations are transparent and accountable. 

Beyond the digital applications and modules that support compliance, there are also important actions that employees and staff are required to undertake. These include participation in compliance training and awareness programs, and conducting regular audits and assessments. Well-designed systems and thorough, informed oversight by human auditors can keep organisations from falling out of compliance, but the increasing complexity of regulatory requirements makes it more challenging to keep up with all relevant regulations.

GenAI (generative AI) is proving to be a valuable asset in the area of regulatory compliance. When trained with information about regulations and policies, it can serve as a virtual “expert”, helping to assess compliance by comparing required policies and regulations with company policies, and answering user questions about regulations. Developers are using it as a code accelerator as well, checking code for any misalignment with policy. When it detects possible breaches, it can alert the necessary people, and detail the situation clearly.

Additionally, AI can be very good at detecting and mitigating cyberfraud. When trained with lots of data showing what legitimate and fraudulent transactions look like, AI systems can monitor activity, then identify and block potentially fraudulent transactions. It can also communicate with customers to ask for more information or confirm details, which minimises the threat from identity theft, phishing attacks, credit card theft, and document forgery.

Task automation is another area where AI excels. It speeds up completion of repetitive processes like document verification, data analysis, transaction monitoring and more, and eliminates mistakes caused by human error.

The promise of AI to help support compliance is counterbalanced by concerns about vulnerabilities that it may be used to exploit. AI has the potential to cause harm by facilitating cybercrimes, impersonating humans, and presenting incorrect information as correct. Concerns such as these are driving many governments around the world to consider instituting regulations to govern it. These regulations and national policies are evolving as quickly as the technology itself, so AI-specific updates to existing rules and new additions will soon be in effect.

Adding to the complexity for international organisations, regulations will differ by country, and sometimes, even within countries or regions. 

For example, while AI policy is still in development in the US, indications are that different agencies will have the ability to create their own rules. Having several sets of rules to follow from different agencies or even from different states will add levels of complexity to compliance efforts.

The UK is seeking to be pro-innovation, encouraging AI development and setting broad policy guidelines while emphasising five cross-sectoral principles for existing regulators to interpret and apply. Those principles are: safety, security and robustness, appropriate transparency and explainability, fairness, accountability and governance, and contestability and redress. Since regulators are still in the process of creating a cohesive policy, there’s no specific timeline for when regulations will be released, 

While AI policy is still under development in these countries and others like China, Australia, and Brazil, The EU has produced the world’s first comprehensive law governing AI, which will come into effect in 2024. This law will ban some uses of AI, require companies to be transparent about how they develop and train their models, and hold them accountable for any harm. It will also require AI-generated content to be labelled, and create a system for citizens to lodge complaints if they believe they have been harmed by an AI system.

First and foremost, responsible AI development means ensuring that people are guiding and reviewing the results of AI models. There’s no substitute for human verification that models are responding accurately, giving correct results, and that the data is correct and unbiased.

In addition to keeping humans in the loop, McKinsey outlines some steps that financial organisations should take to manage the risks of GenAI: 

• Ensure that everyone across the organisation is aware of the risks inherent in GenAI, publishing dos and don’ts and setting risk guardrails.

• Update model identification criteria and model risk policy (in line with regulations such as the EU AI Act) to enable the identification and classification of GenAI models, and have an appropriate risk assessment and control framework in place.

• Develop GenAI risk and compliance experts who can work directly with frontline development teams on new products and customer journeys.

• Revisit existing know-your-customer, anti-money laundering, fraud, and cyber controls to ensure that they are still effective in a GenAI-enabled world.

Despite valid concerns, Artificial Intelligence can empower financial services companies to more effectively comply with changing regulations. The concerns should not be ignored, but with responsible and transparent development, they can be neutralised. 

As AI continues to grow in importance, overly cautious adoption may lead to competitive disadvantages, while overly rapid implementation could introduce serious compliance risks. Partnering with an experienced AI and data consultancy such as Nearform can ensure that organisations take a balanced approach that is tailored to their needs.

With a proven track record of working with major financial services organisations and global enterprises, Nearform helps unlock the value of AI safely and strategically, positioning companies for future success in a rapidly evolving landscape.