New technologies have allowed for increased and varied avenues of communication between organizations and customers. This has led to improved transparency, more direct support and outreach, and more personal interactions. From a compliance standpoint, however, it has added immense complexity to how organizations navigate regulatory requirements and compliance. In parts one and two of this three-part series, we discussed the internal tension between business and compliance teams when it comes to implementing new communication technologies and how organizations can mitigate the risks that come from such implementations. In this blog post, we’ll examine why Smart RegTech is a necessity, discuss common trepidations, and examine how to identify the right technology solution for your organization.
If you didn’t have a chance to read the first to parts in this three-part series, you may find them here:
Part 2: Compliance: Hope Is Not a Plan
Handling the Communication Overload
New communications using produced video, video collaboration, and video over social is expanding at a rapid pace and compliance issues are typically reviewed manually – if they are reviewed at all. Further, businesses are expected to double their video libraries within the next 12 months and increase the use of video in email to 46 percent by 2018. The market sees the tide change: Over $1 billion has been invested in emerging private company video collaboration vendors, each managing billions of minutes of video communication. Even legacy communication types haven’t diminished. In fact, the Markets in Financial Instruments Directive II directly mandates an expansion of call recording in Financial Services and email communication has seen a double-digit increase since 2010. With expansion in both the types of communication and amount of each type of communication that should be reviewed and monitored by compliance, the case for RegTech is clear.
So why isn’t Smart RegTech used across the industry? Often, organizations are hesitant to implement the technology due to concerns that it will lower either the quality or accessibility of compliance efforts.
Common Smart RegTech Trepidations
1. False Indicators
The first major concern organizations have about implementing new Smart RegTech is an uptick in both false positives and false negatives. A false positive occurs when a solution is simple and triggers too frequently, while a false negative occurs when a solution is not able to find a real risk. For example, many solutions rely on basic keyword matching, such as triggering a detection on a word like “return” or “guarantee” to find risks, which can be violations when used in the wrong context.
The issue with a wide-net keyword like that is it is just as likely trigger on a non-risky communication where someone says “I just wanted to return your phone call” or, “I can’t guarantee results, but I can guarantee I will work very hard for you.” Worse, it doesn’t have the sophistication to extract context like a discussion of the performance of an investment that also has the proper disclosure and disclaimer such as, “This index fund has been performing very well and we think it should continue to provide great returns, but we can’t guarantee that past performance is an indicator of future performances. Here is some further disclosure information on the fund.” So, in those two examples, the AI-keywords would have generated false positives that a reviewer would have to spend additional time reviewing.
Just as concerning, many systems have the opposite issue whereby they don’t use data science and better rule development, and instead try to use more targeted keyword combinations. This can reduce false positives, but it also can have big misses of actual issues. For example, if the keyword lexicon is set to trigger specifically on, “I guarantee you a great return on this fund”, and instead, the advisor says “I am sure you will get a performance boost on this one,” those differences in phrasing are easily missed, but constitute a real risk.
Given that fairly common experience of technology solutions that are false positive and false negative ridden, compliance pros are often suspicious of relying on technology. While some solutions, indeed, are prone to false indicators, the right evaluation and oversight process can mitigate this risk.
2. Ease of Use
Another common concern is that the AI RegTech can be complicated to use. Organizations concerned over ease of use often find three core issues with RegTech: Inaccessibility, confusion, and job-threats.
Inaccessibility – Many Smart RegTech solutions are state of the art and require significant technical and service work to implement. This creates a barrier to implementation as teams end up building manual processes to integrate with their existing capture, review, supervision, and reporting requirements. This exacerbates the cycle of non-implementation as reporting requirements change as the perspective of what and how to capture and supervise evolves.
Confusion – Most Smart RegTech compliance solutions are built by knowledgeable and advanced technologists, but they are used by non-technical employees. These users know what the risk is and how they want to handle it, but the technology tool is so complex and hard to use that they abandon it and revert to manual means.
Job-Threat –Another common, but misinformed, concern is that AI will be used as a way to replace workers. This creates a resistance from employees that inhibits their use of new technologies. The reality is that AI helps humans focus on high-value tasks while AI automates manual work. As the communication mix is growing from 3 apps to 8+ apps, 2 mediums to 6 mediums, and thousands of communications per day to tens of thousands per day over voice, video, social, email, and chat collaboration, compliance workers are at no risk of being made obsolete. However, without good, intelligent automation technology they are certain to be ineffective.
So, if good Smart RegTech is crucial, how should organizations choose the right solution for their needs?
Key Factors for Choosing the Right Smart RegTech
1. Avoid buying AI tools simply for data
While data tools may help extract more information from content like a transcript from a recording or identifying images in a video, they fail to help compliance teams do the needed work to detect risks. In fact, they make it harder by providing too much information that isn’t relevant, while also putting the burden of false negative and false positive identification on the compliance team.
2. Prioritize Solutions that do targeted, “last-mile” compliance AI
Such solutions leverage data tools, but then use advanced technologies like Natural Language Processing (NLP), and Machine Learning together with AI. This combination allows the Smart RegTech solution to put data, like a transcript, into relevant context and automatically identify items of compliance interest, like a PII shared on a screen or an implied promissory statement made in an audio call that constitutes a potential FINRA or FCA risk because there was also a lack of a disclosure. These solutions do more than just gather data, they make it easy for employees to quickly and confidently act on the gathered data to ease overall compliance efforts.
3. Find a Solution Designed for AI Usability
Aside from the power of cognitive insights into electronic communication content that AI should provide, a solution should be designed to help intuitively automate the work an employee needs to do in the process of review and supervision. An example of this would be integrating insights such as risk detection into a timeline of an audio or video recording and letting a reviewer easily confirm and comment on it. Good solutions also streamline the workflow for a reviewer into a simple click, comment, and selection review process. Finally, in addition to the speed and efficiency this adds at scale, it institutes a consistent review approach, reducing human workflow risk.
Throughout this blog series, we’ve examined how the world of digital communication compliance is shifting. Internal tensions between business and compliance teams lead to risk around technological implementations. Fears and trepidations around Smart RegTech cause organizations to rely on outdated, inefficient manual processes. But, as avenues of communication increase and regulations crystalize, it’s crucial for organizations to identify and implement Smart RegTech solutions, or be left behind.
About the Author: Devin Redmond is the CEO and Founder of Theta Lake. He has more than 2 decades of experience in enterprise risk and compliance and is a frequent speaker on AI-based RegTech for video communication compliance. The former CEO and Co-Founder of Nexgate, a pioneer in social and digital media compliance and security acquired by Proofpoint (PFPT) in 2014, Devin also held executive and leadership roles at Check Point, Neoteris, Websense, and more. In addition to living in 7 countries and speaking 3 languages, Devin is a frequent public speaker that is passionate about modern digital risk and compliance technology that helps businesses gain a competitive advantage.
Edited by Erik Linask